A Hybrid Methodology to Assess Cyber Resilience of IoT in Energy Management and Connected Sites.

Cyber threats and vulnerabilities present an increasing risk to the safe and frictionless execution of business operations. Bad actors ("hackers"), including state actors, are increasingly targeting the operational technologies (OTs) and industrial control systems (ICSs) used to protect critical national infrastructure (CNI). Minimisations of cyber risk, attack surfaces, data immutability, and interoperability of IoT are some of the main challenges of today's CNI. Cyber security risk assessment is one of the basic and most important activities to identify and quantify cyber security threats and vulnerabilities. This research presents a novel i-TRACE security-by-design CNI methodology that encompasses CNI key performance indicators (KPIs) and metrics to combat the growing vicarious nature of remote, well-planned, and well-executed cyber-attacks against CNI, as recently exemplified in the current Ukraine conflict (2014-present) on both sides. The proposed methodology offers a hybrid method that specifically identifies the steps required (typically undertaken by those responsible for detecting, deterring, and disrupting cyber attacks on CNI). Furthermore, we present a novel, advanced, and resilient approach that leverages digital twins and distributed ledger technologies for our chosen i-TRACE use cases of energy management and connected sites. The key steps required to achieve the desired level of interoperability and immutability of data are identified, thereby reducing the risk of CNI-specific cyber attacks and minimising the attack vectors and surfaces. Hence, this research aims to provide an extra level of safety for CNI and OT human operatives, i.e., those tasked with and responsible for detecting, deterring, disrupting, and mitigating these cyber-attacks. Our evaluations and comparisons clearly demonstrate that i-TRACE has significant intrinsic advantages compared to existing "state-of-the-art" mechanisms.

Explainable AI for Medical Image Analysis in Medical Cyber-Physical Systems: Enhancing Transparency and Trustworthiness of IoMT.

Medical image analysis plays a crucial role in healthcare systems of Internet of Medical Things (IoMT), aiding in the diagnosis, treatment planning, and monitoring of various diseases. With the increasing adoption of artificial intelligence (AI) techniques in medical image analysis, there is a growing need for transparency and trustworthiness in decision-making. This study explores the application of explainable AI (XAI) in the context of medical image analysis within medical cyber-physical systems (MCPS) to enhance transparency and trustworthiness. To this end, this study proposes an explainable framework that integrates machine learning and knowledge reasoning. The explainability of the model is realized when the framework evolution target feature results and reasoning results are the same and are relatively reliable. However, using these technologies also presents new challenges, including the need to ensure the security and privacy of patient data from IoMT. Therefore, attack detection is an essential aspect of MCPS security. For the MCPS model with only sensor attacks, the necessary and sufficient conditions for detecting attacks are given based on the definition of sparse observability. The corresponding attack detector and state estimator are designed by assuming that some IoMT sensors are under protection. It is expounded that the IoMT sensors under protection play an important role in improving the efficiency of attack detection and state estimation. The experimental results show that the XAI in the context of medical image analysis within MCPS improves the accuracy of lesion classification, effectively removes low-quality medical images, and realizes the explainability of recognition results. This helps doctors understand the logic of the system's decision-making and can choose whether to trust the results based on the explanation given by the framework.

MedSecurance Project: Advanced Security-for-Safety Assurance for Medical Device IoT (IoMT).

The MedSecurance project focus on identifying new challenges in cyber security with focus on hardware and software medical devices in the context of emerging healthcare architectures. In addition, the project will review best practice and identify gaps in the guidance, particularly the guidance stipulated by the medical device regulation and directives. Finally, the project will develop comprehensive methodology and tooling for the engineering of trustworthy networks of inter-operating medical devices, that shall have security-for-safety by design, with a strategy for device certification and certifiable dynamic network composition, ensuring that patient safety is safeguarded from malicious cyber actors and technology "accidents".

Unpacking privacy: Valuation of personal data protection.

