main-content

## Über dieses Buch

This book constitutes the revised selected papers from the 14th International Conference on Risks and Security of Internet and Systems, CRiSIS 2019, held in Hammamet, Tunisia, in October 2019.
The 20 full papers and 4 short papers presented in this volume were carefully reviewed and selected from 64 submissions. They cover diverse research themes that range from classic topics, such as risk analysis and management; access control and permission; secure embedded systems; network and cloud security; information security policy; data protection and machine learning for security; distributed detection system and blockchain.

## Inhaltsverzeichnis

### Correction to: “I do it because they do it”: Social-Neutralisation in Information Security Practices of Saudi Medical Interns

Saad Altamimi, Karen Renaud, Timothy Storer

### pQUANT: A User-Centered Privacy Risk Analysis Framework

Abstract
The last few decades have entertained a fast digital transformation of our daily activities. This has brought about numerous benefits as well as unanticipated consequences. As such, on the consequences side, information privacy incidents have become prevalent. This has further raised the concern of users and data protection bodies alike. Thus, quantifying and communicating privacy risks plays paramount role in raising user awareness, designing appropriate technical solutions, and enacting legal frameworks. However, previous research in privacy risk quantification has not considered the user’s heterogeneously subjective perceptions of privacy, and her right to informational self determination since, often, the privacy risk analysis and prevention takes place once the data is out of her control. In this paper, we present a user-centered privacy risk quantification framework coupled with granular and usable privacy risk warnings. The framework takes a new approach in that it empowers users to take informed privacy protection decisions prior to unintended data disclosure.
Welderufael B. Tesfay, Dimitra Nastouli, Yannis C. Stamatiou, Jetzabel M. Serna

### An Industrial Trial of an Approach to Identification and Modelling of Cybersecurity Risks in the Context of Digital Secondary Substations

Abstract
We have in an earlier study proposed a set of requirements and an approach to identification and modelling of cybersecurity risks and their impacts on safety, within the context of smart power grids. The approach, which consisted of a process and a modelling language, was a partially customized version of the existing “CORAS” risk-analysis approach. As a part of the study, feasibility of the approach was evaluated by applying it on an industrial pilot for so-called self-healing functionality of a smart power grid. The results obtained were promising, but further empirical evaluation was strongly needed in order to further assess usefulness and applicability of the approach in the context of smart power grids. This paper provides a detailed account of results of applying the same approach to cybersecurity risk identification and modelling in the context of another smart grid pilot, namely digital secondary substations. The trial was conducted in a real setting, in the form of an industrial case study, in close collaboration with the major Norwegian distribution system operator that has been running the pilot for about two years. The evaluation indicates that the approach can be applied in a real setting to identify and model cybersecurity risks. The experiences from the case study moreover show that the presented approach is, to a large degree, well suited for its intended purpose, but it also points to areas in need for improvement and further evaluation.
Aida Omerovic, Hanne Vefsnmo, Oddbjørn Gjerde, Siri T. Ravndal, Are Kvinnesland

### Continuous Risk Management for Industrial IoT: A Methodological View

Abstract
Emergent cyber-attacks and exploits targeting Operational Technologies (OT) call for a proactive risk management approach. The convergence between OT and the Internet-of-Things in industries introduces new opportunities for cyber-attacks that have the potential to disrupt time-critical and hazardous processes. This paper proposes a methodology to adapt traditional risk management standards to work in a continuous fashion. Monitoring of risk factors is based on incident and event management tools, and misbehaviour detection to address cyber-physical systems’ security gaps. Another source of information that can enhance this approach is threat intelligence. Risks are calculated using Bayesian Networks.
Carolina Adaros-Boye, Paul Kearney, Mark Josephs

