Cyber Physical Systems

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/321964451

Cyber Security and Human Rights Article in CSI Communications · December 2017

CITATIONS

READS

0

92

3 authors: Subrata Paul

Anirban Mitra

Vignan Institute of Technology and Management

Amity University Kolkata

12 PUBLICATIONS 28 CITATIONS

48 PUBLICATIONS 201 CITATIONS

SEE PROFILE

Brojo Kishore Mishra C. V. Raman College of Engineering 68 PUBLICATIONS 62 CITATIONS SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Rough Sets View project

Fault Detection in Optical Fiber by Optical Time Domain Refletometry View project

All content following this page was uploaded by Brojo Kishore Mishra on 08 February 2018. The user has requested enhancement of the downloaded file.

SEE PROFILE

52 pages including cover

Volume No. 41 | Issue No. 9 7 | December October 2017 2017

50/-

www.csi-india.org www.csi-india.org

ISSN ISSN 0970-647X 0970-647X

Knowledge Digest for IT Community

Cover Story Cyber Physical Systems (CPS) and Cover Story its Implications 8 CSI Nihilent eGovernance Awards 7 TECHNICAL TRENDS Machine Learning in TECHNICAL TRENDS Advanced Python 11 Meri Sadak 2.0 : One step closer to SMART CITY 15

RESEARCH FRONT Enterprise Information Security Risk RESEARCH FRONT Management 20 Remote Monitoring and Localization using Sensors: Tools for e-Governance 17 Article Application Security using Blockchain in Cyber Article Physical System 25 Ontology Modeling in E-Governance for a SECURITY CORNER Semantic Digital 25 Systems 31 Security Issues in CyberIndia Physical

Know Your CSI Executive Committee (2017-18/19) President Mr. Sanjay Mohapatra D/204, Kanan Tower, Patia Square, Bhubaneswar Email : [email protected]

Vice President Mr. Gautam Mahapatra Vailla No: 8, Maithri Enclave, Near Tulsi Gardens, Yapral Kapra, Hyderabad-500 062. (E) [email protected]

Hon. Treasurer Mr. Manas Ranjan Pattnaik Plot No. N-24, 25 Chandaka Indl. Estate, Patia, KIIT, Bhubaneswar (E) [email protected]

Immd. Past President Dr. Anirban Basu 309, Ansal Forte, 16/2A, Rupena Agrahara, Bangalore Email : [email protected]

Hon. Secretary Prof. A. K. Nayak Director, Indian Institute of Business Management, Budh Marg, Patna (E) [email protected]

Regional Vice-Presidents Region-I Mr. Arvind Sharma 3/294, Vishwas Khand, Gomati Nagar, Lucknow-226010. UP (E) [email protected]

Region-II Mr. Devaprasanna Sinha 73B Ekdalia Road, Kolkata - 700 019 (E) [email protected]

Region-III Prof. Vipin Tyagi Dept. of CSE, Jaypee University of Engg. and Tech., Guna - MP (E) [email protected]

Region-IV Mr. Hari Shankar Mishra Command Care, Opp. Loreto Convent School, A. G. Office Road, Doranda, Ranchi – 834002, Jharkhand (E) [email protected]

Region-V Mr. Vishwas Bondade No. 774, 2nd Stage, Indiranagar, Bangalore 560038 (E) [email protected]

Region-VI Dr. Shirish S. Sane Vice-Principal, K K Wagh Institute of Engg Education & Research,Nashik, (E) [email protected]

Division-I Mr. Apoorva Agha 8, Katra Road, Allahabad, UP - 211002 (E) [email protected]

Division-II Prof. P. Kalyanaraman Plot No. 139, Vaibhav Nagar, Phase I, Opp VIT Gate 3, Vellore – 632014. (E) [email protected]

Division-III Mr. Raju L. kanchibhotla Aashirvad, 42/260/1/2, Shramik Nagar, Moulali Hyderabad-500 046, India (E) [email protected]

Division-IV Dr. Durgesh Kumar Mishra H-123-B, Vigyan Nagar, Annapurna Road, Indore (E) [email protected]

Division-V Dr. P. Kumar Professor and Head Dept. of Computer Science and Engineering, Rajalakshmi Engineering College, Chennai – 602 105. (E) [email protected]

Region-VII Dr. M. Sundaresan Professor and Head, Dept. of IT, Bharathiar University, Coimbatore - 641046, Tamil Nadu. (E) [email protected]

Division Chairpersons

Nomination Committee (2017-2018) Prof. K. Subramanian B 28,Tarang Apmts, Plot 19, IP Extn, Patparganj, Delhi - 110092 (E) [email protected]

an individual. 2 are friends. 3 is company. more than 3 makes a society. The arrangement of these elements makes the letter ‘C’ connoting ‘Computer Society of India’. the space inside the letter ‘C’ connotes an arrow - the feeding-in of information or receiving information from a computer.

Dr. Brojo Kishore Mishra Associate Professor, Dept. of IT, C. V. Raman College Engineering, Bhubaneshwar - 752054. India (E) [email protected] [email protected]

Mr. Subimal Kundu Flat No. 1A, Block - 7, Space Town Housing Complex, P.O. Airport, Kolkata – 700052 (E) [email protected] [email protected]

CSI Headquarter : Samruddhi Venture Park, Unit No. 3, 4th Floor, MIDC, Andheri (E), Mumbai-400093, Maharashtra, India Phone : 91-22-29261700 Fax : 91-22-28302133 Email : [email protected] CSI Education Directorate : CIT Campus, 4th Cross Road, Taramani, Chennai-600 113, Tamilnadu, India Phone : 91-44-22541102 Fax : 91-44-22541103 : 91-44-22542874 Email : [email protected]

CSI Registered Office : 302, Archana Arcade, 10-3-190, St. Johns Road, Secunderabad-500025, Telengana, India Phone : 91-40-27821998

CSI Communications Volume No. 41 • Issue No. 9 • DECEMBER 2017

Chief Editor

S S Agrawal

KIIT Group, Gurgaon

Editor

Prashant R. Nair

Amrita Vishwa Vidyapeetham, Coimbatore

Published by

A. K. NAYAK

Hony. Secretary

For Computer Society of India

Contents Cover Story Cyber Physical Systems (CPS) and its Implications S. Suseela and T. Kavitha

Technical Trends

8

Machine Learning in Advanced Python Suchithra M S and Maya L Pai

11

Blockchain: A Primer

15

Editorial Board:

Durgesh Barwal, Rajat Kumar Behera and Abhaya Kumar Sahoo

Bhabani Shankar Prasad Mishra,

Research Front

Arun B Samaddar, NIT, Sikkim KIIT University, Bhubanewar

Debajyoti Mukhopadhyay, MIT, Pune J. Yogapriya, Kongunadu Engg. College, Trichy

Enterprise Information Security Risk Management K. Srujan Raju and M. Varaprasad Rao

M Sasikumar, CDAC, Mumbai,

Articles

R Subburaj, SRM University, Chennai

Poonam N. Railkar, Sandesh Mahamure and Dr. Parikshit N. Mahalle

R K Samanta, Siliguri Inst. of Tech., West Bengal R N Behera, NIC, Bhubaneswar Sudhakar A M, University of Mysore Sunil Pandey, ITS, Ghaziabad Shailesh K Srivastava, NIC, Patna Vishal Mehrotra, TCS

Application Security using Blockchain in Cyber Physical System

25

Cyber Physical Systems and Smart Cities

29

Nishtha Kesswani and Sanjay Kumar

Security Corner Security Issues in Cyber Physical Systems

31

Cyber Security and Human Rights

34

Swati Maurya and Anurag Jain

Subrata Paul, Anirban Mitra and Brojo Kishore Mishra

Design, Print and Dispatch by

Practitioner Workbench

GP Offset Pvt. Ltd.

Fun with Digital Image Processing in PHP on Windows and Linux Platform

Please note: CSI Communications is published by Computer Society of India, a non-profit organization. Views and opinions expressed in the CSI Communications are those of individual authors, contributors and advertisers and they may differ from policies and official statements of CSI. These should not be construed as legal or professional advice. The CSI, the publisher, the editors and the contributors are not responsible for any decisions taken by readers on the basis of these views and opinions. Although every care is being taken to ensure genuineness of the writings in this publication, CSI Communications does not attest to the originality of the respective authors’ content. © 2012 CSI. All rights reserved. Instructors are permitted to photocopy isolated articles for non-commercial classroom use without fee. For any other copying, reprint or republication, permission must be obtained in writing from the Society. Copying for other than personal use or internal reference, or of articles or columns not owned by the Society without explicit permission of the Society or the copyright owner is strictly prohibited.

20

Baisa L. Gunjal

36

PLUS Know Your CSI ICANN|60 CSI Patna Chapter Report Report on CSI Student Conventions : Karnataka & Haryana State Level convention State Student Convention 2017, West Bengal Latex Workshop & Workshop on Python - Programming Tool for Data Science CSI Reports Student Branches News CSI Calendar 2017-18

2nd Cover 6 7 40

The 2017 India-Africa ICT Summit

Back Page

41 41 42 44 3rd Cover

Printed and Published by Prof. A. K. Nayak on behalf of Computer Society of India, Printed at G.P. Offset Pvt. Ltd. 269 / A2, Shah & Nahar Industrial Estate, Dhanraj Mill Compound, Lower Parel (W), Mumbai 400 013 and published from Computer Society of India, Samruddhi Venture Park, Unit-3, 4th Floor, Marol Industrial Area, Andheri (East), Mumbai 400 093. Tel. : 022-2926 1700 • Fax : 022-2830 2133 • Email : [email protected]

3 C S I C o m m u n ic a t i o n s | D E C E M B E R 2 0 1 7

Editorial Dear Fellow CSI Members, The theme for the Computer Society of India (CSI) Communications (The Knowledge Digest for IT Community) December 2017 issue is Cyber Physical Systems.

Prof. (Dr.) S. S. Agrawal

“Cyber-Physical Systems or “smart” systems are co-engineered interacting networks of physical and computational components. These systems will provide the foundation of our critical infrastructure, form the basis of emerging and future smart services, and improve our quality of life in many areas.” National Institute of Standard & Technology (NIST), USA

Chief Editor

Prof. Prashant R. Nair Editor

After a series of thematic issues focusing on ICT in applications such as education, governance, agriculture and health, CSI Communications is focusing on cyber physical systems in this issue after an issue on the research topic of machine learning. The next issue is also based on research theme, Machine Intelligence. Cyber Physical Systems (CPS) is poised to bring advances in personalized health care, emergency response, traffic flow management, and electric power generation and delivery. This technology builds on embedded systems, computers and software embedded in devices whose principle mission is not computation, such as cars, toys, medical devices, and scientific instruments. CPS integrates the dynamics of the physical processes with those of the software and networking, providing abstractions and modeling, design, and analysis techniques for the integrated whole The Cover story in this issue is “Cyber Physical Systems (CPS) and its Implications” by S. Suseela & T. Kavitha. In the cover story, the authors have traced the evolution and described the architecture, applications, platforms and functions of CPS. The technical trends showcased are “Machine Learning in Advanced Python” by Suchithra M.S. & Maya L Pai and “Blockchain: A Primer” by Durgesh Barwal Rajat Kumar Behera & Abhaya Kumar Sahoo In Research front, we have “Enterprise Information Security Risk Management” by K. Srujan Raju & M. Varaprasad Rao, who throw light upon current research and approaches for enterprise information security risk management. Other articles in this issue on CPS provide us information on its applications in smart cities by Nishtha Kesswani & Sanjay Kumar and Application Security using Blockchain in CPS by Poonam N. Railkar Sandesh Mahamure & Parikshit N. Mahalle The Security Corner has 2 contributions, “Security Issues in Cyber Physical Systems” by Swati Maurya & Anurag Jain and “Cyber Security and Human Rights” by Subrata Paul, Anirban Mitra & Brojo Kishore Mishra. We have revived the Practitioner’s Workbench in this issue with “Fun with Digital Image Processing in PHP on Windows and Linux Platform” by Baisa L. Gunjal This issue also contains collage of ICANN 60 participation by CSI, MoU with Cisco, CSI activity reports from chapters & student branches and calendar of events We are thankful to entire ExecCom for their continuous support in bringing this issue successfully. We wish to express our sincere gratitude to the CSI publications committee, editorial board, authors and reviewers for their contributions and support to this issue. We look forward to receive constructive feedback and suggestions from our esteemed members and readers at [email protected]. With kind regards, Prof. (Dr.) S. S. Agrawal, Chief Editor

Prof. Prashant R. Nair, Editor


www.csi-india.org

Computer Society of India

TM

http://www.csi-india.org

Mr. Sanjay Mohapatra President

Shri.Gautam Mahapatra Vice President

Prof. A. K. Nayak Hon. Secretary

Mr. Manas Ranjan Pattnaik Hon. Treasurer

President’s Message From : President, Computer Society of India Date : 01 December, 2017 Email : [email protected] / Cell : (91) 9861010656

Season’s Greetings! International activity: ICANN GA 60 @ Abu Dhabi Mr. Sanjay Mohapatra, President, CSI represented CSI at International Cooperation for Assigned Names & Numbers (ICANN) General Assembly 60 at Abu Dhabi, United Arab Emirates (UAE) from 28th October to 3rd November 2017. More than 100 country representatives, associations and research groups participated in General Assembly of ICANN @ Abu Dhabi. Mr Satish Babu, Past President of CSI is leading APRALO (AsiaAustralia & Pacific Islands Regional at-large) and under his dynamic leadership APRALO is doing well at ICANN. ICANN meetings are held three times each year. These meetings focus on a broad range of Internet-related topics such as contractual issues with the retail and wholesale arms of the Domain Name System, ways to respond to illegal or abusive use of the Internet’s naming systems, internal restructuring, and new initiatives for increasing competition on the Internet. CSI President also met with Steve Crocker, Co-founder & CEO of Shinkuro Inc. & Chair of ICANN board, an internet pioneer, a leader of ISOC & IETF at ICANN 60 at Abu Dhabi. There was good networking opportunity with different countries of Computer Societies, NGOs, ICANN ALAs and APRALO. Now, it is a challenge for CSI to promote younger generations for growth of Internet governance system in India. CSI will organize more and more events of ICANN at India and will promote ICANN activities at Student Branch & Chapter level. MoU with Cisco at Bhubaneswar An MoU Signing ceremony between Computer Society of India and Cisco at TRIDENT Group of Institutions, Bhubaneswar on 19 November, 2017 with Mr. Sanjay Mohapatra, President, CSI; Mr. Manas R Pattanaik, Treasurer, CSI and Prof. R N Satapathy, & Mr. R N Behera, veterans of Computer Society of India. Membership growth & CSI portal Sustainable growth of membership is going on and membership data validation process online is in progress. CSI portal is presented with a new look and all dynamic & status pages are designed by CSI Vice-President, Dr. Gautam Mohapatra & Team. Dr. Mohapatra, despite his very busy schedule at DRDO is devoting a good quantum of time for CSI portal. Please write your valuable ideas for growth of CSI at [email protected] With kind regards

Sanjay Mohapatra President, CSI


Dr Anirban Basu Immd. Past President

International activity : ICANN GA 60 @ Abu Dhabi

MOU Signing ceremony between Computer Society of India (CSI) and Cisco


www.csi-india.org

A R eport

CSI Patna Chapter Report

A one day National Seminar was organized by Magadh Mahila College of Patna University on 14th November 2017 with the technical collaboration of CSI Patna Chapter on the theme Internet of Every Thing (IOE) : A Road Map for Digital India. The Seminar was Inaugurated by Prof. (Dr.) Rash Bihari Prasad Singh, Vice Chancellor Patna University. Prof (Dr) Dolly Sinha Pro Vice Chancellor of Patna University participated as Guest of Honor where as Prof. (Dr.) A. K. Nayak, National Secretary of Computer Society of India & Director, Indian Institute of Business Management, Patna Presented the Key Note Address. In His Inaugural Address, Hon’ble Vice Chancellor Dr. R. B. Singh has highlighted how the emerging growth in ICT are being used & applicable to every walk of life. He further told that the said technology shall bring a complete change in our way of living by the use of it’s latest development like IOT & IOE. Dr. Dolly Sinha, the Pro vice Chancellor outlined about the changes that will happen in Business, Industry, Health care, Banking, Education & other Service Sector by the complete use of IOT & IOE. In his key note address Prof. (Dr.) A. K. Nayak told that, the Internet of Everything (IOT) shall be a great contributor to the Digital India Mission by its optimal utilization to the key objectives of the mission i.e. the best utilization of the digital & smart equipments by the citizens of the country. He further said that Internet of Everything (IOE) shall address to the use of smart Technology which could make many other process more efficient. Definitely the use of IOE shall touch all our lives & bring together three important things related to future of our current World i.e. Technology, Society & Environment.

objects to be sensed and controlled remotely across existing network infrastructure, creating opportunities for more direct integration between the physical world and computer-based systems, and resulting in improved efficiency, accuracy and economic benefit. Dr. Subhash Chandra Yadav, Head, MCA Dept, & Former Director, Rajshree School of Management & Technology, Varanasi, explained that the Internet of Everything (IoE) as a world where billions of objects have sensors to detect measure and assess their status; all connected over public or private networks using standard and proprietary protocols. Mr. Shailesh K. Srivastava, Senior Technical Director, National Informatics Centre &s Head, Digital Govt. Research Centre, Patna, Govt. of India expressed that IoT & IoE in smart Governance aims at exploiting the most advanced technologies to support value-added services for the country and its citizens. Prof. Shams Raza, Program In-Charge, XICS, IGNOU, Patna discussed about the three layered architecture of IoET and also discussed in detail the applications of IoET in various fields such as home automation, smart transport, smart water systems, social life and entertainment, health and fitness, smart environment and agriculture etc. In the Inaugural Session, the Principal of the college Dr. Padmalata Thakur welcomed the Guests & Prof. Abha Sharan, Course Coordinator, Dept. of Computer Application Proposed the vote of thanks. The Seminar was anchored by Ms. Shristi. & Vote of thanks of the technical session was proposed by Dr. Mamta Deepak, Head Deptt. Physics. The Seminar was coordinated by Faculty members Ms. Sabitri Sharma & Mr. Sumit Sarkhel.

Mr. Deva Prasanna Sinha, Regional Vice President, Region-2, CSI addressed the participants and threw light on the importance of IOE. He said that IoE builds on foundation of IoT, adding lot of exercises starting with its definitions, scopes, needs for businesses etc. have been voiced in various area. IOE can also be viewed from security angle and confidentiality. Mr. Pankaj Rai, Founder and Managing Director, India Cyber Learning Pvt. Ltd. explained how to get certification in IOT and different courses of Microsoft including HTML 5 and Java Certification. In technical Session, Dr. Sunil Pandey, Director, Institute of Technology & Science (ITS) Ghaziabad, UP told that IoT allows 7 C S I C o m m u n ic a t i o n s | D E C E M B E R 2 0 1 7

COVER STORY

CSI History series

Cyber Physical Systems (CPS) and its Implications

S. Suseela

Asst. Professor in Dept. of CSE in Periyar Maniammai University E-mail: [email protected]

I. Introduction Wireless communication and network is one of the fastest-growing research areas. Significant progress has been made in the fields of mobile ad hoc network (MANET) and wireless sensor networks (WSN). Today, the Cyber Physical System (CPS) is growing rapidly to enrich human-to-human, human to-object, and object-to-object interactions in the physical world as well as in the virtual world. CyberPhysical System is a feedback system that are networked and distributed with Real Time Systems. Cyber-Physical System requires Cyber Security such as Resilience, Privacy, Malicious Attacks, and Intrusion Detection. Cyber Physical Systems includes Smart Grid, Smart City, Smart home and assisted living, Smart Car, Autonomous vehicles, networked systems of robots, and unmanned cars. CPS differs from IoT as follows: CPS is a Closed System that is controllable and partially predictable by simulation whereas IoT is an Open System that is difficult to control or predict the system behavior. The user can interact with physical world to Cyber– Physical via Simulation, Automation, and Unique Identifier. For this, it takes the help of embedded system. The user interacts with Cyber –Physical to Digital World via Semantics and also with internet in the Digital World.