Information about individual behaviour is collected regularly by organisations. This information has value to businesses, the government and third parties. It is not clear what value this personal data has to consumers themselves. Much of the modern economy is predicated on people sharing personal data, however if individuals value their privacy, they may choose to withhold this data unless the perceived benefits of sharing outweigh the perceived value of keeping the data private. One technique to assess how much individuals value their privacy is to ask them whether they might be willing to pay for an otherwise free service if paying allowed them to avoid sharing personal data. Our research extends previous work on factors affecting individuals' decisions about whether to share personal data. We take an experimental approach and focus on whether consumers place a positive value on protecting their data by examining their willingness to share personal data in a variety of data sharing environments. Using five evaluation techniques, we systematically investigate whether members of the public value keeping their personal data private. We show that the extent to which participants value protecting their information differs by data type, suggesting there is no simple function to assign a value for individual privacy. The majority of participants displayed remarkable consistency in their rankings of the importance of different types of data through a variety of elicitation procedures, a finding consistent with the existence of stable individual privacy preferences in protecting personal data. We discuss our findings in the context of research on the value of privacy and privacy preferences.

Securing Cloud-Assisted Connected and Autonomous Vehicles: An In-Depth Threat Analysis and Risk Assessment.

As threat vectors and adversarial capabilities evolve, Cloud-Assisted Connected and Autonomous Vehicles (CCAVs) are becoming more vulnerable to cyberattacks. Several established threat analysis and risk assessment (TARA) methodologies are publicly available to address the evolving threat landscape. However, these methodologies inadequately capture the threat data of CCAVs, resulting in poorly defined threat boundaries or the reduced efficacy of the TARA. This is due to multiple factors, including complex hardware-software interactions, rapid technological advancements, outdated security frameworks, heterogeneous standards and protocols, and human errors in CCAV systems. To address these factors, this study begins by systematically evaluating TARA methods and applying the Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privileges (STRIDE) threat model and Damage, Reproducibility, Exploitability, Affected Users, and Discoverability (DREAD) risk assessment to target system architectures. This study identifies vulnerabilities, quantifies risks, and methodically examines defined data processing components. In addition, this study offers an attack tree to delineate attack vectors and provides a novel defense taxonomy against identified risks. This article demonstrates the efficacy of the TARA in systematically capturing compromised security requirements, threats, limits, and associated risks with greater precision. By doing so, we further discuss the challenges in protecting hardware-software assets against multi-staged attacks due to emerging vulnerabilities. As a result, this research informs advanced threat analyses and risk management strategies for enhanced security engineering of cyberphysical CCAV systems.

Do the Right Thing: A Privacy Policy Adherence Analysis of over Two Million Apps in Apple iOS App Store.

Mobile app developers are often obliged by regulatory frameworks to provide a privacy policy in natural comprehensible language to describe their apps' privacy practices. However, prior research has revealed that: (1) not all app developers offer links to their privacy policies; and (2) even if they do offer such access, it is difficult to determine if it is a valid link to a (valid) policy. While many prior studies looked at this issue in Google Play Store, Apple App Store, and particularly the iOS store, is much less clear. In this paper, we conduct the first and the largest study to investigate the previous issues in the iOS app store ecosystem. First, we introduce an App Privacy Policy Extractor (APPE), a system that embraces and analyses the metadata of over two million apps to give insightful information about the distribution of the supposed privacy policies, and the content of the provided privacy policy links, store-wide. The result shows that only 58.5% of apps provide links to purported privacy policies, while 39.3% do not provide policy links at all. Our investigation of the provided links shows that only 38.4% of those links were directed to actual privacy policies, while 61.6% failed to lead to a privacy policy. Further, for research purposes we introduce the App Privacy Policy Corpus (APPC-451K); the largest app privacy policy corpus consisting of data relating to more than 451K verified privacy policies.

Blockchain and cloud computing-based secure electronic healthcare records storage and sharing.

