75 research outputs found
Προηγμένες λύσεις κυβερνοασφάλειας για κρίσιμες υποδομές και εφαρμογές: έξυπνο δίκτυο και κυβερνοασφάλεια
The rapid digitization of critical infrastructure, coupled with the increasing sophistication of cyber threats, has elevated the importance of robust cybersecurity measures. This dissertation explores the multifaceted realm of cyber defense within the context of critical infrastructure, focusing specifically on the interplay between advanced cyber security solutions, smart grid technology, and the emerging field of cyber insurance. The research begins by dissecting the vulnerabilities inherent in smart grid systems, which form the backbone of modern energy distribution networks. Through a comprehensive analysis of cyber threats targeting smart grids, the study identifies potential attack vectors and assesses the implications of successful breaches on the reliability and resilience of critical energy infrastructure. Subsequently, a range of advanced cyber security solutions is evaluated, encompassing cutting-edge technologies such as artificial intelligence, machine learning, and blockchain, in order to fortify the defenses of smart grid ecosystems. In parallel, the dissertation delves into the evolving landscape of cyber insurance as a risk management strategy for critical infrastructure. Investigating the intricacies of underwriting policies and the quantification of cyber risks, the research elucidates the role of cyber insurance in incentivizing proactive cyber hygiene and fostering a culture of resilience among infrastructure stakeholders. The study also explores the challenges associated with the integration of cyber insurance into existing risk management frameworks and proposes strategies to optimize its efficacy. Furthermore, the dissertation offers a synthesized perspective by examining the synergies between advanced cyber security solutions and cyber insurance. It investigates how a holistic approach, combining technological fortification and financial risk mitigation, can elevate the overall cybersecurity posture of critical infrastructure. Case studies and real-world examples illustrate the practical implementation of these integrated strategies, providing valuable insights for industry practitioners and policymakers alike. In conclusion, this dissertation contributes to the academic discourse on cybersecurity for critical infrastructure by offering a comprehensive examination of advanced solutions tailored to the unique challenges posed by smart grid ecosystems. By exploring the symbiotic relationship between technological fortifications and financial risk mitigation through cyber insurance, this research provides a roadmap for enhancing the cyber resilience of critical infrastructure in the face of evolving cyber threats.Η ταχεία ψηφιοποίηση των κρίσιμων υποδομών, σε συνδυασμό με την αυξανόμενη πολυπλοκότητα των απειλών στον κυβερνοχώρο, έχει αυξήσει τη σημασία των ισχυρών μέτρων κυβερνοασφάλειας. Η παρούσα διατριβή διερευνά το πολύπλευρο πεδίο της κυβερνοάμυνας στο πλαίσιο των κρίσιμων υποδομών, εστιάζοντας συγκεκριμένα στην αλληλεπίδραση μεταξύ προηγμένων λύσεων κυβερνοασφάλειας, της τεχνολογίας έξυπνων δικτύων και του αναδυόμενου τομέα της κυβερνοασφάλισης. Η έρευνα ξεκινά με την ανάλυση των τρωτών σημείων που ενυπάρχουν στα συστήματα έξυπνων δικτύων, τα οποία αποτελούν τη ραχοκοκαλιά των σύγχρονων δικτύων διανομής ενέργειας. Μέσω μιας ολοκλη-ρωμένης ανάλυσης των απειλών στον κυβερνοχώρο που στοχεύουν τα έξυπνα δίκτυα, η μελέτη εντοπίζει πιθανούς φορείς επίθεσης και αξιολογεί τις επιπτώσεις των επιτυχημένων παραβιάσεων στην αξιοπιστία και την ανθεκτικότητα των κρίσιμων ενεργειακών υποδομών. Στη συνέχεια, αξιολογείται μια σειρά προηγμένων λύσεων κυβερνοασφάλειας, που περιλαμβάνουν τεχνολογίες αιχμής, όπως η τεχνητή νοημοσύνη, η μηχανική μάθηση και η blockchain, προκειμένου να ενισχυθεί η άμυνα των οικοσυστημάτων έξυπνων δικτύων. Παράλληλα, η διατριβή εμβαθύνει στο εξελισσόμενο τοπίο της ασφάλισης στον κυβερνοχώρο ως στρατηγική διαχείρισης κινδύνων για τις κρίσιμες υποδομές. Διερευνώντας