T. Kavitha

Asst. Professor of Dept. of CS and Engg. in Periyar Maniammai University E-mail: [email protected]

II. Evolution of CPS

3. Cyber Level 4. Data to Information Level 5. Smart Connection Level. The main functions of various levels of CPS are as follows: The configuration level is self configured for resilience, self adjust for variation, self optimize for disturbance.

Cognitive Level focuses on integrated, simulation & synthesis, remote visualization for human interaction, collaborative diagnostics and decision making.

Cyber Level uses i) a twin model for components and machines, ii) Time Machine for variation identification and memory, iii) clustering for similarity in data mining.

Data to Information Level governs the multi-dimensional data correlation, and degradation and performance prediction.

Smart Connection Level deals with plug and play and Tether-free communication.

Fig.2. Evolution of CPS

III. Architecture of Cyber Physical System CPS Integrates computation and physical processes that uses embedded computers and networks to compute, communicate, and control the physical processes which receives feedbacks on how physical processes affect computations and vice versa. The architecture of CPS consists of Sensor, Actuator and controller for physical world interaction. Sensor

Controller Wired/ Wireless Network

Sensor

Sensor + Actuator

Controller

Sensor

Physical World

Fig.2 : Architecture CPS

Fig.1 : Communiction between CPS and IoT.

IV. Functions of Cyber Physical System Cyber Physical systems consist of five levels of functions. They are 1. Configuration Level

Configuration Level Cognitive Level Cyber Level Data to Information Level Smart Connection Level

Fig. 3 : Function of CPS

2. Cognitive Level 8 C S I C o m m u n ic a t i o n s | D E C E M B E R 2 0 1 7

www.csi-india.org

COVER STORY

V. Relationship with other fields CPS overlaps with several fields. Among them, CPS has significant overlaps with IoT. For example, the CPS is a combination of WSN and IoT. IoT is not WSN. But it contains WSN, IoT is a subset of WSN. IoT connects many millions of devices over the internet, allowing them to collect information about the real world remotely, and share it with other systems and devices. IoT and CPS share many challenges, but there are some distinctions. IoT has a strong emphasis on uniquely identifiable and internetconnected devices and embedded systems. CPS engineering has a strong emphasis on the relationship between computation and the physical world (e.g., between complex software and hardware aspects of a system).

Features

Functionalities

WSN

IOT

CPS

Network Formation

Random Deployment,

Yes

Yes

Yes

Dynamic Topology

No

Yes

Yes

Internet Supported Networking

Yes

Yes

Yes

Time Varying Deployment

No

Yes

Yes

Interconnection of Multiple Networks

No

Yes

Yes

Opportunistic Sleep

Yes

Yes

Yes

Multiple Sleep nodes of nodes

No

Yes

Yes

Power Management techniques for both sensors and central servers

No

Yes

Yes

Connectivity

Yes

Yes

Yes

Coverage

Yes

Yes

Yes

Heterogeneous coverage and coverage

No

Yes

Yes

Communication Query Response Flows Pattern Arbitrary Communication Flows Cross Network Communication Flows Power Management

Network Connectivity and Coverage Knowledge Mining Quality of Services

Data Mining and Data Base Management

Yes

Yes

Yes

Multi Domain Data Sources

Yes

Yes

Yes

Data Privacy and Security

No

Yes

Yes

Networking QoS

Yes

Yes

Yes

Multiple Data Resolution

Yes

Yes

Yes

Table 2: Comparison of WSN, IoT and CPS Fig.4: Relationship of CPS with other fields

CPS itself operates a much larger scale, potentially including many embedded systems or other devices and system as well, including human and socio-technical systems. In IoT, sensors send their data directly to the internet due to its inherent internet connection. In WSN, nodes direct the traffic to reach the sink node. The nodes which require information can access from the sink node by involving other nearer nodes. It is not necessary to connect the nodes with the internet as IoT. In IoT, the devices may upload their data (any kind) to the internet, so other users may use them in their applications. Though the WSN does not require internet, we can make it as IoT by connecting sink node to the internet. So we will automatically imbibe the functionalities of IoT into CPS. VI. Research Challenges Though the CPS is very much attractive, it still faces the challenges such as building the interface between

the cyber world and the physical world, hard to fix the boundaries in changing world, lacking perfect digitization of the continuous world, networking issues in predictable complex systems and problems in interference of other cross domains, QoS issues, monitoring services and beyond and security and privacy challenges. VII. Applications and Platforms 1. Greenhouse Asset Management: Each WSN is composed of multiple sensors and actuators to form a climate control system with lighting, cooling, heating, carbon dioxide generating, watering, and fertilizing subsystems. 2. H e a l t h - c a r e M a n a g e m e n t : Monitoring the health and wellbeing of livestock is done by wearing small sensors by patients and raising automatic warnings of illnesses or injuries. 3. Navigation and Rescue applications: Navigating people in a dangerous region with multiple emergency points and one safe exit.

Guiding people in fire emergency to safe exits in 2D/3D environments. Such systems all need smoke, temperature, and/or humidity sensors. 4. Intelligent Transportation Systems (ITSs): GPS information is a must in ITSs. To track the locations of public vehicles (e.g., buses), proposes a cooperative model between GPS and accelerometers. Mobile devices can be used for road information sensing. 5. Security and Safety Systems: Improving the efficiency and safety in homes and offices, for example by monitoring and controlling heat and humidity and supporting elderly people living alone, for example by detecting problems (such as illness or accidents) and raising the alarm automatically, using non-intrusive wearable sensors or detectors installed in the house. 6. Production systems: Optimizing crop yield and reducing pesticide/ fertilizer use. By using CPSs to


COVER STORY

identify and deliver them only where they are needed. Implementing intelligent, efficient production systems and manufacturing lines by CPS. 7. Shipments: Monitoring and tracking shipments intelligently for optimal logistics and stock control. 8. Environmental Alerts: Collecting environmental data to support decision-making and public policysetting, or to generate warnings of environmental threats such as wildfires, earthquakes or volcanic eruptions. VIII. Conclusion WSN focuses more on the designs of sensing, event-handling, data-retrieving, communication, and coverage issues where as CPS focuses more on the development of crossdomain intelligence from multiple WSNs and the interactions between the virtual world and the physical world. CPS connects digital world to Real World. IoT and CPS share many core technology elements. By 2020 more smart devices will be in use such as lights, locks,

security sensors etc. By 2019, 70% homes with IoT devices will come into existence. So, we are in need of CPS based utilities for highly digitized world. CPS designs show the importance in enabling human-to-human, human-toobject, and object-to-object interactions between the physical world and the virtual world. CPS applications have tremendous potential to improve safety, convenience, and comfort in our daily life. Social networking and gaming applications allow users to share their sensing information via mobile phones (e.g., audio, motion, acceleration, and location). References

[1] E A Fischer, “Cybersecurity issues and challenges: In brief,” Congressional Research Service 2016, 2016. [2] R Rajkumar, I Lee, L Sha and J Stankovic, “Cyber-physical systems: The next computing revolution,” Design Automation Conference 2010, Anaheim, California, USA, 2010. [3] J A Stankovic, “Research directions for the internet of things,” IEEE INTERNET OF THINGS JOURNAL, FEBRUARY 2014, vol. 1, no. 1, 2014. [4] http://dst.gov.in/basic-research-cyber-

security [5] http://www.gtai.de/GTAI/Navigation/ EN/Invest/Industries/Industrie-4-0/ Internet-of-things/industrie-4-0internet-of-things-physical-systems. html [6] Gang Xiong, Fenghua Zhu, Xiwei Liu, Xisong Dong, Wuling Huang, Songhang Chen, and Kai Zhao,” Cyberphysical-social System in Intelligent Transportation”, IEEE/CAA JOURNAL OF AUTOMATICA SINICA, VOL. 2, NO. 3, JULY 2015. [7] E. A. Lee, “Cyber physical systems: design challenges,” in Proceedings of the 11th IEEE Symposium on Object/ Component/Service-Oriented RealTime Distributed Computing (ISORC ’08), pp. 363–369, May 2008. [8] E. A. Lee, “Cyber-physical systems— are computing foundations adequate?” in Position Paper for NSF Workshop on Cyber-Physical Systems: Research Motivation, Techniques and Roadmap, Austin, Tex, USA, October 2006. [9] www.elsevier.com/locate/pmc [10] http://www.knowledgegrid.net/~h. zhuge/CPS.htm [11] http://cyberphysicalsystems.org/ [12] https://www.nitrd.gov/nitrdgroups/ images/6/6a/Cyber_Physical_Systems_ CPS... n

About the Authors S. Suseela (CSI Life Membership No.00093481], working as Assistant Professor of Department of Computer Science and Engineering in Periyar Maniammai University. I have 13 Years of teaching experience. I have published 2 articles in CSI Communication, and 6 papers in national and international journals. Currently pursuing Ph.D. in National Institute of Technology Trichy in the Department of Computer Applications. My research interest is Multimedia Wireless Sensor Networks and Compiler Design, Theory of Computation. T. Kavitha [CSI Life Membership No.00093497], working as an Assistant professor in Department of CSE in Periyar Maniammai University and currently pursuing Ph.D. in Computer Science. My area of research is in Image and Video Processing. I have 17+ Years of Teaching Experience.


www.csi-india.org

Technical Trends

Machine Learning in Advanced Python Suchithra M S

Maya L Pai

School of Arts & Sciences, Amrita University, Kochi, India. Email: [email protected]

School of Arts & Sciences, Amrita University, Kochi, India. Email: [email protected]

Machine learning is a growing field and a motivated developer can quickly learn it up and start making very real and useful contributions. Machine learning algorithms are a big part of machine learning. Machine learning algorithms contain a lot of mathematics and theory. But we do not need to know about algorithm’s work to be able to implement them and apply them to achieve real and valuable results. This is achieved through different machine learning tools. In this study, we explain about machine learning and machine learning algorithms. The usage of machine learning tools like Weka, R and Python and a review on recent trends of machine learning is also given due attention. Index Terms - machine learning, algorithms, tools, python. I. Introduction A machine learning developer is a developer that built machine learning systems. These systems contain algorithms that could learn from data. Applied machine learning can be overwhelming. There are so many things to try and explore on a given problem. The developer can use a structured process, just like using a structured process to develop software [1]. The template for a multi-step process when using machine learning to address a complex problem is 1. Define the problem. 2. Prepare the data. 3. Spot check algorithms.

various

learning

4. Tune well-performing algorithms.

learning

5. Visualize the results. To speed up the process, understand the problem a little bit from many different perspectives. What is the problem?

Why does the problem need to be solved?

How would I solve the problem?

This last step helps us to understand why the problem is complex and requires a machine learning based solution. To get the best results, we must understand how algorithms work. Mathematics plays an important role in

understanding algorithms. There is a much easier way by using the language and methods that developers already know: ¬¬ Simple and clear algorithm descriptions.

might be worth spending some time on tuning. Test Harness algorithm is used to evaluate different methodologies on the same problem by comparing the results from different techniques.

¬¬

Code examples without libraries.

We can build up functions to evaluate predictions, estimate the skill of models and even implement the learning algorithms themselves. A machine learning professional uses machine learning to solve real-world problems II. Applied machine learning Understanding of the following four areas are needed for designing applied machine learning projects [2]. 1. Data Preparation: In this method, the developer loads the data from standard CSV file format for manipulation and prepares the data for machine learning algorithms. The performance of algorithm on testing data can be estimated using algorithm evaluation techniques. To evaluate the efficiency of predictions made on unseen data the scoring methods are used. The best worse case results are analyzed through Baseline Modeling techniques to improve on a problem. Once we have a test harness that we can trust, select and evaluate 5 to 10 standard workhorse algorithms. This gives us an idea of how difficult our problem is and which algorithms

2. Linear Algorithms: Simple Linear Regression [3]: It is used for numerical value prediction and the dataset contains only a single input.

Multivariate Linear Regression: It is also used for numerical value prediction and the dataset contains more than one input. It is trained by using Stochastic Gradient Descent.

Logistic Regression: This method is used for class value prediction on two class problems and it is trained by Stochastic Gradient Descent.

Perceptron: The easiest model of neural network for classification problems is perceptron and it is trained by using Stochastic Gradient Descent. 3. Nonlinear Algorithms

Regression and Classification Trees: These are decision trees and that are applied to regression and classification problems.

Naive Bayes: It is an application of Bayes’ Theorem for classification problems.


Technical Trends

The theory of probability is the base for Naïve Bayes. Backpropagation: The commonly used method of artificial neural network and it is widely applicable to supervised learning or classification that roots the broader field of deep learning.

user. That is by giving an utterance from a user, it identifies the specific request made.

k-Nearest Neighbors (KNN): These algorithms are used for predicting categorical or numerical outputs directly from the training data.

Learning Vector Quantization (LVQ): A widely used method of neural network is LVQ which is more efficient than KNN. 4. Ensemble Algorithms

Bootstrap Aggregation: It involves an ensemble of decision trees and also known as bagging.

Random Forest: This is an extension of bagging which results in faster training and better performance.

Stacked Aggregation: This method learns how to combine the predictions from multiple models in an efficient method. It is an ensemble method and also known as blending or stacking. Many complex machine learning problems can be reduced to one of four core problem types: Classification, Regression, Clustering and Rule extraction. If we can map everyday problems to one of these problems, we can then find and start testing algorithms that can address those problems. Examples of machine learning problems: 1. Spam Detection: To identify the given email message in a mail inbox as spam or not. 2. Credit Card Fraud Detection: To identify the credit card transactions that were not made by the customer by the giving the transactions for a customer in a month. 3. Digit Recognition: To identify the digit for each handwritten character by giving the handwritten zip codes on envelopes. 4. Speech Understanding: To identify the specific request made by the

IV. Machine learning algorithms Machine learning is closely related to many fields, i.e., it is a multidisciplinary field. It is very difficult to differentiate machine learning from related fields. Machine Learning is built on the field of Computer Science and mathematics. Knowing these foundational fields can help us to understand why certain mathematical language is used when describing algorithms, such as vectors, matrices, functions and distributions. Three specific foundational fields include: Probability: It is the study of characterizing the possibility of random events. Statistics: It is the study of processes to collect, analyzes, explain and present data. Artificial Intelligence: It is the construction and study of computational intelligent systems. Machine learning also has sibling fields that sit alongside. These special fields give context to machine learning algorithms. These include: Computational Intelligence: It is the study and construction of complex systems.

Data Mining: It is the construction and study of computational systems that discover useful relationships and patterns from large data sets.

A useful way to group algorithms is by their similarity in structure or learning style [4]. The five classes of machine learning algorithm that can be used to group algorithms by structure and learning style are: 1. Regression: linear regression, logistic regression and stepwise regression. 2. I n s t a n c e - b a s e d M e t h o d s : k-nearest neighbor, learning vector quantization and self-organizing map. 3. Decision Tree Learning: C4.5, CART and ID3. 4. Kernel Methods: support vector machine, radial basis network and linear discriminant analysis. 5. Artificial Neural Networks: Perceptron, Hopfield and back-

propagation. Our goal is to effectively use time to process algorithms. That is to build a robust test harness so that we can throw algorithms in and very quickly learn what works and what doesn’t. There are 2 concerns when building a test harness: What is the performance measures used to evaluate algorithms? What data to use to train and test our algorithm? Once we have a test harness that we can trust, select and evaluate 5-to-10 standard workhorse algorithms. This gives us an idea of how difficult our problem is and which algorithms might be worth spending some time on tuning. This technique is called spot-checking. There are two main tactics that we can use to get the most out of machine learning algorithms: Algorithm tuning and Ensembles. Generally, machine learning algorithms can be explained as learning a output function (f) that perfectly maps input variables (P) to an output variable (Q). Q = f (P) Our goal in evaluating different algorithms and even different configurations of an algorithm is to find a good approximation for the output function (f) to get really good predictions (Q) [5]. We can often get a boost in performance by combining the predictions from multiple well performing models. These techniques are called ensemble machine learning algorithms and are often internally simpler than we first think. When investigating how machine learning algorithms work, there are two ensemble methods I would recommend looking into: 1. Bagging (e.g.: Random forest) 2. Boosting (e.g.: Adaboost) These are two very simple foundations of very powerful ensemble machine learning algorithms [6]. V. Machine Learning Tools 1. Weka Tool The best machine learning tool for beginners is Weka. There are three main reasons to use Weka for beginners:


www.csi-india.org

Technical Trends

It has a graphical interface, which means that there is no programming. It offers a suite of state-of-theart machine learning algorithms, including ensemble methods. It is free and open source software. Weka platform allows us to quickly design and run experiments. We must experiment to discover how to get good results. The Weka experimenter allows us to do this. 1. Start Weka 2. Design a new experiment Select a Dataset Select one or more algorithms or algorithm configurations 3. Run the experiment 4. Review the results and use statistics to check for significance With a few clicks we can quickly design experiments to test our ideas and intuitions on our problem. It is a very powerful feature that few machine learning platforms offer. 2. R Tool R is a platform that is used by some of the best data scientists in the world. The reason is not the strange scripting language. It is because of the vast number of techniques available. Academics that develop new machine learning algorithms use R, meaning that often new algorithms appear on R platform before any other. With packages like caret, we can access hundreds of the top machine learning algorithms in R through a consistent interface, ideal for spot checking techniques on our dataset. 1. Python Python cannot be ignored in machine learning. It is rapidly catching up to platforms like R in terms of capability and adoption. The cause is the scikit-learn Python library for machine learning that is built on top of the SciPy stack, harnessing the speed and power of Python libraries such as Numpy for fast data manipulation at C-like speeds. The scikit-learn library is fully featured, offering a suite of algorithms to choose from as well as data preparation scheme and clever Pipelines that allow us to design how data flows from one element to the next. Python is the fastest-growing platform for applied machine learning

among experts of data scientists. We cannot get started with machine learning in Python until we have access to the platform. We must download and install the Python 2.7 platform on our computer. We also need to install the SciPy platform and the scikitlearn library. We can install everything at once with Anaconda. Anaconda is recommended for beginners. We can load our own data from CSV files. The general structure for working through a machine learning problem in Python with Pandas and scikit-learn can be divided into 6 steps: 1. Install the Python and SciPy platform. 2. Load a standard dataset. 3. Summarize the data using statistical functions in Pandas. 4. Visualize the data using plotting function in Pandas. 5. Evaluate machine learning algorithms in scikit-learn. 6. Develop a final model and make some predictions on new data. The better we can understand our data, the better and more accurate the models that we can build. The first step to understanding our data is to use descriptive statistics. To learn how to use descriptive statistics to understand our data, the helper functions provided on the Pandas Data Frame. A second way to improve our understanding of our data is by using data visualization techniques (e.g. plotting). We can use plotting in Python to understand attributes alone and their interactions. Data visualization is the fastest way to learn more about our data. Pandas in Python use number of ways to effectively understand our machine learning data. The different types of methods used to plot our data in Python is as follows: Box and Whisker Plots Histograms Correlation Matrix Plot Density Plots Scatterplot Matrix The consistent interface in Python uses Scikit-learn to provide a range of supervised and unsupervised learning algorithms. The library must be installed before we can use scikitlearn [9]. The Library is built upon the Scientific Python (SciPy). This library stack includes:

SciPy: The basic library for scientific computations NumPy: It is based on n-dimensional array package. Matplotlib: It is used for complete 2D/3D plotting Pandas: It can be used as an effective data analysis and structuring tool. Sympy: The symbolic mathematics is represented by this method. IPython: It is an enhanced interactive console used in computing environment The modules or extensions for SciPy are commonly named as SciKits. A Python library called Theano is used for fast numerical computation and it helps in the development of deep learning models [8]. Theano library is used in Python as a compiler for mathematical expressions. Another Python library called TensorFlow [10] is also used to develop deep learning models. It is a platform that cannot be ignore by machine learning experts. It is used by the Google DeepMind research group. It is used in some of Google’s production systems with the backing of Google. The capability to run on CPUs, GPUs and large clusters is the advantage of Tensor Flow. Because of this it does have more of a production focus. The necessity to take a lot of code to develop even very easy neural network models is the difficulty of both Theano and TensorFlow. This problem is addressed by the Keras library and it is concerns with providing a package for both Theano and TensorFlow. To define and evaluate deep learning models in just a few lines of code is possible with clean and simple API provided by Keras library., it dominances the power of Theano and TensorFlow because of the ease of use. For applied deep learning, Keras is quickly becoming the prominent library. The life-cycle of a model can be summarized as follows: 1. Define our Sequential model 2. Add configured layers. 3. Compile our model. 4. Fit our model. 5. Make predictions. V. Conclusion From this paper, we will be able to understand the machine learning


Technical Trends

concepts and different types of machine learning algorithms. This paper concludes how can we select machine learning algorithms based on the problems and will be able to understand how python helps to solve machine learning problems. The impressive growth of python is illustrated in figure 1. It highlights the most advanced techniques in python to support machine learning. References

[1] Brownlee, Jason. “Machine learning mastery.” URL: http:// machinelearningmastery. com/ discover-feature-engineering-howtoengineer-features-and-how-to-getgood-at-it (2014). [2] Brownlee, Jason. “A tour of machine learning algorithms.” Machine Learning Mastery (2013). [3] Brownlee, J. “Linear Regression for Machine Learning-Machine Learning Mastery.” Machine Learning Mastery (2017). [4] Brownlee, Jason. “How to Prepare Data for Machine Learning.” Machine Learning Mastery 25 (2013). [5] Brownlee, J. “Machine Learning Algorithms.” Machine Learning Mastery (2015). [6] Brownlee, Jason. “Supervised and

50% 42%

41%

40%

36%

34% 30%

20% 16% 12%

10%

0%

11%

8.5%

Share in 2016

Share in 2017

Fig. 1 : Share of Python, R, Both, or Other platforms usage for Analytics, Data Science, Machine Learning, 2016 vs 2017 [7] Unsupervised Machine Learning Algorithms.” Machine Learning Mastery (2016). [7] https://www.kdnuggets.com/2017/08/ python-overtakes-r-leader-analyticsdata-science.html [8] Al-Rfou, Rami, et al. “Theano: A Python framework for fast computation of

mathematical expressions.” arXiv preprint (2016). [9] Raschka, Sebastian. Python machine learning. Packt Publishing Ltd, 2015. [10] Abadi, Martín, et al. “TensorFlow: A System for Large-Scale Machine Learning.” OSDI. Vol. 16. 2016 n

About the Authors Dr. Maya L Pai born on July 21, 1961. She received the M.Sc. and Ph.D. degrees from Cochin University of Science and Technology (CUSAT), Kerala, India in 1983 and 2016, respectively. In 2000, she joined the Amrita Institute of Computer Technology, Kochi, India, as a Senior Lecturer. In 2003, Amrita Institute of Computer Technology became Amrita University. Now she is working at Amrita University as Assistant Professor (Senior Grade) and HOD, Department of Computer Science and IT. She has published papers in referred national and international journals. Her research interests include Data Mining, Machine Learning and Discrete mathematics. Suchithra M S born on March 20, 1989. She received the M.E degree in Computer Science and Engineering from Anna University, Chennai, India in 2013. She has worked as Assistant Professor in Computer Science and Engineering from 2014 to 2016 in colleges under Calicut University. In 2016, she joined the School of Arts and Sciences, Amrita University, Kochi, India, as a Research Scholar. She has published papers in referred national and international journals. Her research interests include Data Mining, Machine Learning and Soil Science.


www.csi-india.org

Technical Trends

Blockchain: A Primer Durgesh Barwal

Rajat Kumar Behera

3rd Year B.Tech Student, KIIT University Email: [email protected]

Abhaya Kumar Sahoo

Associate Professor, KIIT University Email: [email protected]

Associate Professor, KIIT University Email: [email protected]

After the discovery of internet, it is growing constantly at an alarming speed and has enabled new forms of social interaction, social association and social activities. It is just like a war in the field of technology, which is revolutionizing the concept of how the computing platforms are defined and used. If the internet of today is the internet of information, then Blockchain can be referred to as the internet of agreements, or internet of value, which has the potential to fundamentally transform business, economy, and society by revolutionizing commercial transaction. Blockchain or Distributed Ledger Technology or simply DLT, could soon give rise to a new internet era with even more disruptive and transformation than the current by settling and clearing transactions in the financial assets like deeds to property, securities and commodities with possible enhancement to clearing and settling medical records. It creates the basis of a ‘peer-to-peer’ (P2P) economy and allows to operate in a decentralized fashion. The focus of this review paper is to present the definition, evolution, different forms of existence, working model, challenges, benefits and applicability of Blockchain. Keywords: Blockchain, Types of Blockchain, Blockchain Consensus models, Challenges and Solution. 1. Introduction The born of WWW (World Wide Web) revolutionized information in the year 1990’s. After 10 years, the internet became more mature & programmable. Tech-man called it the rise of the so called Web2, which brought us e-commerce platforms and socialmedia.Web2 brings goods and services closer together, bring producers & consumers of information and also P2P interaction (using trusted middle man). Blockchain can bring us true P2P transaction without a middle man. In reference to that Blockchain seems to be pulling force of the Web3 or next generation internet/decentralized Web. It can bring us true P2P transaction without a middle man. Its first implementation is Bitcoin (P2P money without banks or any trusted middle man). Blockchain is a chain of blocks of information. But what information exactly it holds? Imagine you are going to buy a car. So you of course need some information about it before you buy it. Like what its cost, who was its previous owner, what condition it is in etc. The seller does not have the record of it. It’s called a “Ledger”. When you are going

to sell the same car you will update more information in the same Ledger and this process going on. But you can imagine anyone can temper some of the records in that Ledger and try to cheat the next buyer. This is where Blockchain gets its grand entry. Blockchain is a globally distributed system/ledger with shared state, where participants are also globally distributed and can able to move, store and manage any kind of digital asset(e.g. Money, votes, identity, property papers, ride sharing etc.) and perform transactions without using central control authority i.e. it is completely peer-to-peer network. Each transaction in it is verified by consensus of majority of participants in the system before written into a distributed database. Blockchain is growing its importance due to cryptographically secured from tampering and revision. The crypto-economic rule-sets of the blockchain protocol (consensus layer) regulate the behavioral rule-sets and incentive mechanism of all stakeholders in the network. It is steadily transforming the financial relationships between people and business globally. Increasingly

organizations have to explore what this revolutionary technology will mean for their business. 2. Literature Review: 2.1 First implementation of Blockchain: The first blockchain idea was conceptualized by Santosh Nakamoto in 2008.In 2009 an open source program implementing the new protocol was released. Anyone can install it and becomes part of Bitcoin (first digital currency).Bitcoin serves as a public ledger for all the transaction using peer-to-peer and globally distributed network. At present Bitcoin is the largest decentralized crypto-currency. It is a digital currency in which different encryption techniques are used to maintain the transaction, operating independently of a central bank. Anyone can start bitcoin transactions with optimal transaction fee using online wallet techniques. Many governments not authorized it as it could result in a breach of anti-money laundering provisions. 2.2 Types of Blockchain As Bitcoin protocol is open-source, anyone could take it and modify the


Technical Trends

code and can able to start there on protocol system. Thus idea emerged that this protocol could be used for any kind of digital asset (such as P2P energy trading, P2P contracts, P2P ride sharing, P2P insurance, etc.) beyond P2P money. Depending on permission right of the participants Blockchain is classified as: Public Blockchain : It is a public (permission-less) ledger, where anyone can join the network to receive identical privileges to view, modify and affix their assets to a transaction. Anyone can able to start node to their local device and participate in validation process. It maintains the participant data privacy and confidential obligations. It can be able to break current business model through disintermediation. Examples: Bitcoin, Etherum, etc.

Table. 1: Comparison analysis between types of Blockchain. Properties

Public

Private

Access

Permission-less

Permissioned Semi-permissioned

Participant Identity

Anonymous

Known identities

Depend on the access ability.

Security

Consensus mechanism

Pre-approved participants

Some participants are pre-approved and some follow consensus mechanism.

Scalability

Low

High

Medium

Effect of Disruptive Business model

No disruption

Depend on application.

Examples

Company internal

BigchainDB

Private Blockchain : It refers to the permissioned or private distributed ledger, which seems to be suit for the need of organization. In this, if a network member does not want its transactions and other information to be read or write, it can allocate specific rules to different members. Private blockchain is a way of verify transactions internally by setting participants or members for it. An example of private blockchain implementation is the launches of pilot network that emirate NBD and ICICI bank to carry international remittances on the UAE-India corridor.

Hybrid Blockchain : It lies between two extremes of public and private blockchain. T his ledger contain the characteristics of public and private ledger. In this system, a governing body can determine which transactions can remain public or which one is restricted to a group of members. It can be a choice for goods retailer where financial exchange is public part and operations (such as pricing, warehouse location, goods management etc) are permissioned one. Example: BigchainDB. 2.3 How it works? Blockchain technology is applicable to any digital asset transactions exchange only one. As per present scenario the financial institutions or any

Bitcoin, Etherum, Litecoin etc.

trusted third party is needed in the digital transactions exchange online. The role of these third parties is to validate, safeguard and preserve transaction for which they take high transaction cost. Applications based on Blockchain use cryptographic proof instead of trusted third party. There each asset transaction is protected by digital signature. Each asset transaction is sent to the public key of the one of the participant digitally signed using the private key of the other participant. The transaction is then broadcast to every node in the network. Before the transaction is recorded in a public ledger it self-verified or making sure they follow the consensus rule of the Blockchain. Verification process ensures the user’s status, digital signature, agreement between the sender and receiver, records or other information depending on its application in different application. The verified asset transaction is combined with other verified transactions to create a new block of data for the ledger. This whole process of data collection and proceed to fit in a block is called mining, which allow for the achievement of consensus in the environment. The formed block could be identified using a cryptographic hash (digital fingerprint). The new block which is result from mining is then added to the existing blockchain in a way that is permanent and unalterable. The added block will contain a hash of the previous added block, and in this way blocks can form a chain from the first block ever (known as the Genesis block) to the newly added block. Thus Blockchain is a generally

Hybrid

refers as ‘chain’ of blocks and asset transaction is complete. The main part of the whole transaction is verification or making sure they follow consensus rule/protocol of blockchain. The consensus protocol ensures a common, unambiguous ordering of transactions and blocks and generates the integrity and consistency of the blockchain across geographically distributed nodes. In short “Blockchain platforms are secured and robust because of their consensus algorithms”. Different consensus models are adopted by different blockchain platform. As consensus mechanism safeguard the transaction its choice is essential in the blockchain based system. A poor choice can render the blockchain platform unless there by compromising the data recorded on the blockchain. There are many issues such as blockchain fork, consensus failure, dominance, cheating, poor performance etc that can result when consensus mechanism fails. Consensus mechanism allows secure updating of distributed decentralized system. Achieving consensus in a distributed system is challenging one. A consensus protocol applicability and efficiency can be examined by its crucial properties such as consistency of the shared state, liveness, how it can recover from failure of a node in participation. A consensus algorithm deals with the failure of nodes, message delays, partitioning of the network, message reaching outof-order, and corrupted messages, self and deliberately malicious nodes.


www.csi-india.org

Technical Trends

specialized hardware.

Request a digital asset transaction

Requested transaction is broadcasted to nodes of a P2P network The nodes validates the transactions using consensus algorithms. Once validated, the transaction is combined with other transactions to create a block.

The transaction is completed and intimated.

Block added to existing blockchanin starting from first block ever (known as Genesis Block)

Fig. 1 : Digital asset transaction using Blockchain Technology

2.4 Consensus Models: Several algorithms are proposed and some are in proposals, providing certain advantages/disadvantages over one another. When solving a business problem using blockchain, it is vital to look at the scale of network, relationship between participants in network, there functionality and nonfunctionality aspects, then determining the right platform and right consensus model to use. The broad categories of consensus models used by popular blockchain platform are:

Proof of Work (PoW): In order to confirm the transaction and enter a block into a blockchain, each block will have to provide an answer/ proof to a very special mathematical problem. This is known as Proof-ofWork. Its main aim is to decide which block should be next in the blockchain. It is applicable to permission-less blockchain platform. The disadvantage in this technique is it’s a costly and intensive process with low transaction rate. Example: Etherum (current version Homestand) platform(which supports smart contracts) uses its own PoW model called EthHash that provides fast confirmation time and builds ASCII resistance to counter 51% attacks that bitcoin is susceptible to.

Proof of Stack (PoS): PoS algorithms are designed to overcome problem of PoW, which needs

high amount of electricity and power. In 2015,it was estimated that one Bitcoin transaction required the amount of electricity needed to power up 1.57 American households per day. The PoS seeks to address this issue by choosing a new block creator in a deterministic (pseudo-random) way depending on its stake. For instance, a miner who owns 5% of the bitcoin available can theoretically mine only 5% of the blocks. For example Etherum most advanced PoS algorithm, called Casper uses the concept of security deposits and bets to achieve consensus. Different variations of PoS were used by NXT, Bitshares and Tendermint.

Proof of Elapsed Time(PoET): This consensus algorithm is designed by Intel, intended to run in a Trusted Execution Environment (TEE), such as Intel software Guard Extension (SGX). PoET is used by IntelLedger or Intel SawtoothLake(a open source blockchain platform). PoET uses a leader election model based on SGX, when protocol selects the next leader to in block. In leader election model, all the validating or mining nodes has to prove that they have the shortest wait time and thus shortest wait time validator wins the lottery and can become the leader. It can be applicable to both permissioned or permission-less platform with no any transaction cost. The only drawback of this algorithm is the reliance on

Practical Byzantine Fault Tolerance(PBFT) : This is the most popular permissioned blockchain platform protocol. PBFT is currently used by Hyperledger fabric blockchain platform. It supports smart contracts in blockchain called chain-code. It was the solution to achieving consensus to face the Byzantine failures. PBFT uses the concept of replicated state machines and voting by replicas for state changes. This approach provides several important optimizations, such as reducing the size and number of message exchanged, encryption of messages etc. PBFT has low overhead of the replicated service, but however has only been scaled and studied to 20 replicas and messaging overhead increases significantly as the number of replicas increases.

SIEVE : SIEVE consensus protocol is designed to handle non-determinism in chain-code execution. Nondeterminism can produce different result during execution in the network. SEIVE executes all operations speculatively and compare the output across replicas. It detect a minor divergence among replicas, the diverging values are sieved out. If the divergence occurs among a several processes, then the operation is sieved out. Hyperledger fabric platform uses this protocol with the PBFT.

Cross-Fault Tolerance(XFT) : XFT is a new protocol that makes Byzantine Fault tolerance feasible and efficient for practical scenarios. As BFT protocols can able to tackle a powerful adversary (message delivery to the entire network, compromised nodes) brings in lot of complexity in BFT protocols and thus less efficient. XFT turnoff the assumption of BFT protocol and solves the state machine replication problem by simplifying it, thus efficient solution that can tolerate Byzantine faults.

Federated Byzantine Agreement : This protocol uses variations of Byzantine Fault Tolerance consensus models by making them permissionless protocol. The targeted case of


Technical Trends

Consensus Models

Features and applicability platforms

Power of Work (PoW) Applicable to permission-less platform, costly, low transaction rate, takes high amount of power, high scalability. Power of Stack (PoS) Applicable to both permission-less or permissioned platform, high transaction rate, high scalability, takes cost of participation. Power of Elapsed Time (PoET)

Applicable to both permission-less or permissioned platform, based on random election model, moderated transaction rate, free participation, able to implement on specialized hardware.

Practical Byzantine Fault Tolerance (PBET)

Used by permissioned platform, support chain-code, high transaction rate, free participation, ability to face Byzantine failures.

SIEVE

Variation of PBFT can able to handle non deterministic chain code.

Cross-Fault Tolerance (XFT)

Variation of PBFT, more feasible and efficient from PBFT.

Federated Byzantine Applicable to permissioned platform, high transaction rate, Agreement free participation, high scalable than BFT and its variants. this protocol is financial and payments domain in particular. Federated Byzantine Agreement provides prevention to the double spend attack problem in payment transaction. Ripple and Stellar are two blockchain platforms that use this protocol. 3. Recent Trends - Blockchain 3.0 : The Blockchain 1.0 is for the decentralization of currency transaction and based on the decentralization of digital payment system. Blockchain 1.0 is being extended to Blockchain 2.0, which add new wings in the development of decentralize industry, a field of remarkable activities as of the end of 2014. It mainly for market decentralization more broadly and inspect the other digital assets beyond currency transaction. Blockchain 2.0 protocols includes Bitcoin 2.0 protocols, smart property, Dapps (decentralized applications), DAOs (decentralized autonomous organizations), and DACs (decentralized autonomous corporations). The blockchain3.0 is a complete solution that integrates both extrinsic and intrinsic and qualitative and quantitative benefits. The bottom line is, Blockchain is here to stay and is transforming how our society functions. The blockchain provides the users the capability to create worth and authenticates digital information. It has

a potential to be even more pervasive and quickly-configuring technology. The ongoing participation and future of blockchain includes: Smart Contracts The Sharing Economy Crowdfunding Governance: Legal document registries, titling, voting, legal contracts. Supply chain auditing File storage Protection of intellectual property Providing a secure network for Internet of Things(IoT) Data Management Smart assets and Financial Services: Stock, bond, options, futures, Insurance Attestation Services (Notary, Intellectual Property protection) 4. Challenges with Blockchain: Like every emerging technology, blockchain industry is also in the beginning stage of evolution, its adoption has to cross the different challenges. The different classes of limitation includes the technical issues with the present technology, stealing and scandals, awareness among public, government adoption, and the mainstream adoption of technology.

Technical Challenges There are different

technical

challenges connected to the implementation aspect of blockchain such as, Throughput (Number of transaction should be large), Latency (time taken to confirm your transaction), Security (Security issues like 51- percent attack). Another important requirement and technical challenge is that you have to develop a full ecosystem of plugand-play, for a better chain of service delivery.

• Scandals and Perception

Public

Public perception and ongoing scandals, stealing and scams in the industry is the important issue for the adoption of blockchain. It is a venue for the cannabis (cash-heavy businesses), gambling, dark net’s money-laundering, and other illegal activity. Although bitcoin and blockchain are themselves neutral, there are chances for hostile use of blockchain, however the potential benefits greatly outweigh the potential downsides. With time, public perception can change to be an more individuals themselves having e-wallets and begin to use technology based on blockchain environment.

Government Regulation Despite Blockchain can help governments to achieve an efficient and transparent governance, a complete unrolls of government regulation could be one of the most important factor. There are some negative aspects of it as well, if it is not well regulated by central organization it can be used for illegal purposes such as money laundering, cannabis business, gambling etc. However, the consumers protections like know your customers (KYC) need for financial services, speed up the development of blockchain industry.