Healthcare information is essential for both service providers and patients. Further secure sharing and maintenance of Electronic Healthcare Records (EHR) are imperative. EHR systems in healthcare have traditionally relied on a centralized system (e.g., cloud) to exchange health data across healthcare stakeholders, which may expose private and sensitive patient information. EHR has struggled to meet the demands of several stakeholders and systems in terms of safety, isolation, and other regulatory constraints. Blockchain is a distributed, decentralized ledger technology that can provide secured, validated, and immutable data sharing facilities. Blockchain creates a distributed ledger system using techniques of cryptography (hashes) that are consistent and permit actions to be carried out in a distributed manner without needing a centralized authority. Data exploitation is difficult and evident in a blockchain network due to its immutability. We propose an architecture based on blockchain technology that authenticates the user identity using a Proof of Stake (POS) cryptography consensus mechanism and Secure Hash Algorithm (SHA256) to secure EHR sharing among different electronic healthcare systems. An Elliptic Curve Digital Signature Algorithm (ECDSA) is used to verify EHR sensors to assemble and transmit data to cloud infrastructure. Results indicate that the proposed solution performs exceptionally well when compared with existing solutions, which include Proof-Of-Work (POW), Secure Hash Algorithm (SHA-1), and Message Digest (MD5) in terms of power consumption, authenticity, and security of healthcare records.

Meeting sustainable development goals via robotics and autonomous systems.

Robotics and autonomous systems are reshaping the world, changing healthcare, food production and biodiversity management. While they will play a fundamental role in delivering the UN Sustainable Development Goals, associated opportunities and threats are yet to be considered systematically. We report on a horizon scan evaluating robotics and autonomous systems impact on all Sustainable Development Goals, involving 102 experts from around the world. Robotics and autonomous systems are likely to transform how the Sustainable Development Goals are achieved, through replacing and supporting human activities, fostering innovation, enhancing remote access and improving monitoring. Emerging threats relate to reinforcing inequalities, exacerbating environmental change, diverting resources from tried-and-tested solutions and reducing freedom and privacy through inadequate governance. Although predicting future impacts of robotics and autonomous systems on the Sustainable Development Goals is difficult, thoroughly examining technological developments early is essential to prevent unintended detrimental consequences. Additionally, robotics and autonomous systems should be considered explicitly when developing future iterations of the Sustainable Development Goals to avoid reversing progress or exacerbating inequalities.

Deep GRU-CNN Model for COVID-19 Detection From Chest X-Rays Data.

In the current era, data is growing exponentially due to advancements in smart devices. Data scientists apply a variety of learning-based techniques to identify underlying patterns in the medical data to address various health-related issues. In this context, automated disease detection has now become a central concern in medical science. Such approaches can reduce the mortality rate through accurate and timely diagnosis. COVID-19 is a modern virus that has spread all over the world and is affecting millions of people. Many countries are facing a shortage of testing kits, vaccines, and other resources due to significant and rapid growth in cases. In order to accelerate the testing process, scientists around the world have sought to create novel methods for the detection of the virus. In this paper, we propose a hybrid deep learning model based on a convolutional neural network (CNN) and gated recurrent unit (GRU) to detect the viral disease from chest X-rays (CXRs). In the proposed model, a CNN is used to extract features, and a GRU is used as a classifier. The model has been trained on 424 CXR images with 3 classes (COVID-19, Pneumonia, and Normal). The proposed model achieves encouraging results of 0.96, 0.96, and 0.95 in terms of precision, recall, and f1-score, respectively. These findings indicate how deep learning can significantly contribute to the early detection of COVID-19 in patients through the analysis of X-ray scans. Such indications can pave the way to mitigate the impact of the disease. We believe that this model can be an effective tool for medical practitioners for early diagnosis.

A Novel Privacy Paradigm for Improving Serial Data Privacy.

