Biblio

Mobile Adhoc networks (MANETs) comprises of mobile devices or nodes that are connected wirelessly and have no infrastructure. Detecting malicious activities in MANETs is a challenging task as they are vulnerable to attacks where the performance of the entire network degrades. Hence it is necessary to provide security to the network so that the nodes are prone to attack. Selecting a good routing protocol in MANET is also important as frequent change of topology causes the route reply to not arrive at the source node. In this paper, R-AODV (Reverse Adhoc On-Demand Distance Vector) protocol along with ECC (Elliptic Key Cryptography) algorithm is designed and implemented to detect and to prevent the malicious node and to secure data transmission against blackhole attack. The main objective is to keep the data packets secure. ECC provides a smaller key size compared to other public-key encryption and eliminates the requirement of pre-distributed keys also makes the path more secure against blackhole attacks in a MANET. The performance of this proposed system is simulated by using the NS-2.35 network simulator. Simulation results show that the proposed protocol provides good experimental results on various metrics like throughput, end-to-end delay, and PDR. Analysis of the results points to an improvement in the overall network performance.

In this paper, a novel DNA based computing method is proposed for encryption of biometric color(face)and gray fingerprint images. In many applications of present scenario, gray and color images are exhibited major role for authenticating identity of an individual. The values of aforementioned images have considered as two separate matrices. The key generation process two level mathematical operations have applied on fingerprint image for generating encryption key. For enhancing security to biometric image, DNA computing has done on the above matrices generating DNA sequence. Further, DNA sequences have scrambled to add complexity to biometric image. Results of blending images, image of DNA computing has shown in experimental section. It is observed that the proposed substitution DNA computing algorithm has shown good resistant against statistical and differential attacks.

In this paper, a novel Dynamic Chaotic Biometric Identity Isomorphic Elliptic Curve (DCBI-IEC) has been introduced for Image Encryption. The biometric digital identity is extracted from the user fingerprint image as fingerprint minutia data incorporated with the chaotic logistic map and hence, a new DCBDI-IEC has been suggested. DCBI-IEC is used to control the key schedule for all encryption and decryption processing. Statistical analysis, differential analysis and key sensitivity test are performed to estimate the security strengths of the proposed DCBI-IEC system. The experimental results show that the proposed algorithm is robust against common signal processing attacks and provides a high security level for image encryption application.

New research fields and applications on human computer interaction will emerge based on the recognition of emotions on faces. With such aim, our study evaluates the features extracted from faces to recognize emotions. To increase the success rate of these features, we have run several tests to demonstrate how age and gender affect the results. The artificial neural networks were trained by the apparent regions on the face such as eyes, eyebrows, nose, mouth, and jawline and then the networks are tested with different age and gender groups. According to the results, faces of older people have a lower performance rate of emotion recognition. Then, age and gender based groups are created manually, and we show that performance rates of facial emotion recognition have increased for the networks that are trained using these particular groups.

Vehicular ad hoc networks (VANETs) ensure improvement in road safety and traffic management by allowing the vehicles and infrastructure that are connected to them to exchange safety messages. Due to the open wireless communication channels, security and privacy issues are a major concern in VANETs. A typical attack consists of a malicious third party intercepting, modifying and retransmitting messages. Heterogeneous vehicular communication in VANETs occurs when vehicles (only) or vehicles and other infrastructure communicate using different cryptographic techniques. To address the security and privacy issues in heterogeneous vehicular communication, some heterogeneous signcryption schemes have been proposed. These schemes simultaneously satisfy the confidentiality, authentication, integrity and non-repudiation security requirements. They however fail to properly address the efficiency with respect to the computational cost involved in unsigncrypting ciphertexts, which is often affected by the speeds at which vehicles travel in VANETs. In this paper, we propose an efficient conditional privacy-preserving hybrid signcryption (CPP-HSC) scheme that uses bilinear pairing to satisfy the security requirements of heterogeneous vehicular communication in a single logical step. Our scheme ensures the transmission of a message from a vehicle with a background of an identity-based cryptosystem (IBC) to a receiver with a background of a public-key infrastructure (PKI). Furthermore, it supports a batch unsigncryption method, which allows the receiver to speed up the process by processing multiple messages simultaneously. The security of our CPP-HSC scheme ensures the indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) under the intractability assumption of q-bilinear Diffie-Hellman inversion (q-BDHI) problem and the existential unforgeability against adaptive chosen message attack (EUF-CMA) under the intractability assumption of q-strong Diffie-Hellman (q-SDH) problem in the random oracle model (ROM). The performance analysis indicates that our scheme has an improvement over the existing related schemes with respect to the computational cost without an increase in the communication cost.

