Sunil Chaudhary, Marko Kompara, Sebastian Pape, V. Gkioulos
Posters are widely in practice to communicate cybersecurity awareness (CSA) messages. This popularity could be because it is one of the simplest mechanisms, and most people are accustomed to poster usage. Despite this, very little effort has been made to make the CSA poster design and assessment more systematic. Due to this, there exists a wide variation in CSA poster design. Alarmingly, many of them do not align with the needs and objectives of CSA. This study, therefore, intends to collect and analyze the properties that can guide the production of more uniform and effective posters for CSA purposes. At the same time, the study contributes to making the poster design and quality assessment approach more systematic. In order to do so, this study used a literature review for the elicitation of properties and an online assessment to analyze the relevancy of the elicited properties. As a final result, the study provides six main properties (i.e., topic, information quality, message framing, suggestions quality, content presentation, localization, and style and formatting) and their respective twenty-one sub-properties that can facilitate CSA poster design and its quality assessment.
{"title":"Properties for Cybersecurity Awareness Posters’ Design and Quality Assessment","authors":"Sunil Chaudhary, Marko Kompara, Sebastian Pape, V. Gkioulos","doi":"10.1145/3538969.3543794","DOIUrl":"https://doi.org/10.1145/3538969.3543794","url":null,"abstract":"Posters are widely in practice to communicate cybersecurity awareness (CSA) messages. This popularity could be because it is one of the simplest mechanisms, and most people are accustomed to poster usage. Despite this, very little effort has been made to make the CSA poster design and assessment more systematic. Due to this, there exists a wide variation in CSA poster design. Alarmingly, many of them do not align with the needs and objectives of CSA. This study, therefore, intends to collect and analyze the properties that can guide the production of more uniform and effective posters for CSA purposes. At the same time, the study contributes to making the poster design and quality assessment approach more systematic. In order to do so, this study used a literature review for the elicitation of properties and an online assessment to analyze the relevancy of the elicited properties. As a final result, the study provides six main properties (i.e., topic, information quality, message framing, suggestions quality, content presentation, localization, and style and formatting) and their respective twenty-one sub-properties that can facilitate CSA poster design and its quality assessment.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133986290","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
B. Berens, H. Dietmann, Chiara Krisam, O. Kulyk, M. Volkamer
Dark patterns in cookie disclaimers are factors that are used to lead users to accept more cookies than needed and more than they are aware of. The contributions of this paper are (1) evaluating the efficacy of several of these factors while measuring actual behavior; (2) identifying users’ attitude towards cookie disclaimers including how they decide which cookies to accept or reject. We show that different visual representation of the reject/accept option have a significant impact on users’ decision. We also found that the labeling of the reject option has a significant impact. In addition, we confirm previous research regarding biasing text (which has no significant impact on users’ decision). Our results on users’ attitude towards cookie disclaimers indicate that for several user groups the design of the disclaimer only plays a secondary role when it comes to decision making. We provide recommendations on how to improve the situation for the different user groups.
{"title":"Cookie Disclaimers: Impact of Design and Users’ Attitude","authors":"B. Berens, H. Dietmann, Chiara Krisam, O. Kulyk, M. Volkamer","doi":"10.1145/3538969.3539008","DOIUrl":"https://doi.org/10.1145/3538969.3539008","url":null,"abstract":"Dark patterns in cookie disclaimers are factors that are used to lead users to accept more cookies than needed and more than they are aware of. The contributions of this paper are (1) evaluating the efficacy of several of these factors while measuring actual behavior; (2) identifying users’ attitude towards cookie disclaimers including how they decide which cookies to accept or reject. We show that different visual representation of the reject/accept option have a significant impact on users’ decision. We also found that the labeling of the reject option has a significant impact. In addition, we confirm previous research regarding biasing text (which has no significant impact on users’ decision). Our results on users’ attitude towards cookie disclaimers indicate that for several user groups the design of the disclaimer only plays a secondary role when it comes to decision making. We provide recommendations on how to improve the situation for the different user groups.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132826259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
L. Erdődi, Pallavi Kaliyar, S. Houmb, Aida Akbarzadeh, A. Waltoft-Olsen
Smart grid brings various advantages such as increased automation in decision making, tighter coupling between production and consumption, and increased digitalization. Because of the many changes that the smart grid inflicts on the power grid as critical infrastructure, cyber security and robust resilience against cyberattacks are essential to handle. With an increased number of attack interfaces and more use of IP-enabled communication, digital stations or IEC 61850 substations need to operate according to a zero-trust security model. Cyber resilience needs to be an integrated part of the substation and its components. This paper presents an experiment utilizing a Hardware-In-the-Loop (HIL) Digital Station environment (enclave), where the focus is on attacking the SCADA protocol IEC 60870-5-104. We implemented 14 attacks, the attacks are described in detail, including the result of each attack action. Furthermore, the paper discusses the implications of the findings in the experiment and what power grid asset owners can do to protect their substations as part of their digitizing efforts.
