[AISWorld] IJITCA Vol. 1, No. 3/4 Published; Call for Papers

[Tyson Brooks]

Hello Colleagues –



I hope everyone is safe and doing well so far in the New Year. Vol. 1, No.
3/4 of the International Journal of Internet of Things and Cyber-Assurance
(IJITCA) has been published by Inderscience Publishers:
https://www.inderscience.com/jhome.php?jcode=ijitca. The objective of the
IJITCA is to increase the visibility of current research in cyber-assurance
and emergent trends in information assurance theory, cyber-security
application, architecture and information security pertaining to the
Internet of Things (IoT) based on theoretical aspects and studies of
practical applications. The need for the IJITCA provides an understanding
of the cyber-assurance domain from an information security practitioner's
perspective and the identification of major cyber-threats to the IoT.



The following articles published in Vol. 1, No. 3/4 include the following:


**Modelling and evaluation of mitigation methods against IoT malware Mirai
with agent-oriented Petri net PN2   *

by Shingo Yamaguchi, Hiroaki Tanaka, Mohd Anuaruddin Bin Ahmadon



*Abstract: *In this paper, we proposed a model of the infection phenomenon
of an IoT malware called Mirai. We regarded the infection phenomenon as a
multi-agent system and expressed it with agent-oriented Petri net called as
Petri nets in a Petri net (PN2 for short). Some mitigation methods have
been proposed such as rebooting infected devices and using an IoT worm
called as Hajime which blocks Mirai. We reflected the methods into the PN2
model, and evaluated the methods of the model. Our results show that: 1) by
rebooting the infected devices, we can drastically reduce Mirai's infection
rate when the delay is zero. The effect, however, is rapidly lost with the
increase of the delay; 2) Hajime reduces Mirai's infection rate to less
than half without depending on the delay of reboot. The reduction rate,
however, gradually decreases with the increase of the initial number of
Hajime.



**Workload aware incremental repartitioning of NoSQL for OLTP
applications   Order a copy of this article*

by Anagha Bhunje, Swati Ahirrao



*Abstract: *Numerous applications are deployed on the web with the
increasing popularity of internet. These include gaming and e-commerce web
applications. These applications generate huge amount of the data. One
particular machine cannot handle such data. It is difficult to scale out by
using relational databases. OLTP system needs to be scalable and require
fast response. Therefore the scalability becomes the challenge for the
e-commerce applications. Data partitioning technique is used to improve the
scalability of the system. Existing partitioning techniques does not
consider the relation among tuples. These techniques do not handle
incremental data and are suitable for those applications that required only
sequential access to the data. It results in increasing the number of the
distributed transactions. The work-load aware incremental repartitioning
approach is used to balance the load among the partitions. Hypergraph
representation technique represents transactional workload in graph form.
In this technique, frequently used items are grouped together by using
fuzzy C-means clustering algorithm. Tuple classification and migration
algorithm is used for mapping clusters to partitions and after that tuples
are migrated efficiently.

Keywords: online transaction processing; OLTP; distributed transactions;
not only SQL; NoSQL; incremental repartitioning technique; hyper graph;
scalability; fuzzy C-means clustering algorithm.



**A brief overview on status of internet of things research in Iran   Order
a copy of this article*

by Mehdi Dadkhah, Mohammad Lagzian, Gabriele Santoro, Mario Drobics



*Abstract: *Internet of things (IoT) as a popular technology plays an
important role in the future of the economy. Current literature highlights
that IoT has different applications and will change human interaction with
the virtual world. As IoT will be a key enabling technology in the future,
it is important for all countries to be aware of this development and its
applications, and to support related research and investments. In this
paper, we aim to inspect the current status of IoT related research in Iran
and present a short and brief overview on current IoT related research
areas in Iran. We used Scopus as the scientific citation base to access
papers published by Iranian authors in this area. Our analysis shows that
Iran is in the emerging stage of IoT. Thus, Iranian scholars and
institutions should pay more attention to this highly relevant topic and
try to create a good body of knowledge to migrate in the maturity stage as
soon as possible. Founding an especial Iranian society on internet of thing
or a journal, which focuses on IoT in Iran, could be first steps in this
direction.