Mobile apps exploit embedded sensors and wireless connectivity of a device to empower users with portable computations, context-aware communication, and enhanced interaction. Specifically, mobile health apps (mHealth apps for short) are becoming integral part of mobile and pervasive computing to improve the availability and quality of healthcare services. Despite the offered benefits, mHealth apps face a critical challenge, i.e., security of health-critical data that is produced and consumed by the app. Several studies have revealed that security specific issues of mHealth apps have not been adequately addressed. The objectives of this study are to empirically (a) investigate the challenges that hinder development of secure mHealth apps, (b) identify practices to develop secure apps, and (c) explore motivating factors that influence secure development. We conducted this study by collecting responses of 97 developers from 25 countries - across 06 continents - working in diverse teams and roles to develop mHealth apps for Android, iOS, and Windows platform. Qualitative analysis of the survey data is based on (i) 8 critical challenges, (ii) taxonomy of best practices to ensure security, and (iii) 6 motivating factors that impact secure mHealth apps. This research provides empirical evidence as practitioners' view and guidelines to develop emerging and next generation of secure mHealth apps.

The generation, transmission, distribution, and storage of electric power is becoming increasingly decentralized. Advances in Distributed Energy Resources (DERs) are rapidly changing the nature of the power grid. Moreover, the accommodation of these new technologies by the legacy grid requires that an increasing number of devices be Internet connected so as to allow for sensor and actuator information to be collected, transmitted, and processed. With the wide adoption of the Internet of Things (IoT), the cybersecurity vulnerabilities of smart grid devices that can potentially affect the stability, reliability, and resilience of the power grid need to be carefully examined and addressed. This is especially true in situations in which smart grid devices are deployed with default configurations or without reasonable protections against malicious activities. While much work has been done to characterize the vulnerabilities associated with Supervisory Control and Data Acquisition (SCADA) and Industrial Control System (ICS) devices, this paper demonstrates that similar vulnerabilities associated with the newer class of IoT smart grid devices are becoming a concern. Specifically, this paper first performs an evaluation of such devices using the Shodan platform and text processing techniques to analyze a potential vulnerability involving the lack of password protection. This work further explores several Shodan search terms that can be used to identify additional smart grid components that can be evaluated in terms of cybersecurity vulnerabilities. Finally, this paper presents recommendations for the more secure deployment of such smart grid devices.

This study extends previous advances in soft biometrics and describes to what extent soft biometrics can be used for facial profile recognition. The purpose of this research is to explore human recognition based on facial profiles in a comparative setting based on soft biometrics. Moreover, in this work, we describe and use a ranking system to determine the recognition rate. The Elo rating system is employed to rank subjects by using their face profiles in a comparative setting. The crucial features responsible for providing useful information describing facial profiles have been identified by using relative methods. Experiments based on a subset of the XM2VTSDB database demonstrate a 96% for recognition rate using 33 features over 50 subjects.

Privacy preservation is a challenging task with the huge amount of data that are available in social media. The data those are stored in the distributed environment or in cloud environment need to ensure confidentiality to data. In addition, representing the voluminous data is graph will be convenient to perform keyword search. The proposed work initially reads the data corresponding to social media and converts that into a graph. In order to prevent the data from the active attacks Advanced Encryption Standard algorithm is used to perform graph encryption. Later, search operation is done using two algorithms: kNK keyword search algorithm and top k nearest keyword search algorithm. The first scheme is used to fetch all the data corresponding to the keyword. The second scheme is used to fetch the nearest neighbor. This scheme increases the efficiency of the search process. Here shortest path algorithm is used to find the minimum distance. Now, based on the minimum value the results are produced. The proposed algorithm shows high performance for graph generation and searching and moderate performance for graph encryption.