{"title":"Attacking Power Grid Substations: An Experiment Demonstrating How to Attack the SCADA Protocol IEC 60870-5-104","authors":"L. Erdődi, Pallavi Kaliyar, S. Houmb, Aida Akbarzadeh, A. Waltoft-Olsen","doi":"10.1145/3538969.3544475","DOIUrl":"https://doi.org/10.1145/3538969.3544475","url":null,"abstract":"Smart grid brings various advantages such as increased automation in decision making, tighter coupling between production and consumption, and increased digitalization. Because of the many changes that the smart grid inflicts on the power grid as critical infrastructure, cyber security and robust resilience against cyberattacks are essential to handle. With an increased number of attack interfaces and more use of IP-enabled communication, digital stations or IEC 61850 substations need to operate according to a zero-trust security model. Cyber resilience needs to be an integrated part of the substation and its components. This paper presents an experiment utilizing a Hardware-In-the-Loop (HIL) Digital Station environment (enclave), where the focus is on attacking the SCADA protocol IEC 60870-5-104. We implemented 14 attacks, the attacks are described in detail, including the result of each attack action. Furthermore, the paper discusses the implications of the findings in the experiment and what power grid asset owners can do to protect their substations as part of their digitizing efforts.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116635602","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Machine learning has been successfully used for increasingly complex and critical tasks, achieving high performance and efficiency that would not be possible for human operators. Unfortunately, recent studies have shown that, despite its power, this technology tends to learn spurious correlations from data, making it weak and susceptible to manipulation. Explainability techniques are often used to identify the most relevant features contributing to the decision. However, this is often done by taking examples one by one and trying to show the problem locally. To mitigate this issue, we propose in this paper a systematic method to leverage explainability techniques and build on their results to highlight problems in the model design and training. With an empirical analysis on the Devign dataset, we validate the proposed methodology with a CodeBERT model trained for vulnerability discovery, showing that, despite its impressive performances, spurious correlations consistently steer its decision.
{"title":"Explainability-based Debugging of Machine Learning for Vulnerability Discovery","authors":"Angelo Sotgiu, Maura Pintor, B. Biggio","doi":"10.1145/3538969.3543809","DOIUrl":"https://doi.org/10.1145/3538969.3543809","url":null,"abstract":"Machine learning has been successfully used for increasingly complex and critical tasks, achieving high performance and efficiency that would not be possible for human operators. Unfortunately, recent studies have shown that, despite its power, this technology tends to learn spurious correlations from data, making it weak and susceptible to manipulation. Explainability techniques are often used to identify the most relevant features contributing to the decision. However, this is often done by taking examples one by one and trying to show the problem locally. To mitigate this issue, we propose in this paper a systematic method to leverage explainability techniques and build on their results to highlight problems in the model design and training. With an empirical analysis on the Devign dataset, we validate the proposed methodology with a CodeBERT model trained for vulnerability discovery, showing that, despite its impressive performances, spurious correlations consistently steer its decision.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124731653","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xinrun Zhang, A. Mathur, Lei Zhao, Safia Rahmat, Quamar Niyaz, A. Javaid, Xiaoli Yang
Several host intrusion detection systems (HIDSs) based on system call analysis have been proposed in the past to detect intrusions and malware using relevant datasets. Machine learning (ML) techniques have been applied on those datasets to improve the performances of HIDSs. However, the emphasis given on their real-world deployment is limited. To address this issue, we propose a framework for system call processing for benign and malware Android apps with an ability of early detection of malware. We extracted and analyzed system call traces for benign and malware apps, and processed their system call traces with N-gram and TF-IDF models. Six ML algorithms – Decision Trees, Random Forest, K-Nearest Neighbors, Naive Bayes, Support Vector Machines, and Multi-layer Perceptron – were trained for the malware detection system. The experimental results demonstrate that our Android malware detection system (AMDS), using traces of 3000 system calls, is capable of early detection with an average accuracy of 99.34%. We also implemented an Android app based on a client-server architecture for the proposed AMDS to demonstrate its deployment for malware detection in real-time.