τις περιπλοκές των πολιτικών ανάληψης κινδύνων και την ποσοτικοποίηση των κινδύνων στον κυβερνοχώρο, η έρευνα διευκρινίζει τον ρόλο της ασφάλισης στον κυβερνοχώρο ως κίνητρο για την προληπτική υγιεινή στον κυβερνοχώρο και την προώθηση μιας κουλτούρας ανθεκτικότητας μεταξύ των ενδιαφερομένων για τις υποδομές. Η μελέτη διερευνά επίσης τις προκλήσεις που συνδέονται με την ενσωμάτωση της ασφάλισης στον κυβερνοχώρο στα υφιστάμενα πλαίσια διαχείρισης κινδύνων και προτείνει στρατηγικές για τη βελτιστοποίηση της αποτελεσματικότητάς της. Επιπλέον, η διατριβή προσφέρει μια συνθετική προοπτική εξετάζοντας τις συνέργειες μεταξύ των προηγμένων λύσεων ασφάλειας στον κυβερνοχώρο και της ασφάλισης στον κυβερνοχώρο. Διερευνά τον τρόπο με τον οποίο μια ολιστική προσέγγιση, που συνδυάζει την τεχνολογική ενίσχυση και τον μετριασμό των οικονομικών κινδύνων, μπορεί να ανυψώσει τη συνολική στάση της κυβερνοασφάλειας των υποδομών ζωτικής σημασίας. Μελέτες περιπτώσεων και παραδείγματα από τον πραγματικό κόσμο απεικονίζουν την πρακτική εφαρμογή αυτών των ολοκληρωμένων στρατηγικών, παρέχοντας πολύτιμες γνώσεις τόσο για τους επαγγελματίες του κλάδου όσο και για τους υπεύθυνους χάραξης πολιτικής. Εν κατακλείδι, η παρούσα διατριβή συμβάλλει στην ακαδημαϊκή συζήτηση για την κυβερνοασφάλεια των υποδομών ζωτικής σημασίας προσφέροντας μια ολοκληρωμένη εξέταση των προηγμένων λύσεων προσαρμοσμένων στις μοναδικές προκλήσεις που θέτουν τα οικοσυστήματα έξυπνων δικτύων. Με τη διερεύνηση της συμβιωτικής σχέσης μεταξύ των τεχνολογικών οχυρώσεων και του μετριασμού του οικονομικού κινδύνου μέσω της ασφάλισης στον κυβερνοχώρο, η παρούσα έρευνα παρέχει έναν οδικό χάρτη για την ενίσχυση της ανθεκτικότητας των υποδομών ζωτικής σημασίας στον κυβερνοχώρο ενόψει των εξελισσόμενων απειλών στον κυβερνοχώρο
Structural Optimisation of Permanent Magnet Direct Drive Generators for 5MW Wind Turbines
This thesis has been submitted in fulfilment of the requirements for a postgraduate degree (e.g. PhD, MPhil, DClinPsychol) at the University of Edinburgh. Please note the following terms and conditions of use: • This work is protected by copyright and other intellectual property rights, which are retained by the thesis author, unless otherwise stated. • A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. • This thesis cannot be reproduced or quoted extensively from without first obtaining permission in writing from the author. • The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the author. • When referring to this work, full bibliographic details including the author, title, awarding institution and date of the thesis must be given
P2ISE: Preserving Project Integrity in CI/CD Based on Secure Elements
During the past decade, software development has evolved from a rigid, linear process to a highly automated and flexible one, thanks to the emergence of continuous integration and delivery environments. Nowadays, more and more development teams rely on such environments to build their complex projects, as the advantages they offer are numerous. On the security side however, most environments seem to focus on the authentication part, neglecting other critical aspects such as the integrity of the source code and the compiled binaries. To ensure the soundness of a software project, its source code must be secured from malicious modifications. Yet, no method can accurately verify that the integrity of the project’s source code has not been breached. This paper presents P2ISE, a novel integrity preserving tool that provides strong security assertions for developers against attackers. At the heart of P2ISE lies the TPM trusted computing technology which is leveraged to ensure integrity preservation. We have implemented the P2ISE and quantitatively assessed its performance and efficiency
A Qualitative Analysis of Illicit Arms Trafficking on Darknet Marketplaces
