Digital contact tracing has emerged as a viable tool supplementing manual contact tracing. To date, more than 100 contact tracing applications have been published to slow down the spread of highly contagious Covid-19. Despite subtle variabilities among these applications, all of them achieve contact tracing by manipulating the following three components: a) use a personal device to identify the user while designing a secure protocol to anonymize the user's identity; b) leverage networking technologies to analyze and store the data; c) exploit rich sensing features on the user device to detect the interaction among users and thus estimate the exposure risk. This paper reviews the current digital contact tracing based on these three components. We focus on two personal devices that are intimate to the user: smartphones and wearables. We discuss the centralized and decentralized networking approaches that use to facilitate the data flow. Lastly, we investigate the sensing feature available on smartphones and wearables to detect the proximity between any two users and present experiments comparing the proximity sensing performance between these two personal devices.
相關內容
In this paper, we shed new light on the DNS amplification ecosystem, by studying complementary data sources, bolstered by orthogonal methodologies. First, we introduce a passive attack detection method for the Internet core, i.e., at Internet eXchange Points (IXPs). Surprisingly, IXPs and honeypots observe mostly disjoint sets of attacks: 96% of IXP-inferred attacks were invisible to a sizable honeypot platform. Second, we assess the effectiveness of observed DNS attacks by studying IXP traces jointly with diverse data from independent measurement infrastructures. We find that attackers efficiently detect new reflectors and purposefully rotate between them. At the same time, we reveal that attackers are a small step away from bringing about significantly higher amplification factors (14x). Third, we identify and fingerprint a major attack entity by studying patterns in attack traces. We show that this entity dominates the DNS amplification ecosystem by carrying out 59% of the attacks, and provide an in-depth analysis of its behavior over time. Finally, our results reveal that operators of various .gov names do not adhere to DNSSEC key rollover best practices, which exacerbates amplification potential. We can verifiably connect this operational behavior to misuses and attacker decision-making.
While the digitization of power distribution grids brings many benefits, it also introduces new vulnerabilities for cyber-attacks. To maintain secure operations in the emerging threat landscape, detecting and implementing countermeasures against cyber-attacks are paramount. However, due to the lack of publicly available attack data against Smart Grids (SGs) for countermeasure development, simulation-based data generation approaches offer the potential to provide the needed data foundation. Therefore, our proposed approach provides flexible and scalable replication of multi-staged cyber-attacks in an SG Co-Simulation Environment (COSE). The COSE consists of an energy grid simulator, simulators for Operation Technology (OT) devices, and a network emulator for realistic IT process networks. Focusing on defensive and offensive use cases in COSE, our simulated attacker can perform network scans, find vulnerabilities, exploit them, gain administrative privileges, and execute malicious commands on OT devices. As an exemplary countermeasure, we present a built-in Intrusion Detection System (IDS) that analyzes generated network traffic using anomaly detection with Machine Learning (ML) approaches. In this work, we provide an overview of the SG COSE, present a multi-stage attack model with the potential to disrupt grid operations, and show exemplary performance evaluations of the IDS in specific scenarios.
We propose the novel concept of a cyber-human system (CHS) and a diverse and pluralistic "mixed-life society," in which cyber and human societies commit to each other. This concept enhances the cyber-physical system (CPS), which is associated with the current Society 5.0, which is a social vision realized through the fusion of cyber space (virtual space) and physical space (real space). In addition, the Cyber-Human Social Co-Operating System (Social Co-OS) combining cyber and human societies is shown as a form of architecture that embodies the CHS. In this architecture, the cyber system and the human system cooperate through the fast loop (operation and administration) and the slow loop (consensus and politics). Furthermore, the technical content and current implementation of the basic functions of the Social Co-OS are described. These functions consist of individual behavioral diagnostics and interventions in the fast loop and, group decision diagnostics and consensus building in the slow loop. This system will contribute to mutual aid communities and platform cooperatives.
Since the World Health Organization announced the COVID-19 pandemic in March 2020, curbing the spread of the virus has become an international priority. It has greatly affected people's lifestyles. In this article, we observe and analyze the impact of the pandemic on people's lives using changes in smartphone application usage. First, through observing the daily usage change trends of all users during the pandemic, we can understand and analyze the effects of restrictive measures and policies during the pandemic on people's lives. In addition, it is also helpful for the government and health departments to take more appropriate restrictive measures in the case of future pandemics. Second, we defined the usage change features and found 9 different usage change patterns during the pandemic according to clusters of users and show the diversity of daily usage changes. It helps to understand and analyze the different impacts of the pandemic and restrictive measures on different types of people in more detail. Finally, according to prediction models, we discover the main related factors of each usage change type from user preferences and demographic information. It helps to predict changes in smartphone activity during future pandemics or when other restrictive measures are implemented, which may become a new indicator to judge and manage the risks of measures or events.
During the COVID-19 pandemic, many countries have developed and deployed contact tracing technologies to curb the spread of the disease by locating and isolating people who have been in contact with coronavirus carriers. Subsequently, understanding why people install and use contact tracing apps is becoming central to their effectiveness and impact. This paper analyzes situations where centralized mass surveillance technologies are deployed simultaneously with a voluntary contact tracing mobile app. We use this parallel deployment as a natural experiment that tests how attitudes toward mass deployments affect people's installation of the contact tracing app. Based on a representative survey of Israelis (n=519), our findings show that positive attitudes toward mass surveillance were related to a reduced likelihood of installing contact tracing apps and an increased likelihood of uninstalling them. These results also hold when controlling for privacy concerns about the contact tracing app, attitudes toward the app, trust in authorities, and demographic properties. Similar reasoning may also be relevant for crowding out voluntary participation in data collection systems.