{"title":"An Early Detection of Android Malware Using System Calls based Machine Learning Model","authors":"Xinrun Zhang, A. Mathur, Lei Zhao, Safia Rahmat, Quamar Niyaz, A. Javaid, Xiaoli Yang","doi":"10.1145/3538969.3544413","DOIUrl":"https://doi.org/10.1145/3538969.3544413","url":null,"abstract":"Several host intrusion detection systems (HIDSs) based on system call analysis have been proposed in the past to detect intrusions and malware using relevant datasets. Machine learning (ML) techniques have been applied on those datasets to improve the performances of HIDSs. However, the emphasis given on their real-world deployment is limited. To address this issue, we propose a framework for system call processing for benign and malware Android apps with an ability of early detection of malware. We extracted and analyzed system call traces for benign and malware apps, and processed their system call traces with N-gram and TF-IDF models. Six ML algorithms – Decision Trees, Random Forest, K-Nearest Neighbors, Naive Bayes, Support Vector Machines, and Multi-layer Perceptron – were trained for the malware detection system. The experimental results demonstrate that our Android malware detection system (AMDS), using traces of 3000 system calls, is capable of early detection with an average accuracy of 99.34%. We also implemented an Android app based on a client-server architecture for the proposed AMDS to demonstrate its deployment for malware detection in real-time.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125930085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
V. Leask, R. Cogranne, D. Borghys, Helena Bruyninckx
This paper presents the general goals of Horizon 2020 project UNCOVER, whose overall purpose is to close the gap between academic work and operational needs in the fields of data-hiding. While digital data-hiding is a relatively new area of research, our motivation in this project has been rooted in the growing gap between the academic community and the operational needs of a ”real-life” scenario of object inspection in order to UNCOVER the presence of data secretly hidden. As well as an oversight into the structure of UNCOVER, our paper presents an empirical study on the impact of specifically training a detection method for a given data-hiding scheme, the so-called Stego-Source Mismatch, as an example of unexplored issues that raises important and mostly ignored consequences within the operational context the UNCOVER project targets.
{"title":"UNCOVER: Development of an efficient steganalysis framework for uncovering hidden data in digital media","authors":"V. Leask, R. Cogranne, D. Borghys, Helena Bruyninckx","doi":"10.1145/3538969.3544468","DOIUrl":"https://doi.org/10.1145/3538969.3544468","url":null,"abstract":"This paper presents the general goals of Horizon 2020 project UNCOVER, whose overall purpose is to close the gap between academic work and operational needs in the fields of data-hiding. While digital data-hiding is a relatively new area of research, our motivation in this project has been rooted in the growing gap between the academic community and the operational needs of a ”real-life” scenario of object inspection in order to UNCOVER the presence of data secretly hidden. As well as an oversight into the structure of UNCOVER, our paper presents an empirical study on the impact of specifically training a detection method for a given data-hiding scheme, the so-called Stego-Source Mismatch, as an example of unexplored issues that raises important and mostly ignored consequences within the operational context the UNCOVER project targets.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129191934","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Internet of Vehicles (IoV) is an Internet of Things (IoT) application that offers several utilities such as traffic analysis, safe driving, road optimization, and travel comfort. Software-Defined Networking (SDN) technology has been shown to provide various benefits to support the IoV. However, the construction of IoV makes it a complex system posing several challenges among which the important ones are security and privacy of data. Intrusion Detection Systems (IDSs) have been proposed in the IoV to identify cyber attacks and protect private data. Recently work has started to implement IDSs based on Federated learning as collaborative IDSs have proved effective security of IoV. In another hand, trust management has revolutionized the IoV filed, providing decision-making support to secure the network. Stating that an SDN-driven IoV architecture in which nodes trustworthiness gets assessed can provide a promising framework for IDS, we propose in this paper a Federated learning-based IDS for the IoV under the SDN structure. We integrate trust metrics to assist in securing the IoV network. Simulation experiments are conducted to validate the proposal.
