Biblio

Power-noise viruses can be used as denial-of-service attacks by causing voltage emergencies in multi-core microprocessors that may lead to data corruptions and system crashes. In this paper, we present a run-time system for detecting and mitigating power-noise viruses. We present voltage noise data from a power-noise virus and benchmarks collected from an Arm multi-core processor, and we observe that the frequency of voltage emergencies is dramatically increasing during the execution of power-noise attacks. Based on this observation, we propose a regression model that allows for a run-time estimation of the severity of voltage emergencies by monitoring the frequency of voltage emergencies and the operating frequency of the microprocessor. For mitigating the problem, during the execution of critical tasks that require protection, we propose a system which periodically evaluates the severity of voltage emergencies and adapts its operating frequency in order to honour a predefined severity constraint. We demonstrate the efficacy of the proposed run-time system.

When discussing data center networks (DCN), topology has a significant influence on the availability of data to the host. The performance of DCN is relative to the scale of the network. On a particular network scale, it can even cause a connection to the host to be disconnected due to the overhead of routing information. It takes a long time to get connected again so that the data packet that has been sent is lost. The length of time for updating routing information to all parts of the topology so that it can be reconnected or referred to as the time of convergence is the cause. Scalability of a network is proportional to the time of convergence. This article discusses Aspen Tree and Fat Tree, which is about the modification of multi-root trees that have been modified. In Fat Tree, a final set of hosts from a network can be disconnected from a network topology until there is an update of routing information that is disseminated to each switch on the network, due to a link failure. Aspen Tree is a reference topology because it is considered to reduce convergence time and control the overhead of network failure recovery. The DCN topology performance models are implemented using the open source NS-3 platform to support validation of performance evaluations.

Malicious scripts are an important computer infection threat vector for computer users. For internet-scale processing, static analysis offers substantial computing efficiencies. We propose the ScriptNet system for neural malicious JavaScript detection which is based on static analysis. We also propose a novel deep learning model, Pre-Informant Learning (PIL), which processes Javascript files as byte sequences. Lower layers capture the sequential nature of these byte sequences while higher layers classify the resulting embedding as malicious or benign. Unlike previously proposed solutions, our model variants are trained in an end-to-end fashion allowing discriminative training even for the sequential processing layers. Evaluating this model on a large corpus of 212,408 JavaScript files indicates that the best performing PIL model offers a 98.10% true positive rate (TPR) for the first 60K byte subsequences and 81.66% for the full-length files, at a false positive rate (FPR) of 0.50%. Both models significantly outperform several baseline models. The best performing PIL model can successfully detect 92.02% of unknown malware samples in a hindsight experiment where the true labels of the malicious JavaScript files were not known when the model was trained.

The usage of cloud for data storage has become ubiquitous. To prevent data leakage and hacks, it is common to encrypt the data (e.g. PDF files) before sending it to a cloud. However, this limits the search for specific files containing certain keywords over an encrypted cloud data. The traditional method is to take down all files from a cloud, store them locally, decrypt and then search over them, defeating the purpose of using a cloud. In this paper, we propose a method, called SecureCSearch, to perform keyword search operations on the encrypted PDF files over cloud in an efficient manner. The proposed method makes use of Shamir's Secret Sharing scheme in a novel way to create encrypted shares of the PDF file and the keyword to search. We show that the proposed method maintains the security of the data and incurs minimal computation cost.

With the vast increase in data transmission due to a large number of information collected by devices, data management, and security has been a challenge for organizations. Many data owners (DOs) outsource their data to cloud repositories due to several economic advantages cloud service providers present. However, DOs, after their data are outsourced, do not have complete control of the data, and therefore, external systems are incorporated to manage the data. Several kinds of research refer to the use of encryption techniques to prevent unauthorized access to data but prove to be deficient in providing suitable solutions to the problem. In this article, we propose a secure fine-grain access control system for outsourced data, which supports read and write operations to the data. We make use of an attribute-based encryption (ABE) scheme, which is regarded as a suitable scheme to achieve access control for security and privacy (confidentiality) of outsourced data. This article considers different categories of data users, and make provisions for distinct access roles and permissible actions on the outsourced data with dynamic and efficient policy updates to the corresponding ciphertext in cloud repositories. We adopt blockchain technologies to enhance traceability and visibility to enable control over outsourced data by a DO. The security analysis presented demonstrates that the security properties of the system are not compromised. Results based on extensive experiments illustrate the efficiency and scalability of our system.