### Systematic Asset Identification and Modeling During Requirements Engineering

Abstract
Risk management primarily targets the treatment of threats which might harm the assets of a system. Therefore, identifying such assets of a system and documenting them systematically in an asset model are the key activities in any risk management approach. Based on the ISO/IEC 27005 standard, the consideration of assets consists of two major activities: (i) asset identification, and (ii) asset valuation. However, despite the crucial role of asset identification and asset documentation, such documentation is often neglected during software development. In this paper, we aim to support security analysts in identifying and analyzing assets in the earliest stages of software development, i.e., during requirements engineering. Our contribution is two-fold: We first provide a conceptual model for assets that allows us to classify assets and to express the relations between assets. Second, we propose a method for a systematic identification of system assets and their documentation in an asset model. Our method is based on the functional requirements of software which are expressed by means of problem diagrams. We illustrate and evaluate our proposed approach by applying it to an application example from the smart home sector.
Nazila Gol Mohammadi, Roman Wirtz, Maritta Heisel

### Inference Control in Distributed Environment: A Comparison Study

Abstract
Traditional access control models aim to prevent data leakage via direct accesses. A direct access occurs when a requester performs his query directly into the desired object, however these models fail to protect sensitive data from being accessed with inference channels. An inference channel is produced by the combination of a legitimate response which the user receives from the system and metadata. Detecting and removing inference in database systems guarantee a high quality design in terms of data secrecy and privacy. Parting from the fact that data distribution exacerbates inference problem, we give in this paper a survey of the current and emerging research on the inference problem in both centralized and distributed database systems and highlighting research directions in this field.
Adel Jebali, Salma Sassi, Abderrazak Jemai

### MAPPER: Mapping Application Description to Permissions

Abstract
Android operating system has seen phenomenal growth, and Android Applications (Apps) have proliferated into mainstream usage across the globe. Are users informed by the developers about everything an App does when they consent to install an App from Google’s Play Store? In this paper, we propose a technique called MAPPER which aggregates the App permissions with the textual description for more precise App permissions enumeration. We focus on whether the application description fully describes permissions an App will ask and whether the user is made aware of those possible capabilities to take informed decision to install or not to install the App. We investigate permissions inferred from application descriptions and permissions declared in the Android manifest files of 1100+ Android applications. MAPPER prototype finds a large number of Apps live on Google’s Play Store which do not inform users about permissions, more than three-fourths of them are over-privileged from this perspective, and their application descriptions need revision. Our work can be used by App developers also to educate users in a better way.
Rajendra Kumar Solanki, Vijay Laxmi, Manoj Singh Gaur

### Delegation of Computation Using FV Cryptosystem

Abstract
Homomorphic encryption is a very promising cryptosystem for industrial. However, it is impossible to take a decision based on homomorphic cipher texts comparison. In this paper we provide a method to do a comparison between homomorphic cipher texts, using a secure element. We give a detailed description of an IoT use case where homomorphic encryption is used to ensure security, privacy, anonymity, and aggregation. This use case shows the necessity of cipher texts comparison to turn a real use case in an IoT environment.
Amina Bel Korchi, Nadia El Mrabet

### Hardware Optimization on FPGA for the Modular Multiplication in the AMNS Representation

Abstract
This paper describes our results of the AMNS modular multiplication algorithm for efficient implementations of ECC over $$\mathbb {F}_p$$ on the Hardware/Software (HW/SW) implementation in FPGA. We provide both arithmetic operators and computation architectures optimized for high speed. We also compare our results with the implementation of the CIOS method for modular multiplication.
Asma Chaouch, Yssouf Fangan Dosso, Laurent-Stéphane Didier, Nadia El Mrabet, Bouraoui Ouni, Belgacem Bouallegue

### A Semantic Framework with Humans in the Loop for Vulnerability-Assessment in Cyber-Physical Production Systems

Abstract
Critical manufacturing processes in smart networked systems such as Cyber-Physical Production Systems (CPPSs) typically require guaranteed quality-of-service performances, which is supported by cyber-security management. Currently, most existing vulnerability-assessment techniques mostly rely on only the security department due to limited communication between different working groups. This poses a limitation to the security management of CPPSs, as malicious operations may use new exploits that occur between successive analysis milestones or across departmental managerial boundaries. Thus, it is important to study and analyse CPPS networks’ security, in terms of vulnerability analysis that accounts for humans in the production process loop, to prevent potential threats to infiltrate through cross-layer gaps and to reduce the magnitude of their impact. We propose a semantic framework that supports the collaboration between different actors in the production process, to improve situation awareness for cyberthreats prevention. Stakeholders with different expertise are contributing to vulnerability assessment, which can be further combined with attack-scenario analysis to provide more practical analysis. In doing so, we show through a case study evaluation how our proposed framework leverages crucial relationships between vulnerabilities, threats and attacks, in order to narrow further the risk-window induced by discoverable vulnerabilities.
Yuning Jiang, Yacine Atif, Jianguo Ding, Wei Wang