{"title":"Federated learning based IDS approach for the IoV","authors":"A. Hbaieb, S. Ayed, L. Chaari","doi":"10.1145/3538969.3544422","DOIUrl":"https://doi.org/10.1145/3538969.3544422","url":null,"abstract":"The Internet of Vehicles (IoV) is an Internet of Things (IoT) application that offers several utilities such as traffic analysis, safe driving, road optimization, and travel comfort. Software-Defined Networking (SDN) technology has been shown to provide various benefits to support the IoV. However, the construction of IoV makes it a complex system posing several challenges among which the important ones are security and privacy of data. Intrusion Detection Systems (IDSs) have been proposed in the IoV to identify cyber attacks and protect private data. Recently work has started to implement IDSs based on Federated learning as collaborative IDSs have proved effective security of IoV. In another hand, trust management has revolutionized the IoV filed, providing decision-making support to secure the network. Stating that an SDN-driven IoV architecture in which nodes trustworthiness gets assessed can provide a promising framework for IDS, we propose in this paper a Federated learning-based IDS for the IoV under the SDN structure. We integrate trust metrics to assist in securing the IoV network. Simulation experiments are conducted to validate the proposal.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122949404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mohamed Amine Merzouk, Joséphine Delas, Christopher Neal, F. Cuppens, N. Cuppens-Boulahia, Reda Yaich
An Intrusion Detection System (IDS) aims to detect attacks conducted over computer networks by analyzing traffic data. Deep Reinforcement Learning (Deep-RL) is a promising lead in IDS research, due to its lightness and adaptability. However, the neural networks on which Deep-RL is based can be vulnerable to adversarial attacks. By applying a well-computed modification to malicious traffic, adversarial examples can evade detection. In this paper, we test the performance of a state-of-the-art Deep-RL IDS agent against the Fast Gradient Sign Method (FGSM) and Basic Iterative Method (BIM) adversarial attacks. We demonstrate that the performance of the Deep-RL detection agent is compromised in the face of adversarial examples and highlight the need for future Deep-RL IDS work to consider mechanisms for coping with adversarial examples.
{"title":"Evading Deep Reinforcement Learning-based Network Intrusion Detection with Adversarial Attacks","authors":"Mohamed Amine Merzouk, Joséphine Delas, Christopher Neal, F. Cuppens, N. Cuppens-Boulahia, Reda Yaich","doi":"10.1145/3538969.3539006","DOIUrl":"https://doi.org/10.1145/3538969.3539006","url":null,"abstract":"An Intrusion Detection System (IDS) aims to detect attacks conducted over computer networks by analyzing traffic data. Deep Reinforcement Learning (Deep-RL) is a promising lead in IDS research, due to its lightness and adaptability. However, the neural networks on which Deep-RL is based can be vulnerable to adversarial attacks. By applying a well-computed modification to malicious traffic, adversarial examples can evade detection. In this paper, we test the performance of a state-of-the-art Deep-RL IDS agent against the Fast Gradient Sign Method (FGSM) and Basic Iterative Method (BIM) adversarial attacks. We demonstrate that the performance of the Deep-RL detection agent is compromised in the face of adversarial examples and highlight the need for future Deep-RL IDS work to consider mechanisms for coping with adversarial examples.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121670617","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Vaios Bolgouras, Anna Angelogianni, Ilias Politis, C. Xenakis
Digitization, in terms of online services, work environment and other day-to-day procedures, has lead to the wide adoption and use of the respective digital identities. Users utilize their digital personas and their corresponding attributes on a daily basis, in order to gain access to resources and services. This is achieved through the use of numerous identity management schemes, which often suffer from multiple vulnerabilities and are susceptible to threats. This results in the compromise of user privacy and data security. In the recent years, new technologies related to identity management, like the Self-Sovereign Identity (SSI) and eIDAS concepts, are employed to mitigate these issues. This paper presents an architecture that combines state-of-the-art technologies regarding identity management, authentication and secure storage. More specifically, the proposed framework utilizes IOTA-based SSI, the eIDAS framework, FIDO protocol and Trusted Execution Environment (TEE), resulting in a trusted and secure identity management framework. Our solution is thoroughly presented via scenarios, showcasing its robustness and how well it copes in relation to our threat model.