A Cyber Physical System (CPS) is a smart network system with actuators, embedded sensors, and processors to interact with the physical world by guaranteeing the performance and supporting real-time operations of safety critical applications. These systems drive innovation and are a source of competitive advantage in today’s challenging world. By observing the behavior of physical processes and activating actions, CPS can alter its behavior to make the physical environment perform better and more accurately. By definition, CPS basically has two major components including cyber systems and physical processes. Examples of CPS include autonomous transportation systems, robotics systems, medical monitoring, automatic pilot avionics, and smart grids. Advances in CPS will empower scalability, capability, usability, and adaptability, which will go beyond the simple systems of today. At the same time, CPS has also increased cybersecurity risks and attack surfaces. Cyber attackers can harm such systems from multiple sources while hiding their identities. As a result of sophisticated threat matrices, insufficient knowledge about threat patterns, and industrial network automation, CPS has become extremely insecure. Since such infrastructure is networked, attacks can be prompted easily without much human participation from remote locations, thereby making CPS more vulnerable to sophisticated cyber-attacks. In turn, large-scale data centers managing a huge volume of CPS data become vulnerable to cyber-attacks. To secure CPS, the role of security analytics and intelligence is significant. It brings together huge amounts of data to create threat patterns, which can be used to prevent cyber-attacks in a timely fashion. The primary objective of this Special Section in IEEE A CCESS is to collect a complementary and diverse set of articles, which demonstrate up-to-date information and innovative developments in the domain of security analytics and intelligence for CPS.

Two-phase I/O is a well-known strategy for implementing collective MPI-IO functions. It redistributes I/O requests among the calling processes into a form that minimizes the file access costs. As modern parallel computers continue to grow into the exascale era, the communication cost of such request redistribution can quickly overwhelm collective I/O performance. This effect has been observed from parallel jobs that run on multiple compute nodes with a high count of MPI processes on each node. To reduce the communication cost, we present a new design for collective I/O by adding an extra communication layer that performs request aggregation among processes within the same compute nodes. This approach can significantly reduce inter-node communication contention when redistributing the I/O requests. We evaluate the performance and compare it with the original two-phase I/O on Cray XC40 parallel computers (Theta and Cori) with Intel KNL and Haswell processors. Using I/O patterns from two large-scale production applications and an I/O benchmark, we show our proposed method effectively reduces the communication cost and hence maintains the scalability for a large number of processes.

As Internet of Things (IoT) devices are increasingly used in industry and become further integrated into our daily lives the security of such devices is of paramount concern. Ensuring that the large amount of information that these devices collect is protected and only accessible to authenticated users is a critical requirement of the industry. One potentially inexpensive way to improve device security utilises a Physically Unclonable Function (PUF) to generate a unique random response per device. This random response can be generated in such a way that it can be regenerated reliably and repeatably allowing the response to be considered a signature for each device. This signature could then be used for authentication or key generation purposes, improving trust in IoT devices. The advantage of a PUF based system is that the response does not need to be stored in nonvolatile memory as it is regenerated on demand, hardening the system against physical attacks. With SoC FPGAs being inexpensive and widely available there is potential for their use in both industrial and consumer applications as an additional layer of hardware security. In this paper we investigate and implement a Trusted Execution Environment (TEE) based around a PUF solely implemented in the FPGA fabric on a Xilinx Zynq-7000 SoC FPGA. The PUF response is used to seed a generic entropy maximisation function or Pseudorandom Number Generator (PRNG) with a system controller capable of encrypting data to be useful only to the device. This system interacts with a software platform running in the ARM TrustZone on the ARM Cortex core in the SoC, which handles requests between user programs and the FPGA. The proposed PUF-based security module can generate unique random keys able to pass all NIST tests and protects against physical attacks on buses and nonvolatile memories. These improvements are achieved at a cost of fewer than half the resources on the Zynq-7000 SoC FPGA.

Low-power wireless network technology is one of the main key characteristics in communication systems that are needed by the Internet of Things (IoT). Nowadays, the 6LoWPAN standard is one of the communication protocols which has been identified as an important protocol in IoT applications. Networking technology in 6LoWPAN transfer IPv6 packets efficiently in link-layer framework that is well-defined by IEEE 802.14.5 protocol. 6Lo WPAN development is still having problems such as threats and entrust crises. The most important part when developing this new technology is the challenge to secure the network. Data security is viewed as a major consideration in this network communications. Many researchers are working to secure 6LoWPAN communication by analyzing the architecture and network features. 6LoWPAN security weakness or vulnerability is exposed to various forms of network attack. In this paper, the security solutions for 6LoWPAN have been investigated. The requirements of safety in 6LoWPAN are also presented.

