@article{barbeau2021quantum,

title = {The quantum what? advantage, utopia or threat?},

author = {Michel Barbeau and Erwan Beurier and Joaquin Garcia-alfaro and Randy Kuang and Marc-Oliver Pahl and Dominique Pastor},

year  = {2021},

date = {2021-01-01},

journal = {Digitale Welt},

volume = {5},

number = {1},

pages = {34\textendash39},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{navas2021physical,

title = {Physical resilience to insider attacks in IoT networks: Independent cryptographically secure sequences for DSSS anti-jamming},

author = {Renzo E Navas and Fr\'{e}d\'{e}ric Cuppens and Nora Boulahia Cuppens and Laurent Toutain and Georgios Z Papadopoulos},

year  = {2021},

date = {2021-01-01},

journal = {Computer Networks},

volume = {187},

pages = {107751},

publisher = {Elsevier},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{paiho2021towards,

title = {Towards cross-commodity energy-sharing communities\textendashA review of the market, regulatory, and technical situation},

author = {Satu Paiho and Jussi Kiljander and Roope Sarala and Hanne Siikavirta and Olli Kilkki and Arpit Bajpai and Markus Duchon and Marc-Oliver Pahl and Lars W\"{u}strich and Christian L\"{u}bben and others},

year  = {2021},

date = {2021-01-01},

journal = {Renewable and Sustainable Energy Reviews},

volume = {151},

pages = {111568},

publisher = {Pergamon},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{muhlbauer2021feature,

title = {Feature-based comparison of open source OPC-UA implementations},

author = {Nikolas M\"{u}hlbauer and Erkin Kirdan and Marc-Oliver Pahl and Karl Waedt},

year  = {2021},

date = {2021-01-01},

publisher = {Gesellschaft f\"{u}r Informatik, Bonn},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Navas2021,

title = {MTD, Where Art Thou? A Systematic Review of Moving Target Defense Techniques for IoT},

author = {Renzo E Navas and Frederic Cuppens and Nora Boulahia Cuppens and Laurent Toutain and Georgios Z Papadopoulos},

doi = {10.1109/JIOT.2020.3040358},

issn = {23274662},

year  = {2021},

date = {2021-01-01},

journal = {IEEE Internet of Things Journal},

volume = {8},

number = {10},

pages = {7818--7832},

abstract = {Context: Internet-of-Things (IoT) systems are increasingly deployed in the real world, but their security lags behind the state of the art of non-IoT systems. Moving target defense (MTD) is a cyberdefense paradigm, successfully implemented in conventional systems, that could improve IoT security. Objective: Identify and synthesize existing MTD techniques for IoT and validate the feasibility of MTD as a cybersecurity paradigm suitable for IoT systems. Method: We use a systematic literature review method to search and analyze existing MTD for IoT techniques up to July 2020. We evaluated the existing techniques in terms of security foundations and real-world deployability using the evidence they provide. We define and use entropy-related metrics to categorize them. This is the first MTD survey to use Shannon's entropy metric empirically. Results: Thirty-two distinct MTD for IoT techniques exist: 54% are Network-layer-based, 50% present strong evidence about their real-world deployment, and 64% have weak security foundations. Conclusion: MTD for IoT is a feasible cyberdefense approach. A variety of proposals exist, with evidence about their implementation and evaluation. Nevertheless, the MTD for IoT state of the art is still immature: the security foundations of most existing proposals are weak. Novel techniques should prioritize providing convincing security foundations and real-world deployment evidence.},

keywords = {Cyber security, entropy, Internet of Things (IoT), metrics, moving target defense (MTD), Systematic literature review},

pubstate = {published},

tppubtype = {article}

}

@article{segovia2020switched,

title = {Switched-based Resilient Control of Cyber-Physical Systems},

author = {Mariana Segovia and Jose Rubio-Hernan and Ana R Cavalli and Joaquin Garcia-Alfaro},

url = {https://doi.org/10.1109/ACCESS.2020.3039879},

doi = {10.1109/ACCESS.2020.3039879},

year  = {2020},

date = {2020-11-01},

journal = {IEEE Access},

publisher = {IEEE},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Pahl2020,

title = {A Mixed-Interaction Critical Infrastructure Honeypot},

author = {Marc-Oliver Pahl and Alexandre Kabil and Edwin Bourget and Matthieu Gay and Paul-Emmanuel Brun},

year  = {2020},

date = {2020-01-01},

journal = {European Cyber Week CAESAR, 2020, Rennes, France},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{pamies2020real,

title = {A Real-Time Query Log Protection Method for Web Search Engines},

author = {David P`amies-Estrems and Jordi Castell`a-Roca and Joaquin Garcia-Alfaro},