### A Complete and Generic Security Approach for Wireless Sensors Network

Abstract
Wireless communication-random deployment-resources limitations are the main characteristics of wireless sensors networks that make them vulnerable to attacks. Indeed, sensors nodes and transmitted data are not protected. So, data privacy and integrity are essential to secure the transmitted information and to protect the various nodes. In this context, we have presented in this paper a complete and generic security solution adapted to the WSN constraints. This approach is based on the crossing between the three layers: physical layer, data link layer and network layer through the implementation of a secure MAC protocol and an intrusion detection system. As well as, the development of a new cryptographic solution grouping the modified AES encryption algorithm in CTR mode and a new key management protocol. The simulations results have proved on the one hand, the efficiency of our solution in WSN metrics term namely: mobility rate (from a network size 200, the mobility rate completes 99%), loss packets rate (LPR), energy consumption (does not exceed 0.512 $$\upmu$$j for the case of our encryption scheme and 142 mj for the case of our MAC protocol SXMachiavel), data freshness (40.79%), control overhead (2.4), etc. On the other hand, it’s resistance to the most dangerous attacks in the WSN: eavesdropping attacks, node capture attack, DOS attacks and spoofing attacks.
Imen Bouabidi, Pr. Mahmoud Abdellaoui

### WPA3 Connection Deprivation Attacks

Abstract
After the KRACK (Key Reinstallation AttaCK) attack on WPA2 (Wi-Fi Protected Access 2) in Fall 2017, the Wi-Fi Alliance started developing WPA3 which was announced in Summer 2018. WPA3 is a certification that adds protection mechanisms to its predecessor WPA2, such as dictionary attack resistance, management frame protection, and forward secrecy. In April 2019, researchers discovered a set of vulnerabilities in WPA3. These vulnerabilities allow an attacker to perform different types of attacks, varying from denial of service to network-password cracking. This has worried the community including organizations and device vendors who have already started implementing WPA3 on their devices. In this paper, we present three possible denial of service attacks on WPA3. We start by presenting the WPA3-SAE (Simultaneous Authentication of Equals) mechanism. Then, we analyze the mechanism and show the existence of specification flaws in WPA3 protocol. An attacker exploits these flaws to generate attacks on Wi-Fi availability to deprive legitimate devices from connecting to WPA3 networks. We experimentally show the feasibility of these attacks and propose possible countermeasures to mitigate the attacks and direct device vendors to better implement security in their future devices.

### An Approach for Thwarting Malicious Secret Channel: The Case of IP Record Route Option Header-Based Covert Channels

Abstract
The Internet constitutes actually one of the main communication platforms for cybercriminals and terrorists to exchange secret messages and hidden information. The use of clear or non-encrypted network traffic to communicate over the Internet allows steganalysis process and surveillance agencies to easily identify the presence of secret messages and hidden information, and classify the involved entities as potential cyber criminals or terrorists. However, covert channels can be an efficient and remedial communication solution for cybercriminals and terrorists to exchanged secret messages and hidden information. In fact, most covert channels attempt to send clear and non- encrypted messages embedded in the fields of network packets in order to offer robust communication channels against steganalysis. Nevertheless, covert channels are an immense cause of security concern and are classified as a serious threat because they can be used to pass malicious messages. This explains why detection and elimination of covert channels are considered a big issue that faces security systems and needs to be addressed. In this paper, a novel approach for detecting a particular type of covert channels is discussed. The covert channel uses the IP Record route option header in network IP packets to send secret messages and hidden information. The paper demonstrates that this type of covert channels is not robust enough against steganalysis. The proposed detection approach is based on the IP Loose source route option header. Conducted experiments show that the proposed approach is simple and straightforward to implement and can contribute to identifying malicious online activities of cyber criminals and terrorists.
Firas Saidi, Zouheir Trabelsi, Henda Ben Ghézela

