Abstract: Disclosed herein are systems and methods for reducing or mitigation alert fatigue from real-time alerts in cyber-physical systems or other types of edge computing systems are provided. In one or more examples, the edge computing system monitor can look for one or more patterns within received data that can indicate malicious activity or other conditions that may warrant a real-time or near-real time response from the operator. In one or more examples, a detection of any of the specified patterns in the streaming data can trigger an alert to the operator of the edge computing system. In one or more examples, the alerts can be suppressed until the number of alerts associated with a particular pattern crosses a pre-determined threshold. Additionally or alternatively, alerts can be suppressed based on a duration that the alerts have been generated. The suppression of alerts can be configured to reduce operator alert fatigue.

Abstract: Aspects presented herein may enable a UE to communicate with a non-terrestrial network (NTN) with its location verified using a set of encrypted signals from a set of satellites associated with the NTN. In one aspect, a UE receives, from each satellite of a set of satellites, a set of encrypted signals and time information. The UE generates a set of time signals based on the time information for all of the set of satellites. The UE transmits the set of encrypted signals and the generated set of time signals for verifying a location of the UE. The UE communicates with an NTN based on the location of the UE being verified by the NTN to be a valid location, where the set of satellites is associated with the NTN.

Abstract: A data processing system and method for norm checking a cryptographic operation for lattice-based cryptography in a processor, the instructions, including: multiplying a first polynomial by a second polynomial to produce a first output, wherein the d arithmetic shares have a modulus q?; securely converting the first output to d Boolean shares; securely subtracting a third polynomial from the first output to produce a second output, wherein the third polynomial is randomly generated and then offset by a first constant parameter; securely adding a first constant based upon a bound check and the first constant parameter to the second output to shift the values of the second output to positive values to produce a third output; and securely adding a second constant based upon the bound check to the third output to produce a carry bit.

Abstract: Embodiments disclosed herein relate to methods, systems, and computer programs for automatically determining an outcome associated with a reasoning graph, based on one or more data sets. The methods, systems, and computer programs compare hash values associated with different data sets to determine if they match to assign the outcome associated with a pre-existing hash to the later provided hash and data set associated therewith.

Abstract: An alarm processing method includes: receiving an alarm query request for a service, and acquiring a plurality of alarm records of the service; performing keyword extraction processing on the alarm record according to an attack word library of the service to obtain an attack keyword; determining a similarity between every two of the plurality of alarm records according to the attack keywords in the alarm records; and clustering the plurality of alarm records according to the similarity to obtain a plurality of alarm record clusters.

Abstract: Methods, devices and systems allow a user to utilize their cellular or WiFi communication device from within a secure area, preferably via a secure user interface that is communicatively coupled to their device which is located outside of the secure area. The system includes a communication interface located outside of the secure area which serves as an interface to the user communication device, and which communicates with a secure user interface within the secure user interface by one or more communication isolators that transmit information between the secure and unsecure areas via optical communication signals. The secure user interface includes a touch screen display, speaker, microphone and keyboard for presenting outputs and receiving inputs in a manner that mimics direct interaction with the user communication device.

Abstract: Technologies are provided for clockless physically unclonable functions (PUFs) in reconfigurable devices. Embodiments of the disclosed technologies include processing circuitry configured to perform numerous operations. The operations can include receiving a challenge continuous pulse signal, and generating a response continuous pulse signal by iteratively extending the challenge continuous pulse signal in time-domain. In some configurations, the iteratively extending includes generating a next continuous pulse signal by operating on a prior continuous pulse signal according to a stretching function, and generating a second next continuous pulse width signal by operating on the next continuous pulse signal according to a folding function.

Abstract: A vehicle includes a communication module capable of using two telecommunication identifier cards, one relating to a subscription between a constructor of the vehicle and a telecommunications operator, the other relating to a subscription between a user of the vehicle and a telecommunications operator. The vehicle includes a trusted execution environment hosting security functions of the vehicle and a multimedia system execution environment hosting at least a part of the communication module. The trusted execution environment includes a supervision module monitoring the connection between the vehicle and a remote management server of the vehicle.

Abstract: This application provides a method, including: receiving, sent by a third-party server, a registration request which includes first information, second information, and third information, the first information is used to indicate a public key address of the third-party server, the public key address includes a first domain name, the second information is used to indicate a delivery address of event information, the delivery address includes a second domain name, the third information is used to indicate a target DNS record which includes a digital signature of the third-party server; when the first domain name is the same as the second domain name, obtaining a public key of the third-party server, and obtaining the target DNS record; performing signature authentication on the digital signature based on the public key, to obtain a signature authentication result; determining, based on the signature authentication result, whether to allow the third-party server to perform registration.

Abstract: Systems as described herein may implement non-persistent data caching using a dedicated web server. A non-persistent data caching system may determine that an application, executing on a computing device may require access to secure data located on a remote server external to the computing device. The non-persistent data caching system may initiate a dedicated web server on the computing device, retrieve the secure data from the remote server, and store the secure data in a volatile memory of the computing device. The non-persistent data caching system may subsequently redirect a request for at least a portion of the secure data from the application and to the dedicated web server, and the dedicated web server may send the requested portion to the application.