Privacy Challenges for Personal Records Privacy is the important concern of today. One of the greatest privacy nightmares is that if all your data is online and the key to access your data is exposed or stolen, you have not much chance to recover it. 5. Conclusion: Blockchain database technology is one of the few emerging technologies which is revolutionizing the concepts


www.csi-india.org

Technical Trends

of how platforms are used. Blockchain features extends not just to the context of contracts, property, and all financial services, but beyond to these fields as diverse as social networks, health, job market, academic, network infrastructure, publishing, economic development, data management, government and organizational governance, energy, media and content distribution, market forecasting, culture, ride-sharing services and possibly even much more than that.

It is growing towards world’s leading software platform for digital assets. The handshake of blockchain with the other emerging giants such as Data Analytics, IoT, AI, Data Mining etc is imminent in future. Blockchain seems to take some years to find its way to the common man and will provide growth in every area of technology. References:

[1] h t t p : / / w 2 . b l o c k c h a i n - t e c . n e t / blockchain/blockchain-by-melanieswan.pdf [2] http://www.doc.ic.ac.uk/~ma7614/

topics_website/tech.html [3] h t t p s : / / m a r m e l a b . c o m / blog/2016/04/28/blockchain-for-webdevelopers-the-theory.html [4] https://blockgeeks.com/guides/whatis-blockchain-technology/ [5] https://blockstream.com/ [6] h t t p s : / / w w w . p e r s i s t e n t . c o m / wp-content/uploads/2017/04/ W P - U n d e r s t a n d i n g B l o c kc h a i n - C o n s e n s u s - M o d e l s . pdf?pdf=Understanding-BlockchainConsensus-Models [7] https://blockchainhub.net/ n

About the Authors Mr. Durgesh Barwal is a 3rd year B.Tech student of school of Computer Science & Engineering, KIIT University, Bhubaneswar, Odisha, India. He is interested in publishing papers and articles. His research interest areas are Computer Networks, Data Analytics and Security.

Rajat Kumar Behera is working as associate professor in School of Computer Science & Engineering, KIIT University, Bhubaneswar, Odisha, India. He is a PMP, ITIL, Six Sigma certified and holds 15 years of industry experience & one year of teaching experience. His area of interest includes Data Science & Software Engineering and can be reached at [email protected]

Abhaya Kumar Sahoo (CSI-I1504531) is working as assistant professor in School of Computer Science & Engineering, KIIT University, Bhubaneswar, Odisha, India. He received his B.Tech and M.Tech in Computer Science & Engineering from KIIT University. He has more than 7 years of academic and industry experience. His area of interest includes Data Science and Parallel Computing. He is the life member of CSI & IAENG. He can be reached at [email protected]


R esearch f ront

Enterprise Information Security Risk Management K. Srujan Raju and M. Varaprasad Rao

Dept of CSE, CMR Technical Campus, Hyderabad - 501401

This paper presents the current approaches for enterprise information security risk management. These approaches are studied to identify basic elements, essential components and main steps of each one of them. A compiled list of high level requirements is identified from the investigated approaches that could be used as a base for the development of the target reference comprehensive enterprise information security risk management. Based on these requirements, a suitable framework for enterprise information security risk management will be developed. KEYWORDS: Information Security, Risk Management, Enterprise 1. Introduction An enterprise is a complex system of cultural, process and technology components engineered together to accomplish organisational goals. An enterprise is “any entity engaged in an economic activity, irrespective of its legal form”. An enterprise is a complex system of people and technology organized together and working in a specific environment to achieve the strategic goals of the business. In fact, information is now becoming the lifeblood of any enterprise, and it has become the most valuable asset to any enterprise. Information Security approaches deal with protecting and mitigating threats to the information assets and technical resources available within computer based systems. Information security is defined as “preservation of confidentiality, integrity and availability of information”. The modern information security definition extends the previous definition to include authentication and non-repudiation, but they are not included in the ISO standard definitions till now, and throughout this thesis the standard ISO definitions will be used. Confidentiality of information is “the property that information is not made available or disclosed to unauthorised individuals, entities or processes”. Integrity is “the property of safeguarding the accuracy and completeness of asset”. Availability is “the property

of being accessible and usable upon demand by an authorized entity”. Information security requirements are concerned with the amount and specifics of security required for effective protection of the information resources. From the above definitions one can conclude that the aim of enterprise information security is to achieve the protection of the enterprises” information and information systems from unauthorized access, use, disclosure, modification, disruption or destruction of information and information resources whether accidental or deliberate. 2. Literature Review So many workers proposed different approaches for enterprise information security risk management, some of them are Katina Michael [1] reported the security risk management by building an information security risk management program from the Ground Up. Tony Jeffreek [2] presented the provision of management facilities within large networks based on the use of OSI protocols to ensure the long-term success of OSI as a vehicle for global communication. Gang Ma and Liping Sun [3] studied the main target of FPSO assets management is to control risk of operation, assure security of production, maintain integrity of equipment, collect assets information, assure capital operation,

arrange human resources and logistics. Mohamed S. Saleh., Abdulkader, A [4] presented the comprehensive ISRM framework that enables the effective establishment of the target safe environment. Robert M. Gellman [5] reported the Securities and Exchange Commission’s new EDGAR (Electronic Data Gathering, Analysis, and Retrieval) database of prospectuses, securities registration statements. Richard P. O’Neill et al [6] analysed the regulation of electric power and natural gas in the USA, its potential for enhancing or degrading efficiency in the gas industry. Ritu Agarwal et al [7] proposed a number of approaches that allow for the consideration of corporate goals and objectives in prioritizing information systems using both financial and nonfinancial criteria. Kenneth Baum et al [8] described a first generation, farm level recursive interactive programming model for analysing the impacts of commodity farm programs on typical farms (FLIPRIP). Guillermo A. Calvo., Enrique G. Mendoz [9] reported that globalization may promote contagion by weakening incentives for gathering costly information and by strengthening incentives for imitating arbitrary market portfolios. Pullen Troy., Maguire Heather [10] proposed that the management of organizational records, irrespective of format needs to be considered a component of information quality. Mohamed S. Saleh.,


www.csi-india.org

R esearch f ront

Abdulkader Alfantookh [11] presented a comprehensive ISRM framework that enables the effective establishment of the target safe environment. Robert E. Crossler et al [12] proposed the future highlighted directions for data collection and measurement issues in behavioural Information Security research. 3. Risks to Information Security The definition of risk varies based on different businesses and environments. Within information security context, risk is defined by ISO as “the combination of the probability of an event and its consequence”. Threat is “a potential cause of an incident that may result in harm to a system or organization”. Threat is defined also as “any person or object that presents danger to an asset”. Depending on this, risks to information security can result from processes of modification, destruction, fabrication, disclosure, interruption, denial of service and theft of hardware, software or data. In order to manage these risks effectively, each enterprise must run a regular and effective risk management exercise to understand the nature of these risks. 4. Importance of Risk Management The importance of managing information security risks continues to grow worldwide, as a result of the increasing breaches that affect the protection of information resources and consequently the business activities. The lack of properly implemented security measures to mitigate the rising information security risks has been reflected in recommendations by the governments and industry requirements for enterprises in running regular and effective risk management programs. One of the main responsibilities of agencies under the FISMA (Federal Information Security Management Act) of the USA is to perform a regular risk assessment exercise (FISMA 2002). The enterprises are potentially losing profit as a result of the absence of effective information security risk management programs that proactively share in the protection of the enterprises” information resources. Therefore, enterprises are required to acquire and run effective information security

risk management program to not only achieve better protection of their information resources and consequently reduce the financial losses, but also to comply with the governmental laws and mandatory regulations which was applied in their environments. 5. Existing Risk Management Approaches Today, there are various information technology and information security risk management methodologies; each of these methods has a different view and steps for identifying, analysing, evaluating, controlling and monitoring risks to information systems and information security. The risk-analysis approach for EISRM is concerned with the systematic in depth identification and valuation of assets, the assessment of threats to those assets, the assessment of vulnerabilities and the use of different risk analysis techniques to calculate the value of risk. The results from these activities are then used to assess the identified risks and to recommend justified protection measures. The main characteristics of this approach are accurate results, appropriate identification of protection measures and detailed documentations that could be used in the management of security changes. Examples of methodologies under this approach include CRAMM, CORAS, EBIOS and OCTAVE (CRAMM 2001; CORAS 2003; EBIOS 2004; OCTAVE 2005). On the other hand, the best practice approach for enterprise information security risk management was developed to solve the major practical problems which appeared with the application of risk analysis based methodologies. The main idea behind this approach is to use the best practice documents to standardize the security controls and to achieve a fast basic level of security inside the concerned enterprises. This approach utilizes the checklist technique to achieve its objectives, and it depends mainly on the compliance and certification processes to examine the existence of the required protection controls according to a specific standard. The main goal of this paper is to show that combining

these two approaches in an integrated comprehensive enterprise information security risk management framework shall benefit the information security risk management results. 5.1 The Risk-Analysis Approach The enterprise information security risk-analysis approach has many different methods; these methods are standard, professional and research methodologies. Selective key methods from each group will be discussed in terms of their objectives, structure, content, basic elements, essential components, steps and their ability to integrate technological, organizational, human and environmental components in studying enterprises‟ information security risks. The technological view in dealing with information security risk management is not sufficient for the development of comprehensive EISRM framework. Organization, people and environment issues should also be addressed in the framework to ensure that it is comprehensive. These methods are selected because they are issued by well-known national and international standard organizations used internationally and often referenced in other methods. 5.1.1 Standard Risk Management Methods National and International standard organizations suggested a number of risk management methods. AS/NZS 4360 It is considered one of the first risk management standards to define a complete risk management method. The standard is very generic and independent of any industry or economic structure. The AS/NZS 4360 defines risk management process as the total process of identifying, controlling and eliminating or minimizing uncertain events that may affect IT system resources, which are often best carried out by a multi-disciplinary team. The AS/NZS 4360 standard includes five main steps and defines two parallel processes. Table 1 summarizes the issues considered by each step and process.


n

R esearch f ront

Table 1: The generic risk management steps & process of AS/NZS 4360 S. Steps No. 1

Issues Considered

Establish the context:

1) External environment: Business, social, regulatory, cultural, competition, financial, political / Stakeholders & key business drivers /Organization’s: strengths, weaknesses, opportunities, threats. 2) Internal environment: Stakeholders/Organization’s: strategy, goals, structure, resources (people, system, processes, capital), decision making 3) Risk management: The depth and breadth of the needed risk management activities. 4) Risk criteria: Risk evaluation issues: environmental, legal, financial, social, humanitarian, operational, technical. 5) Analysis: Define the structure of the analysis.

Define the basic parameters & set the scope for the rest of risk management process 2

Identify risks

What can happen, when and where, why and how: events that could prevent, degrade or delay the achievement of objectives.

3

Analyze risks

Existing risk controls / Likelihood of occurrence of identified risks and their potential consequences / Levels of risks.

4

Evaluate risks

Levels of risk versus risk criteria considering risk treatment: balancing adverse outcomes with potential benefits of treatment, setting priorities and making decisions.

5

Treat risks

Specific cost-effective strategies and action plans for risk treatment: development and implementation (options, treatment, residual risk).

The parallel process S. Steps No.

Issues Considered

1

Communicate and consult

Plan / Consultative team / Stakeholders perceptions of risk / Understanding the basis of decision.

2

Monitor & review

The effectiveness of all steps for continuous improvement.

ISO/IEC TR 13335-3 It is the third part of five series technical reports, which adopts a more holistic approach for enterprises information security management. This technical report provides guidance on the management of IT security presenting a foundation to assist enterprises in developing and enhancing their internal security architecture, and to establish commonality between enterprises. The document also provides guidance on the selection and use of safeguards which addresses the vulnerabilities of a particular network and its associated security risks. The IT security risk management method of ISO/IEC 13335-3 has five basic steps. Table 2 presents the issues associated with each of these steps. Table 2: IT risk management steps & process of ISO/IEC TR 13335-3 S. Steps No.

Issues Considered

1

Risk analysis

1) Boundaries: Technology & information / People: staff, subcontractors & others / Environment: building facilities / Activities: operations. 2) Threats & vulnerabilities: Identifying both: accidental and deliberate risk sources / Assessing the likelihood of the occurrence of risk / Identifying weaknesses in: technology, people, physical environment, activities & procedures. 3) Safeguards: Identifying existing and planned safeguards. 4) Risks: Assessing the risks to which assets are exposed.

2

Safeguards selection

Constrains / Security architecture / Risk acceptance & residual risk

3

Policy & plan

Policy: Why selected safeguards are necessary. Plan: How safeguards can be implemented.

4

Plan implementation

Practical implementation of safeguards according to plan / Awareness & training / Approval of plan.

5

Treat risks

Maintenance / Checking compliance / Monitoring / Incident handling / Change management. 22 C S I C o m m u n ic a t i o n s | D E C E M B E R 2 0 1 7

www.csi-india.org

R esearch f ront

5.1.2 Professional Risk Management Methods Professional organizations also suggest a number of risk management methods from four which are presented in the following. CRAMM CRAMM (CCTA Risk Analysis and Management Method) is a qualitative risk analysis and management method developed by the UK government’s central computer telecommunication agency. The method had undergone major revisions and is finally being distributed by a private company. CRAMM method has three main steps and shown in Fig.1. Threats

Phase 1: Build Asset-Based Threat Profiles

Vulnerabilities Analysis

Risks

Preparation

1-Management knowledge 2-Operational area management knowledge 3-Staff knowledge 4-Create threat profile

Phase 2: Identify Infrastructure Vulnerabilities

Countermeasures Management Implementation

Phase 3: Develop Security Strategy and Plans 7-Conduct risk analysis 8-Develop protection strategy

5-Identify key components 6-Evaluate selected components

Fig. 2 : OCTAVE risk management process

Fig. 1 : CRAMM risk management process

One of the main features of CRAMM is the identification of the IT assets. The information is gathered through interviewing the owners of the assets, the users of the system, the technical support staff and the security manager. The method neither helps in the calculation of return on investment for the proposed controls nor helps in the monitoring the effectiveness of these controls. CRAMM does not assist in risk management improvement inside the considered enterprises, so no training, meetings or workshops are utilised. No steps in CRAMM are concerned with implementation and follow-up. OCTAVE The Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE) method was developed at the Computer Emergency Response Team Coordination Center. The method is considered as human centric qualitative risk analysis methodology. The main objective of this method is to examine enterprises’ organizational and technological issues for developing a

CORAS The CORAS (Consultative Objective Risk Analysis System) project was developed and aims at addressing security-critical systems in general, but places particular emphasis on IT security.

Identify context

Identify risks Communicate and consult

Audit

Risk analysis Likelihood

Consequence

Consequence

Monitor review

Assets

comprehensive picture for information security needs. The method produced by OCTAVE has the following three main phases as shown in Fig. 2. The method collects the required information at phase one through two workshops; the first with the senior management to define the scope of the analysis, while the second with the staff that has more technical expertise. One of the main concepts of OCTAVE is self-direction. This concept means that people from various hierarchical levels of the enterprise are responsible to lead the information security risk evaluation program.

Evaluate risks

Accept risks

Treat risks

Fig. 3 : CORAS risk management process

The main objective of CORAS is to improve the traditional risk assessment methodologies to get better results by gathering well-known risk analysis techniques into an integrated security risk analysis method. The CORAS method considers a broad view to security that includes not only the technological aspects, but also the human interactions with technology and all relevant issues of the surrounding organization and environment. The CORAS risk management process, as shown in Figure 3, adopts the risk assessment process of the AS/NZS 4360 risk management standard. The CORAS methodology has four dimensions namely the documentation framework, the risk management process, the integrated management and system development process and the platform for the inclusion of tools. The method has a scientific origin and depends on its own terminology for risk management process, which is considered as one of its main weaknesses. In addition, the method adopts the risk management process of the AS/NZS 4360 standard which is a generic risk management process and is not dedicated for information security. 6. Conclusions The conclusion from the above is the key enterprise information security risk management standard, professional and researchers methods is that they provide different tools and techniques for reaching generally the same goal of protecting enterprises information resources by defining suited security protection measures with the help of a risk management approaches. Most of the available risk management methods have technical nature and ignore the assessment of the current state enterprise information security. Each method has its own strengths and weaknesses, and it is believed that integrating these methods in a reference comprehensive enterprise information security risk management framework will achieve better results. 7. References

[1] Katina Michael “Security Risk Management: Building an Information Security Risk Management Program from the Ground Up” Computers & Security, Volume 31, Issue 2, Mar2012,


R esearch f ront

pp 249–250 [2] Tony Jeffreek “A review of OSI management standards” Computer Networks and ISDN Systems, Volume 16, Issues 1–2, September 1988, pp 167–174

[6] Richard P. O’Neill., Charles S. Whitmore., Gary J. Mahrenholz “A comparison of electricity and natural gas markets and regulation in the USA” Utilities Policy, Volume 2, Issue 3, July 1992, pp 204–227

[3] Gang Ma and Liping Sun “The Design and Implement of FPSO Assets Management System” Procedia Environmental Sciences, Volume 12, Part A, 2012, pp 484–490

[7] Ritu Agarwal., Linda Roberge., Mohan R. Tanniru “MIS planning: A methodology for systems prioritization” Information & Management, Volume 27, Issue 5, November 1994, pp 261–274

[4] Mohamed S. Saleh., Abdulkader Alfantookh “A new comprehensive framework for enterprise information security risk management” Applied Computing and Informatics, Volume 9, Issue 2, July 2011, pp 107–118

[8] Kenneth Baum., James Richardson., Lyle Schertz “A stochastic recursive interactive programming model for farm firm policy analysis” Computers & Operations Research, Vol. 11, Iss2, 1984, pp 199–222

[5] Robert M. Gellman “Authorizing EDGAR: Information policy in theory and practice” Government Information Quarterly, Volume 5, Issue 3, 1988, pp 199–211

[9] Guillermo A. Calvo., Enrique G. Mendoz “Rational contagion and the globalization of securities markets” Journal of International Economics, Volume 51, Issue 1, June 2000, pp 79–

113 [10] Pullen Troy., Maguire Heather “The information management risk construct: identifying the potential impact of information quality on corporate risk” International Journal of Information Quality, Vol. 1 (4), 2007, pp. 412-443. [11] Mohamed S. Saleh., Abdulkader Alfantookh “A new comprehensive framework for enterprise information security risk management” Applied Computing and Informatics, Volume 9, Issue 2, July 2011, pp 107–118 [12] Robert E. Crossler., Allen C. Johnston., Paul Benjamin Lowry., Qing Hu., Merrill Warkentin., Richard Baskerville “Future directions for behavioural information security research” Computers & Security, Volume 32, February 2013, pp 90–101 n

About the Authors Dr. K. Srujan Raju is the Professor and Head, Department of CSE, CMR Technical Campus, Hyderabad, India. Prof. Raju earned his PhD in the field of network security and his current research includes computer networks, information security, data mining, image processing, intrusion detection and cognitive radio networks. He has published several papers in refereed international conferences and peer reviewed journals and also he was in the editorial board of CSI 2014 Springer AISC series; 337 and 338 volumes. In addition to this, he has served as reviewer for many indexed journals. Prof. Raju is also awarded with Significant Contributor, Active Member Awards by Computer Society of India (CSI) and Past Secretary of CSI Hyderabad Chapter. Dr. M Varaprasad Rao obtained Doctorate in CSE from SVU. He has 17 years of teaching experience. He worked for various capacities in various institutions. He has published 16 papers in reputed/peer reviewed indexed international journals. He also contributed 3 book chapters for IGI global publications. He is an editorial/reviewer member of Springer journal: IJU and IJMPICT. He is a life member of UNI-IT, CSI, ISTE, IAEng.