Protecting the privacy of individuals is of utmost concern in today's society, as inscribed and governed by the prevailing privacy laws, such as GDPR. In serial data, bits of data are continuously released, but their combined effect may result in a privacy breach in the whole serial publication. Protecting serial data is crucial for preserving them from adversaries. Previous approaches provide privacy for relational data and serial data, but many loopholes exist when dealing with multiple sensitive values. We address these problems by introducing a novel privacy approach that limits the risk of privacy disclosure in republication and gives better privacy with much lower perturbation rates. Existing techniques provide a strong privacy guarantee against attacks on data privacy; however, in serial publication, the chances of attack still exist due to the continuous addition and deletion of data. In serial data, proper countermeasures for tackling attacks such as correlation attacks have not been taken, due to which serial publication is still at risk. Moreover, protecting privacy is a significant task due to the critical absence of sensitive values while dealing with multiple sensitive values. Due to this critical absence, signatures change in every release, which is a reason for attacks. In this paper, we introduce a novel approach in order to counter the composition attack and the transitive composition attack and we prove that the proposed approach is better than the existing state-of-the-art techniques. Our paper establishes the result with a systematic examination of the republication dilemma. Finally, we evaluate our work using benchmark datasets, and the results show the efficacy of the proposed technique.

Dynamic cyber risk estimation with competitive quantile autoregression.

The increasing value of data held in enterprises makes it an attractive target to attackers. The increasing likelihood and impact of a cyber attack have highlighted the importance of effective cyber risk estimation. We propose two methods for modelling Value-at-Risk (VaR) which can be used for any time-series data. The first approach is based on Quantile Autoregression (QAR), which can estimate VaR for different quantiles, i. e. confidence levels. The second method, we term Competitive Quantile Autoregression (CQAR), dynamically re-estimates cyber risk as soon as new data becomes available. This method provides a theoretical guarantee that it asymptotically performs as well as any QAR at any time point in the future. We show that these methods can predict the size and inter-arrival time of cyber hacking breaches by running coverage tests. The proposed approaches allow to model a separate stochastic process for each significance level and therefore provide more flexibility compared to previously proposed techniques. We provide a fully reproducible code used for conducting the experiments.

Super-forecasting the 'technological singularity' risks from artificial intelligence.

This article investigates cybersecurity (and risk) in the context of 'technological singularity' from artificial intelligence. The investigation constructs multiple risk forecasts that are synthesised in a new framework for counteracting risks from artificial intelligence (AI) itself. In other words, the research in this article is not just concerned with securing a system, but also analysing how the system responds when (internal and external) failure(s) and compromise(s) occur. This is an important methodological principle because not all systems can be secured, and totally securing a system is not feasible. Thus, we need to construct algorithms that will enable systems to continue operating even when parts of the system have been compromised. Furthermore, the article forecasts emerging cyber-risks from the integration of AI in cybersecurity. Based on the forecasts, the article is concentrated on creating synergies between the existing literature, the data sources identified in the survey, and forecasts. The forecasts are used to increase the feasibility of the overall research and enable the development of novel methodologies that uses AI to defend from cyber risks. The methodology is focused on addressing the risk of AI attacks, as well as to forecast the value of AI in defence and in the prevention of AI rogue devices acting independently. Supplementary Information: The online version contains supplementary material available at 10.1007/s12530-022-09431-7.

Methodology for integrating artificial intelligence in healthcare systems: learning from COVID-19 to prepare for Disease X.

Artificial intelligence and edge devices have been used at an increased rate in managing the COVID-19 pandemic. In this article we review the lessons learned from COVID-19 to postulate possible solutions for a Disease X event. The overall purpose of the study and the research problems investigated is the integration of artificial intelligence function in digital healthcare systems. The basic design of the study includes a systematic state-of-the-art review, followed by an evaluation of different approaches to managing global pandemics. The study design then engages with constructing a new methodology for integrating algorithms in healthcare systems, followed by analysis of the new methodology and a discussion. Action research is applied to review existing state of the art, and a qualitative case study method is used to analyse the knowledge acquired from the COVID-19 pandemic. Major trends found as a result of the study derive from the synthesis of COVID-19 knowledge, presenting new insights in the form of a conceptual methodology-that includes six phases for managing a future Disease X event, resulting with a summary map of various problems, solutions and expected results from integrating functional AI in healthcare systems.

MobChain: Three-Way Collusion Resistance in Witness-Oriented Location Proof Systems Using Distributed Consensus.