**Towards the design of an assurance framework for increasing security and
privacy in connected vehicles   Order a copy of this article*

by Christos Kalloniatis, Vasiliki Diamantopoulou, Konstantinos Kotis,
Christos Lyvas, Konstantinos Maliatsos, Matthieu Gay, Αthanasios G.
Kanatas, Costas Lambrinoudakis



*Abstract: *Intelligent transport systems (ITS) play a key role in our
daily activities. ITS development over the last decades has been based on
the rapid evolution of information and communication technologies (ICT),
which include processing capabilities, availability of hardware and
communication technologies. However, as the development of ITS services
increases so does the users' awareness regarding the degree of trust that
they demonstrate on adopting this kind of services. This has brought to
light several security and privacy concerns that ITS analysts should
consider when designing and implementing various IT related services. This
paper identifies how risk analysis can interact with security and privacy
requirements' engineering world, in order to provide a holistic approach
for reasoning about security and privacy in such complex environments like
ITS systems.



**An internet control device embedded sensor agent   *

by Tyson Brooks



*Abstract: *The Internet of Things (IoT) is undertaking the prodigiously
important task of transforming existing systems' capabilities from
traditional application stovepipes to a new internet paradigm that enables
processes and services in a fast-changing environment. These
internet-connected devices (ICD) or 'things' can be sensors, radiofrequency
identification (RFID), TVs, etc. As the IoT continues to combine new
transmission and processing technologies (e.g., satellite communications
networks, mobile communications networks) into one high-integrated network,
many access connection points become easy targets for hackers. In many
situations, it is very difficult to find out the position or the source(s)
of cyber-attacks making it very complex to correctly determine the
intention of the attack. Therefore, once IoT devices and networks are
attacked and neutralised, its processing capabilities may be severely
harmed. This article provides additional details of an ICD embedded sensor
agent for IoT architectures and discusses the opportunity of ICD's
automatically securing themselves against attacks.



**A survey of internet of things operating systems with cyber
assurance   Order a copy of this article*

by Anum Ali, Ghalib A. Shah, Atif Alvi



*Abstract: *Machine-to-machine (M2M) is an ecosystem which is used to
describe any technology deploying and creating a network of devices to
perform actions and exchange information. This new class of communicating
devices have very diverse traffic characteristics and pose unique
challenges. This paper surveys the state-of-the-art operating system
technologies, architectures and available networking stack protocols on it,
and explore their potential to support the growth of related applications.
Moreover, the diversity of applications and internet of things (IoT)
devices also necessitate the investigation of middleware framework and
specifications to cater the current existing challenges. Therefore, we also
discuss different challenges and issues in developing rich applications by
using available operating systems. The paper concludes after providing
recommendations for future enhancement in existing operating systems.



**Mobile cyber-assurance informed through knowledge graph construction: the
OWASP threat of insecure communications   Order a copy of this article*

by Suzanna Schmeelk, Lixin Tao



*Abstract: *This research focuses on secure software development of mobile
applications by developing knowledge graphs for threats reported by the
Open Web Application Security Project (OWASP). OWASP maintains best
practices on the current industry top ten security threats to mobile and
web applications. We develop knowledge graphs based on the two most recent
top ten OWASP threat reports. We, then, show how the knowledge graph
relationships can be discovered in mobile application source code,
specifically Android. From the developed knowledge graph, we analyse 200+
healthcare applications posted on GitHub to gain insights into the
cyber-assurance of these mobile software. We specifically examine the
source code for one of the OWASP top ten mobile threats, the threat of
insecure communications. We find that many of the analysed applications are
communicating with potential personal identifying information employing
insecure methodologies leaving users exposed to higher risks.





