Wearables Security 2022 - Interoperability remains one of the biggest challenges facing healthcare organizations today. Despite the advancements made through digital transformation and API that allow increased interoperability, patients still have to contend with a different patient portal for each provider they visit. Several health systems are unable to successfully exchange EHR data. API transfer and consolidate patient information including medical history and treatment records across the disparate healthcare systems. Mobile apps use API to gather data from various medical wearables and add the data to a patient’s health record. However, API exposes application logic and sensitive data information giving patient data a window to the World Wide Web and has thus increasingly become a target for attackers. As the need for tighter API security grows, managing APIs becomes more important than ever. The goal of this paper is to provide an overview and discuss research questions that can aid in understanding and building the knowledge base on API data integration and interoperability.

Wearables Security 2022 - As it becomes easier to obtain various data from wearable devices, it is known that biometric and behavioral information must be handled with care. On the other hand, data on the surrounding environment, such as outside temperature, is seen as having a weak relationship with the wearer, and data handling is considered to be a chore. We believe that even data with weak relationships have the potential to infer information about the wearer if a large amount of data is acquired. In this paper, we verify whether it is possible to estimate the wearer’s location from time series data of outside air temperature using only the temperature sensor. We calculated the average absolute error between the temperature data from the wearable device and the same time-series data obtained from the Japan Meteorological Agency, and we evaluated the wearer’s position estimation. It was found that the location where the temperature was sampled appeared at the top of the estimation ranking, and that cities near the sampling location were estimated to be at the high ranking. It was also found that the number of data to be used can be a factor that increases the estimation ranking.

Wearables Security 2022 - As 5G is deployed and applied, a large number of mobile devices have been increasingly deployed on the network. Scenarios such as smartphones, smart car, smart transportation, smart wearable devices, and smart industry are increasingly demanding for networks. And the Internet of Things (IoT), as a new and high technology, will play an important role and generate huge economic benefits. However, IoT security also faces many challenges due to the inherent security vulnerabilities in multiple device interactions and the data also needs more accurate processing. Big data and deep learning have been gradually applied in various industries. Therefore, we have summarized and analyzed the use of big data and deep learning technology to solve the hidden dangers of the IoT security under the consideration of some suggestions and thinking for industry applications.

Wearables Security 2022 - Wearable devices are becoming increasingly popular since they are used in a variety of services. A variety of personal data is collected by the smartwatch. Although devices can give convenience to consumers, there are additional security threats that warn of cybersecurity risks, device penetration, and exploiting vulnerabilities. Devices are prone to attack, and hacking might reveal the acquired data. The lack of authentication and location monitoring, as well as Bluetooth issues and security holes, are all problems in these devices. Although there are security recommendations for such devices, consumers are typically unaware of the risks. The goal of this study is to provide awareness regarding cybersecurity to the common people while using the wearable device.

Wearables Security 2022 - In recent years, technological industry has made a large investment in the design of wearable devices. Wearable devices are attractive to a variety of different age groups within the majority of population. The main reasons for such popularity are related to ease of wear and friendly use, affordable prices with competitive products, as well as providing different services. Usually, wearable devices are collecting different kinds of data. Some of these data are sensitive and personal data of the wearer/user. Such data can be attacked, leaked, misused or edited. Therefore, privacy and security issues are among the main important issues to be considered carefully and discussed clearly when wearable devices are designed and used. Presenting unclear privacy and security strategies will lead the user to mistrust wearable technology with its application. In this research, we present our proposed wearable security protocol to create a secure environment of wearable data and their processing. The main idea of our protocol is to secure the identity of people as well as hiding their sensitive and personal data. Meanwhile, it does not affect the quality of data when applying their mining techniques. The protocol can be used for any kind of data with any application while keeping the user’s privacy and security properties. Moreover, it can be easily understood, implemented, and processed, in addition to any update might be needed.