Benefits for CSI members: Knowledge sharing and Networking

Participating in the International, National, Regional chapter events of CSI at discounted rates Contributing in Chapter activities Offering workshops/trainings in collaboration with CSI Joining Special Interest Groups (SIG) for research, promotion and dissemination activities for selected domains, both established and emerging Delivering Guest lecturers in educational institutes associated with CSI Voting in CSI elections Becoming part of CSI management committee


www.csi-india.org

A R T I C L E

Application Security using Blockchain in Cyber Physical System Poonam N. Railkar

Sandesh Mahamure

Parikshit N. Mahalle

Department of Computer Engineering Department of Computer Engineering Department of Computer Engineering Smt. Kashibai Navale College of Engineering NBN Sinhgad School of Engineering Smt. KashibaiNavale College of Engineering Savitribai Phule Pune University, Pune – 411041 Savitribai Phule Pune University, Pune – 411041 Savitribai Phule Pune University, Pune – 411041 [email protected] [email protected] [email protected]

The Internet of Things (IoT) is experiencing exponential growth in research and industry, but it still suffers from privacy and security vulnerabilities. Cyber Physical System(CPS) have serious communication security issues of the machine to machine communication. Conventional security and privacy approaches tend to be inapplicable for IoT, mainly due to its decentralized topology and the resource-constraints of the majority of its devices. One solution that is widely tipped to sway the balance in favor of IoT adoption is Blockchain. The blockchain is a distributed database of online records which guarantees tamper-proof storage of approved transactions. The benefit of such a system is three-fold: it is distributed, permission-based and, above all, secure. This article highlights the broader use of Block chain and its effectiveness in providing security and privacy for a cyber-physical system based IoT applications. Introduction Internet of Things (IoT) consists of devices that generate, process, and exchange vast amounts of security and safety critical data as well as privacysensitive information, and hence are appealing targets of various cyber attacks [1]. Many new networkable devices, which constitute the IoT, are low energy and lightweight. These devices must devote most of their available energy and computation to executing core application functionality, making the task of affordably supporting security and privacy quite challenging. Traditional security methods tend to be expensive for IoT in terms of energy consumption and processing overhead. Moreover many of the state-of-the art security frameworks are highly centralized and are thus not necessarily well-suited for IoT due to the difficulty of scale, many-to-one nature of the traffic, and single point of failure [2]. To protect user privacy, existing methods often either reveal noisy data or incomplete data, which may potentially hinder some IoT applications from offering personalized services [3]. Consequently, IoT demands a lightweight, scalable,

and distributed security and privacy safeguard. The Blockchain (BC) technology that underpins Bitcoin the first cyptocurrency system [4], has the potential to overcome aforementioned challenges as a result of its distributed, secure, and private nature. IoT will play an increasingly important role in our society for the foreseeable future, in both civilian and military (adversarial) contexts, such as Internet of Drones, Internet of Battlefield Things and Internet of Military Things. Not surprisingly, IoT security is a topic of ongoing research interest. In the era of computation, Cyber Physical System (CPS) is carried out major potential applications which attracted researcher to work on it. CPS can be viewed as the physical phenomenon or mechanism acts as input to the computational algorithms which will helpful for controlling and monitoring that particular phenomenon. There are various domains acting as foundation for CPS or it can be viewed as seamless integration of various domains. The wide variety of applications motivates researchers to work on CPS. In CPS, Machine to

machine (M2M)Communication boost the performance of CPS system. In CPS, the physical phenomenon is sensed by sensor devices which further sends data to data collection node. Data collection is done at two level. Local decisions can be done based on data collection at local level. Global decision helps to take architectural or strategic decision. In CPS, Heterogeneous devices are communicating with each other. It’s required to have a communication protocol that will be more secure, adaptable, lightweight, scalable protocol which will give safe and healthy CPS. The devices can be categorized into three categories, High end devices, Medium end devices and lower end devices. High end devices carries high processing power. Medium end devices carries moderate level of processing power. This categorization is done based on the processing power of devices. Now if we look at security aspect of M2M communication of CPS, the major challenge is to provide security to CPS data communication and existing protocols are not suitable for real time scenario. Consider an example of RSA algorithm which


A R T I C L E

is widely used algorithm but not comfortable for resource constraint devices. It require huge mathematical calculation may lead to energy and processing power inefficiency in CPS. For this problem one solution could be block chain technology. Block chain holds to hash value of previous block so it becomes very difficult to compromise with security of block chain Technology. BLOCK CHAIN TECHNOLOGY: Blockchain-based projects emerged from concept of Bitcoin and Ethereum . Block chain is usually involved concepts like transactions, crypto currencies or smart contracts. In simple word, we can say that blockchain technology is ledger of online transaction in which we keep records of online transactions maintained by systems. The term block chain indicates the group of transactions in the block and group of block creates history for transaction. A blockchain contains connected blocks of transactions. Blockchain is a shared peer-to-peer distributed ledger (distributed database). Fig. 1 shows a sample structure of distributed blockchain. Valid and verified transaction are stored in form of block that is linked to previous one. A blockchain starts with genesis block which is nothing but initial block. To create new block hash value of the previous block is entered. In distributed blockchain, as shown in figure 1 Peer B has the exact copy of blockchain peer A has. So any changes to any block would result in different hashcode and thus immediately visible to all participants in the blockchain. Consequently, blockchain has following benefits: 1. Immutability 2. Corruption proof 3. Cryptographic security 4. Resistance to collusion 5. Decentralization In block chain technology, if any user wants to update ledger he/she have to provide encrypted sign. The validity of transaction is defined based on the history of that transaction which is recorded in the recorded copy. The authors Goreth w. patrest et al. categorized block chain into

Fig. 1 : Sample of Distributed Blockchain

permissioned and permission less block chains. In permission less block chain, user can contribute his or her computational power without any permission. In permissioned block chain the verification nodes are selected by central authority or another way, categorization can be done as public and private block chain based on the type of transaction. Economics of Block Chain: The cost requirement to implement block chain technology will need to consider two major cost requirement. 1) Cost of verification and 2) Cost of networking. Whenever we exchange something we need to consider the parties involved in exchange and we require third party that monitor and make authentication both parties. The parties involved in the exchange process need to pay fee to third party for verification. Now it may require additional cost for privacy and security related issues. The block chain technology consist of network of economic agent that validated the state of the shared data. Now in case of CPS, The devices are interacting with each other that time we need to consider validation of data and may need to pay third party for data as well as device validation. In CPS, some devices are resource constrained so it’s challenging task to provide security to low power devices because they are open to attack. For this issue it may

possible may charge extra money.[6] Blockchain technology which is being tested by over 40 banks worldwide is not only available for use in financial transactions, however. Any transaction or record can be made a part of the Blockchain, so its use can extend to digital communications, product identification, or even to customer claims. The auditing of the validity of digital transactions between machines and things is of particular use for IoT applications. Instead of auditing the exchange of units of a digital currency, the Blockchain could audit the validity of digital transactions between machines and things. Difficulties of Implementing Block Chain in CPS: The point here to be noted that after every transaction the transaction details are published over network. Ifthe network is too large it is not feasible to maintain and update record into table. It will increase redundancy if every node keeps record of every transaction. In the distributed environment, the heterogeneous device are communication to each other and size of network increases exponentially. So it become challenging task to scale up network due to heterogeneity of devices. There is trade-off between decentralized mechanism and scaling. It is recommended to find out optimum point for this particular trade-off. In


www.csi-india.org

A R T I C L E

block chain technology there is peer to peer communication so, it very difficult to govern the operation running over internet. We know that in block chain technology ones the transaction is done, the update is given to all other entities for the update in the table. After transaction commit it’s not possible to reverse that transaction due to its irreversibility nature. By changing architectural view or strategy it possible to implement secure CPS[7]. Dataset Integrity using Blockcahin: This paper reviewed security techniques designed for IoT and related systems. Though it is important for us to be able to detect and prevent existing threats, the capability to predict potential threats and attacks in near future is also important. So there is serious need for more research in predictive IoT security. For example, how can we reliably and effectively identify potential IoT threat vectors to inform the formulation of potential mitigation strategy (e.g. formulate probable course of action for each identified threat). Due to the time sensitive nature of certain IoT applications (e.g. in military or adversarial context), the identification potential IoT threat vectors and formulation of probable course(s) of action should be automated, with minimal human intervention [8]. The need for secure sharing of public available IoT datasets: To facilitate the sharing of realworld datasets, they recommend the development of a standard for such datasets, and to use the Blockchain technique to ensure integrity in the shared datasets. In addition, privacy should be preserved when datasets are released to the public [8]. One dataset may include data collected by multiple sources such as network traffic and operation log

of different IoT devices in a specific industry or context (e.g. smart grids). Even within a single IoT system, we may have many different types of IoT devices with different data format and structure. Thus, we need to categorize the information sources and define the data format and structure, according to the specific industry or context. In addition, it is likely that the size of these real-world datasets would be large. Thus, having a centralized distribution or sharing paradigm will not scale well. Instead, we may employ a centralized hub, which references the various distributed storage servers where datasets are actually stored and can be accessed or distributed. Datasets can then be accessed or shared by registering a storage server with the hub. When the framework is open to the public, the integrity of datasets should be maintained. Thus, Blockchain could play a role in ensuring the integrity of datasets [8]. Security Analysis: There are three main security requirements that need to be addressed by any security design, namely: Confidentiality, Integrity, and Availability, known as CIA [9]. Confidentiality makes sure that only the authorized user is able to read the message. Integrity makes sure that the sent message is received at the destination without any change, and availability means that each service or data is available to the user when it is needed. To increase Availability of devices they must be protected from malicious requests. This is achieved by limiting the accepted transactions to those entities with which each device has established a shared key. Transactions received from the overlay are authorized by the miner before forwarding them on to the devices. Furthermore, it can be argued

that our Blockchain framework only introduces a marginal increase in the transaction processing delays as compared to existing frameworks. There is also an additional one-time delay during initialization for generating and distributed shared keys. In summary, the additional delays are not significant and do not impact the availability of the IOT devices[10].Table I summarizes how our framework achieves the aforementioned security requirements [10]. Blockchain framework is used to prevent two critical security attacks that are particularly relevant for IOT. The first one is Distributed Denial of Service (DDOS) attack in which the attacker uses several infected IoT devices to destroy a particular target node. Several recent attacks [11] have come to light which has exploited IoT devices to launch massive DDoS attacks. The second is a linking attack in which the attacker establishes a link between multiple transactions or data ledgers with the same Public Key to find the real world ID of an anonymous user. This attack compromises user’s privacy. DDoS attack: There must have a hierarchical defense against this attack. The first level of defense can be attributed to the fact that it would be impossible for an attacker to directly install malware on IoT devices since these devices are not directly accessible. All transactions have to be checked by the miner. Let us for a moment assume that the attacker somehow still manages to infect the devices. The second level of defense comes from the fact that all outgoing traffic has to be authorized by the miner by examining the policy header. Since the requests that constitute the DDoS attack traffic would not be authorized, they would be blocked from exiting the device. The

Table I - Security Requirement Evaluation.

Requirement

Employed Safeguard

Confidentiality

Achieved using symmetric encryption.

Integrity

Hashing is employed to achieve integrity.

Availability

Achieved by limiting acceptable transactions by devices and the miner.

User control

Achieved by logging transactions in local Blockchain.

Authorization

Achieved by using a policy header and shared keys. 27 C S I C o m m u n ic a t i o n s | D E C E M B E R 2 0 1 7

A R T I C L E

next two defenselayers are specially designed and managed by the target of a DDoS attack that can be any user in the network. These defenselayers, that are granting permission by using key lists and changing the Public Key in the key lists. Linking attack: To protect against this attack, each device’s data is shared and stored by a unique key. The miner creates unique ledger of data in the cloud storage for each device using a different Public Key. From the overlay point of view, the miner should use a unique key for each transaction Conclusions: Existing IoT security solutions are not always providing security for IoT due to high energy consumption and processing overhead.IoT security is attracting a lot of attention these days from both academia and industry. This paper highlights this problem to addresses these challenges by leveraging the Blockchain, which is an immutable ledger of blocks. The idea was discussed for various types of attacks on CPS based IoT devices. This paper outlined the various core components of the IoT based Blockchain and discussed the various transactions and procedures associated with it. This

paper also is presented an all-inclusive analysis regarding its security and privacy. This paper tried to highlight that the overheads incurred by blocks in Blockchain can be low and manageable for low resource IoT devices. This paper argues that these overheads are worth their weight gave a significant security and privacy benefits on offer. To the best of our knowledge, this research is the part of our ongoing work in security in IoT that aims to optimize Blockchain in the context of IoT. Future research, to this work, will investigate the applications and its security aspects for IoT Devices. References

[1] S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, privacy and trust in internet of things: The road ahead,” Computer Networks, vol. 76, pp. 146–164, 2015. [2] R. Roman, J. Zhou, and J. Lopez, “On the features and challenges of security and privacy in distributed internet of things,” Computer Networks, vol. 57, no. 10, pp. 2266–2279, 2013. [3] A. Chakravorty, T. Wlodarczyk, and C. Rong, “Privacy preserving data analytics for smart homes,” in Security and Privacy Workshops (SPW), 2013 IEEE. IEEE, 2013, pp. 23–27. [4] S. Nakamoto, “Bitcoin: A peer-to-peer

electronic cash system,” 2008 [5] Peters, Gareth W., and Efstathios Panayi. “Understanding modern banking ledgers through blockchain technologies: Future of transaction processing and smart contracts on the internet of money.” Banking Beyond Banks and Money. Springer International Publishing, 2016. 239-278. [6] Catalini, Christian, and Joshua S. Gans. Some simple economics of the blockchain. No. w22952. National Bureau of Economic Research, 2016. [7] Atzori, Marcella. “Blockchain Governance and the Role of Trust Service Providers: The Trustedchain® Network.» (2017). [8] A blockchain future to Internet of Things security: A position paper Mandrita Banerjee, Junghee Lee, KimKwang Raymond Choo [9] N. Komninos, E. Philippou, and A. Pitsillides, “Survey in smart grid and smart home security: Issues, challenges and countermeasures,” IEEE Communications Surveys & Tutorials, vol. 16, no. 4, pp. 1933–1954, 2014. [10] Blockchain for IoT Security and Privacy: The Case Study of a Smart Home Ali Dorri*, Salil S. Kanhere*, Raja Jurdaky and Praveen Gauravaramz [11] Wired, https://www.wired.com/2016/10/ internet-outage-ddos-dns-dyn/, [Online; accessed 10-December-2016]. n

About the Authors Prof. Poonam N. Railkar received her Master in Computer Engineering (Computer Networks) from Pune University Maharashtra, India in the year 2013. From September 2012, she is currently working as an Assistant Professor in Department of Computer Engineering, STES’s Smt. Kashibai Navale College of Engineering, Pune, India. She has published 15 plus papers at national and international journals and conferences and authored 1 book. She has guided more than 10 plus under-graduate students and 3 plus postgraduate students for projects. Her research interests are Blockchain technology, Identity Management, Security and Database Management System Applications. She can be reached at: [email protected],[email protected]. Mr. Sandesh Mahamure obtained his B.E in Information Technology from Shivaji University, Kolhapur, India. Currently, he has completed his Masters in Computer Engineering at STESs Smt. Kashibai Navale College of Engineering, Pune. Now, He is working as assistant professor at NBN Sinhgad School of Engineering, Pune. He can be reached at [email protected]. Research Area: Internet of Things, Mathematical Modelling, Wireless Sensor Network.

Dr. Parikshit N. Mahalleis (CSI Membership No I1501862) Professor and Head at Department of Computer Engineering at STES’s Smt. Kashibai Navale College of Engineering, Pune. He completed his Ph. D in Wireless Communication from Aalborg University, Aalborg, Denmark. He has more than 17 years of teaching and research experience. He has been a Chairman and member- board of studies in Information Technology and computer engineering respectively at, SavitribaiPhule Pune University (SPPU), Pune, India. He is also serving as a member- Technical Committee, SPPU. He is IEEE member, ACM member, Life member CSI and Life member ISTE. He has published 60 research publications at national and international journals and conferences and authored 8 books. He has guided more than 100 plus undergraduate students and 20 plus post-graduate students for projects. His recent research interests include Algorithms, Internet of Things, Identity Management and Security.


www.csi-india.org

A R T I C L E

Cyber Physical Systems and Smart Cities

Nishtha Kesswani

Asst. Professor, Dept. of Computer Science, Central University of Rajasthan

Introduction The synergy of cyber and physical systems has transformed the way we work. In our day-to –day activities, cyber physical systems support the reallife processes. What was considered a difficult task is now easy with the emergence of smart devices all around us. These low cost smart devices are becoming more and more sophisticated and have increased capabilities. Internet of Things (IoT) makes these devices connected and allows them to collaborate. IoT and CPSs allow devices to sense, capture and process the data that provides useful insights to the user. Cyber physical systems have helped in evolution of smart devices in particular and smart cities in general. What are cyber-physical systems? Cyber-physical systems are the new generation systems with integrated physical and computational capabilities. Fig. 1 shows the two components of a cyber-physical system.

Fig. 1 : Cyber-Physical twin of the CPS 1

The wireless sensor nodes at the physical level capture the data and relay it to a node where it is processed. These nodes connected through the cyber component form the cyber physical system. Examples of cyber physical systems include smart grid, medical monitoring systems, process control systems and automatic pilot avionics. Applications such as fully autonomous

Sanjay Kumar

Asst. Professor, Dept. of Mgmt., Central University of Rajasthan

driving are the result of cyber physical systems. A real world application of CPSs is a Distributed robot garden developed by researchers at MIT equipped with self-folding robots and actuators. Over 100 origami flowers have been actuated with LEDs in this project. What makes Cyber physical systems useful in different applications is there self-awareness. Cyber-physical systems are characterized by selfawareness properties such as Self-adaptation,

Self-organization,

Self-optimization,

Self-configuration,

Self-protection,

Self-healing,

Self-description,

Self-discovery

Self-energy-supplying.

This is what it makes them capable of operating on their own and their application in vivid areas. Applications of cyber physical systems to Smart cities A smart city is the new buzzword emerging across the globe. Frost and Sullivan research estimates indicate the market potential of $1.5 trillion for the smart city market globally. There are several Smart city projects that are functional across the globe. Some of these include the Smart cities mission of the Government of India, SmartSantander, a project that spreads thousands of sensors around the city of Santander in Spain. Different parameters for the smart cities have been identified from time to time. And different smart cities have proven to fulfil some of these parameters. Some parameters for a smart city have been illustrated in Fig. 2. Different smart cities have scored high on different parameters. For

instance as per the Forbes list, the top smart city, Barcelona scored high on environment and smart parking, New York city scored high on smart street lighting and traffic management, London on Technology and open data, Nice on environment and agency cohesion, Singapore on smart traffic management and use of Technology.

Fig. 2 : Parameters of a smart city

What really makes the difference is the implementation of different technologies such as CPSs and IoT in the real world. Smart cities can be seen as a large-scale implementation of cyber physical systems, with sensors monitoring the cyber and physical components and actuators changing the urban environment. Some of the application areas where Cyber Physical systems may be used for development of smart cities include: Smart Industry: ¬¬ CPSs can be used for sharing real-time information in the industry, supply chain management, sharing information between customers, buyers and sellers. ¬¬ Self-monitoring and controlling the production. ¬¬ Improving the traceability of goods. Smart Healthcare: ¬¬ Real-time and remote monitoring of patients. ¬¬ Provide better understanding of human body. Smart Energy: ¬¬ Improve energy efficiency.