*~ ~ Call for Papers ~ ~*

*Journal Overview*

Cyber-assurance is the justified confidence that Internet of Things (IoT)
networked systems and devices are adequately secured and engineered to meet
operational needs, even in the presence of cyber-attacks, failures,
accidents and unexpected events. IoT devices and networks may range from
hand-held mobile devices to a centralized high-performance cloud computing
environment consisting of heterogeneous communication systems of both
tactical (mobile, wireless) and fixed (wired) communications
infrastructures. The IoT must address the delivery of authentic, accurate,
secure, reliable and timely information (regardless of threat conditions)
over these distributed and heterogeneous computing and communication
systems. The IJITCA is looking to increase the visibility of current
research and emergent trends in cyber-assurance for IoT networks,
applications, architectures and information security methods based on
theoretical aspects and studies of practical applications. The IJITCA
covers fundamental to advanced topics necessary to grasp the IoT current
cyber-assurance issues, challenges and solutions as well as future trends
in secure IoT devices and networks. Vol.1 No. 1 is free of charge and can
be accessed at the following location:



*http://www.inderscience.com/info/inarticletoc.php?jcode=ijitca&year=2018&vol=1&issue=1
<http://www.inderscience.com/info/inarticletoc.php?jcode=ijitca&year=2018&vol=1&issue=1>*



Recommended topics include, but are not limited to, the following:

   - Secure algorithms used to spawn and control intelligent agents for
   embedded processing of IoT devices and networks
   - Key distribution and management in IoT networks
   - Secure IoT radio frequency (RF) signal processing
   - Distributed 5G IoT networks using embedded sensors and actuators
   - Design tools for integrating RF devices and components, e.g. inductors
   and optics, on IoT processing chips
   - Techniques to improve the quality of attack indications or threat
   warnings for IoT networks
   - IoT technology for implementing monolithic transceivers on single
   integrated circuits
   - IoT processors capable of multiple gigahertz operations
   - IoT sensor intrusion networking systems, including distributed
   detection/estimations
   - Synchronized cyber-attacks against the smart grid and/or SCADA systems
   - Zero Trust models and architecture for IoT
   - Modelling frameworks for cyber-physical systems under cyber-attacks
   - Optimal IoT network clustering for distributed procedures in
   cyber-physical systems
   - Tools and techniques for automating the creation and distribution of
   interoperable vulnerabilities in IoT devices and networks
   - Secure engineering methodologies and system designs
   - Cyber-attacks and countermeasures against IoT/Fog computing
   networks/devices
   - Secure software defined networking (SDN)/network function
   virtualization (NFV) architectures and designs
   - Research on automated IoT/Fog computing vulnerability assessment and
   intrusion detection tools and techniques
   - Genetic algorithms used to spawn and control intelligent agents for
   information assurance for IoT/Fog computing devices



*Paper Submissions*

Submitted articles should not have been previously published or be
currently under consideration for publication elsewhere. Conference papers
may only be submitted if the paper has been completely re-written and the
author has cleared any necessary permissions with the copyright owner if it
has been previously copyrighted. Briefs and research notes are not
published in this journal. All our articles go through a double-blind
review process. All authors must declare they have read and agreed to the
content of the submitted article. A full statement of our Ethical
Guidelines for Authors (PDF)
<https://www.inderscience.com/www/dl.php?filename=authorethics.pdf> is
available. There are no charges for publishing with Inderscience, unless
you require your article to be Open Access (OA).



All articles for this journal must be submitted using our online
submissions system:


*https://www.inderscience.com/mobile/inauthors/index.php?pid=73
<https://www.inderscience.com/mobile/inauthors/index.php?pid=73>*



***Upcoming Special Issue Opportunity***



*Systems Security Engineering for Mission Assurance *- July 2021

https://www.inderscience.com/info/ingeneral/cfp.php?id=4766


Thank you for your continued support!



Dr. Tyson Brooks
Adjunct Professor, Syracuse University
IEEE Senior Member



EiC- International Journal of the Internet of Things and Cyber-Assurance

ijitcaeditor at gmail.com