Vulnerability Detection 2022 - Cross-site scripting attacks, as a means of attack against Web applications, are widely used in phishing, information theft and other fields by unscrupulous people because of their wide targeting and hidden implementation methods. Nevertheless, cross-site scripting vulnerability detection is still in its infancy, with plenty of challenges not yet fully explored. In this paper, we propose Crawler-based Cross Site Scripting Detector, a tool based on crawler technology that can effectively detect stored Cross Site Scripting vulnerabilities and reflected Cross Site Scripting vulnerabilities. Subsequently, in order to verify the effectiveness of the tool, we experim ented this tool with existing tools such as XSSer and Burp Suite by selecting 100 vulnerable websites for the tool s efficiency, false alarm rate and underreporting rate. The results show that our tool can effectively detect Cross Site Scripting vulnerabilities.

Vulnerability Detection 2022 - The power industrial control system is an important part of the national critical Information infrastructure. Its security is related to the national strategic security and has become an important target of cyber attacks. In order to solve the problem that the vulnerability detection technology of power industrial control system cannot meet the requirement of non-destructive, this paper proposes an industrial control vulnerability analysis technology combined with dynamic and static analysis technology. On this basis, an industrial control non-destructive vulnerability detection system is designed, and a simulation verification platform is built to verify the effectiveness of the industrial control non-destructive vulnerability detection system. These provide technical support for the safety protection research of the power industrial control system.

Vulnerability Detection 2022 - Aiming at the fact that the existing source code vulnerability detection methods did not explicitly maintain the semantic information related to the vulnerability in the source code, which made it difficult for the vulnerability detection model to extract the vulnerability sentence features and had a high detection false positive rate, a source code vulnerability detection method based on the vulnerability dependency graph is proposed. Firstly, the candidate vulnerability sentences of the function were matched, and the vulnerability dependency representation graph corresponding to the function was generated by analyzing the multi-layer control dependencies and data dependencies of the candidate vulnerability sentences. Secondly, abstracted the function name and variable name of the code sentences node and generated the initial representation vector of the code sentence nodes in the vulnerability dependency representation graph. Finally, the source code vulnerability detection model based on the heterogeneous graph transformer was used to learn the context information of the code sentence nodes in the vulnerability dependency representation graph. In this paper, the proposed method was verified on three datasets. The experimental results show that the proposed method have better performance in source code vulnerability detection, and the recall rate is increased by 1.50\%\textasciitilde22.27\%, and the F1 score is increased by 1.86\%\textasciitilde16.69\%, which is better than the existing methods.

Vulnerability Detection 2022 - Aiming at the problems of low detection accuracy and poor robustness of the existing zero-speed detection methods, an effective gait cycle segmentation method is adopted and a Bayesian network model based on inertial sensor measurements and kinematics knowledge is introduced to infer the zero-speed interval; The method can effectively reduce the ambiguity of the zero velocity (ZV) boundary. S upport vector machine has the advantages of versatility, simple calculation, high operation efficiency and perfect theory. It is a relatively mature and efficient algorithm in the current network security situation algorithm. And a looped Bayesian network model for probabilistic safety assessment of simple feedback control systems is established.

Vulnerability Detection 2022 - With the booming development of deep learning and machine learning, the use of neural networks for software source code security vulnerability detection has become a hot pot in the field of software security. As a data structure, graphs can adequately represent the complex syntactic information, semantic information, and dependencies in software source code. In this paper, we propose the MPGVD model based on the idea of text classification in natural language processing. The model uses BERT for source code pre-training, transforms graphs into corresponding feature vectors, uses MPNN (Message Passing Neural Networks) based on graph neural networks in the feature extraction phase, and finally outputs the detection results. Our proposed MPGVD, compared with other existing vulnerability detection models on the same dataset CodeXGLUE, obtain the highest detection accuracy of 64.34\%.

Vulnerability Detection 2022 - For the last few decades, the number of security vulnerabilities has been increasing with the development of web applications. The domain of Web Applications is evolving. As a result, many empirical studies have been carried out to address different security vulnerabilities. However, an analysis of existing studies is needed before developing new security vulnerability testing techniques. We perform a systematic mapping study documenting state-of-the-art empirical research in web application security vulnerability detection. The aim is to describe a roadmap for synthesizing the documented empirical research. Existing research and literature have been reviewed using a systematic mapping study. Our study reports on work dating from 2001 to 2021. The initial search retrieved 150 papers from the IEEE Xplore and ACM Digital Libraries, of which 76 were added to the study. A classification scheme is derived based on the primary studies. The study demonstrates that vulnerability detection in web applications is an ongoing field of research and that the number of publications is increasing. Our study helps illuminate research areas that need more consideration.