A R T I C L E

Smart infrastructure ¬¬

Smart buildings equipped with smart devices that are able to operate with less human intervention. ¬¬ Zero-energy buildings. ¬¬ Prevent structural failures. Smart mobility: ¬¬ Internet of Vehicles, connected and smart vehicles that are able to act intelligently. ¬¬ Vehicles and infrastructure can communicate with each other. ¬¬ Sharing real-time information about traffic and other issues resulting in improved safety and save time and money. The cyber physical systems make implementation of these smart parameters easy. The data collection through sensors, relaying and processing of information makes cyber physical systems appropriate for the smart cities. The Future With the

development

of

the

connected world, the emergence of cyber physical systems is becoming more and more important. Though there are several advantages of using the cyber physical systems but there are several challenges as well. Some of these challenges include data heterogeneity, dealing with the Big Data generated by the CPS, reliability, security and privacy of data. Standardized architectures for the design of cyber physical systems and new algorithms and tools to implement those systems shall be required. Conclusion The Internet of Things and Cyber Physical systems have brought technological revolution in our everyday lives. These technologies will benefit the masses and improve the services and our lives. Future cyber physical systems will need to be equipped with hardware and software components that are highly dependable, trustworthy and reconfigurable. References [1] Zanni,

A.

(2015).

[2] [3]

[4] [5]

[6]

Systems and Smart Cities. In Technical Report. IBM Corporation. Singh Sarwant (2014, June 19). Smart cities – A $1.5 trillion market opportunity. Retrieved from Baheti, R., & Gill, H. (2011). Cyberphysical systems. The impact of control technology, 12, 161-166. h t t p s : // w w w. fo r b e s . co m / s i t e s / sarwantsingh/2014/06/19/smartc i t i e s - a - 1 - 5 - t r i l l i o n - m a r ke t opportunity/#395bbb3c6053 https://www.forbes.com/pictures/54fe 2629fcd7da7ddff45018/top-five-smartcities/#57ce4c0e6b43. Gurgen, L., Gunalp, O., Benazzouz, Y., & Gallissot, M. (2013, March). Self-aware cyber-physical systems and applications in smart buildings and cities. In Proceedings of the Conference on Design, Automation and Test in Europe (pp. 1149-1154). EDA Consortium. Sanneman, L., Ajilo, D., DelPreto, J., Mehta, A., Miyashita, S., Poorheravi, N. A., ... & Rus, D. (2015, May). A Distributed Robot Garden System. In Robotics and Automation (ICRA), 2015 IEEE International Conference on (pp. 6120-6127). IEEE.

Cyber-Physical

n

About the Authors Ms. Nishtha Kesswani [CSI- I1510155] is currently working at Central University of Rajasthan. She has a teaching and research experience of over 15 years including California State University, SB, USA and University of Ljubljana, Slovenia, Europe. She has visited more than 15 countries and has delivered invited talks at several Conferences and Workshops. Her current areas of research include Wireless networks and Internet of Things. She can be reached at [email protected]. Mr. Sanjay Kumar is working at Central University of Rajasthan. He is a vivid researcher. He has over 20 years of teaching and research experience and has also contributed to several research and consultancy projects. He has over 50 publications to his credit. He has been awarded with several awards including the UGC Ram post-doctoral fellowship tenable in the United States. He can be reached at [email protected].

Like CSI on facebook at : https://www.facebook.com/CSIHQ


www.csi-india.org

SECURIT Y CORNER

Security Issues in Cyber Physical Systems

Swati Maurya

Research Scholer-Ph.D (IT), Guru Gobind Singh Indraprastha University, Delhi. Email: [email protected]

Anurag Jain

Associate Prof., Guru Gobind Singh Indraprastha University, New Delhi. Email: [email protected]

The use of sensors and embedded systems are rapidly getting its space in cyber world and with the togetherness of Information superhighway, these devices are getting more focus and known as Cyber Physical Systems. Due to involvement of Internet and networking infrastructure, these types of systems are also facing the problems of cyber security and become vulnerable systems, which can be hacked. This paper presents the various security issues, challenges and discusses about the general approaches to mitigate the cyber attacks. These attacks can be mitigated through some general security and privacy practices which can be implemented on Device/control or repository level. 1. Introduction Cyber Physical System (CPS) is the integration of devices that are networked to perform physical processes with the help of some computation. The devices able to sense, record data and communicate through a network are used for monitoring the physical processes. Infrared sensors and RFIDs are mostly used for information sensing purposes [1]. Internet is the mode of communication between the devices and the connected information collecting server. Common application areas include the physical processes undergoing in critical infrastructures. Smart homes, Body area networks, Smart grids, Power plants, Chemical industry, transportation systems, oil and water distribution systems are major real life examples of CPS. a. Security in CPSs With the trending application of CPSs in critical infrastructures and the sensitive information involved, the threat associated with cyber and physical attacks on the system has increased. The vulnerabilities or the loopholes in the physical and cyber security model result into severe loss. If physical tampering of devices is not taken care of, it may lead to destruction of the information collecting and processing system. Cyber security attacks such as denial of service, man-in-the-middle attack, eavesdropping, spoofing, replay and compromised key are the major attacks on cyber physical systems [2]. The attacks on CPSs can be

broadly categorised as Perception layer attacks, Transmission layer attacks and Application layer attacks. The attacks that hamper the security at sensors and actuator levels are classified as Perception layer attacks. Common perception layer attacks are Node capture, node outage and false node [3,4]. Transmission layer attacks include breaching attacks during the transmission. Examples of transmission layer attacks are Routing, Wormhole, Selective forwarding, sinkhole etc [3]. Application layer attacks include unauthorised access leading to loss of user privacy. Common attacks are Buffer overflow and through malicious code [3,5]. b. Security attack points in CPS In CPS, attackers can target and launch attacks on the system misusing the loopholes in the architecture and security mechanisms. Figure 1 summarizes the security attack points in a cyber physical system.

Fig. 1 : Security attack points in CPSs

2. Infrastructure of CPS To resolve the security issues related to Cyber physical systems, the understanding of infrastructure of CPS is required. Figure 2 summarizes the level of a CPS architecture. Device Level

Control/Enterprise Level

Repository Level

Fig. 2 : Infrastructure of a Cyber Physical System

a. Device level Device level deals with the smallest nodes in the system that can be electronic devices to production machines dealing with information and communication technology. Devices collect, process, and communicate data about their related tasks. They interact with other devices to gather and share information. Most of the devices have limited resources which offer only low processing power. They have memory constraints and limited battery resource. In network topology, CPS devices are connected through wireless networks based on low power such as ZigBee, 6LoWPAN, WirelessHART [6]. b. Control level Gateway router and public communication media (Internet) are used to connect devices with the control level. In this level, server-grade backend systems are run that fulfil tasks related to control and analysis based on the data collected and aggregated from


SECURIT Y CORNER

the different controlled edge networks. These servers may be connected on the same level with other servers at other enterprise sites or interface with other enterprises [6]. c. Repository level Cloud services are used to store, process, analyze, and redistribute CPS data collected from nodes. Cloud services are typically realized on top of a layered architecture, where different functionality of the Cloud infrastructure is potentially provided by different providers. The sensitive CPS data of a user is stored and processed using the same infrastructure as for the data of other users, opening a wide range of threats to the security and privacy of these data [6]. 3. General approaches for CPS security While there are many general security and privacy practices (i.e., strong passwords), the focus is on security mitigations that are specific to or have characteristics unique to CPSs. These should be followed as general practices for a secure transmission and communication. a. Least privilege access (Access Control) Least privilege access means allowing access only to the needful resources for a particular user according to his role. Proper authentication mechanisms will be implemented to allow mandatory access control. It restricts access to resources based on the sensitivity and severity of the information they share. Application firewalls and proxies are some examples of least privilege measures. The sensitivity level according to type of information is determined in advance and then security mechanisms are applied.[6] b. User configurable data collection/ logging Data collection from CPS nodes is very useful for users and the analysing groups. Collected data is helpful in understanding dynamics and characteristics of the user groups. However, the data collection and logging should preserve privacy of individual users. c. Pattern obfuscation

CPSs can be secured by obfuscating the patterns of use. Usage patterns help in tracing the stage of an important process CPS is in. Attackers could use this knowledge for reconnaissance or to cause damage to the system. Sentiment analysis and Pattern analysis help in monitoring and predicting the general pattern of user behaviour. Communication patterns in network traffic can also be mimicked by malicious entities so that intrusion detection systems are not alerted to unusual “conversations” between machines or to high throughput during odd hours.[6] d. End-to-end security End-to-end security refers to securing data at different stages of transmission, reception and storage at repository level. Authentication, integrity, and encryption must be maintained at the application layer throughout the process of data transmission. The node, the connection media, and the destination servers must be implemented with secure mechanisms to provide end-toend security from node to receiving destination. This can be accomplished by applying encryption on the device, using a secure connection to transmit the data, and ensuring that the servers are protected with technical and physical methodologies. e. Tamper detection The unauthorized manipulation and tampering of the devices mounted at remote and uncontrolled locations should be controlled by using detection mechanisms. Tamper resistant locks, that utilise authorization codes and have alarms attached to them should be used. If any tampering alert is brought into notice then the information from the device should not be trusted. Authentication and non repudiation mechanisms implemented through logs monitoring can prevent unintentional access to the devices and diagnose intrusions. 4. Security implementation challenges for CPSs The security challenges and solutions for communication within CPS network comprise the security of CPS devices and the communication media.

The devices use communication media to interact with the servers for information aggregation and storage and for updates regarding position coordinates among different nodes. The wireless communication employed by CPS devices is susceptible to eavesdropping attacks. An active attacker can also jam the wireless communication medium by over flooding, replay and other network attacks. The use of low-power wireless communication like Bluetooth requires forwarding of packets to the destination via multiple hops through nodes instead of direct transmission from the sender to the receiver in the CPS. An on-path attacker can exploit this to maliciously drop packets instead of forwarding them.[7] Considering the energy limitation of CPS devices like sensors, an attacker can deplete the limited energy resources, leading to an early death of devices, thereby potentially taking out parts of the CPS network. To ensure secure communication among CPS devices, security measures viz, cryptography, authentication and intrusion prevention mechanisms should be deployed at node level, control level and repository level. a. Secure device bootstrapping [7] CPS devices employ cryptographic measures for encrypting the data before transmission using Private and Public keys. Major challenge in case of private key cryptography is the large number of communicating devices and maintaining specific key pairs. Public key is computationally more challenging for the hardware of CPS devices but enables the establishment of symmetric keys between two communication partners on demand. i.

Initial key exchange The security mechanisms rely on trust anchor on the device manufacturer. The producer can deploy keys for public-key cryptography on the device and make the public key available. The key exchange for symmetric cryptography at the time of manufacturer end encounters the problem that new devices that add dynamically at run-time are typically not known at the time of production. Hence, the use of manufacturer-deployed symmetric keys is limited to devices of


www.csi-india.org

SECURIT Y CORNER

the same or cooperating vendors and often restricted to group instead of pair wise keys. Secure device bootstrapping within a secure local area and an otherwise insecure wireless communication channel requires the user to trigger the exchange of keying material when the communicating devices are near to each other. ii. Device life cycle The initial exchange of keys require manual interaction between the devices, which lacks scalability and proper key exchange mechanisms are required for CPS devices that do not consume too much battery life. Frequent new connections and disconnections of devices consume battery at an increased rate. Thus, CPSs require mechanisms that ensure devices to connect smoothly without affecting the life tenure of nodes. b. Secure communication [7] The main challenge for security of communication in CPSs is the secure usage of wireless communication. The attackers misuse public communication medium for transmission by eavesdropping. The low-power transceivers are prone to jamming attack. The security threats and appropriate countermeasures divided by the attacked communication layer and scenario are: i.

Physical layer The usage of low-power wireless transceivers makes CPS devices vulnerable against jamming attacks, which disable communication of a CPS. A jammer can block the channel with continuous replay attacks and denial of service attacks. ii. Medium access Medium access layer attacks make the devices be alert according to the

traffic and die out their energy resource. This short life cycle of a node needs prevention from unnecessary traffic warnings and control messages. iii. Network layer Network layers attacks like Black hole attack include the dropping of message packets during transmission instead of forwarding them. ACK (acknowledgement) if not received for a packet, results into retransmission of the packet and increases the burden of message resending and ultimately energy consumption increases. CPSs should allow communication only between authorized CPS devices and be alert from black hole attacks while misuse Hello message and routing details. Hence, CPSs must employ replay protection in addition to authentication of control messages. CPSs have made presence in our day-to-day life with having dependency for minute things. Using CPS for regular routine tasks give rise to potential risks. A few recent examples are: Worm based attacks (Stuxnet) deployed in Iranian uraniumenriching centrifuges were manipulated to malfunction. [8] Online murdering incidents were often reported where a person’s pacemaker or defibrillator was hacked and the person was killed. [8] 5. Conclusion With the increasing reliability on technology for our daily needs and implementation of CPS in critical infrastructures, the security and privacy issues in CPS have become the need of the hour. The challenges are mainly faced due to limited energy source and low power communication. The security mechanisms implemented till date are not enough for prevention

from attackers and can lead to severe damages. Thus, security measures need to be developed considering the limitations of CPS devices and the infrastructure and should be costeffective. 6. References

[1] B. Zhang, X. Ma, and Z. Qin, “Security Architecture on the Trusting Internet of Things,” J. Electron. Sci. Technol., vol. 9, no. 4, pp. 364–367, 2011 [2] Yosef Ashibani, Qusay H. Mahmoud, Cyber physical systems security: Analysis, challenges and solutions, In Computers & Security, Vol. 68, , pp. 8197, 2017 [3] K. Zhao and L. Ge, “A Survey on the Internet of Things Security,” Ninth Int. Conf. Comput. Intell. Secur., pp. 663– 667, 2013. [4] S. Raza, “Lightweight Security Solutions for the Internet of Things,” Mälardalen University Press Dissertations, Mälardalen University, Västerås, Sweden, 2013. [5] R. Bhattacharya, “A Comparative Study of Physical Attacks on Wireless Sensor Networks,” Int. J. Res. Eng. Technol., pp. 72–74, 2013. [6] Henze, M., Hiller, J., Hummen, R., Matzutt, R., Wehrle, K., Ziegeldorf, J.H., “Network Security and Privacy for Cyber-Physical Systems” In Security and Privacy in Cyber-Physical Systems: Foundations, Principles, and Applications,First Edition, Published 2018 by John Wiley & Sons Ltd [7] Fink, G.A., Edgar, T., Rice,T.R., MacDonald, D.G., Crawford,C.E., “Overview of Security and Privacy in Cyber-Physical Systems” In Security and Privacy in Cyber-Physical Systems: Foundations, Principles, and Applications,First Edition, Published 2018 by John Wiley & Sons Ltd [8] http://ivezic.com/cyber-kinetic-book/ cyber-physical-systems-rising-riskscyber-kinetic-attacks/ n

About the Authors Ms. Swati Maurya obtained her M.Tech from DCRUST Murthal. She is presently pursuing her Ph.D. from Guru Gobind Singh Indraprastha University, Delhi. Her research area is Cyber Security.

Dr. Anurag Jain obtained his Mtech from IIT Kahragpur and Ph.D. from Guru Gobind Singh Indraprastha University, Delhi. He is presently working in GGSIP University as Associate Professor and active interst in Cyber security and involved in many National level Cyber security activities.


SECURIT Y CORNER

Cyber Security and Human Rights Subrata Paul

Anirban Mitra

Brojo Kishore Mishra

VITAM, Berhampur Brainware University, Kolkata CVRCE, Bhubaneswar [email protected] [email protected] [email protected]`

Cybersecurity is the frame of technologies, procedures and practices intended to defend networks, computers, programs and data from spasm, harm or unauthorized access. Elaborately it is the defence of computer systems from the stealing and injury to their hardware, software or information, as well as from commotion or misdirection of the amenities they deliver. Cyber security comprises governing physical entree to the hardware, as well as shielding alongside harm that may come via network entree, data and code injection. Also, owing to negligence by operators, whether intentional, accidental, IT security is vulnerable to being deceived into differing from protected measures through numerous approaches. The arena is of mounting reputation due to the cumulative dependence on computer systems and the Internet, wireless networks such as Bluetooth and Wi-Fi, the development of “smart” devices, comprising smartphones, televisions and tiny devices as part of the Internet of Things. Safeguarding cybersecurity necessitates synchronised pains through an information system. Human rights define rights intrinsic for every human, irrespective of race, gender, ethnic group, civilization, linguistic, religious conviction, or slightly extra position. Human rights comprise the right to lifespan and independence, freedom from bondage and torment, freedom of estimation and appearance, the right to effort and tutoring, and many more. Everybody is permitted to these rights, deprived of discernment. They are usually unstated as unchallengeable fundamental rights “to which a person is integrally permitted merely because she or he is a human being”. They are pertinent ubiquitously and at each time in the intellect of being universal, and they are egalitarian in the wisdom of being the identical for everybody. They are observed as necessitating compassion and the rule

of law and striking a compulsion on persons to esteem the human rights of others, and it is usually deliberated that they should not be taken away excluding as a result of due procedure based on precise environments. If campaigners would like to triumph in contest for detainment in the Internet permitted and exposed, resulting in progressively vibrant which becomes necessity to disseminate them familiarly through the extents of cyber safety and cyber scrutiny. Worldwide state-funded cyber intelligence is assumed in delivery of the identical chronicles of cyber conflict and a cyber weapons contest; chronicles that came to existence castoff around in a few portions within the universe to embolden inhabitants for crafting on domestic permissions because of better wisdom of safety. Within India, we can’t imagine for the entree of cellular devices else Internet acquaintances, comprising in cyber cafes, deprived of authorised documentation, and together ISPs and cyber cafes stand compulsory for preservation thorough records compring operators’ glancing antiquity. The fate chronicles which habitually escort these actions lure additional forte after identical actual development in the extent cyber-crime – where prevails numerous viruses besides added kinds of malevolent cypher in transmission, through a million persons flattering injured by cyber-crime daily. Therefore although cyber security hasn’t been a novel anxiety, over previous ages this originated in progressively govern besides ambition in Internet strategy besides supremacy program, in addition to worldwide strategy treatise extra sketchily. Cyber security approaches requisitely intended then applied by a manner such that it becomes reliable through global human rights regulation – besides frequently this was not the scenario, by way of realised

in the investigation commands. On additional arenas, States establishes for being in arrears of coercions for instance cyber-attacks intended on human rights protectors’ otherwise radical antagonism. It’s consequently significant being wider human rights communal twitches appealing along with dissertations extra carefully, for unloading announced intimidations in addition to the hypothetical answers then safeguard human rights values remain supported midst cyber security showground also. Adopting cyber security approaches which interrupt human rights. With usage of encumbered, vague linguistic certainly elaborates extensive significances, by way of numerous governments consume imprecise interior besides exterior fears by way of influences to defend always better savings within cyber weapons besides bulk shadowing arrangements, also eternally superior administrative resistor in Internet plus own peoples. Owing to intellect in fright entrenched by cyber security accounts partakes troubled necessity of accurately also obviously authenticate probability besides features of hazards impending. Similarly assumed growth of imprint describing replies remain suitable besides genuine. Other threatening “security” actions include evolving supposed “Internet kill switches”, confining usage of encryption, realising purifying besides obstructive apparatuses then announcing actual term strategies. These methods frequently stance fears towards civic authorisations, so far these incline toward absence in jurisdictive omission in addition to communal information wherein magistrate on efficacy. Whereas boomingly that these advance safety, these commonly jeopardy obliterating the assistances which Internet carries. Applying a Human Rights Approach to


www.csi-india.org

SECURIT Y CORNER Cyber Security International legal standards The hearsays of UN Distinct Rapporteur delivers decent sympathetic about what way liberty of appearance smears. “International Principles on Communications Surveillance and Human Rights”, labels chief philosophies of human rights method to cyber security equally defined by a collection of municipal civilization societies, business besides world-wide specialists. Privacy and Freedom of Expression Though additional human rights remain pertinent, two human rights specifically leads to the formation of structure chunks in rights- regarding tactics of cybersecurity. First comes right to privacy, freedom in keeping everyone’s information and communiqué left after predatory judgements of management, industries or extra peoples. Right to privacy becomes an essential constituent over expansion of a people specific safety strategy. Though it’s inadequate still because it unconsumed the necessities aimed at existence protected operational in method being elaborated. Privacy is inhibited when someone becomes deprived of the privacy in transportations or mechanism concluded evidence around them. Over valuation in cyber security strategies identical physique willingly specified over functional pleasure with every inhabitants of the right to freedom of countenance. Additional dominant right, freedom of countenance, inhibited whenever an act averts somebody after looking for, getting or communicating

somewhat appearance except those could be legally imperfect, besides movements which “anxieties”, i.e. disheartens else constrains, which countenance. A distributed-governance approach to cyber security Though cyber threats are frequently actual, present dissertation hereby consuming a diversity of undesirable influences, affecting the Internet domination programme absent after making an available and allowing atmosphere and concerning discovery novel, and progressively federal, systems of knowledge and controller. An important characteristic of the cyber security dissertation exists in the idea of an influential besides caring Public provided that his peoples through safety, similar to the pre-Internet stage. Nonetheless this account take a pew nervously along realism of Internet’s behaviour that stands as world-wide network of evidence that is unto a great amount for indicators of private segment. Neither fears nor explanations are consequently by way of effortlessly distinct, positioned before bounded as similar to past. Through a disseminated methodology, supremacy preparations purposefully consensus numerous performers precise parts besides errands at cyber security field, nonetheless being accomplished in a manner when none solitary performers are capable of regulating this field except the others approve and cooperate. The other metier of such a tactic becomes permit users to redo the

distinction between the operators as an important performer in this expanse. Certainly, because intimidations remain rapidly changeable over Internet atmosphere, finest resistance will frequently consuming knowledgeable operators can themselves undertake bright conclusions; although present governance preparations consists of slight area for it. Totalling, in pointing multiple-layers of payments and stabilities, this tactic can be additional probable in sustenance of human rights. Reference:

[1] Margaret Rouse, “Cyber security”, http://whatis.techtarget.com/definition/ cybersecurity, retrieved: November, 2016. [2] Gasser Morrie, “Building a Secure Computer System (PDF)”. Van Nostrand Reinhold. Pp. 3. ISBN 0-442-23022-2. Retrieved on 6 September 2015. [3] Rouse Margaret, “Social engineering definition”. TechTarget. Retrieved on 6 September 2015. [4] James Nickel, Thomas Pogge, M.B.E. Smith, and Leif Wenar, “Stanford Encyclopedia of Philosophy, Human Rights “, December 13, 2013, Retrieved on August 14, 2014. [5] Nickel, James, “Human Rights”. The Stanford Encyclopedia of Philosophy (Fall 2010 ed.). [6] The United Nations, Office of the High Commissioner of Human Rights, What are human rights? http:// www.ohchr.org/en/issues/pages/ whatarehumanrights.aspx, Retrieved August 14, 2014. [7] Anja Kovacs and Dixie Hawtin, “Cyber Security and Online Human Rights” Internet Democracy Project, Global Partners and Associates, November 2017. n

About the Authors Mr. Subrata Paul is currently working as Assistant Professor in the VIGNAN Institute of Technology and Management, Berhampur (Odisha). He had completed his B.E(CSE) from VTU – Belgaum, Karnataka in 2010 and M.Tech(CS) from Berhampur University in the year 2013. His research area includes Social Network Analysis, Computational Intelligence, Cloud Computing and Bioinformatics. He had several publications at national and international levels, both in journals and conferences including papers in IEEE and Elsevier conference He has also published two book chapters in IGI-Global. He had an experience of nearly 4.5 years in teaching undergraduate courses and 1 year in handling post graduate classes. Dr. Anirban Mitra (CSI LM - I1503780) is working as an Associate Professor in the Department of Computer Science, Brainware University in West Bengal. He is guiding 3 PhD Scholars registered under the BPUT (A State Government Technical University). His present areas of research are Prediction Analytics, Knowledge Representation and Application of Computers in Medical Science. Being a Senior Member of IEEE, Member of ACM and Life Member of CSI, he is associated with few reputed journals as a reviewer and member in editorial board. He had acted as a technical committee member in many reputed conferences so far. Apart from 2 books and 5 book chapters authored, he is having several Scopus indexed papers and papers in SCI Journal. Dr. Brojo Kishore Mishra (CSI LM - I1501747) is working as an Associate Professor in the Department of IT, C. V. Raman College of Engineering, Bhubaneswar. He is guiding 2 PhD Scholars registered under the BPUT (A State Government Technical University). His present areas of research is Opinion mining and Sentimental analysis. Being a Member of IEEE and Life Member of CSI and ISTE, he is associated with few reputed journals as a reviewer and member in editorial board. He had acted as a technical committee member in many reputed conferences so far. Apart from 2 books and 8 book chapters authored, he is having several papers in Google scholar, Scopus indexed, ESCI Journal.



Fun with Digital Image Processing in PHP on Windows and Linux Platform Baisa L. Gunjal Professor and Head, IT Department, Amrutvahini College of Engineering, Sangamner. E-mail: [email protected]

Traditionally Image processing and related projects are implemented using Matlab, Scilab, Octave and Java. This article focuses that image processing and related projects can be developed in PHP efficiently. PHP requires XAMPP for execution. XAMPP stands for X-os, Apache, MySQL, PHP, Perl. X-os implies that it can be used for crossplatform. XAMPP is a free and open source web server. This article shows demonstration of installation and configuration of XAMPP for PHP in both windows and Linux platform. Easy PHP code is presented for Image processing operations with output. Installation of XAMPP and Execution in Windows Step-1: Download XAMPP for Windows7 from following url: https://www.apachefriends.org/ download.html Step-2: Run the setup and open XAMPP control panel. During installation set the path of htdocs folder Step-3: Start Apache Server as follows.

through bowser as: http://localhost/test.php Installation, Configuration of XAMPP and Execution in Linux Step-1: Go to the directory where the xampp is downloaded. For example, cd (/home/avoce/Downloads) give path where xampp stored

Fig. 2 : Program Listing 1

Step-2: Make installer file to executable by using below command chmod +x xampp-linux-5.5.28-0installer.run Step-3: Switch to root user by using command sudo -s -H Step-4: Run installer file ./xampp-linux-5.5.28-0-installer.run Step-5: To start XAMPP cd /opt/lampp/ sudo ./xampp start Step-6: To stop already existing apache sudo /etc/init.d/apache2 stop Step-7: To work on root sudo -s -H and cd /opt/lamp Step-8: To start php my admin http://localhost/phpmyadmin/

Original Image

Fig. 3 : Output of Program Listing 1

Image Rotations The PHP function imagerotate() is used to rotate the image in specified angle in degrees in counterclockwise. If we have to go 80 degrees clockwise then we have to specify it in imagerotate() to go 280 degrees counter-clockwise. Fig. 4 shows PHP code for rotation while Fig. 5 shows result after rotation by 30 degrees in counterclockwise.

Edge Detection Filter The edges in an image are detected by identifying sudden changes of discontinuities. The edges are also identified by significant transitions in the image. For example, the points at which brightness of image changes are organized into a set of curved line segments. IMG_FILTER_EDGEDETECT in PHP detects edges of given image. Fig.10 shows PHP code for applying edge detection filter while fig.11 shows filtered image with edges.



Original Image

After Negate effect


Original Image

Applying Embossing Effect In Image embossing operation, all pixels of given image are replaced either by a highlight or a shadow, depending on light or dark boundaries of source image. Here, low contrast areas are replaced by a gray background. The filtered image will represent the rate of color change at each location of the original image. In PHP, IMG_ FILTER_EMBOSS performs embossing operation. Fig.14 shows PHP code for applying embossing effect to the image while fig. 15 shows filtered image with embossing effect.

After Negate effect


Brightness Effect Brightness of image depends on our visual perception. Brightness is the amount of energy output by a source of light relative to the source. We can adjust brightness of image by differentiating the difference between its darkest and lightest areas. IMG_ FILTER_BRIGHTNESS in PHP is used for changing brightness effect of an image. Fig.12 shows PHP code for applying brightness effect to the image while fig. 13 shows filtered bright image.

Original Image

After Grayscale effect



After Brightness



Color to Grayscale Conversion The image is called grayscale image if it contains only various levels of gray in that image. In PHP, IMG_ FILTER_GRAYSCALE converts the color image into grayscale image. Fig.8 shows PHP code for converting color image into grayscale image while fig.9 shows resultant grayscale image.

Original Image


Original Image

After Embossing


Image Contrast Effect In PHP, IMG_FILTER_CONTRAST changes the contrast of the image. The contrast value changes within the range -255 to 255 where value 255 results more lighten image with up to white, 0 is default value and -255 results the darken image up to the black. Fig.16 shows PHP code for applying contrast effect to the image while fig.17 shows filtered contrast image.



is used to crop certain part of the image. Fig.20 shows PHP code for applying cropping effect to the image while fig.21 shows cropped image.



Original Image

After Contrast effect


Original Image

After Smooth Filter


Image Cropping The cropping operation is required to focus viewer’s attention on specific portion of an image. In PHP, imagecrop()

Original Image

Copying and Merging Two Images In some applications part of one image is required to merge with another image. In PHP, imagecopymerge() copies and merges part of image. Fig.24 shows PHP code for applying copymerge effect to the image while fig.25 shows copied and merged effects.

After Cropping


Copy with Resizing The imagecopyresized() is used to copy and resize part of an image. The function copies a rectangular portion of one image to another image. During coping and resizing the image, if the source and destination coordinates differ in width and heights then resizing automatically does appropriate stretching or shrinking of the image. Fig.22 shows PHP code for applying copyresizing effect to the image while fig.23 shows copied and resized image. Fig. 22 : Program Listing 11

After resizing to 0.95



Image Smoothing Effect Smoothing is used to reduce noise from the image. Mostly, the smoothing methods are based on low pass filters. In PHP, IMG_FILTER_SMOOTH is used for applying smooth effect to an image. Fig.18 shows PHP code for applying smooth effect to the image while fig.19 shows filtered smooth image.

Original Image


Image-A

Merging B into A

Image-B

Merging image A into A


Images with Text and Lines The PHP imagecolorallocate() returns a color identifier which represent the color composed of the given RGB components. Imagestring() is used to set properties to the string to be displayed such as font, string coordinates, color etc. Imagesetthickness() is used to set the thickness of line drawn while


www.csi-india.org


platform. Image processing related projects can be efficiently developed in PHP.

drawing polygons, rectangles, arcs etc. Imageline() draws a line. Fig.26 shows PHP code focusing how to use the functions with an image while Fig.27 shows the result. Fig. 26 : Program Listing 13


Concluding Remarks Image processing operations handling is required in many applications such as image watermarking, image compression, medical or biological image processing, Image enhancements, digital cinema and animations, color image processing, multidimensional image processing, video processing, Computerized photography, character recognition, face recognition, iris recognition and fingerprint processing. This article presents simple code for handling image attacks using PHP. As XAMPP is cross OS webserver, we can use above code in windows as well as in Linux

About the Author Dr. Baisa L. Gunjal [CSI Membership: CSI-N1111399] has completed PhD, Computer Engineering from Savitibai Phule Pune University and presently working as professor and head, Information Technology Department, Amrutvahini College of Engineering, Sangamner, MS,India. She has published more than 27 research articles at international and national levels and having more than 365 google scholar citations on her credit. She is recipient of ‘Best Teacher Award-2013’ from ‘Savitribai Phule Pune University,’ ‘Lady Engineer Award-2012’ from ‘Institution of Engineers’, ‘Active Faculty Award for Women-2012’, ‘Maximum Publications in CSI Award-2013’ and “Yasho-Kirti Award 2017” from ‘Computer Society of India’, ‘Best Research Paper award’ in international conference INDICON-2014. She can be researched at [email protected].

Kind Attention: Prospective Contributors of CSI Communications Please note that Cover Theme for January 2018 issue is Machine Intelligence. Articles may be submitted in the categories such as: Cover Story, Research Front, Technical Trends, Security Corner and Article. Please send your contributions by 20th December, 2017. The articles should be authored in as original text. Plagiarism is strictly prohibited. Please note that CSI Communications is a magazine for members at large and not a research journal for publishing fullfledged research papers. Therefore, we expect articles written at the level of general audience of varied member categories. Equations and mathematical expressions within articles are not recommended and, if absolutely necessary, should be minimum. Include a brief biography of four to six lines, indicating CSI Membership no., for each author with high resolution author photograph. Please send your article in MS-Word format to to Editor, Prof. Prashant R. Nair in the email ids [email protected] with cc to [email protected] (Issued on the behalf of Editorial Board CSI Communications) Dr. S S Agrawal Chief Editor


A R eport

Report on CSI Student Conventions Haryana State Level convention

Karnataka State Level Convention

The 31st CSI Karnataka students convention with the Theme “Digital Transformation : Challenges & Opportunities” was conducted by Channabasaveshwara Institute Technology, Gubbi on 13th & 14th October 2017 in association with CSI Bangalore Chapter. The convention inauguration was started with an invocation by students on Friday, 13-10-2017. Dr. Shanthala, Vice principal welcomed all the dignitaries for this convention. The chief guests & other dignitaries joined to light the lamp to mark as a good beginning. Mr. Venkatagiri, Vice Chairman CSI-BC told about CSI & academia association. Mr. Vishwas Bondade, RVP Region 5, briefed about the CSI student convention and expressed that in the current days, its digital way of life. Dr. Karisiddappa, Vice Chancellor of VTU was the chief guest. He advised the participants to compete with rest of the world in this era of digital transformation. We need to create skilled & quality workforce. The young engineers are required to set the goal and work sincerely with quality principles. Mr. Madhwesh Kulkarni, Director, ASPE, DXC Technology gave keynote address. He requested the young minds to meet the outcomes of engineering education. Digital transformation is the order of the day. The invited talk was: i) ICT for benefit by Mr. Rathan Rao, CTO Tayana software solutions, talked on how ICT is important in digital transformation. Dr. Suresh, Director & Principal, CIT proposed vote of thanks during inauguration. From CSI-BC Mrs Swarnalatha Ramesh, Mr. Seetaramu, Mr. Vishwas Bopanna & Dr. Shantharam Nayak have participated in the inauguration and also coordinated the events. More than 370 delegates from 18 different engineering colleges have participated and drawn the benefit. Mr. Anbhunathan was present during valedictory and briefed about the benefits of CSI association. The curtain was drawn to the convention by honoring the Winners of all the competitions during valedictory. Prizes were distributed in the valedictory programme. Prof Suresh, Prof Anil Kumar & Prof Geetha along with their team from CIT-Gubbi have coordinated for the success.

Jai Parkash Mukand Lal innovative & Technology Institute (JMIETI), Radaur has organized a one day Haryana State Level Student Convention in Collaboration with computer Society of India on 9th November 2017. The inaugural function was held in seminar hall of the institute. Dr. Anup Girdhar, CEO, Sedulity Solutions & Technologies, New Delhi was Chief guest of this program and Dr. Neelam Ruhil, Director-Education, Eclat Execution, Gurugram and state coordinator of Computer Society of India was guest of honour on the occasion. Dr. R. S. Chauhan, Director, JMIETI, Radaur presided over the function. During inauguration Prof. Chauhan reported the highlights & achievements of the institute. Dr. Anup Girdhar discussed about End-to-End IT security Management as per Indian IT Act, and Cyber Laws, IT security Policies as per the client’s Infrastructure part of cyber crime in today Digital India mission and future scope of cyber security solutions for everyone. He has also mentioned that students can build their carrier with various private security solution companies and government agencies. Dr. Nidhika Birla, Head of Electrical department, JMIT Radaur has delivered seminar on Digital India Mission and role of Technology in Digital India Mission. She has also discussed about Digital Forces in Artificial Intelligence and Data Analytics field. This convention has provided a platform to learn as well as to show skills in events like web designing, Code debugging, Technical Quiz, Digital Poster writing between students of various institution in the state. The outcome was very beneficial for the students of science and technology streams within this state level competition. Dr. Neelam Ruhil congratulated the successful organized of the event and she stressed that Digital Life is bright future. This Convention has provided a platform to learn as well as to show skills in competitive events like web designing, Code debugging, Technical Quiz, Digital Poster writing between students of various institution in the state. The students of JMIT and JMIETI Radaur, DAV girls college district Yamunannagar of Haryana got 1st position in these state level competitive events. The outcome was very beneficial for the students of science and technology streams within this state level competition. The convention was attended by 290 students of various institutions of the state. Mr. Vishal Garg convenor of the CSI convention congratulated his team members and brief the students about current trends of security in digital India and he said that these events create enthusiasm among the students for developing new software applications.


www.csi-india.org

A R eport

State Student Convention 2017, West Bengal was inaugurated by the distinguished persons, namely, Mr. Devaprasanna Sinha, RVP, Region-II; Mr. Subir Kumar Lahiri, Chairman, Kolkata Chapter; Dr. Subho Chaudhuri, Secretary, Kolkata Chapter; Dr. Somnath Mukhopadyay, Regional Student Coordinator, Region-II; Dr. Madhumita Sengupta, Member, CSI and Dr. Asit Kumar Saha, Principal, Haldia Institute of Technology.

The State Student Convention – 2017, West Bengal was organized by Computer Society of India, Region – II & Computer Society of India, Kolkata Chapter, held at Haldia Institute of Technology, Haldia, West Bengal (Institutional Membership No. I01734) on 9th November, 2017. It was a day long programme in which 87 students (members and non-members) participated. The programme consisted of Inauguration, Keynote Speech, Professional Lecture, Paper Presentation, Coding Competition, Quiz Competition, Prize Distribution & Valedictory Session. The programme

After the inauguration, events started with a Keynote Speech by Prof. (Dr.) J. K. Mondal, University of Kalyani, West Bengal. The next event was Professional Lecture by Mr. Suman De, Project Manager, TCS, which was a very much informative and interactive session. Then next up before lunch was Coding Competition (on-line) in which maximum number of students took part. After lunch, the event was technical Paper Competition in which 6 papers were presented and judged. The last competitive event was Quiz Competition which was a two-tier technical event. It is worth noting that the top 3 students were selected from each of three competitions for awards and certifications. The convention ended with prize and award distribution, and valedictory discussion.

Latex Workshop

The department of Mathematics, Amrita School of Arts and Sciences, Kochi, in association with Computer Society of India [CSI] student branch organized a National Workshop on LaTeX Report & Article Writing on October 27th, 2017 in the college premises. The first session “Introduction to Latex” was handled by Sri R Parameswaran, Assistant

Professor, Department of Mathematics, ASAS, Kochi. The second session was on “Specific to Subject Areas” which was handled by Dr. Dhanya Shajin, Assistant Professor, Department of Mathematics, ASAS, Kochi. The programme was inaugurated by the college Director, Dr. U Krishnakumar.