Smart devices have accentuated the importance of geolocation information. Geolocation identification using smart devices has paved the path for incentive-based location-based services (LBS). However, a user's full control over a smart device can allow tampering of the location proof. Witness-oriented location proof systems (LPS) have emerged to resist the generation of false proofs and mitigate collusion attacks. However, witness-oriented LPS are still susceptible to three-way collusion attacks (involving the user, location authority, and the witness). To overcome the threat of three-way collusion in existing schemes, we introduce a decentralized consensus protocol called MobChain in this paper. In this scheme the selection of a witness and location authority is achieved through a distributed consensus of nodes in an underlying P2P network that establishes a private blockchain. The persistent provenance data over the blockchain provides strong security guarantees; as a result, the forging and manipulation of location becomes impractical. MobChain provides secure location provenance architecture, relying on decentralized decision making for the selection of participants of the protocol thereby addressing the three-way collusion problem. Our prototype implementation and comparison with the state-of-the-art solutions show that MobChain is computationally efficient and highly available while improving the security of LPS.

Hybrid Task Coordination Using Multi-Hop Communication in Volunteer Computing-Based VANETs.

Computation offloading is a process that provides computing services to vehicles with computation sensitive jobs. Volunteer Computing-Based Vehicular Ad-hoc Networking (VCBV) is envisioned as a promising solution to perform task executions in vehicular networks using an emerging concept known as vehicle-as-a-resource (VaaR). In VCBV systems, offloading is the primary technique used for the execution of delay-sensitive applications which rely on surplus resource utilization. To leverage the surplus resources arising in periods of traffic congestion, we propose a hybrid VCBV task coordination model which performs the resource utilization for task execution in a multi-hop fashion. We propose an algorithm for the determination of boundary relay vehicles to minimize the requirement of placement for multiple road-side units (RSUs). We propose algorithms for primary and secondary task coordination using hybrid VCBV. Extensive simulations show that the hybrid technique for task coordination can increase the system utility, while the latency constraints are addressed.

Virtual Pseudonym-Changing and Dynamic Grouping Policy for Privacy Preservation in VANETs.

Location privacy is a critical problem in the vehicular communication networks. Vehicles broadcast their road status information to other entities in the network through beacon messages to inform other entities in the network. The beacon message content consists of the vehicle ID, speed, direction, position, and other information. An adversary could use vehicle identity and positioning information to determine vehicle driver behavior and identity at different visited location spots. A pseudonym can be used instead of the vehicle ID to help in the vehicle location privacy. These pseudonyms should be changed in appropriate way to produce uncertainty for any adversary attempting to identify a vehicle at different locations. In the existing research literature, pseudonyms are changed during silent mode between neighbors. However, the use of a short silent period and the visibility of pseudonyms of direct neighbors provides a mechanism for an adversary to determine the identity of a target vehicle at specific locations. Moreover, privacy is provided to the driver, only within the RSU range; outside it, there is no privacy protection. In this research, we address the problem of location privacy in a highway scenario, where vehicles are traveling at high speeds with diverse traffic density. We propose a Dynamic Grouping and Virtual Pseudonym-Changing (DGVP) scheme for vehicle location privacy. Dynamic groups are formed based on similar status vehicles and cooperatively change pseudonyms. In the case of low traffic density, we use a virtual pseudonym update process. We formally present the model and specify the scheme through High-Level Petri Nets (HLPN). The simulation results indicate that the proposed method improves the anonymity set size and entropy, provides lower traceability, reduces impact on vehicular network applications, and has lower computation cost compared to existing research work.

Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic.

The COVID-19 pandemic was a remarkable, unprecedented event which altered the lives of billions of citizens globally resulting in what became commonly referred to as the new-normal in terms of societal norms and the way we live and work. Aside from the extraordinary impact on society and business as a whole, the pandemic generated a set of unique cyber-crime related circumstances which also affected society and business. The increased anxiety caused by the pandemic heightened the likelihood of cyber-attacks succeeding corresponding with an increase in the number and range of cyber-attacks. This paper analyses the COVID-19 pandemic from a cyber-crime perspective and highlights the range of cyber-attacks experienced globally during the pandemic. Cyber-attacks are analysed and considered within the context of key global events to reveal the modus-operandi of cyber-attack campaigns. The analysis shows how following what appeared to be large gaps between the initial outbreak of the pandemic in China and the first COVID-19 related cyber-attack, attacks steadily became much more prevalent to the point that on some days, three or four unique cyber-attacks were being reported. The analysis proceeds to utilise the UK as a case study to demonstrate how cyber-criminals leveraged salient events and governmental announcements to carefully craft and execute cyber-crime campaigns.

