Multifactor Authentication - Cyber-physical Systems can be defined as a complex networked control system, which normally develop by combining several physical components with the cyber space. Cyber Physical System are already a part of our daily life. As its already being a part of everyone life, CPS also have great potential security threats and can be vulnerable to various cyber-attacks without showing any sign directly to component failure. To protect user security and privacy is a fundamental concern of any kind of system; either it’s a simple web application or supplicated professional system. Digital Multifactor authentication is one of the best ways to make secure authentication. It covers many different areas of a Cyberconnected world, including online payments, communications, access right management, etc. Most of the time, Multifactor authentication is little complex as it requires extra step from users. This paper will discuss the evolution from single authentication to Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). This paper seeks to analyze and evaluate the most prominent authentication techniques based on accuracy, cost, and feasibility of implementation. We also suggest several authentication schemes which incorporate with Multifactor authentication for CPS.

Multifactor Authentication - Authentication is one of the primary problems with system security. The key component of the access control process to prevent unauthorised users from accessing data and resources is authentication, which may be described as the act of verifying a user s identity. The validity of the user cannot be guaranteed by a static technique of authentication. This led to the development of more cutting-edge authentication techniques. To increase the system s security, two factor authentication was initially deployed, followed by multi factor authentication. Later, adaptive authentication was added and it also had some problems. When authenticating a user in this study, an unique collection of user features was taken into account. A performance optimization technique was included since this research takes many user factors into account, and it improved performance by 25\%.

Multifactor Authentication - Authentication is a mandatory factor in network security since decades. Conventional authentication schemes failed to improve system’s security, performance and scalability thus, two-factor, three factor and multifactor authentication schemes are developed. As technology grows, from single server authentication to multiserver authentication schemes and protocols are emerged. Single to multifactor authentication can be used as per the aspect and field of study. Different aspects may use different cryptographic schemes, key agreement to improve security, performance and scalability.

Multifactor Authentication - Cloud computing is a breakthrough advancement that provides ubiquitous services over the internet in an easy way to distribute information offering various advantages to both society and individuals. Recently, cloud technology has eased everyone’s life more favorable. However, privacy-preservation is an important issue to be tackled effectively in cloud environment while retrieving data services. Numerous techniques have been developed so far to verify user identity by exploiting authentication factor, whereas such techniques are inefficient and they are easily susceptible to unknown users and attacks. In order to address such problems, a multifactor authentication scheme is proposed using Hashing, Chebyshev polynomial, Key and OneTime Token (HCK-OTT) based multifactor authentication scheme for privacy-preserved data security in cloud. The entities involved in this proposed approach for effective authentication are user, cloud server, and data owner. The model is developed by considering various functionalities, such as encryption, Elliptic Curve Cryptography (ECC), XOR, and hashing function. The proposed HCK-OTT-based multifactor authentication scheme has achieved a minimum value of 22.654s for computational time, 70.5MB for memory usage, and 21.543s for communication cost with 64 bit key length.

Multifactor Authentication - Dhillon and Kalra proposed a multi-factor user authentication scheme for IoT. The authors claim their scheme to have practical utility for the IoT environment. However, we find that their scheme has numerous flaws such as insider attack and inefficient authentication. An adversary can work as a middle-man between the sensor node and the user, and the user can set-up a session key with the sensor node. Besides, the scheme does not establish the mutual authentication between every pair of entities. Thus, the scheme is inconvenient for practical use. We conclude this article by providing some suggestions for the improvement of the analysed scheme to remove the weaknesses identified in it.

Multifactor Authentication - With the growth of the number in smart devices based on IoT, keeping a secure data processing among them has become even more significant in cloud computing. However, a high security is needed to protect the huge amount of data privacy. In this regard, many authentication approaches are presented in IoT-Cloud-based Architecture. However, computation, latency, and security strength are major issues to provide authentication for users. We propose the Multifactor Scalable Lightweight Cryptography for IoTCloud to enhance security to protect the user or organization s information. The non-sensitive and sensitive data are generated from IoT devices and stored in our proposed hybrid public and private cloud after the encryptions. Hence, encryptions for public cloud and private cloud data are done by Digital Signature Algorithm and Policy based Attribute encryption algorithm with Moth fly optimization. This optimization is chosen as the key parameter efficiently. The three multifactors are then used to perform the three levels of authentication by Trust based Authentication Scheme. Following this, the proposed multifactor authentication is simulated and compared with existing approaches to analyze the performance in terms of computational and execution time and security strength. As a result, the proposed method is shown 97\% of security strength and minimum computation and execution time than other conventional approaches.