Abstract: The disclosure provides an approach for logical switch level load balancing of Layer 2 virtual private network (L2VPN) traffic. A method of securing communications with a peer gateway generally includes establishing, at a virtual tunnel interface of a local gateway, a plurality of security tunnels with the peer gateway. Each of the plurality of security tunnels is associated with a different set of one or more layer 2 segments and with one or more security associations (SAs) with the peer gateway. The method generally includes receiving a packet, at the local gateway, via a first L2 segment. The method generally includes selecting one of the plurality of security tunnels and an SA associated with the selected security tunnel based on the L2 segment via which the packet was received. The method generally includes encrypting and encapsulating the packet based on the selected security tunnel and SA.

Abstract: The invention introduces an apparatus for detecting errors during data encryption. The apparatus includes a key generation circuitry and a key-error detection circuitry. The key generation circuitry is arranged operably to realize a key expansion operation for generating multiple round keys based on a root key in an encryption algorithm, where the encryption algorithm encodes plaintext or an intermediate encryption result with one round key in a corresponding round. The error detection circuitry is arranged operably to: calculate redundant data corresponding to each round key; and output an error signal to a processing unit when finding that any round key does not match corresponding redundant data at a check point during the key expansion operation.

Abstract: A machine learning attack resistant strong PUF with a dual-edge sampling function comprises switch units, a first arbiter and a second arbiter. The first arbiter is for determining a sequential order of delays at a rising edge of signals input to a first input terminal and a second input terminal of the first arbiter. The second arbiter is for determining a sequential order of delays at a falling edge of signals input to a first input terminal and a second input terminal of the second arbiter. Each switch unit is composed of eight MOS transistors. The strong PUF has a high capacity to resist machine learning attacks and small hardware expenditure through simple structural design of the switch units, realizing machine learning attack resistance and small hardware expenditure at the same time, and generating a large number of challenge response pairs through dual-edge sampling realized by the two arbiters.

Abstract: According to some embodiments, a method includes detecting a start of an OpenTelemetry span by an application and determining security information related to the start of the OpenTelemetry span. The method further includes monitoring the application for one or more application behaviors during execution of the OpenTelemetry span. The method further includes detecting an end of the OpenTelemetry span by the application, and in response, calculate a security score for the OpenTelemetry span using the security information related to the start of the OpenTelemetry span and the one or more application behaviors detected during execution of the OpenTelemetry span. The method further includes updating a status of the OpenTelemetry span to include the security score and a text string related to the calculation of the security score.

Abstract: An exemplary random number generation system leverages the r includes at least one solar power panel of a solar power system, at least one sensor and a random number generator. The sensor senses one or more output parameters (e.g., voltage or current) from the solar power system and provides the sensed parameter to the random number generator, which uses the sensed parameter to generate a number that is truly random (i.e., is not deterministic). As an example, the random number generator may receive multiple samples of the measured parameter and generate a random number based on a difference of the multiple samples. If desired, the random number generator may include an algorithm to remove biasing in the random number.

Abstract: In some embodiments, a method receives a packet at an instance of a distributed firewall associated with one of a plurality of workloads running on a hypervisor. Each of the plurality of workloads has an associated instance of the distributed firewall. An index table is accessed for the workload where the index table includes a set of references to a set of rules in a rules table. Each workload in the plurality of workloads is associated with an index table that references rules that are applicable to each respective workload. The method then accesses at least one rule in a set of rules associated with the set of references from the rules table and compares one or more attributes for the packet to information stored for the at least one rule in the set of rules to determine a rule in the set of rules to apply to the packet.

Abstract: In general, the disclosure relates to a method for creating segment mapping in a network, by a network device. The method includes receiving a segment identification (ID) for a client device of the network from an authentication system. The segment ID identifies a segment of the network including the client device and the network device wherein the segment ID is associated with a media access control (MAC) address of the client device. The network device or a network management system (NMS) determines an internet protocol (IP) address of the client device and the network device creates an IP address to segment ID mapping for the client device using the IP address. The IP address to segment ID mapping is provided to the NMS for distribution to remaining network devices of the network. At least one packet of the client device is processed using the IP address to segment ID mapping.

Abstract: In general, embodiments relate to a network device, including network device hardware including a processor; and memory comprising instructions which, when executed by the processor, performs a method for creating segment mapping in a network. The method includes entering a fallback mode in response to detecting a fallback scenario, determining, based on the fallback mode, a segment identification (ID) for a client device of the network, wherein the segment ID identifies a segment of the network including a client device, obtaining an Internet Protocol (IP) address to segment ID mapping, wherein the client device is associated with the IP address, and processing at least one packet from the client device using the IP address to segment ID mapping.

Abstract: An information processing architecture for implementation in a vehicle includes a software segregation unit which is configured to provide a first security domain and a second security domain which are assigned in each case to different operational areas of the vehicle and have their own data processing environments which are segregated from one another to run a multiplicity of computer applications. The software segregation unit is further configured to provide a synchronization instance, wherein the synchronization instance has a central dataset which is synchronized with data generated in the respective security domains independently from one another via data exchange and is selectively readable by both security domains.

Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection engine. In examples, the behavioral threat detection engine manages execution of one or more virtual machines, wherein each virtual machine processes a rule in relation to a context. The behavioral threat detection engine uses any of a variety of techniques to identify when events occur. Accordingly, the behavioral threat detection engine provides event indications, in the form of event packets, to one or more virtual machines, such that corresponding rules are able to process the events accordingly. Eventually, a rule may make a determination as to the presence or absence of a behavior. As a result, execution of the associated virtual machine may be halted, thereby indicating to the behavioral threat detection engine that a determination has been made. Thus a behavioral threat detection engine employs a behavior-based approach to detecting malicious or potentially malicious behaviors.