With the ubiquitous nature of information technology solutions that facilitate communication in the modern world, cyber attacks are increasing in volume and becoming more sophisticated in nature. From classic network-based Denial of Service (DoS) attacks to the more recent concerns of privacy compromises, Intrusion Detection Systems (IDS) are becoming an urgent need to safeguard the modern information technology landscape. The development of these IDS relies on training and evaluation datasets that must evolve with time and represent the contemporary threat landscape. The purpose of this analysis is to explore such recent datasets, describe how they enable research endeavours and the development of novel IDS. Specifically, 7 recent datasets published for IDS research have been reviewed along with selected publications that have employed them. In doing so, the discussion emphasizes the need for the publication of even more modern datasets, especially for emerging technologies such as the Internet of Things (IoT) and smartphone devices, to ensure that modern networks and communication channels are secured. Furthermore, a taxonomy based on the discussed datasets has been developed that can be used to inform the dataset selection process for future research endeavours.
Advances in edge computing are powering the development and deployment of Internet of Things (IoT) systems in an effort to provide advanced services and resource efficiency. However, large-scale IoT-based load-altering attacks (LAAs) can have a serious impact on power grid operations such as destabilizing the grid's control loops. Timely detection and identification of any compromised nodes is important to minimize the adverse effects of these attacks on power grid operations. In this work, we present two data-driven algorithms to detect and identify compromised nodes and the attack parameters of the LAAs. The first, based on the Sparse Identification of Nonlinear Dynamics (SINDy) approach, adopts a sparse regression framework to identify attack parameters that best describes the observed dynamics. The second method, based on physics-informed neural networks (PINN), adopts deep neural networks to infer the attack parameters from the measurements. Both methods are presented utilizing edge computing for deployment over decentralized architectures. Extensive simulations performed on IEEE bus systems show that the proposed algorithms outperform existing approaches, such as those based on unscented Kalman filter, especially in systems that exhibit fast dynamics and are effective in detecting and identifying locations of attack in a timely manner.
Consumer Internet of things research often involves collecting network traffic sent or received by IoT devices. These data are typically collected via crowdsourcing or while researchers manually interact with IoT devices in a laboratory setting. However, manual interactions and crowdsourcing are often tedious, expensive, inaccurate, or do not provide comprehensive coverage of possible IoT device behaviors. We present a new method for generating IoT network traffic using a robotic arm to automate user interactions with devices. This eliminates manual button pressing and enables permutation-based interaction sequences that rigorously explore the range of possible device behaviors. We test this approach with an Arduino-controlled robotic arm, a smart speaker and a smart thermostat, using machine learning to demonstrate that collected network traffic contains information about device interactions that could be useful for network, security, or privacy analyses. We also provide source code and documentation allowing researchers to easily automate IoT device interactions and network traffic collection in future studies.
The concept of smart grid has been introduced as a new vision of the conventional power grid to figure out an efficient way of integrating green and renewable energy technologies. In this way, Internet-connected smart grid, also called energy Internet, is also emerging as an innovative approach to ensure the energy from anywhere at any time. The ultimate goal of these developments is to build a sustainable society. However, integrating and coordinating a large number of growing connections can be a challenging issue for the traditional centralized grid system. Consequently, the smart grid is undergoing a transformation to the decentralized topology from its centralized form. On the other hand, blockchain has some excellent features which make it a promising application for smart grid paradigm. In this paper, we have an aim to provide a comprehensive survey on application of blockchain in smart grid. As such, we identify the significant security challenges of smart grid scenarios that can be addressed by blockchain. Then, we present a number of blockchain-based recent research works presented in different literatures addressing security issues in the area of smart grid. We also summarize several related practical projects, trials, and products that have been emerged recently. Finally, we discuss essential research challenges and future directions of applying blockchain to smart grid security issues.
In recent years, mobile devices have gained increasingly development with stronger computation capability and larger storage. Some of the computation-intensive machine learning and deep learning tasks can now be run on mobile devices. To take advantage of the resources available on mobile devices and preserve users' privacy, the idea of mobile distributed machine learning is proposed. It uses local hardware resources and local data to solve machine learning sub-problems on mobile devices, and only uploads computation results instead of original data to contribute to the optimization of the global model. This architecture can not only relieve computation and storage burden on servers, but also protect the users' sensitive information. Another benefit is the bandwidth reduction, as various kinds of local data can now participate in the training process without being uploaded to the server. In this paper, we provide a comprehensive survey on recent studies of mobile distributed machine learning. We survey a number of widely-used mobile distributed machine learning methods. We also present an in-depth discussion on the challenges and future directions in this area. We believe that this survey can demonstrate a clear overview of mobile distributed machine learning and provide guidelines on applying mobile distributed machine learning to real applications.
小貼士
登錄享
注冊地址: 北京市海淀區羊坊店路18號2幢3層301-191