### Toward Ciphertext Policy Attribute Based Encryption Model: A Revocable Access Control Solution in Cloud Computing

Abstract
Cloud Computing is the most promising paradigm in recent times. It offers on-demand services to individuals and industries. However, outsourcing sensitive data to entrusted Cloud servers impedes the adoption of Cloud concept. Security presents the most important issue. Consequently, Cloud service provider should implement fine grained access control models. Ciphertext Policy Attribute Based Encryption (CPABE) is considered as one of the most appropriate approach in Cloud Computing environment. However, it suffers from revocation, data owner overhead and computational cost limitations. In this work, we propose a Revocable algorithm (R-CPABE). The main idea of this work is to divide the original data after publishing in cloud server. In case of user revocation, one single slice is affected. Data owner need to retrieve, re-encrypt and re-publish it. To confirm the safety of our solution, we provide a security analysis. To evaluate its efficiency, a performance evaluation is performed.
Mariem Bouchaala, Cherif Ghazel, Leila Azouz Saidane

### A Framework for GDPR Compliance in Big Data Systems

Abstract
The verification and implementation of the GDPR regulation that aims at protecting European citizens’ privacy, is still a real challenge. In particular, in Big Data systems where data is of huge volume and heterogeneous, it is hard to track data evolution through its complex life cycle ranging from collection, ingestion, storage and analytics. In this context, from 2016 to 2019 research has been conducted and security tools designed. However, they are either specific to special applications or address only partially the regulation articles. In order to identify the covered parts, the missed ones and the necessary metrics for comparing different works, we propose a framework for GDPR compliance that identifies the main components for the regulation implementation. Based on this framework, we compare the main GDPR solutions in Big Data domain and we propose a guideline for GDPR verification and implementation in Big Data systems.
Mouna Rhahla, Sahar Allegue, Takoua Abdellatif

### “I do it because they do it”: Social-Neutralisation in Information Security Practices of Saudi Medical Interns

Abstract
Successful implementation of information security policies (ISP) and IT controls play an important role in safeguarding patient privacy in healthcare organizations. Our study investigates the factors that lead to healthcare practitioners’ neutralisation of ISPs, leading to non-compliance. The study adopted a qualitative approach and conducted a series of semi-structured interviews with medical interns and hospital IT department managers and staff in an academic hospital in Saudi Arabia. The study’s findings revealed that the MIs imitate their peers’ actions and employ similar justifications when violating ISP dictates. Moreover, MI team superiors’ (seniors) ISP non-compliance influences MI’s tendency to invoke neutralisation techniques. We found that trust between medical team members is an essential social facilitator that motivates MI’s to invoke neutralisation techniques to justify violating ISP policies and controls. These findings add new insights that help us to understand the relationship between the social context and neutralisation theory in triggering ISP non-compliance.
Saad Altamimi, Karen Renaud, Timothy Storer

### Unsupervised Machine Learning for Card Payment Fraud Detection

Abstract
Credit card fraud is one of the most common cybercrimes experienced by consumers today. Machine learning approaches are increasingly used to improve the accuracy of fraud detection systems. However, most of the approaches proposed so far have been based on supervised models, i.e., models trained with labelled historical fraudulent transactions, thus limiting the ability of the approach to recognise unknown fraud patterns. In this paper, we propose an unsupervised fraud detection system for card payments transactions. The unsupervised approach learns the characteristics of normal transactions and then identify anomalies as potential frauds. We introduce the challenges on modelling card payment transactions and discuss how to select the best features. Our approach can reduce the equal error rate (EER) significantly over previous approaches (from $$11.2\%$$ to $$8.55\% ERR$$), for a real-world transaction dataset.
Mario Parreno-Centeno, Mohammed Aamir Ali, Yu Guan, Aad van Moorsel