Vulnerability Detection 2022 - Vulnerability detection has always been an essential part of maintaining information security, and the existing work can significantly improve the performance of vulnerability detection. However, due to the differences in representation forms and deep learning models, various methods still have some limitations. In order to overcome this defect, We propose a vulnerability detection method VDBWGDL, based on weight graphs and deep learning. Firstly, it accurately locates vulnerability-sensitive keywords and generates variant codes that satisfy vulnerability trigger logic and programmer programming style through code variant methods. Then, the control flow graph is sliced for vulnerable code keywords and program critical statements. The code block is converted into a vector containing rich semantic information and input into the weight map through the deep learning model. According to specific rules, different weights are set for each node. Finally, the similarity is obtained through the similarity comparison algorithm, and the suspected vulnerability is output according to different thresholds. VDBWGDL improves the accuracy and F1 value by 3.98\% and 4.85\% compared with four state-of-the-art models. The experimental results prove the effectiveness of VDBWGDL.

Vulnerability Detection 2022 - The increasing number of software vulnerabilities pose serious security attacks and lead to system compromise, information leakage or denial of service. It is a challenge to further improve the vulnerability detection technique. Nowadays most applications are implemented using C/C++. In this paper we focus on the detection of overflow vulnerabilities in C/C++ source code. A novel scheme named VulMiningBGS (Vulnerability Mining Based on Graph Similarity) is proposed. We convert the source code into Top N-Weighted Range Sum Feature Graph (TN-WRSFG), and graph similarity comparisons based on source code level can be effectively carried on to detect possible vulnerabilities. Three categories of vulnerabilities in the Juliet test suite are used, i.e., CWE121, CWE122 and CWE190, with four indicators for performance evaluation (precision, recall, accuracy and F1\_score). Experimental results show that our scheme outperforms the traditional methods, and is effective in the overflow vulnerability detection for C/C++ source code.

Vulnerability Detection 2022 - The increasing number of security vulnerabilities has become an important problem that needs to be solved urgently in the field of software security, which means that the current vulnerability mining technology still has great potential for development. However, most of the existing AI-based vulnerability detection methods focus on designing different AI models to improve the accuracy of vulnerability detection, ignoring the fundamental problems of data-driven AI-based algorithms: first, there is a lack of sufficient high-quality vulnerability data; second, there is no unified standardized construction method to meet the standardized evaluation of different vulnerability detection models. This all greatly limits security personnel’s in-depth research on vulnerabilities. In this survey, we review the current literature on building high-quality vulnerability datasets, aiming to investigate how state-of-the-art research has leveraged data mining and data processing techniques to generate vulnerability datasets to facilitate vulnerability discovery. We also identify the challenges of this new field and share our views on potential research directions.

Visible Light Security 2022 - In the near future, the high data rate challenge would not be possible by using the radio frequency (RF) only. As the user will increase, the network traffic will increase proportionally. Visible light communication (VLC) is a good solution to support huge number of indoor users. VLC has high data rate over RF communication. The way internet users are increasing, we have to think over VLC technology. Not only the data rate is a concern but also its security, cost, and reliability have to be considered for a good communication network. Quantum technology makes a great impact on communication and computing in both areas. Quantum communication technology has the ability to support better channel capacity, higher security, and lower latency. This paper combines the quantum technology over the existing VLC and compares the performance between quantum visible light communication performance (QVLC) over the existing VLC system. Research findings clearly show that the performance of QVLC is better than the existing VLC system.

Visible Light Security 2022 - To realize indoor long-distance uplink visible light communication from a smartphone screen to a telephoto camera, wide-angle physical layer security of low-luminance wavelength division multiplexing / space division multiplexing screen is investigated with a numerical model and experiments. Dual-wavelength space division multiplexing not only doubles the data rate of single wavelength one, but also helps enhance the wide-angle physical layer security.