{"title":"Trusted and Secure Self-Sovereign Identity framework","authors":"Vaios Bolgouras, Anna Angelogianni, Ilias Politis, C. Xenakis","doi":"10.1145/3538969.3544436","DOIUrl":"https://doi.org/10.1145/3538969.3544436","url":null,"abstract":"Digitization, in terms of online services, work environment and other day-to-day procedures, has lead to the wide adoption and use of the respective digital identities. Users utilize their digital personas and their corresponding attributes on a daily basis, in order to gain access to resources and services. This is achieved through the use of numerous identity management schemes, which often suffer from multiple vulnerabilities and are susceptible to threats. This results in the compromise of user privacy and data security. In the recent years, new technologies related to identity management, like the Self-Sovereign Identity (SSI) and eIDAS concepts, are employed to mitigate these issues. This paper presents an architecture that combines state-of-the-art technologies regarding identity management, authentication and secure storage. More specifically, the proposed framework utilizes IOTA-based SSI, the eIDAS framework, FIDO protocol and Trusted Execution Environment (TEE), resulting in a trusted and secure identity management framework. Our solution is thoroughly presented via scenarios, showcasing its robustness and how well it copes in relation to our threat model.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131471405","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Urbanization pushes toward the need for integrated shared mobility solutions such as bike-sharing, car-sharing, and other public transport schemes to provide seamless inter-modal journeys to users. Achieving shared mobility integration can be done by tickets and payments, leveraging access to user data and payment information across mobility systems to allow access to and payment for transport services, and making multi-modal transport more accessible. Providing such mobility services requires access to and use of sensitive user data and sensitive safety-related functions vulnerable to cyberattacks. However, research examining the security and privacy concerns in shared mobility integration is limited. Thus, we evaluate shared mobility integration components, stakeholders, and processes based on literature, to provide an abstract integration model when integrating shared mobility schemes. We also highlight mentions of security related issues and the potential security risks as a result of implementing shared mobility integration. We then applied lessons from our analysis to a real-world bike-sharing integration case study, analyzing potential security risks, proposing appropriate suggestions to manage discovered security risks. Our findings and discussions benefit transport operators, authorities, and mobility stakeholders by encouraging security-by-design and security risk management practices when implementing shared mobility integration schemes.
{"title":"Security Risk Management in Shared Mobility Integration","authors":"A. O. Affia, Raimundas Matulevičius","doi":"10.1145/3538969.3543797","DOIUrl":"https://doi.org/10.1145/3538969.3543797","url":null,"abstract":"Urbanization pushes toward the need for integrated shared mobility solutions such as bike-sharing, car-sharing, and other public transport schemes to provide seamless inter-modal journeys to users. Achieving shared mobility integration can be done by tickets and payments, leveraging access to user data and payment information across mobility systems to allow access to and payment for transport services, and making multi-modal transport more accessible. Providing such mobility services requires access to and use of sensitive user data and sensitive safety-related functions vulnerable to cyberattacks. However, research examining the security and privacy concerns in shared mobility integration is limited. Thus, we evaluate shared mobility integration components, stakeholders, and processes based on literature, to provide an abstract integration model when integrating shared mobility schemes. We also highlight mentions of security related issues and the potential security risks as a result of implementing shared mobility integration. We then applied lessons from our analysis to a real-world bike-sharing integration case study, analyzing potential security risks, proposing appropriate suggestions to manage discovered security risks. Our findings and discussions benefit transport operators, authorities, and mobility stakeholders by encouraging security-by-design and security risk management practices when implementing shared mobility integration schemes.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125331593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}