### Intrusion Detection Study and Enhancement Using Machine Learning

Abstract
IoT is an emerging technology, which represents a complex and heterogeneous environment. Thus, security in IoT could be an issue of concern, in particular detecting and identifying malicious events. Malicious events are triggered when anomalous traffic attempts to threaten and abuse the IoT network. Machine learning approaches provide interesting tools to detect new attacks and prevent unauthorized access. Therefore, the aim of this paper is to investigate and compare the performances of the classical machine learning methods: Support Vector Machine (SVM), K-Nearest Neighbor (KNN), and K-means. The performance metrics considered in this study are Accuracy, Detection Rate, False Alarm Rate, Recall, Precision, F1- Score, Time Training and Time Assigned Label. Then, a proposed solution for enhancement is elaborated by leveraging the multi-level tweak. The proposed solution shows the best performance results compared to classical machine learning methods for intrusion detection.
Hela Mliki, Abir Hadj Kaceam, Lamia Chaari

### Watch Out! Doxware on the Way...

Abstract
From spyware to ransomware to leakware, the world is on the verge of getting struck by a myriad of advanced attacks. Security researchers’ main objective is protecting the assets that a person/company possesses. They are in a constant battle in this cyber war facing attackers’ malicious intents. To compete in this arm race against security breaches, we propose an insight into plausible attacks especially Doxware (called also leakware). We present a quantification model that explores Windows file system in search of valuable data. It is based on some solutions provided in the literature for natural language processing such as term frequency-inverse document frequency (TF-IDF). The best top 15 file “contestants” will be then exfiltrated over the Internet to the attacker’s server. Our approach delivers an observation of the evolution of malware throughout the last years. It enables users to prevent their sensitive information being exposed to potential risks.
Routa Moussaileb, Charles Berti, Guillaume Deboisdeffre, Nora Cuppens, Jean-Louis Lanet

### CDISS-BEMOS: A New Color Document Image Steganography System Based on Beta Elliptic Modeling of the Online Signature

Abstract
Based on the Beta elliptic Modeling, a new signature steganography color document image system is proposed in this paper. This system uses the Binary Robust Invariant Scalable Keypoint (BRISK) detector to obtain the potential feature points used for constructing the embedding regions. The Beta elliptic signature is transformed into a secret message bits representation using the Huffman Coding (HC) to increase the performance of our system. Then, the secret message bits are divided into three sub message bits $$\mathrm{m}_\mathrm{R}$$, $$\mathrm{m}_\mathrm{G}$$, and $$\mathrm{m}_\mathrm{B}$$, using the weights $$\upalpha _\mathrm{R}$$, $$\upalpha _\mathrm{G}$$, and $$\upalpha _\mathrm{B}$$, respectively. Finally, each sequence bits is embedded into the corresponding channel, red (R), green (G), and blue (B) by modifying the first Least Significant Bit (LSB) of the embedding regions pixels. The robustness evaluation, quantitative and qualitative experimental results on multiple datasets: L3iDocCopies, LRDE Document Binarization Dataset, and on standard test images, demonstrates that the proposed color document images steganography system in the spatial domain maintains a better visual quality measured by Peak Signal to Noise Ratio (PSNR), Structural Similarity Index Matrix (SSIM), and Human Visual System (HSV) metrics, with relatively less computational complexity, which approves its effectiveness as compared to existing systems.
Anissa Zenati, Wael Ouarda, Adel M. Alimi

### A Graph Based Model for UAVs Group-Wide Collaboration Applied on an Anti-terrorism Scenario

Abstract
Adaptation of collaboration is needed to maintain the connectivity and quality of communication in group-wide collaborative activities. This becomes quite a challenge to handle when mobile entities are part of a wireless environment. In this paper, these challenges are addressed within the context of the SuperSenS project where Unmanned Aerial Vehicles (UAVs) have to collaborate either between themselves or with remote human actors during search-and-rescue missions. This paper presents our first results. The final goal is to propose new concepts, models and architectures that support cooperative adaptation which is aware of the mission being executed. Thus, the collaboration can be adequately adapted in response to the mission requirements and to the changes in the resource constraints.
Amal Gassara, Ismael Bouassida Rodriguez