Multifactor Authentication - Internet of Things (IoT) has become an information bridge between societies. Wireless sensor networks (WSNs) are one of the emergent technologies that work as the main force in IoT. Applications based on WSN include environment monitoring, smart healthcare, user legitimacy authentication, and data security. Recently, many multifactor user authentication schemes for WSNs have been proposed using smart cards, passwords, as well as biometric features. Unfortunately, these schemes are shown to be susceptible towards several attacks and these includes password guessing attack, impersonation attack, and Man-in-the-middle (MITM) attack due to non-uniform security evaluation criteria. In this paper, we propose a lightweight multifactor authentication scheme using only hash function of the timestamp (TS) and One Time Password (OTP). Furthermore, public key and private key is incorporated to secure the communication channel. The security analysis shows that the proposed scheme satisfies all the security requirement and insusceptible towards some wellknown attack (password guessing attack, impersonation attack and MITM).

Multifactor Authentication - Today, with the rapid development of the information society and the increasingly complex computer network environment, multi-factor authentication, as one of the security protection technologies, plays an important role in both IT science and business. How to safely complete multi-factor authentication without affecting user experience has attracted extensive attention from researchers in the field of business security protection and network security. The purpose of this paper is to apply multi-factor authentication technology to enterprise security protection systems, develop and design a security protection technology based on multi-factor authentication dynamic authorization, and provide enterprises with unified identity management and authority management methods. The cornerstone of trust and security to ensure uninterrupted and stable operation of users. The original master key k is subjected to secondary multi-factor processing, which enhances the user s authentication ability and effectively avoids the risk of easy password theft and disguised identity. In order to meet the given VoIP security requirements, a SIP multi-factor authentication protocol is proposed for the VoIP environment by using the multi-factor authentication technology to solve the security problem. The performance test results show that due to the influence of data encryption and decryption, the response time of the encrypted database is 100s longer than that of the unencrypted one, but the growth rate is 10\% smaller than that of the unencrypted one. Therefore, the performance of this scheme is better when the amount of data is larger.

Multicore Computing Security - Flush-based cache attacks like Flush+Reload and Flush+Flush are highly precise and effective. Most of the flushbased attacks provide high accuracy in controlled and isolated environments where attacker and victim share OS pages. However, we observe that these attacks are prone to low accuracy on a noisy multi-core system with co-running applications. Two root causes for the varying accuracy of flush-based attacks are: (i) the dynamic nature of core frequencies that fluctuate depending on the system load, and (ii) the relative placement of victim and attacker threads in the processor, like same or different physical cores. These dynamic factors critically affect the execution latency of key instructions like clflush and mov, rendering the pre-attack calibration step ineffective.

Multicore Computing Security - Dynamic Voltage and Frequency Scaling (DVFS) is a widely deployed low-power technology in modern systems. In this paper, we discover a vulnerability in the implementation of the DVFS technology that allows us to measure the processor’s frequency in the userspace. By exploiting this vulnerability, we successfully implement a covert channel on the commercial Intel platform and demonstrate that the covert channel can reach a throughput of 28.41bps with an error rate of 0.53\%. This work indicates that the processor’s hardware information that is unintentionally leaked to the userspace by the privileged kernel modules may cause security risks.

Multicore Computing Security - Machines with multiple cores have become more and more popular. In order to fully utilize their parallel computation ability, efficient scheduling algorithm plays an important role. A good scheduler should output the reasonably good result quickly but most of the current schedulers fail to achieve this goal and always have to compromise between the running time and result quality. In response to the above concerns, this paper proposes one algorithm, Longest Path First In (LPFI), to do scheduling efficiently and effectively for multi-core. This algorithm uses a deterministic allocation mechanism to prioritize processes which are in long dependency chain. The experiment results show that, compared with greedy scheduling algorithm, LPFI has around 10\% improvement in the final result and can output the optimal result much faster than integer linear programming (ILP) scheduler.

