Vasily Desnitsky

Bio: Vasily Desnitsky is an academic researcher from Russian Academy of Sciences. The author has contributed to research in topics: Wireless sensor network & Computer science. The author has an hindex of 7, co-authored 31 publications receiving 180 citations. Previous affiliations of Vasily Desnitsky include St. Petersburg State University of Telecommunications & Saint Petersburg State University of Information Technologies, Mechanics and Optics.

A Methodology for the Analysis and Modeling of Security Threats and Attacks for Systems of Embedded Components

Abstract: The development of systems based on embedded components is a challenging task because of their distributed, reactive and real-time nature. From a security point of view, embedded devices are basically systems owned by a certain entity, used frequently as part of systems owned by other entities and operated in a potentially hostile environment. The development of security-enhanced systems of embedded components is a difficult task due to different types of threats that may affect such systems, and because the security in systems of embedded devices is currently added as an additional feature when the development is advanced, or avoided as a superfluous characteristic. We present in this paper a methodology for the analysis and modeling of threats and attacks for systems of embedded components. The Intruder Model allows us to describe possible actions a potential intruder can accomplish, depending on his/her capabilities, resources, etc. Using this information, we can define a Threat Model that will specify the threats and attacks that affect different security properties in specific domains.

Design Technique for Secure Embedded Devices: Application for Creation of Integrated Cyber-Physical Security System.

Abstract: As elements of complex information systems, embedded devices define informational and physical connections between the level of software control of the system on the one hand, and its technical environment and users on the other. Operating in a potentially volatile and untrusted cyber-physical environment, using insufficiently secure communication channels and sensors as well as various external influences cause such devices are subject to specific attacking actions. As a result the design of such systems is a challenging task often requiring expert based solutions. The main contribution of the paper is a design technique for secure embedded devices on the basis of combinations of security components, optimization approach and developed software tools for decision making support. The correctness of the technique is confirmed by its use in the development of the integrated cyberphysical security system.

Detection of anomalies in data for monitoring of security components in the Internet of Things

Abstract: The increasing urgency and expansion of information systems implementing the Internet of Things (IoT) concept determine the importance of the investigation in the field of protection mechanisms against a wide range of information security threats. The increased complexity of such investigation is determined by a low structuring and formalization of expert knowledge on IoT systems. The paper encompasses an approach to elicitation and use of expert knowledge on detection of anomalies in data as well as their usage as an input for automated means aimed at monitoring security components of IoT.

Configuration-based approach to embedded device security

Abstract: Development of embedded devices is a challenging task because of their varying, reactive and real-time nature. Conventionally embedded devices are considered as a part of systems owned by some other entities and operated in a potentially hostile environment. Embedded device development is an extremely complicated problem due to various types of threats and attacks the device subject to, and because the security in embedded devices is commonly provided as an additional feature at the final stages of the development process, or even neglected. In this paper we propose a new configuration model, which facilitates the design of secure and resource consumption efficient embedded devices. The model enables the search for the most effective combinations of security building blocks in terms of consumption of device resources.

LoRaWAN-Based Energy-Efficient Surveillance by Drones for Intelligent Transportation Systems

Abstract: Urban networks aim at facilitating users for better experience and services through smart platforms such as the Intelligent Transportation System (ITS). ITS focuses on information acquisition, sensing, contrivance control, data processing and forwarding to ground devices via user-specific application-interfaces. The utility of ITS is further improved via the Internet of Things (IoT), which supports “Connectivity to All”. One of the key applications of IoT-ITS is urban surveillance. Current surveillance in IoT-ITS is performed via fixed infrastructure-based sensing applications which consume an excessive amount of energy leading to several overheads and failures in the network. Such issues can be overcome by the utilization of on-demand nodes, such as drones, etc. However, drones-assisted surveillance requires efficient communication setup as drones are battery operated and any extemporaneous maneuver during monitoring may result in loss of drone or complete failure of the network. The novelty in terms of network layout can be procured by the utilization of drones with LoRaWAN, which is the protocol designated for Low-Power Wide Area Networks (LPWAN). However, even this architectural novelty alone cannot ascertain the formation of fail-safe, highly resilient, low-overhead, and non-redundant network, which is additionally the problem considered in this paper. To resolve such problem, this paper uses drones as LoRaWAN gateway and proposes a communication strategy based on the area stress, resilient factor, and energy consumption that avail in the efficient localization, improved coverage and energy-efficient surveillance with lower overheads, lower redundancy, and almost zero-isolations. The proposed approach is numerically simulated and the results show that the proposed approach can conserve a maximum of 39.2% and a minimum of 12.6% of the total network energy along with an improvement in the area stress between 89.7% and 53.0% for varying number of drones over a fixed area.