During the last decade, the dark web has become the playground for criminal and underground activities, such as marketplaces of drugs and guns, as well as illegal content sharing. The dark web is one of the top crime environments presented in EUROPOL's Internet Organised Crime Threat Assessment 2021. This paper provides a qualitative study on the darknet marketplaces of illegal arms trafficking. For this purpose, we implemented a crawler based on the ACHE Python library to collect hidden web pages (onion services) on the Tor network. We gathered data from ten marketplaces recommended by dark web search engines - Ahmia, Deep Search, and Onion Land Search. We provide a first report of the overall landscape of illicit arms trafficking, discussing the range of weapons such as military drones, explosives, and other related products, together with the payment and shipping methods provided by the vendors. The findings verify previous reports from reputable institutions (United Nations and RAND Europe). Most of these illicit marketplaces are easily accessible to the average user; they are well-organized with a large variety of firearms and also provide extensive customer support
P4G2Go: A Privacy-Preserving Scheme for Roaming Energy Consumers of the Smart Grid-to-Go
Due to its flexibility in terms of charging and billing, the smart grid is an enabler of many innovative energy consumption scenarios. One such example is when a landlord rents their property for a specific period to tenants. Then the electricity bill could be redirected from the landlord’s utility to the tenant’s utility. This novel scenario of the smart grid ecosystem, defined in this paper as Grid-to-Go (G2Go), promotes a green economy and can drive rent reductions. However, it also creates critical privacy issues, since utilities may be able to track the tenant’s activities. This paper presents P4G2Go, a novel privacy-preserving scheme that provides strong security and privacy assertions for roaming consumers against honest but curious entities of the smart grid. At the heart of P4G2Go lies the Idemix cryptographic protocol suite, which utilizes anonymous credentials and provides unlinkability of the consumer activities. Our scheme is complemented by the MASKER protocol, used to protect the consumption readings, and the FIDO2 protocol for strong and passwordless authentication. We have implemented the main components of P4G2Go, to quantitatively assess its performance. Finally, we reason about its security and privacy properties, proving that P4G2Go achieves to fulfill the relevant objectives
ICITPM: Integrity Validation of Software in Iterative Continuous Integration Through the Use of Trusted Platform Module (TPM)
Software development has passed from being rigid and not very flexible, to be automated with constant changes. This happens due to the creation of continuous integration and delivery environments. Nevertheless, developers often rely on such environments due to the large number of amenities they offer. They focus on authentication only, without taking into consideration other aspects of security such as the integrity of the source code and of the compiled binaries. The source code of a software project must not be maliciously modified. Notwithstanding, there is no safe method to verify that its integrity has not been violated. Trusted computing technology, in particular, the Trusted Platform Module (TPM) can be used to implement that secure method
GTM: Game Theoretic Methodology for optimal cybersecurity defending strategies and investments
Investments on cybersecurity are essential for organizations to protect operational activities, develop trust relationships with clients, and maintain financial stability. A cybersecurity breach can lead to financial losses as well as to damage the reputation of an organization. Protecting an organization from cyber attacks demands considerable investments; however, it is known that organisations unequally divide their budget between cybersecurity and other technological needs. Organizations must consider cybersecurity measures, including but not limited to security controls, in their cybersecurity investment plans. Nevertheless, designing an effective cybersecurity investment plan to optimally distribute the cybersecurity budget is a primary concern.