url = {https://doi.org/10.1109/ACCESS.2020.2992012},

doi = {10.1109/ACCESS.2020.2992012},

year  = {2020},

date = {2020-01-01},

journal = {IEEE Access},

volume = {8},

pages = {87393--87413},

publisher = {IEEE},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{gonzalez2020stateful,

title = {Stateful RORI-based countermeasure selection using hypergraphs},

author = {Gustavo Gonzalez-Granadillo and Elena Doynikova and Joaquin Garcia-Alfaro and Igor Kotenko and Andrey Fedorchenko},

url = {https://doi.org/10.1016/j.jisa.2020.102562},

doi = {10.1016/j.jisa.2020.102562},

year  = {2020},

date = {2020-01-01},

journal = {Journal of Information Security and Applications},

volume = {54},

pages = {102562},

publisher = {Elsevier},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{Muhlbauer2020,

title = {Open-Source OPC UA Security and Scalability},

author = {Nikolas M\"{u}hlbauer and Erkin Kirdan and Marc Oliver Pahl and Georg Carle},

doi = {10.1109/ETFA46521.2020.9212091},

issn = {19460759},

year  = {2020},

date = {2020-01-01},

journal = {IEEE International Conference on Emerging Technologies and Factory Automation, ETFA},

volume = {2020-Septe},

pages = {262--269},

abstract = {OPC UA is widely adopted for remote-control in industrial environments. It has a central role for industrial control systems as it enables remote management. Compromising OPC UA can lead to compromising entire production facilities. Consequently, OPC UA requires a high level of security. Major commercial OPC UA implementations have compliance certificates ensuring that their security models obey the specification. However, open-source OPC UA implementations that have wide deployment mostly lack these certificates. In this work, we investigate the security models of the four most commonly used open-source implementations: open62541, node-opcua, UA-.NETStandard, and python-opcua. Furthermore, their scalabilities for the number of clients and OPC UA nodes are also analyzed.},

keywords = {OPC UA, open-source, scalability, Security},

pubstate = {published},

tppubtype = {article}

}

@article{Moussaileb2020,

title = {Ransomware Network Traffic Analysis for Pre-encryption Alert},

author = {Routa Moussaileb and Nora Cuppens and Jean Louis Lanet and H\'{e}l\`{e}ne Le Bouder},

doi = {10.1007/978-3-030-45371-8_2},

issn = {16113349},

year  = {2020},

date = {2020-01-01},

journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},

volume = {12056 LNCS},

pages = {20--38},

abstract = {Cyber Security researchers are in an ongoing battle against ransomware attacks. Some exploits begin with social engineering methods to install payloads on victims' computers, followed by a communication with command and control servers for data exchange. To scale down these attacks, scientists should shed light on the danger of those rising intrusions to prevent permanent data loss. To join this arm race against malware, we propose in this paper an analysis of various ransomware families based on the collected system and network logs from a computer. We delve into malicious network traffic generated by these samples to perform a packet level detection. Our goal is to reconstruct ransomware's full activity to check if its network communication is distinguishable from benign traffic. Then, we examine if the first packet sent occurs before data's encryption to alert the administrators or afterwards. We aim to define the first occurrence of the alert raised by malicious network traffic and where it takes place in a ransomware workflow. Logs collected are available at http://serveur2.seres.rennes.telecom-bretagne.eu/data/RansomwareData/.},

keywords = {Machine learning, Network traffic, Ransomware},

pubstate = {published},

tppubtype = {article}

}

@article{Navas2020,

title = {IANVS: A Moving Target Defense Framework for a Resilient Internet of Things},

author = {Renzo E Navas and Hr{a}kon Sandaker and Fr\'{e}d\'{e}ric Cuppens and Nora Cuppens and Laurent Toutain and Georgios Z Papadopoulos},

doi = {10.1109/ISCC50000.2020.9219728},

issn = {15301346},

year  = {2020},

date = {2020-01-01},

journal = {Proceedings - IEEE Symposium on Computers and Communications},

volume = {2020-July},

abstract = {The Internet of Things (IoT) is more and more present in fundamental aspects of our societies and personal life. Billions of objects now have access to the Internet. This networking capability allows for new beneficial services and applications. However, it is also the entry-point for a wide variety of cyber-attacks that target these devices. The security measures present in real IoT systems lag behind those of the standard Internet. Security is sometimes completely absent. Moving Target Defense (MTD) is a 10-year-old cyber-defense paradigm. It proposes to randomize components of a system. Reasonably, an attacker will have a higher cost attacking an MTD-version of a system compared with a static-version of it. Even if MTD has been successfully applied to standard systems, its deployment for IoT is still lacking. In this paper, we propose a generic MTD framework suitable for IoT systems: IANVS (pronounced Janus). Our framework has a modular design. Its components can be adapted according to the specific constraints and requirements of a particular IoT system. We use it to instantiate two concrete MTD strategies. One that targets the UDP port numbers (port-hopping), and another a CoAP resource URI. We implement our proposal on real hardware using Pycom LoPy4 nodes. We expose the nodes to a remote Denial-of-Service attack and evaluate the effectiveness of the IANVS-based port-hopping MTD proposal.},