Model-based security engineering for cyber-physical systems

Abstract: ContextCyber-physical systems (CPSs) have emerged to be the next generation of engineered systems driving the so-called fourth industrial revolution. CPSs are becoming more complex, open and more prone to security threats, which urges security to be engineered systematically into CPSs. Model-Based Security Engineering (MBSE) could be a key means to tackle this challenge via security by design, abstraction, and automation. ObjectiveWe aim at providing an initial assessment of the state of the art in MBSE for CPSs (MBSE4CPS). Specifically, this work focuses on finding out 1) the publication statistics of MBSE4CPS studies; 2) the characteristics of MBSE4CPS studies; and 3) the open issues of MBSE4CPS research. MethodWe conducted a systematic mapping study (SMS) following a rigorous protocol that was developed based on the state-of-the-art SMS and systematic review guidelines. From thousands of relevant publications, we systematically identified 48 primary MBSE4CPS studies for data extraction and synthesis to answer predefined research questions. ResultsSMS results show that for three recent years (2014-2016) the number of primary MBSE4CPS studies has increased significantly. Within the primary studies, the popularity of using Domain-Specific Languages (DSLs) is comparable with the use of the standardised UML modelling notation. Most primary studies do not explicitly address specific security concerns (e.g., confidentiality, integrity) but rather focus on security analyses in general on threats, attacks or vulnerabilities. Few primary studies propose to engineer security solutions for CPSs. Many focus on the early stages of development lifecycle such as security requirement engineering or analysis. ConclusionThe SMS does not only provide the state of the art in MBSE4CPS, but also points out several open issues that would deserve more investigation, e.g., the lack of engineering security solutions for CPSs, limited tool support, too few industrial case studies, and the challenge of bridging DSLs in engineering secure CPSs.

An Enhanced LoRaWAN Security Protocol for Privacy Preservation in IoT with a Case Study on a Smart Factory-Enabled Parking System.

Abstract: The Internet of Things (IoT) utilizes algorithms to facilitate intelligent applications across cities in the form of smart-urban projects. As the majority of devices in IoT are battery operated, their applications should be facilitated with a low-power communication setup. Such facility is possible through the Low-Power Wide-Area Network (LPWAN), but at a constrained bit rate. For long-range communication over LPWAN, several approaches and protocols are adopted. One such protocol is the Long-Range Wide Area Network (LoRaWAN), which is a media access layer protocol for long-range communication between the devices and the application servers via LPWAN gateways. However, LoRaWAN comes with fewer security features as a much-secured protocol consumes more battery because of the exorbitant computational overheads. The standard protocol fails to support end-to-end security and perfect forward secrecy while being vulnerable to the replay attack that makes LoRaWAN limited in supporting applications where security (especially end-to-end security) is important. Motivated by this, an enhanced LoRaWAN security protocol is proposed, which not only provides the basic functions of connectivity between the application server and the end device, but additionally averts these listed security issues. The proposed protocol is developed with two options, the Default Option (DO) and the Security-Enhanced Option (SEO). The protocol is validated through Burrows–Abadi–Needham (BAN) logic and the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The proposed protocol is also analyzed for overheads through system-based and low-power device-based evaluations. Further, a case study on a smart factory-enabled parking system is considered for its practical application. The results, in terms of network latency with reliability fitting and signaling overheads, show paramount improvements and better performance for the proposed protocol compared with the two handshake options, Pre-Shared Key (PSK) and Elliptic Curve Cryptography (ECC), of Datagram Transport Layer Security (DTLS).

IoT reliability: a review leading to 5 key research directions

Abstract: The Internet of Things (IoT) is rapidly changing the way in which we engage with technology on a daily basis. The IoT paradigm enables low-resource devices to intercommunicate in a fully flexible and pervasive manner, and the data from these devices is used for decision-making in critical applications such as; traffic infrastructure, health-care and home security, to name but a few. Due to the scarce resources available in these IoT devices, being able to quantify the reliability of them is a critical function. This report presents a detailed evolution of the area of reliability measurement, followed by an in-depth review of the state-of-the-art for quantification of reliability in the IoT, revealing the many challenges associated with this task. From this in-depth review, a set of key research directions for IoT reliability is determined. Despite the critical nature of the research area, at this current moment, this study is the first detailed review available in the area of assessing IoT reliability.

Data security and threat modeling for smart city infrastructure

Abstract: Smart city opens up data with a wealth of information that brings innovation and connects government, industry and citizens. Cyber insecurity, on the other hand has raised concerns among data privacy and threats to smart city systems. In this paper, we look into security issues in smart city infrastructure from both technical and business operation perspectives and propose an approach to analyze threats and to improve data security of smart city systems. The assessment process takes hundreds of features into account. Data collected during the assessment stage are then imported into an algorithm that calculates the threat factor. Mitigation strategies are provided to help reducing risks of smart city systems from being hacked into and to protect data from being misused, stolen or identifiable. Study shows that the threat factor can be reduced significantly by following this approach. Experiments show that this comprehensive approach can reduce the risks of cyber intrusions to smart city systems. It can also deal with privacy concerns in this big data arena.