This paper presents GTM, a methodology depicted as a tool dedicated to providing optimal cybersecurity defense strategies and investment plans. GTM utilizes attack graphs to predict all possible cyber attacks, game theory to simulate the cyber attacks and 0-1 Knapsack to optimally allocate the budget. The output of GTM is an optimal cybersecurity strategy that includes security controls to protect the organisation against potential cyber attacks and enhance its cyber defenses. Furthermore, GTM’s effectiveness is evaluated against three use cases and compared against different attacker types under various scenarios
Cyber-Insurance: Past, Present and Future
Insurance, in general, is a financial contract between the one buying the insurance (also known as the policyholder or insured) and the one providing insurance (known as insurance carrier or insurer). The contract, known as the insurance policy, typically states that the policyholder will pay a regular insurance premium in exchange for a financial compensation, also known as indemnification, in the event of a loss defined in the insurance policy. Insurance is used to manage risks by transferring them to the insurer, and cyber-insurance in particular deals with cyber risks covering direct and indirect damages caused by cyberattacks. The cyber-insurance market is still growing and has been receiving broader interest from research communities and government bodies over the years. This paper provides an overview of cyber-insurance, novel models proposed throughout the years and future challenges to be addressed for cyber-insurance to become a key component of an organisation’s and household’s cyber risk management approach
Temporal analysis of the least energetic events in pulsar data from observations with the high energy stereoscopic system
It has been more than 60 years since astronomers turned their attention towards the 7֊ray window (> 100 TeV). Nowadays, 7֊ray astronomy has won its place as a separate branch of astronomy in its own right. The present thesis introduces the reader to 7-ray observations in the 〜 100 GeV-100 TeV energy window, but focuses, in particular, on the efforts to describe and detect the pulsed, Very High-Energy (VHE) 7-ray emission from pulsars. Pulsars are highly magnetised {B 〜 101շ G) , rapidly rotating (P ~ 10—2 s) neutron stars. Periodic radio emission from pulsars has been detected in more than 1,500 cases, in contrast to their 7-ray signature which has been confirmed for only six of them and only up to a few GeV. There are many models in existence which attempt to reproduce the observed pulsed profiles and energy spectra in high energies (optical, X and ๆ rays). Nevertheless, two classes of models are the most popular: the Polar Cap and the Outer Gap models. Both predict spectral cut-offs at tens of GeV, which are consistent with previous upper limits in the VHE range. The six most energetic pulsars have been detected with the EGRET (Energetic Gamma Ray Experiment Telescope) instrument on-board the с GRO (Compton Gamma Ray Observatory) satellite. Probing the universe at higher energies requires a different detection technique. The Imaging Atmospheric Technique (lACT) exploits the Earth's atmosphere with the use of large, ground-based reflectors that are very sensitive to Cherenkov light (300-600 nm). The latter is produced during electromagnetic particle cascades, triggered by the interaction of VHE 7 rays with the top atmospheric layers. So far there has not been a confirmed pulsar detection using Cherenkov astronomy. The High Energy Stereoscopic System (H.E.S.S.) in Namibia is an array of four telescopes, which is sensitive above 100 GeV. H.E.S.S. uses the lACT to reject the lO3 times more abundant cosmic-ray events that suppress the 7-ray signal. The system is capable of stereoscopic observations of the same source with all four telescopes, which further eliminates background events. Despite the fact that imaging with H.E.S.S. is not effective below 100 GeV, lower energy events can still be recorded, along with a large portion of the background. The present thesis deals with the least energetic events (< 100 ĢeV) detectable with H.E.ร.ร., where pulsar 7-ray emission is likely to be present. A very sensitive temporal analysis has been performed in order to identify the potentially periodic events in the large background. The necessary procedures and parameters of the analysis are described in detail, prior to the results. The author has analysed data from two 7-ray pulsars, the Crab and PSR B1706-44, which were seen with EGRET up to ~ 20 GeV, as well as the binary radio pulsar PSR B1259-63, which has not been detected at high energies (> 1 eV). The data were optimised for the lowest energies, and the lowest energy threshold achieved was 75 GeV (in the case of PSR B1706-44). In all cases studied, the author coded and applied a number of periodicity tests that check for significant deviations from random noise. The resulting probabilities were not significantly low to support signal presence. Based on the background levels in the data sets, the author derived upper limits on the integral and differential flux. These upper limits were consistent with the Polar Cap and Outer Gap scenarios, within statistical errors, but constrain the alternative model of a spectrum with a simple exponential cut-off in the case of PSR B1706—44. Despite the lack of detection, these results represent the lowest energies explored with H.E.S.S., yet
- …