Advancements in the AI field unfold tremendous opportunities for society. Simultaneously, it becomes increasingly important to address emerging ramifications. Thereby, the focus is often set on ethical and safe design forestalling unintentional failures. However, cybersecurity-oriented approaches to AI safety additionally consider instantiations of intentional malice – including unethical malevolent AI design. Recently, an analogous emphasis on malicious actors has been expressed regarding security and safety for virtual reality (VR). In this vein, while the intersection of AI and VR (AIVR) offers a wide array of beneficial cross-fertilization possibilities, it is responsible to anticipate future malicious AIVR design from the onset on given the potential socio-psycho-technological impacts. For a simplified illustration, this paper analyzes the conceivable use case of Generative AI (here deepfake techniques) utilized for disinformation in immersive journalism. In our view, defenses against such future AIVR safety risks related to falsehood in immersive settings should be transdisciplinarily conceived from an immersive co-creation stance. As a first step, we motivate a cybersecurity-oriented procedure to generate defenses via immersive design fictions. Overall, there may be no panacea but updatable transdisciplinary tools including AIVR itself could be used to incrementally defend against malicious actors in AIVR.

Fog computing was emerged as mini-clouds deployed close to the ground to reduce communication overhead and time latency between the cloud and end-users' devices. Because fog computing is an extension of cloud computing, it inherits the security and privacy issues cloud computing has faced. If a Fog Node (FN) serving end-devices goes rogue or becomes maliciously compromised, this would hinder individuals' and organizations' data security (e.g., Confidentiality, Integrity, and Availability). This paper presents a novel scheme based on the Ciphertext-Policy-Attribute-Based-Encryption (CP-ABE) and hashing cryptographic primitives to minimize the amount of data in danger of breach by rogue fog nodes with maintaining the fog computing services provided to end-users' devices. This scheme manages to oust rogue Fog Nodes (FNs) and to prevent them from violating end-users' data security while guarantying the features provided by the fog computing paradigm. We demonstrate our scheme's applicability and efficiency by carrying out performance analysis and analyzing its security, and communication overhead.

Cryptocurrencies are the digital currencies designed to replace the regular cash money while taking place in our daily lives especially for the last couple of years. Mining cryptocurrencies are one of the popular ways to have them and make a profit due to unstable values in the market. This attracts attackers to utilize malware on internet users' computer resources, also known as cryptojacking, to mine cryptocurrencies. Cryptojacking started to be a major issue in the internet world. In this case, we developed MiNo, a web browser add-on application to detect these malicious mining activities running without the user's permission or knowledge. This add-on provides security and efficiency for the computer resources of the internet users. MiNo designed and developed with double-layer protection which makes it ahead of its competitors in the market.

In this paper, we present the concept of boosting the resiliency of optimization-based observers for cyber-physical systems (CPS) using auxiliary sources of information. Due to the tight coupling of physics, communication and computation, a malicious agent can exploit multiple inherent vulnerabilities in order to inject stealthy signals into the measurement process. The problem setting considers the scenario in which an attacker strategically corrupts portions of the data in order to force wrong state estimates which could have catastrophic consequences. The goal of the proposed observer is to compute the true states in-spite of the adversarial corruption. In the formulation, we use a measurement prior distribution generated by the auxiliary model to refine the feasible region of a traditional compressive sensing-based regression problem. A constrained optimization-based observer is developed using l1-minimization scheme. Numerical experiments show that the solution of the resulting problem recovers the true states of the system. The developed algorithm is evaluated through a numerical simulation example of the IEEE 14-bus system.

Due to their proven efficiency, machine-learning systems are deployed in a wide range of complex real-life problems. More specifically, Spiking Neural Networks (SNNs) emerged as a promising solution to the accuracy, resource-utilization, and energy-efficiency challenges in machine-learning systems. While these systems are going mainstream, they have inherent security and reliability issues. In this paper, we propose NeuroAttack, a cross-layer attack that threatens the SNNs integrity by exploiting low-level reliability issues through a high-level attack. Particularly, we trigger a fault-injection based sneaky hardware backdoor through a carefully crafted adversarial input noise. Our results on Deep Neural Networks (DNNs) and SNNs show a serious integrity threat to state-of-the art machine-learning techniques.

Most anti-collusion audio fingerprinting schemes are aiming at finding colluders from the illegal redistributed audio copies. However, the loss caused by the redistributed versions is inevitable. In this letter, a novel fingerprinting scheme is proposed to eliminate the motivation of collusion attack. The audio signal is transformed to the frequency domain by the Fourier transform, and the coefficients in frequency domain are reversed in different degrees according to the fingerprint sequence. Different from other fingerprinting schemes, the coefficients of the host media are excessively modified by the proposed method in order to reduce the quality of the colluded version significantly, but the imperceptibility is well preserved. Experiments show that the colluded audio cannot be reused because of the poor quality. In addition, the proposed method can also resist other common attacks. Various kinds of copyright risks and losses caused by the illegal redistribution are effectively avoided, which is significant for protecting the copyright of audio.