Multicore Computing Security - Automobiles have become an indispensable part of life for both business and pleasure in today s society. Because of the long-term continuous work, fatigue presents a great danger to ride-sharing and truck drivers. Therefore, this paper aims to design a device that provides valuable feedback by evaluating driver status and surroundings. A gradient judgment is made through lane detection and face detection. When a dangerous condition is detected, the driver will be alerted by music and audio announcements with different degrees. The system also has two additional functions. First, a digital record-keeping to assist the professional driver. The other is a security system that if a stranger starts the car, a text message will be sent to the owner s phone. Compared with those in previous works, the proposed system s efficacy and efficiency are validated qualitatively and quantitatively in driver fatigue detection.

Multicore Computing Security - The automotive industry has recently emphasized reducing the number of Electronic Control Units (ECUs) installed in vehicles for economic and ecological reasons. This reduction means that the design and verification must be independent of the vehicle’s final choice of (MC)SoCs, knowing they will evolve as time passes. To that end, dataflow Models of Computation and Communication (MoCCs) are powerful tools for maintaining this independence. A subclass of dataflow MoCCs –deterministic dataflow MoCCs– is of particular interest since it allows designers to derive safety and security properties at compile-time. This work proposes a short survey of the existing deterministic dataflow MoCCs. We describe the properties of each dataflow MoCC and present an expressiveness hierarchy of dataflow MoCCs adjustable to designers’ needs.

Multicore Computing Security - With the continuous improvement of processor performance requirements, technologies such as superscalar, deep pipeline, and multi-core which can improve instruction parallelism are frequently used. Under this technical background, branch prediction errors will increase the delay used to flush the pipeline and greatly reduce the performance of the processor. Therefore, for high-performance processors, branch predictors with high prediction accuracy are particularly important. Based on the open source RISC-V processor core SweRV EH1, this paper adopts two prediction predictors, the hybrid predictor, and the TAGE predictor to improve the prediction performance of the original processor. This paper uses the riscv-tests selfchecking test scheme to verify the instruction set of the optimized processor and completes the prototype verification on the Kintex7 KC705 FPGA. Based on PowerStone and CoreMark test programs, this paper separately evaluates the branch prediction performance and processor performance of the processor core with two kinds of branch predictors. Experiments show that the implementation of the hybrid predictor and the TAGE predictor respectively improves the branch prediction accuracy of PowerStone programs by 3.65\% and 3.39\%; the average branch prediction rate respectively reaches 85.98\% and 90.06\%. The performance of SweRV EH1 is respectively improved by 2.56\% and 5.43\%.

Multicore Computing Security - This paper deals with hash based secure chaotic steganography technique for hiding secret information, into the cover image. Hash function has been used in the proposed work for computing the Non LSB positions for hiding the secret data bits. Secret is encoded with chaotic sequences and randomness of the sequences has been validated with NIST test suite. Shared memory implementation for faster execution of the proposed security technique has been done in OpenMP platform. Sequential and the parallel versions of the techniques have been implemented in C++, OpenMP and simulated in the Intel Haswell processor based multi-core environment. With the advantages offered by multicore processors the proposed technique ensures low time complexity. Significant speedup and linear scalability have been reported with increase in the number of threads. Standard statistical validation test results viz. PSNR, Euclidean distance, histogram analysis, SSIM index applied to validate the quality of stego image show satisfactory results.