Trust in the smart home: Findings from a nationally representative survey in the UK.

Businesses in the smart home sector are actively promoting the benefits of smart home technologies for consumers, such as convenience, economy and home security. To better understand meanings of and trust in the smart home, we carried out a nationally representative survey of UK consumers designed to measure adoption and acceptability, focusing on awareness, ownership, experience, trust, satisfaction and intention to use. We analysed the results using theories of meanings and acceptability of technologies including semiotics, social construction of technology (SCOT) and sociotechnical affordance. Our findings suggest that the meaning and value proposition of the smart home have not yet achieved closure for consumers, but is already foregrounding risks to privacy and security amongst the other meaning-making possibilities it could afford. Anxiety about the likelihood of a security incident emerges as a prominent factor influencing adoption of smart home technology. This factor negatively impacts adoption. These findings underline how businesses and policymakers will need to work together to act on the sociotechnical affordances of smart home technology in order to increase consumers' trust. This intervention is necessary if barriers to adoption and acceptability of the smart home are to be addressed now and in the future.

A Novel Internet of Things-Enabled Accident Detection and Reporting System for Smart City Environments.

Internet of Things-enabled Intelligent Transportation Systems (ITS) are gaining significant attention in academic literature and industry, and are seen as a solution to enhancing road safety in smart cities. Due to the ever increasing number of vehicles, a significant rise in the number of road accidents has been observed. Vehicles embedded with a plethora of sensors enable us to not only monitor the current situation of the vehicle and its surroundings but also facilitates the detection of incidents. Significant research, for example, has been conducted on accident rescue, particularly on the use of Information and Communication Technologies (ICT) for efficient and prompt rescue operations. The majority of such works provide sophisticated solutions that focus on reducing response times. However, such solutions can be expensive and are not available in all types of vehicles. Given this, we present a novel Internet of Things-based accident detection and reporting system for a smart city environment. The proposed approach aims to take advantage of advanced specifications of smartphones to design and develop a low-cost solution for enhanced transportation systems that is deployable in legacy vehicles. In this context, a customized Android application is developed to gather information regarding speed, gravitational force, pressure, sound, and location. The speed is a factor that is used to help improve the identification of accidents. It arises because of clear differences in environmental conditions (e.g., noise, deceleration rate) that arise in low speed collisions, versus higher speed collisions). The information acquired is further processed to detect road incidents. Furthermore, a navigation system is also developed to report the incident to the nearest hospital. The proposed approach is validated through simulations and comparison with a real data set of road accidents acquired from Road Safety Open Repository, and shows promising results in terms of accuracy.

A longitudinal analysis of the public perception of the opportunities and challenges of the Internet of Things.

The Internet of Things (or IoT), which enables the networked interconnection of everyday objects, is becoming increasingly popular in many aspects of our lives ranging from entertainment to health care. While the IoT brings a set of invaluable advantages and opportunities with it, there is also evidence of numerous challenges that are yet to be resolved. This is certainly the case with regard to ensuring the cyber security of the IoT, and there are various examples of devices being hacked. Despite this evidence, little is known about the public perceptions of the opportunities and challenges presented by the IoT. To advance research in this direction, we mined the social media platform Twitter to learn about public opinion about the IoT. Analysing a longitudinal dataset of more than 6.7 million tweets, we reveal insights into public perceptions of the IoT, identifying big data analytics as the most positive aspect, whereas security issues are the main public concern on the negative side. Our study serves to highlight the importance of keeping IoT devices secure, and remind manufacturers that it is a concern that remains unresolved, at least insofar as the public believes.