Increased penetration of distributed energy resources (DERs) creates challenges in formulating the security constrained optimal power flow (SCOPF) problem as the number of models for these resources proliferate. Specifically, the number of devices with different mathematical models is large and their integration into the SCOPF becomes tedious. Henceforth, a process that seamlessly models and integrates such new devices into the SCOPF problem is needed. We propose an object-oriented modeling approach that leads to the autonomous formation of the SCOPF problem. All device models in the system are cast into a universal syntax. We have also introduced a quadratization method which makes the models consisting of linear and quadratic equations, if nonlinear. We refer to this model as the State and Control Quadratized Device Model (SCQDM). The SCQDM includes a number of equations and a number of inequalities expressing the operating limits of the device. The SCOPF problem is then formed in a seamless manner by operating only on the SCQDM device objects. The SCOPF problem, formed this way, is also quadratic (i.e. consists of linear and quadratic equations), and of the same form and syntax as the SCQDM for an individual device. For this reason, we named it security constrained quadratic optimal power flow (SCQOPF). We solve the SCQOPF problem using a sequential linear programming (SLP) algorithm and compare the results with those obtained from the commercial solver Knitro on the IEEE 57 bus system.

Future wearable devices are expected to increasingly exchange their positioning information with various Location-Based Services (LBSs). Wearable applications can include activity-based health and fitness recommendations, location-based social networking, location-based gamification, among many others. With the growing opportunities for LBSs, it is expected that location privacy concerns will also increase significantly. Particularly, in opportunistic wireless networks based on device-to-device (D2D) connectivity, a user can request a higher level of control over own location privacy, which may result in more flexible permissions granted to wearable devices. This translates into the ability to perform location obfuscation to the desired degree when interacting with other wearables or service providers across the network. In this paper, we argue that specific errors in the disclosed location information feature two components: a measurement error inherent to the localization algorithm used by a wearable device and an intentional (or obfuscation) error that may be based on a trade-off between a particular LBS and a desired location privacy level. This work aims to study the trade-off between positioning accuracy and location information privacy in densely crowded scenarios by introducing two privacy-centric metrics.

Enterprises round the globe have been searching for a way to securely empower AndroidTM devices for work but have spurned away from the Android platform due to ongoing fragmentation and security concerns. Discrepant vulnerabilities have been reported in Android smartphones since Android Lollipop release. Smartphones can be easily hacked by installing a malicious application, visiting an infectious browser, receiving a crafted MMS, interplaying with plug-ins, certificate forging, checksum collisions, inter-process communication (IPC) abuse and much more. To highlight this issue a manual analysis of Android vulnerabilities is performed, by using data available in National Vulnerability Database NVD and Android Vulnerability website. This paper includes the vulnerabilities that risked the dual persona support in Android 5 and above, till Dec 2017. In our security threat analysis, we have identified a comprehensive list of Android vulnerabilities, vulnerable Android versions, manufacturers, and information regarding complete and partial patches released. So far, there is no published research work that systematically presents all the vulnerabilities and vulnerability assessment for dual persona feature of Android's smartphone. The data provided in this paper will open ways to future research and present a better Android security model for dual persona.

In this paper, we study the resilient vector consensus problem in multi-agent networks and improve resilience guarantees of existing algorithms. In resilient vector consensus, agents update their states, which are vectors in ℝd, by locally interacting with other agents some of which might be adversarial. The main objective is to ensure that normal (non-adversarial) agents converge at a common state that lies in the convex hull of their initial states. Currently, resilient vector consensus algorithms, such as approximate distributed robust convergence (ADRC) are based on the idea that to update states in each time step, every normal node needs to compute a point that lies in the convex hull of its normal neighbors' states. To compute such a point, the idea of Tverberg partition is typically used, which is computationally hard. Approximation algorithms for Tverberg partition negatively impact the resilience guarantees of consensus algorithm. To deal with this issue, we propose to use the idea of centerpoint, which is an extension of median in higher dimensions, instead of Tverberg partition. We show that the resilience of such algorithms to adversarial nodes is improved if we use the notion of centerpoint. Furthermore, using centerpoint provides a better characterization of the necessary and sufficient conditions guaranteeing resilient vector consensus. We analyze these conditions in two, three, and higher dimensions separately. We also numerically evaluate the performance of our approach.