Workshop on Python - Programming Tool for Data Science A two-day Hands-on Workshop on Python [Programming Tool for Data Science] was conducted on 7 and 8 November 2017. The workshop was hosted by the Computer Science & IT Department of Amrita School of Arts and Sciences in association with the Computer Society of India [CSI] student branch and Amrita Centre for Research and Development [ACRD]. The Two-Day workshop was handled by Sri. Pankaj Kumar G, Asst. Professor, Federal Institute of Science and Technology [FISAT]. 60 participants registered for the workshop which encompassed of live demonstrations and practical sessions. 41 C S I C o m m u n ic a t i o n s | D E C E M B E R 2 0 1 7

From chapters & d i v i s i ons

AHMEDABAD CHAPTER

One day Seminar on Fundamentals of Internet of Things was conducted by Computer Society of India student branch at Pandit Deendayal Petroleum University in association with CSI-Ahmedabad chapter on 28th October, 2017. The event marked its opening by a welcome speech by the Anchor and distribution of momentum to the guests, Mr. Bharat Patel (Director and COO at Yudiz Solutions Pvt. Ltd and Past Chairman of CSI, Ahmedabad) and Mr. Niraj Shah (Co-founder of Arihant Satiate and Treasurer of CSI). The event continued with an engaging and interesting speech by Mr. Bharat Patel, who addressed the audience regarding various applications and scope of IoT, in near future. IoT seminar was arranged after the speech of Mr. Bharat Patel, at PDPU CSI-Student branch, conducted by Mr. Niraj Shah (Co-founder of Arihant Satiate and Treasurer of CSI), which made this event very informative and interesting. Theory session along with amazing videos related to IoT were shown, which helped in understanding the topic in depth. Various concepts beginning from basics of IoT to increasing demand of IoT and possible future applications were covered during his talk. Seminar concluded with the discussion on various mini projects which could be taken up by students under the guidance of Mentor for tinkering lab. Vote of thanks was presented by Dr. Samir Patel (Assistant Professor at SOT, PDPU and Vice-Chairman CSI-AC) and coordinator of this event. Doubt solving session was arranged at the end. Total 100 participants took the advantage of this event. CHENNAI chapter

transactions and to control the creation of additional units of the currency. Crypto currencies are classified as a subset of currencies and are also classified as a subset of alternative currencies and virtual currencies. A significant number of financial and technology (Fin-tech) thought leaders believe that virtual currencies represent a serious phenomenon that is already changing how traditional finance and banking works. He talked about the features, technology regulations and present status in India. More than 60 members attended the programme and the feedback was excellent.

The Chapter in association with Shri Shankarlal Sundarbai Shasun Jain College for Women organised a hands-on Workshop on Python Programming for School Teachers on 20-11-2017. After prayer, Dr. B. Poorna- Principal of the college, welcomed the Chief Guest Mr T R Vasudeva Rao, Chairman CSI Chennai Chapter. The resource persons were Ms Priya Vijai, Mr Babu, Mr Bhuvaneshwar and Dr Bhagavathi Priya. Mr T R Vasudevarao, in his address, thanked the principal and the College management for providing venue. He explained about CSI and role of CSI for dissemination of knowledge and sharing of experience to academic community – specially the Students and Industry fraternity; he also dwelt on the Model Examination being conducted by CSI - Chennai chapter for past 12 years for the benefit of Plus 2 students of the Tamil Nadu State Board; he said that CSI-Chennai chapter would consider conducting Model Examination for Plus 1 Students of the State Board as well for Plus 2 students of CBSE schools on a pilot basis. He mentioned that the workshop on Python being conducted on 20/11/2017 was a trailer covering only basics of Python programming and a two days’ advanced workshop would be planned in the next couple of months. About 30 teachers from various schools- both from State Board and CBSE Schools, attended the workshop. The valedictory function was held in the evening and Participation certificates were distributed by Mr T R Vasudeva Rao and Dr Poonkuzali. Ms. Aramvalarthanayagi proposed vote of thanks. GOA CHAPTER

Chennai Chapter organized a lecture program on Crypto Currency-Unplugged on 25th October 2017. Dr. B. Srinivasan, Dy FA&CAO (Taxation & Accounting Reforms) Southern Railway) was the resource person. Dr Srinivasan‘s presentation covered following points: The Crypto-currency (or crypto currency) is a digital asset designed to work as a medium of exchange using cryptography to secure the

Chapter organized a panel discussion on IT Industry in Goa: A Roadmap on 23-9-2017 at the Hotel Mandovi, Panjim. Eminent speakers from Government, industry and academia expressed their views in a lively, interactive session attended by CSI members, guests and students. Mr. Ameya Abhyankar, IT Secretary explained the IT start-up policy of the Goa Government.


www.csi-india.org

From chapters & d i v i s i ons

Chatper, Mr. Nitin Aggarwal, Mr. Agam Goyal were present. TRIVANDRUM CHAPTER

Industry representatives Arvind Kejrival, CEO, Progen ERP and Girish Bharne, Head, Persistent Systems, Goa, suggested encouraging mid-size companies and focusing on niche products and services like data science and statistics. Prof Abhiram Ranade, IIT-B and Prof Nilesh Fal Dessai, GEC spoke from the academic perspective and stressed on developing problem-solving abilities and hands on training. Young entrepreneurs Vincent Toscano, Prajyot Mainker and Milind Prabhu spoke of the talent crunch and challenges faced by start-ups. Prof Ramrao Wagh, Dept of Computer Science & Tech, Goa University moderated the discussion. In the concluding address, Chairperson Shailaja Sardessai reported the activities of the Chapter. Chief Guest Siddarth Kunkcalienkar, ex-MLA outlined the Smart City Plan for Panjim city. Guest of Honour Prof. Varun Sahni, Vice Chancellor, Goa University talked of the challenges faced by Universities in imparting quality education, the need for instilling values in students, and fostering risk taking and exploration attitude in students. Srivallabh Sardessai, Chapter Secretary, proposed the vote of thanks.

Chapter organized a Technical talk on the topic Introduction to Ethical Hacking. Dr. Vishnukumar, Chapter Chairman welcomed the gathering and introduced the speaker Mrs. Lakshmy Preeti Money, Scientist/Engineer, VSSC, ISRO, Thiruvananthapuram. The speaker delivered the informative lecture. Around 35 participants attended the session. After the lecture Mr Basanth Kumar, Secretary, CSI Trivandrum Chapter proposed the vote of thanks. Certificates TIRUCHIRAPPALI CHAPTER

HARIDWAR CHAPTER

Chapter Conducted a Guest Lecture on Fractals on 7-112017. Speaker for this Programme is Er C T Praveen Kumar, Asst Engineer(ICT), Bharat Heavy Electricals Limited, Tiruchirappalli Department of CSE, FET in co-ordination with CSI Haridwar Chapter organized a workshop on Applications of Cloud Computing, Big Data and IOT in Industry on 28-10-2017 by Mr Mukesh Negi, Senior Technical Manager, Tech Mahindra, Noida. He introduced the Industry Process and the use of Technical Languages, Cloud Computing, Big Data, IOT in Industry. He also encouraged students to come up with new ideas to implement the technology for more beneficial purposes in industry. He talked about the amazon web services with its live implementation. In the questions sessions students put some questions on how and where the latest technology is used in the companies and how at the student level it can be learned and implemented. More than 100 students participated in the workshop. Mr. Namit Khanduja Coordinated the event, Dr. Mayank Aggarwal, Chairman, CSI Haridwar Chapter presented a plaque to the invited guest. Mr. Suyash Bhardwaj, Member CSI Haridwar Chapter, Mr. Nishant Kumar, Hon. Secretary CSI Haridwar Chapter, Dr. Mukesh Chand, Treasurer, CSI Haridwar

VELLORE CHAPTER Chapter organized a one day workshop on Recent Trends in Smart Grid on 17-10-2017 at VIT University. Mr. M Gopinathan, General Manager, Convex, USA explained the basics features of smart grid, privacy and security issues in a smart way. Around 60 members participated in workshop, organized by Dr. Rajkumar & Prof. Govinda.


f rom student branches Region-I The NorthCap University, Gurugram

12-10-2017 - Interactive session on GitHub

1-11-2017 - Event on Explore & Exploit

Amity School of Engineering and Technology (Amity University), Noida

21-9-2017 - Guest Lecture on Software Automation Testing by Ms Sakshi Agarwal from Samsung

10-10-2017 to 12-10-2017 – Workshop on Object Oriented Programming Sessions

GNA University, Phagwara

Dronacharya College of Engineering, Gurgaon

6-11-2017 - Workshop on Cloud Computing

6-11-2017 - Industrial visit to Mother Dairy, Patpaganj

Region-III Sagar Institute of Science and Technology(SISTec), Bhopal

7-10-2017 - Debugging Contest

23-10-2017 - Expert lecture on Social Media Security by Ms. Garima Purohit


www.csi-india.org

f rom student branches Region-III

Region-IV

The LNM Institute of Information Technology, Jaipur

Shri Shankaracharya Institute of Professional Management and Technology, Raipur

29-10-2017 - Workshop on Java Programming and OOP concept

5-10-2017 – GeekExpo - A project exhibition

Region-V GITAM Institute of Technology, Visakhapatnam

18-9-2017 & 19-9-2017 - Workshop on Block Chain Technology by Shri Opinder Preet Singh

11-10-2017 - Seminar on Digital Transformation by Shri Saravanan

Gokaraju Rangaraju Institute of Engg. & Tech., Hyderabad

Brindavan Institute of Technology and Science, Kurnool

27-7-2017 - CSI membership drive

14-10-2017 & 15-10-2017 - Workshop on Data Engineering by Mr Raghavendra Reddy

Prasad V. Potluri Siddhartha Institute of Technology, Vijayawada

16-9-2017 – Event on a Platform to Innovate and Renovate

23-10-2017 – Event on Fundamental science is the key to Technological Advancement


f rom student branches Region-V Aurora's Engineering College, Bhongir

Vasavi College of Engineering, Hyderabad

12-10-2017 - Mr K Mohan Raidu, Chairman, CSI Hyderabad Chapter inaugurated the Student Branch

26-10-2017 - Technical Quiz

NBKR Institute of Science and Technology, Nellore

Dr L Bullayya College of Engg. for Women, Visakhapatnam

23-10-2017 - Poster released for CSI Regional Student Convention, Region-V

28-9-2017 - Technical Quiz by Mr. Prasanth

Narayana Engineering College, Nellore

JSS Academy of Technical Education, Bangalore

23-10-2017 - Tech Talk on Big Data-Hadoop-Mahout Module by Prof. Ragala Ramesh

8-10-2017 & 9-10-2017 - Workshop on Machine Learning

R. V. College of Engineering, Bangalore

13-9-2017 - Technical talk on Cloud Computing by Dr. Wolfgang Richter

2-11-2017 - Technical talk on Career Development and Opportunities by Ms Aakriti Srikanth


www.csi-india.org

f rom student branches Region-V REVA University, Bangalore

ATME College of Engineering, Mysore

15-11-2017 - Hands-on Training Program on Python from Scratch

3-11-2017 - Releasing CSI Student Branch Newsletter (Tech Bits V2-I1) during National Level Event on CODE ARENA

St. Joseph Engineering College, Mangaluru

Amrita Vishwa Vidyapeetham (University), Bangalore

2-10-2017 to 8-10-2017 - Campaign of plastic free campus (Daan Utsav)

4-11-2017 - Technical talk on Data Science

K.S. Institute of Technology, Bangalore

9-10-2017 - Seminar on Python on Industry by Mr. Palanivel

13-10-2017 - Workshop on NS-2 and Data Mining

NMAM Institute of Technology, Nitte

16-9-2017 & 17-9-2017 – Workshop on D Bug C

23-9-2017 & 24-9-2017 – Workshop on Image Processing and Machine Learning Using MATLAB


f rom student branches Region-VI Dr. D. Y. Patil School of Engineering and Technology, Pune

Prof Ram Meghe Inst. of Technology & Research, Amravati

9-11-2017 – Faculty Development Program on Indian Patent Drafting and Filing Procedure

6-10-2017 & 7-10-2017 - Workshop on Real Time Web Based Application Development

Marathwada Institute of Technology, Aurangabad

22-8-2017 - Expert Talk on Open Source Technology and its Applications by Ms. Rani Patil

6-9-2017 - Expert talk on introduction of TRIRIGA Technology by Mr. Ravindra Waibase

AISSMS Institute of Information Technology, Pune

16-8-2017 - Social Visit at Gurunanak School and conducted Technical Session

12-9-2017 - Industrial visit on Technosys

Region-VI

Region-VII

Universal College of Engineering, Vasai

VIT University, Vellore

11-8-2017 - Ms Sangeeta Srivastav briefing the students during Intercollegiate Technical Fest Junior Vyro

27-10-2017 to 29-10-2017 - Technical event on TECH-A-THON


www.csi-india.org

f rom student branches Region-VII Jeppiaar Institute of Technology, Sriperumpudur

Nandha College of Technology, Erode

27-10-2017 – Seminar on Web Programming by Prof. Annamalai

9-9-2017 - Hands-on workshop on Grid & Cloud Computing by Mr. Krishna Sankar

Panimalar Institute of Technology, Chennai

21-9-2017 & 22-9-2017 - Two days hands on workshop on Mobile Gaming

5-10-2017 & 6-10-2017 - Workshop on IoT based Alert System for Heart Attack due to Diabetics

Aditya Engineering College, Surampalem

6-9-2017 to 8-9-2017 - Workshop on ANIMATION

19-9-2017 to 21-9-2017 - Workshop on IOT Hackathon

K.L.N. College of Information Technology, Pottapalayam

29-9-2017 – Guest Lecture on Enterprise Resource Planning by Mr. Venkateshwaran

27-9-2017 & 28-9-2017 - Workshop on Python programming


f rom student branches Region-VII Jeppiaar Engineering College, Chennai

Valliammai Engineering College, Kattankulathur

14-10-2017 - Guest Lecture on Current Trends in Advanced Technology by Prof. Lalit M Patnaik

9-11-2017 - SDTP on Python Programming by Mr. Nagarajan

Rajalakshmi Engineering College (Autonomous), Chennai

22-9-2017 - Seminar on Spatial Data Analysis for Disease Prevalence and Prediction by Dr. Vasna Joshua

23-9-2017 - Seminar on Transforming Healthcare with Analytics by Mr. Sathya Venkatraman

Jeppiaar Engineering College, Chennai

St. Thomas College of Engineering and Technology, Kannur

11-8-2017 - Workshop on Mobile App Development by Mr. Jagan

26-10-2017 - Student Branch Inauguration


www.csi-india.org

C S I C A L E N D A R 2 0 1 7 - 1 8

Gautam Mahapatra, Vice President, CSI, Email: [email protected] Date

Event Details & Contact Information

OCTOBER 28-29, 2017

International conference on Data Engineering and Applications-2017 (IDEA-17) at Bhopal (M.P.), http://www.ideaconference.in Contact : [email protected]

DECEMBER 21-23, 2017

Fourth International Conference on Image Information Processing (ICIIP-2017), at Jaypee University of Information Technology (JUIT), Solan, India, (http://www.juit.ac.in/iciip_2017/) Contact : Dr. P. K. Gupta ([email protected]) (O) +91-1792-239341 Prof. Vipin Tyagi ([email protected])

30-31, 2017

3rd International Conference on Next Generation Computing Technologies Web site : http://csi-india.org/communications/CSIC_March_2017_event.pdf

2 0 1 8

2nd International Conference on Data Management, Analytics and Innovation (ICDMAI 2018), jointly organized by Computer Society of India, Division II; Computer Society of India, Pune Chapter and Audyogik Tantra Shikshan Sanstha’s, Institute of Industrial and Computer Management and Research, Pune, (IICMR). http://www.icdmai.org Contact : Dr. Neha Sharma ([email protected], +91-9923602490), Dr. Deepali Sawai - [email protected], +91-9921000870

January 19-21, 2018

52nd Annual Convention Organized by CSI Kolkata Chapter Theme: Social Transformation - Digital Way, Venue: Science City E-mail: [email protected], [email protected], [email protected] Website: www.csi2017.in

Student branches are requested to send their report to [email protected] with a copy to [email protected] Chapters are requested to send their activity report to [email protected] with a copy to [email protected] Kindly send High Resolution Photograph with the report.


Registered with Registrar of News Papers for India - RNI 31668/1978 Regd. No. MCN/222/20l5-2017 Posting Date: 10 & 11 every month. Posted at Patrika Channel Mumbai-I Date of Publication: 10th of every month

If undelivered return to : Samruddhi Venture Park, Unit No.3, 4th floor, MIDC, Andheri (E). Mumbai-400 093

THE 2017 INDIA-AFRICA ICT SUMMIT 1-2nd December 2017 | NCR | Republic of India

1st - 2nd Dec 2017, New Delhi

Innovation Society, X-2848(A), Street-5, Raghubarpura2, Gandhi Nagar, Delhi 110031, India

Visit us : www.indiafrica.org, E-mail: [email protected], Phone : +91-96025 70498, +91-85040 48761, +91-96630 71796, +91-9483271000, +91-9873089839

The 2017 India Africa ICT Summit & Excellence Award successfully conducted at Hotel Ramada Gurgaon Central on 0102 December. The theme of this summit intended to “Confronting ICT and Cyber Challenges, Developing India and Africa through ICT, Opportunities, Challenges and way forward”. The Summit was inaugurated by chief Guest Mr. Saurabh Tiwari, Dy. Director, Department of Telecommunication, Govt. of India presided by Shree N. K. Goyal- President CMAI. Guest of Honour Mr. Sanjay Mohapatra, President, CSI, African Delegation head by Justice Ralph Ochan, Chairman, Public Service Commission Uganda, Prof. A. K. Khare, Chancellor, IEC University Himachal Pradesh and Prof. Ripu Ranjan Sinha, Chairman Organizing Committee. President, CSI, emphasize on present situation of India and Africa towards ICT Growth, Opportunities and ways forward. He also enlightens need of developing India and Africa bilateral relation through Information and Communication Technologies. He declare the need of delegation meet visit to Uganda for analysing the grass root level issue and Challenges and ways forward with the support of Bilateral resource sharing, During Mid February 2018 and directed to Organizing Chairmen to form a delegation committee with proposed budget plan. President CMAI expands his vision and utilization of Telecommunication companies in the development of infrastructure growth in India and Africa and also emphasizes the need of expanded bandwidth to boost up bilateral relation between two continents. Our chief guest emphasize the benefit of ICT Technologies through various Govt initiative (UDAI/ Digital India/ Make In India/EDI) taken by Govt agency and saved fund for improvement of Society. This fund may be utilized for the betterment of bilateral relation and boosting Infrastructure. Other speakers were Mr. Godfrey Byamukama KereereMinistry of Finance Planning and Economic development Uganda; Dr. Rajendra S Shirole-Hult School of Business management, Bostan USA; Mr. B. K. Gupta, CEO Ginat Step, India; Diwale Mohamad-President Asia Africa Scholars Global Network, United

View publication stats

Kingdom; Paul Wabwiiyi, Ministry of Lands Housing and urban development, Uganda; Doha Thoari, United Arab Emirate, Dubai; Rajiev Ranjan Roy, Editor Daily Post; Babirye Peace, Officer in charge Software Engineering, Uganda Prisons Services, Uganda. Representatives from Africa and India mutually agreed on requirement of council in the name and Style of Asia Africa Development Council that will take forward all the issue keep in mind sustainable Peace and Development Goals as per the United nation sustainable development goals. A website : www. asiafricaonline.com was launched with an objectives promotion of cooperation amongst all countries and people of Asia and Africa by focusing on among other, Tourism and Investment, Trading between Africa and Asia, Cultural and Educational Exchange programs, democracy and Good Governance, Human Rights, Responsible Investments in Africa and Asia, educational development and People-to-People relationships. During Summit (39) India-Africa ICT Excellence Awards were recognized for exceptional contributions towards innovative development and promotion to ICT in India, Africa, and other parts of the globe. India-Africa ICT Knowledge Directory is also launched during the event. The Execution policy and Strategic Plan, Discussion and Deliberation ware held during High Level Dinner at venue in tune with UNSGs-2030. The summit has been organized by Innovation Society – India in association with Ministry of Electronics and Information Technology, Govt. of India, Computer Society of India, CMAI, WAIMS and Public Opinion International Uganda. Participants mainly from Ministers in charge of ICT from Governments in Africa, CEOs, Selected Heads of ICT Academic Institutions from Africa and India, Major software and telecom companies.