keywords = {attack, ChaCha20, CoAP, design, framework, hping3, IoT, LoPy4, Moving Target Defense, MTD, port-hopping, reconnaissance, Security, stream-cipher},

pubstate = {published},

tppubtype = {article}

}

@article{Bkakria2020,

title = {Pattern Matching on Encrypted Data},

author = {Anis Bkakria and Nora Cuppens and Frdric Cuppens},

year  = {2020},

date = {2020-01-01},

journal = {IACR Cryptol},

pages = {1--28},

keywords = {pattern matching, searchable encryption},

pubstate = {published},

tppubtype = {article}

}

@article{Smine2020,

title = {Network functions virtualization access control as a service},

author = {Manel Smine and David Espes and Nora Cuppens-Boulahia and Fr\'{e}d\'{e}ric Cuppens},

doi = {10.1007/978-3-030-49669-2_6},

issn = {16113349},

year  = {2020},

date = {2020-01-01},

journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},

volume = {12122 LNCS},

number = {1},

pages = {100--117},

abstract = {NFV is an important innovation in networking. It has many advantages such as saving investment cost, optimizing resource consumption, improving operational efficiency and simplifying network service lifecycle management. NFV environments introduce new security challenges and issues since new types of threats and vulnerabilities are inevitably introduced (e.g. security policy and regular compliance failure, vulnerabilities in VNF softwares, malicious insiders, etc.). The impact of these threats can be mitigated by enforcing security policies over deployed network services. In this paper, we introduce an access control as a service model for NFV services. The proposed approach can deploy several kinds of access control model policies (e.g. RBAC, ORBAC, ABAC, etc.) for NFV services and can be easily scaled.},

keywords = {Access control, Domain type enforcement (DTE), Network Functions Virtualization (NFV), Policy enforcement},

pubstate = {published},

tppubtype = {article}

}

@article{Cledel2020,

title = {Resilience properties and metrics: how far have we gone?},

author = {Thomas Cl\'{e}del and Nora Cuppens and Fr\'{e}d\'{e}ric Cuppens and Romain Dagnas},

doi = {10.20517/jsss.2020.08},

year  = {2020},

date = {2020-01-01},

journal = {Journal of Surveillance, Security and Safety},

pages = {119--139},

keywords = {0, 2020, 4, adaptation, any medium or format, as long as you, by, creative commons attribution 4, creativecommons, distribution and reproduction in, even commercially, for any purpose, https, ing, international license, is licensed under a, licenses, measurement, metrics, open access this article, org, resilience, s, shar, survey, the author, which permits unrestricted use},

pubstate = {published},

tppubtype = {article}

}

@article{Lubben2020,

title = {Using Deep Learning to Replace Domain Knowledge},

author = {Christian Lubben and Marc Oliver Pahl and Mohammad Irfan Khan},

doi = {10.1109/ISCC50000.2020.9219567},

issn = {15301346},

year  = {2020},

date = {2020-01-01},

journal = {Proceedings - IEEE Symposium on Computers and Communications},

volume = {2020-July},

abstract = {Complex problems like the prediction of future behavior of a system are usually solved by using domain knowledge. This knowledge comes with a certain expense which can be monetary costs or efforts to generate it. We want to decrease this cost while using state of the art machine learning and prediction methods. Our aim is to replace the domain knowledge and create a black-box solution that offers automatic reasoning and accurate predictions. Our guiding example is packet scheduling optimization in Vehicle to Vehicle (V2V) communication. Within the evaluation, we compare the prediction quality of a labour-intense whitebox approach with the presented fully-automated blackbox approach. To ease the measurement process we propose a framework design which allows easy exchange of predictors. The results show the successful design of our framework as well as superior accuracy of the black box approach.},

keywords = {ANN, deep learning, network traffic prediction, V2V, V2X},

pubstate = {published},

tppubtype = {article}

}

@article{pahl2020mixed,

title = {A mixed-interaction critical infrastructure honeypot},

author = {Marc-Oliver Pahl and Alexandre Kabil and Edwin Bourget and Matthieu Gay and Paul-Emmanuel Brun},

year  = {2020},

date = {2020-01-01},

journal = {European Cyber Week CAESAR},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{moussaileb2020watch,

title = {Watch out! Doxware on the way $\ldots$},

author = {Routa Moussaileb and Renzo E Navas and Nora Cuppens},

year  = {2020},

date = {2020-01-01},

journal = {Journal of information security and applications},

volume = {55},

pages = {102668},

publisher = {Elsevier},

keywords = {},

pubstate = {published},

tppubtype = {article}

}