Multicore Computing Security - In this paper, we study the effectiveness of denial-ofservice (DoS) attacks on Intel’s heterogeneous multicore systemon-chips with integrated GPU (iGPU) in which the last level cache (LLC) and the main memory subsystem are shared between the multicore CPU and the iGPU. Using two Intel processors with iGPU, we evaluate four different DoS attacks, three CPU based and one iGPU based, and show they can induce very high degree of shared resource contention and thus dramatically slowdown the victim’s execution time. We further evaluate the effectiveness of Intel’s recent hardware based shared resource isolation mechanisms, namely Intel Cache Allocation Technology (CAT) and Graphics Technology Class of Service (GT COS), which provide shared LLC partitioning capability for the CPU cores and the iGPU, respectively, in defending against these DoS attacks. Using both synthetic and real-world benchmarks, we find that hardware based LLC partitioning mechanisms does provide spatial LLC space isolation but does not necessarily provide temporal isolation.

Multicore Computing Security - Physical memories or RAMs are essential components in a computer system to hold temporary information required for both software and hardware to work properly. When a system’s security is compromised (e.g., due to a malicious application), sensitive information being held in the memories can be leaked out for example to “the cloud”. The RISC-V privileged architecture standard adopts a method called Physical Memory Protection (PMP) to segregate a system’s memory into regions with different policy and permissions to prevent unprivileged software from accessing unauthorized regions. However, PMP does not prevent malicious software from hijacking an Input/Output (IO) device with Direct Memory Access (DMA) capability to indirectly gain unauthorized accesses and hence, a similar method commonly termed as “IOPMP” is being worked on in the RISC-V community. This paper describes an early implementation of IOPMP and how it is used to protect physical memory regions in a RISC-V system. Then, the potential performance impact of IOPMP is briefly elaborated. There are still work to be done and this early IOPMP implementation allows various aspects of the protection method such as its scalability, practicality, and effectiveness etc. to be studied for future enhancement.

Middleware Security - Virtual machine (VM) based application sandboxes leverage strong isolation guarantees of virtualization techniques to address several security issues through effective containment of malware. Specifically, in end-user physical hosts, potentially vulnerable applications can be isolated from each other (and the host) using VM based sandboxes. However, sharing data across applications executing within different sandboxes is a nontrivial requirement for end-user systems because at the end of the day, all applications are used by the end-user owning the device. Existing file sharing techniques compromise the security or efficiency, especially considering lack of technical expertise of many end-users in the contemporary times.

Middleware Security - An evolvable hardware platform (EHWP) based on programmable devices can realize specific hardware function structures by changing the bitstreams. As EHWP becomes more and more widely used in security chips, issues related to hardware security have received focused attention, especially hardware Trojans (HTs). However, current research has focused on implementing defense against HTs in the underlying hardware, with very sparse mitigation solutions for HTs in the overlay/middleware layer. Given this, we attempt to implement an HTs mitigation solution using the characteristics of the EHWP. Specifically, we utilize evolutionary algorithm (EA) to explore new circuit structures to replace the HTsinfected resources, thus avoiding the related security issues. The experimental results show that the scheme proposed in this paper can effectively mitigate the HTs on EHWP.

Middleware Security - Online advertisements are a significant element of the Internet ecosystem. Businesses monitor their customers via pushing advertising (Ads). Within minutes, cybercriminals try to defraud and steal data through advertisements. Therefore, the issue of ads must be solved. Ads are obtrusive, a security risk, and they hinder performance and efficiency. Hence, the goal is to create an ad-blocker that would operate across the entire network and prevent advertisement on any website s web pages. To put it another way, it s a little computer with such a SoC (System - On - chip) also referred to as a Raspberry Pi that is merged with a networking system, for which we need to retrain the advertisements. On the home network, software named Pi Hole is used to block websites with advertisements. Any network traffic that passes via devices connected to the home network now passes through the Pi. As a result, the adverts are finally checked out during the Raspberry Pi before they reach the users machine and they will be blocked.

Middleware Security - Securing IoT networks has been one of recent most active research topics. However, unlike traditional network security, where the emphasis is given on the core network, IoT networks are mostly investigated from the data standpoint. Lightweight data transmission protocols, such as Message Queue Telemetry Transport (MQTT), are often deployed for data-sharing and device authentication due to limited onboard resources. This paper presents the MQTT protocol’s security vulnerabilities by incorporating Elliptic Curve Cryptographybased (ECC-based) security to improve confidentiality issues. We used commercially off-the-shelf (COTS) devices such as Raspberry Pi to build a simplified network topology that connects IoT devices in our smart home laboratory. The results illustrate an ECC-based security application in confidentiality increase of 70.65\% from 29.35\% in time parameter during publish/subscribe communication protocol for the smart home.