Visible Light Security 2022 - The world moves towards innovation; internet and mobile users are rising tremendously, and there is a desire for high-speed and uninterrupted internet access. Because of its high speed, improved bandwidth, and security, everyone is now interested in a new emergent wireless communication technology called Visible Light Communication (VLC). A VLC system with and without noise has been developed and modelled using an optical source of 450 nm LED wavelength and photodiode as a receiver. For noise, white light source is used that has an impact on the performance and quality of the VLC system. At the receiver side, Trapezoidal Optical Filter is employed before the photo detector to reduce ambient light noise, enhance the Q-factor, Bit Error Rate and provides a clear eye diagram. This paper also discusses the effect of Bit Rate with LED Bandwidth and Q-factor. Optisystem-7 software is used to simulate the circuits. In this work, the performance is assessed using Bit Error Rate and Q-factor values, as well as an eye diagram for improved communication and the use of a rectangular optical filter and polarizer to separate the sequences at the receiver side when they are sharing the same channel at the same time.

Visible Light Security 2022 - Wrist-worn devices enable access to essential information and they are suitable for a wide range of applications, such as gesture and activity recognition. Wristworn devices require appropriate technologies when used in sensitive areas, overcoming vulnerabilities in regard to security and privacy. In this work, we propose an approach to recognize wrist rotation by utilizing Visible Light Communication (VLC) that is enabled by low-cost LEDs in an indoor environment. In this regard, we address the channel model of a VLC communicating wristband (VLCcw) in terms of the following factors. The directionality and the spectral composition of the light and the corresponding spectral sensitivity and the directional characteristics of the utilized photodiode (PD). We verify our VLCcw from the simulation environment by a smallscale experimental setup. Then, we analyze the system when white and RGBW LEDs are used. In addition, we optimized the VLCcw system by adding more receivers for the purpose of reducing the number of LEDs on VLCcw. Our results show that the proposed approach generates a feasible real-world simulation environment.

Visible Light Security 2022 - Visible Light Communication (VLC) is one of technology for the sixth generation (6G) wireless communication and also broadcast system. VLC systems are more resistant against Radio Frequency interference and unsusceptible to security like most RF wireless networks. Since VLC is one of suitable candidate for enforcing data security in future wireless networks. This paper considers improving the security of the next generation of wireless communications by using wireless device fingerprints in visible light communication, which could be used potentially for ATSC broadcasting applications. In particular, we aim to provide a detailed proposal for developing novel wireless security solutions using Visible light communication device fingerprinting techniques. The objectives are two-fold: (1) to provide a systematic review of AI-based wireless device fingerprint identification method and (2) to identify VLC transmitter, with respect to the ATSC physical layer modulation scheme, by analysing the differences in the modulated constellations signaled received by photo-diode, which will be proved by laboratory experimentation.

Visible Light Security 2022 - In this paper, we address the secure data transmission through visible light communication (VLC) using physical layer security (PLS) techniques and particularly, optical beamforming with the zero-forcing algorithm. More precisely, we consider the secrecy capacity of classical multiple-input singleoutput VLC so that the system can deal with eavesdroppers by minimizing the secrecy outage probability (SOP). The considered wireless channel is modeled by the Gaussian distribution, which is subject to amplitude constraints. We quantify the achievable secrecy capacity and SOP for the conventional lineof-sight VLC link and show that how the beamforming can determine the optimal placement of the transmitters. We also show that for a given SOP, the proposed optimal placement offers a signal-to-noise ratio gain of up to 6 dB compared to classical methods such as uniform placement of the transmitters. Our numerical results indicate that the proposed optimal LED arrangement can achieve an SOP of 10−10 while the SOP with uniform arrangement is equal to 10−4.