### Modelling and Executing Time-Aware Processes in Trustless Blockchain Environment

Abstract
Blockchain is an emergent technology which enables the execution of collaborative business processes while ensuring trust by replacing central authority with cryptographic proof and distributed consensus. Thus, Blockchain technology can be used to find agreement between untrusted collaborating parties in business processes. However, temporal constraints of processes need more investigation. Indeed, Blockchain platforms do not offer means to represent nor to manage temporal constraints for business processes. Moreover, transaction completion time is not fixed, it can take from a few seconds to several minutes. In this paper, we include temporal constraints in smart contracts, which could mitigate the violation of time constraints, minimize the costly execution time, and avoiding thus financial penalties. To achieve this, we extend Caterpillar tool, which is the first open-source blockchain-based BPMN execution engine, to enable the automatic transformation of a large set of temporal constraints for business process model to smart contract code. We illustrate our approach with a use case, which we deploy in Ethereum Testnet.
Amal Abid, Saoussen Cheikhrouhou, Mohamed Jmaiel

### Multi-scale Adaptive Threshold for DDoS Detection

Abstract
Distributed Denial of Services (DDoS) attacks are still among the top major cyber threats against online servers. One efficient way to defend against such threats is through adaptive threshold models, which can tune defense mechanisms according to network conditions and setup. However, the main challenge of such models is threshold selection which has a direct impact on detection accuracy and hence protection insurance. In this paper, we propose a new model to compute an adaptive threshold via distributed energy wavelet decomposition. Our model leverages consensus protocol to solve the single point of failure problem. The empirical evaluation, which is based on real DDoS attack traces, demonstrate that the proposed model is indeed capable to detect accurately and in real-time, DDoS threats.
Fatima Ezzahra Ouerfelli, Khaled Barbaria, Belhassen Zouari, Claude Fachkha

### A Recommender System for User-Specific Vulnerability Scoring

Abstract
With the inclusion of external software components in their software, vendors also need to identify and evaluate vulnerabilities in the components they use. A growing number of external components makes this process more time-consuming, as vendors need to evaluate the severity and applicability of published vulnerabilities. The CVSS score is used to rank the severity of a vulnerability, but in its simplest form, it fails to take user properties into account. The CVSS also defines an environmental metric, allowing organizations to manually define individual impact requirements. However, it is limited to explicitly defined user information and only a subset of vulnerability properties is used in the metric. In this paper we address these shortcomings by presenting a recommender system specifically targeting software vulnerabilities. The recommender considers both user history, explicit user properties, and domain based knowledge. It provides a utility metric for each vulnerability, targeting the specific organization’s requirements and needs. An initial evaluation with industry participants shows that the recommender can generate a metric closer to the users’ reference rankings, based on predictive and rank accuracy metrics, compared to using CVSS environmental score.
Linus Karlsson, Pegah Nikbakht Bideh, Martin Hell

### Distributed Detection System Using Wavelet Decomposition and Chi-Square Test

Abstract
As of today, Distributed Denial of Service Attacks remain one the most devastating threats online. This paper presents an estimation model that integrates the discrete wavelet transform (DWT) and Chi-Square test ($$X_{2}$$) for detecting DDoS attacks. The present model presents a distributed architecture reducing the risk of single point of failure and increasing the reliability of the system. First, we uses the DWT to decompose the traffic data. Then, the obtained detail (high-frequency) components is used as input variable to forecast future traffic attack. To ensure a complete distribution of our system we test the PAXOS protocol which give a reliable communication between detection systems. The model is tested using real datasets of DDoS traces. So, our proposed system outperforms other conventional models that use a centralized architecture.
Fatima Ezzahra Ouerfelli, Khaled Barbaria, Belhassen Zouari, Claude Fachkha

### Backmatter

Weitere Informationen