Summary of Paper 1:
Security threats and measures for the cyber-physical systems - ZHANG Li, WANG Qing, TIAN Bin
The paper covers the security issues that are associated with the cyber physical systems (CPS) and also highlights various security measures that may be adopted to overcome these threats. The papers has been written in five major sections covering an introduction to cyber physical systems followed by the architecture of CPS and the security issues associated with these systems. The next section includes the security countermeasures that the users and businesses may adopt followed by a meaningful conclusion (Zhang, Wang & Tian, 2013).
The authors have defined CPS as a multi-dimensional system that is an amalgamation of three primary components as computing environment, networking environment and physical systems. The idea of CPS was first presented by the American Natural Fund Committee. Architecture of a CPS has been presented by the authors in the form of a three-tier architecture comprising of physical environment, network and application services. There are three primary characteristics of a usual CPS architecture as environmental coupling, a variety of different features and services along with the networking systems. There are three layers that are present in this architecture starting with aware execution layer at the bottom followed by data transport layer and application control layer. Aware execution layer consists of the physical equipment such as RFID readers, sensors, mobile terminals etc. Data transport layers carries out the communication and transmission activities through the aid of the networking channels. Combining of the CPS with industry professionals is performed by the application control layer along with control processing and transmission of information. It acts as an interface between the user and the CPS (Gyunka, 2017).
The authors have highlighted the security issues that are associated with CPS by listing out the major issues that emerge in each of the three layers. The aware execution layer commonly suffers from physical attacks, equipment failure, line fault, electromagnetic interference and leakage along with denial of service attacks. The data transport layer experience security threats and attacks in the form of denial of service attacks, aggregation node attacks, routing attacks, direction misleading attacks, flood attacks, Sybil attacks, Black hole attacks and Wormhole attacks (Zhang, 2016). Leakage of the privacy of user data and information, malicious codes, unauthorized access, privacy issues in data mining, distributed denial of service attacks and control command forged attacks are the security threats that are common to the application control layer.
The security measures for the issues associated with each of the three layers have also been addressed by the authors in the paper. The security threats in aware execution layer shall be prevented and controlled by enhancement of the protection of the identity node, use of biometrics, strengthening on the legislation of the users and improvement of the security of the physical systems. Point-to-Point and End-to-End encryption techniques shall be implemented for prevention of the security attacks associated with the data transport layer. Use of network forensics, advanced authentication and access control along with encryption techniques shall be used for dealing with the security threats associated with the application control layer (Guo, Luo & Geng, 2013).
The authors have briefly included the security aspects of the CPS and have also succeeded in imparting the relevant information to the readers.
Summary of Paper 2:
From information security to cyber security - Rossouw von Solms, Johan van Niekerk
Information security is often confused with the term cyber security. The authors have provided the definition and detail on the two terms in the research paper describing the information in five sections viz. Introduction, Information Security, Cyber Security, From Information Security to Cyber Security and Conclusion (Solms & Niekerk, 2013).
Cyber security is a process that includes security goals, security strategies, risk management techniques, security guidelines and methodologies to safeguard the user and organizational assets along with the protection of the cyber environment. The authors have suggested that there are primarily three security objectives that are required to be achieved as security of confidentiality, integrity and availability. The authors have used the top-down approach in the paper wherein they have described the general concept of security followed by the details of information security leading to the explanation of the concept of cyber security (Kisa & Tatli, 2016).
There are various definitions of information security that has been provided by several researchers and technocrats. Information security is basically the steps that are taken to protect the information along with all of the elements of the information. The terms information security and information technology are also inter-changed by many; however, these two terms have an entirely different meaning. Information and Communication Technology (ICT) security is the protection of the devices and systems on which the information is stored. A basic approach and methodology has been explained to describe the impact of the security concerns which include the presence of various threats that target and address the vulnerabilities to cause damage to the assets (Gohel & Upadhyay, 2016).
The meaning of cyber security has been illustrated by the authors with the use of four different scenarios. Scenario one includes the problem of cyber bullying which refers to the use of cyberspace to cause embarrassment and harassment leading to psychological harm to the victim. The second scenario talks about home automation through which several users make use of web to manage their home. It leads to the emergence of various cyber security risks such as unauthorized access to the attackers. Entertainment industry has been widely impacted with the evolution of the cyber systems and the growth of digital media has introduced several cyber security risks. The same has been described in the third scenario (Gupta & Kulariya, 2016). Several information and non-information based assets are negatively impacted by the problem of cyber terrorism that is one of the major issues in association with cyber security and has been discussed in the fourth scenario.
The authors have described the difference between ICT security, information security and cyber security with the aid of these scenarios. ICT security is restricted to the protection of the security infrastructure to avoid the risks and attacks. Information security enhances to the protection of the information and its elements along with the ICT assets. However, in case of cyber security, the asset could be a person, household appliance, national policy, any form of media and likewise.
Therefore, cyber security can be rightly defined as protection of the entire cyberspace along with the users that are present in the cyberspace including their societal, personal and national interests.
Gohel, H., & Upadhyay, A. (2016). International Journal of Advanced Research in Computer Science (IJARCS). Ijarcs.info. Retrieved 3 August 2017, from https://www.ijarcs.info/index.php/Ijarcs/article/view/2484
Guo, H., Luo, J., & Geng, Q. (2013). A Study on Cyber Defence Honeynet Technology and Configuration Examples. Retrieved 3 August 2017, from https://ijssst.info/Vol-17/No-47/paper26.pdf
Gupta, G., & Kulariya, M. (2016). A Framework for Fast and Efficient Cyber Security Network Intrusion Detection Using Apache Spark - ScienceDirect. Sciencedirect.com. Retrieved 3 August 2017, from https://www.sciencedirect.com/science/article/pii/S1877050916314806
Gyunka, B. (2017). Analysis of Human Factors in Cyber Security: A Case Study of Anonymous Attack on Hbgary.. Web.b.ebscohost.com. Retrieved 3 August 2017, from https://web.b.ebscohost.com/abstract?direct=true&profile=ehost&scope=site&authtype=crawler&jrnl=13529404&AN=121724852&h=yVac6gWbUHsfM27YkCzn5%2bcdYg%2f8jB0hq%2bvI9wFtnRE5fLyZPDjjbq2bvt7QW0%2bC11TiiiC6yoh6RraY9Ue1Ag%3d%3d&crl=c&resultNs=AdminWebAuth&resultLocal=ErrCrlNotAuth&crlhashurl=login.aspx%3fdirect%3dtrue%26profile%3dehost%26scope%3dsite%26authtype%3dcrawler%26jrnl%3d13529404%26AN%3d121724852
Kisa, K., & Tatli, E. (2016). Analysis of HTTP Security Headers in Turkey. Ijiss.org. Retrieved 3 August 2017, from https://www.ijiss.org/ijiss/index.php/ijiss/article/view/226
Solms, R., & Niekerk, J. (2013). From information security to cyber security - ScienceDirect. Sciencedirect.com. Retrieved 3 August 2017, from https://www.sciencedirect.com/science/article/pii/S0167404813000801
Zhang, L. (2016). A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop. Retrieved 3 August 2017, from https://www.ncbi.nlm.nih.gov/pubmed/27023559
Zhang, L., Wang, Q., & Tian, B. (2013). Security threats and measures for the cyber-physical systems - ScienceDirect. Sciencedirect.com. Retrieved 3 August 2017, from https://www.sciencedirect.com/science/article/pii/S100588851360254X