Visible Light Security 2022 - One of the critical components of the extracting and monitoring process in the gas and oil sector is the downhole telemetry system. As sensors resistant to high temperature and pressure have been developed, more parameters can be monitored to increase safety and efficiency. Increased bandwidth demand for downhole communications necessitated the development of a novel, dependable, and low-cost communication network. Visible light communications (VLC) have been suggested in the literature for downhole telemetry systems, since they can address the bandwidth needs thanks to the huge available spectrum. However, the gas types used in the literature so far are not sufficient enough to examine the real field conditions. In this study, after the challenges surrounding the use of VLC in downhole gas pipeline telemetry/monitoring systems are discussed, the performance of VLC is investigated by injecting a large variety of gas into the carbon steel covered gas pipeline, such as methane, and ethane, carbon dioxide. The effectiveness of the VLC system using a non-uniformly clipped optic orthogonal frequency division multiplexing (ACO-OFDM) modulation scheme with 128-FFT and guarding band is experimentally investigated. Furthermore, the impact of the light-emitting diode (LED) colors on a VLC-based downhole telemetry system is also discussed. The measurement results indicate that the color of the LED affects the performance as the dominance of the noise decreases after the 7dB signal-tonoise ratio (SNR) region.

Visible Light Security 2022 - Wireless-fidelity (Wi-Fi) and Bluetooth are examples of modern wireless communication technologies that employ radio waves as the primary channel for data transmission. but it ought to find alternatives over the limitation and interference in the radio frequency (RF) band. For viable alternatives, visible light communication (VLC) technology comes to play as Light Fidelity (Li-Fi) which uses visible light as a channel for delivering very highspeed communication in a Wi-Fi way. In terms of availability, bandwidth, security and efficiency, Li-Fi is superior than Wi-Fi. In this paper, we present a Li-Fi-based indoor communication system. prototype model has been proposed for single user scenario using visible light portion of electromagnetic spectrum. This system has been designed for audio data communication in between the users in transmitter and receiver sections. LED and photoresistor have been used as optical source and receiver respectively. The electro-acoustic transducer provides the required conversion of electrical-optical signal in both ways. This system might overcome problems like radio-frequency bandwidth scarcity However, its major problem is that it only works when it is pointed directly at the target..

Visible Light Security 2022 - We propose a novel security communication scheme for underwater visible light communication (UVLC) based on frequency domain symmetrical zero-padding and phase scrambling. The security key is a logistic mapping generated by chaos mapping. Robust security performance is experimentally demonstrated by a PAM-8 modulated UVLC system over 1.2m underwater transmission link. The maximum data rate can be achieved at 2.025Gb/s under 7\% hard decision forward error correction (HD-FEC) limit of 3.8×10−3, clearly verifying the feasibility of the proposed scheme as a promising solution in future UVLC system.

Visible Light Security 2022 - Visible light communication (VLC) is a shortrange wireless optical communication that can transmit data by switching lighting elements at high speeds in indoor areas. In common areas, VLC can provide data security at every layer of communication by using physical layer security (PLS) techniques as well as existing cryptography-based techniques. In the literature, PLS techniques have generally been studied for monochrome VLC systems, and multicolor VLC studies are quite limited. In this study, to the best of authors’ knowledge, null steering (NS) and artificial noise (AN), which are widely used PLS methods, have been applied to multi-colored LEDbased VLC systems for the first time in the literature and the achievable secrecy rate has been calculated.

Web Caching Security 2022 - The world today is driving towards connections via the internet rather than social interaction. Hence modern- day businesses have a compelling need to update themselves and make their brand heard across the world. One of the most popular and recognized approaches is to develop a web application which acts as the face of their company over the Internet. This paper presents the development of a Content Management System designed for a start-up that provides fitness sessions to people across the world. The CMS comprises various modules such as user management, individual sessions handling, group sessions handling, course management along with functions including multi-currency and multi-time zone support, telecommunication interfacing, notification system and payment gateway integration. This paper also discusses on the security and caching mechanisms used to improve the security and the scalability of the proposed CMS. The application is designed to overcome the geographical barrier by handling currencies and timezones based on the locality of the user and incorporates a reliable payment and business communication platform. The technological stack includes Dynamic HTML for frontend, Django framework for backend, PostgreSQL and Redis for database management along with Celery task queues, deployed using Docker.