Middleware Security - Cybersecurity of power hardware is becoming increasingly critical with the emergence of smart and connected devices such as Grid-connected inverters, EVs and their chargers, microgrid controllers, energy storage / energy management controllers, and smart appliances. Cyber-attacks on power hardware have had far-reaching and widespread impacts. For such cyber-physical systems, security must be ensured at all levels in the design - hardware, firmware, software and interfaces. Although previous approaches to cybersecurity have focused mainly on vulnerabilities in the firmware middleware, or software, vulnerabilities in the hardware itself are hard to identify and harder to mitigate, especially when most hardware components are proprietary and not examinable. This paper presents one approach to mitigate this conundrum - a completely open-source implementation of a microcontroller core along with the associated peripherals based on the well-known RISC-V instruction set architecture (ISA). The proof-of-concept architecture presented here uses the “Shakti” E-Class microcontroller core integrated with a fully custom PWM controller implemented in Verilog, and validated on a Xilinx Artix FPGA. For critical applications such designs may be replicated as a custom ASIC thereby guaranteeing total security of the computing hardware.

Middleware Security - Connected devices are being deployed at a steady rate, providing services like data collection. Pervasive applications rely on those edge devices to seamlessly provide services to users. To connect applications and edge devices, using a middleware has been a popular approach. The research is active on the subject as there are many open challenges. The secure management of the edge devices and the security of the middleware are two of them. As security is a crucial requirement for pervasive environment, we propose a middleware architecture easing the secure use of edge devices for pervasive applications, while supporting the heterogeneity of communication protocols and the dynamism of devices. Because of the heterogeneity in protocols and security features, not all edge devices are equally secure. To allow the pervasive applications to gain control over this heterogeneous security, we propose a model to describe edge devices security. This model is accessible by the applications through our middleware. To validate our work, we developed a demonstrator of our middleware and we tested it in a concrete scenario.

Middleware Security - Web application security is the most important area when it comes to developing a web application. Many web applications having vulnerabilities due to poor implementation of security measures. These web applications will be deployed without fixing the vulnerabilities thus becomes vulnerable to many cyber-attacks. Simple attacks like brute-force and NoSQL injection could give unauthorized access to the user accounts. This leads to user privacy issues which could create huge loss to the organizations. These vulnerabilities can be fixed by implementing the necessary security measures while developing the web application. OWASP (Open Web Application Security Project) is a non-profit organization which gives the severity, impact and prevention methods about Top 10 vulnerabilities in web applications. This research deals with the implementation of bestsecurity practices for Node.js web applications in detail. This research paper proposes the security mechanisms for attacks related to front-end, middleware and backend web development using OWASP suggestions. The main focus of this research paper is on prevention of Denial-of-service attack, Brute force attack, NoSQL injection attack and Unrestricted file upload vulnerability.The proposed prevention methods are implemented in a web application to test the defensive mechanisms against the mentionedvulnerabilities.

Middleware Security - Robot Operating System 2 (ROS2) is the latest release of a framework for enabling robot applications. Data Distribution Service (DDS) middleware is used for communication between nodes in a ROS2 cluster. The DDS middleware provides a distributed discovery system, message definitions and serialization, and security. In ROS2, the DDS middleware is accessed through an abstraction layer, making it easy to switch from one implementation to another. The existing middleware implementations differ in a number of ways, e.g., in how they are supported in ROS2, in their support for the security features, their ease of use, their performance, and their interoperability. In this work, the focus is on the ease of use, interoperability, and security features aspects of ROS2 DDS middleware. We compare the ease of installation and ease of use of three different DDS middleware, and test the interoperability of different middleware combinations in simple deployment scenarios. We highlight the difference that enabling the security option makes to interoperability, and conduct performance experiments that show the effect that turning on security has on the communication performance. Our results provide guidelines for choosing and deploying DDS middleware on a ROS2 cluster.