Federated authentication can drastically reduce the overhead of basic account maintenance while simultaneously improving overall system security. Integrating with the user's more frequently used account at their primary organization both provides a better experience to the end user and makes account compromise or changes in affiliation more likely to be noticed and acted upon. Additionally, with many organizations transitioning to multi-factor authentication for all account access, the ability to leverage external federated identity management systems provides the benefit of their efforts without the additional overhead of separately implementing a distinct multi-factor authentication process. This paper describes our experiences and the lessons we learned by enabling federated authentication with the U.S. Government PKI and In Common Federation, scaling it up to the user base of a production HPC system, and the motivations behind those choices. We have received only positive feedback from our users.

Many modern business models of the manufacturing industry use the possibilities of digitization. In particular, the idea of connecting machines to networks and communication infrastructure is gaining momentum. However, in addition to the considerable economic advantages, this development also brings decisive disadvantages. By connecting previously encapsulated industrial networks with untrustworthy external networks such as the Internet, machines and systems are suddenly exposed to the same threats as conventional IT systems. A key problem today is the typical network paradigm with static routers and switches that cannot meet the dynamic requirements of a modern industrial network. Current security solutions often only threat symptoms instead of tackling the cause. In this paper we will therefore analyze the weaknesses of current networks and security solutions using the example of industrial remote maintenance. We will then present a novel concept of how Software-Defined Networking (SDN) in combination with a policy framework that supports attribute-based access control can be used to meet current and future security requirements in dynamic industrial networks. Furthermore, we will introduce an examplary implementation of this novel security framework for the use case of industrial remote maintenance and evaluate the solution. Our results show that SDN in combination with an Attribute-based Access Control (ABAC) policy framework is perfectly suited to increase flexibility and security of modern industrial networks at the same time.

This paper presents a fully automated static analysis approach and a tool, Taint-Things, for the identification of tainted flows in SmartThings IoT apps. Taint-Things accurately identified all tainted flows reported by one of the state-of the-art tools with at least 4 times improved performance. In addition, our approach reports potential vulnerable tainted flow in a form of a concise security slice, which could provide security auditors with an effective and precise tool to pinpoint security issues in SmartThings apps under test.

Smart metering systems have been gaining popularity as a vital part of the general smart grid paradigm. Naturally, as new technologies arise to cover this emerging field, so do security and privacy related issues regarding the energy consumer's personal data. These challenges impose the need for the development of new methods through a better understanding of the state-of-the-art. This paper aims at identifying the main categories of security and privacy techniques utilized in smart metering systems from a three-point perspective: i) a field research survey, ii) EU initiatives and findings towards the same direction and iii) a data-driven analysis of the state-of-the-art and the identification of its main topics (or themes) using topic modeling techniques. Detailed quantitative results of this analysis, such as semantic interpretation of the identified topics and a graph representation of the topic trends over time, are presented.

To manage and handle the issues of physical security in the modern world, there is a dire need for a multilevel security system to ensure the safety of precious belongings that could be money, military equipment or medical life-saving drugs. Security locker solution is proposed which is a multiple layer security system consisting of various levels of authentication. In most cases, only relevant persons should have access to their precious belongings. The unlocking of the box is only possible when all of the security levels are successfully cleared. The five levels of security include entering of password on interactive GUI, thumbprint, facial recognition, speech pattern recognition, and vein pattern recognition. This project is unique and effective in a sense that it incorporates five levels of security in a single prototype with the use of cost-effective equipment. Assessing our security system, it is seen that security is increased many a fold as it is near to impossible to breach all these five levels of security. The Raspberry Pi microcomputers, handling all the traits efficiently and smartly makes it easy for performing all the verification tasks. The traits used involves checking, training and verifying processes with application of machine learning operations.

State-of-the-art security frameworks have been extensively addressing security issues for web resources, agents and services in the Semantic Web. The provision of Stream Reasoning as a new area spanning Semantic Web and Data Stream Management Systems has eventually opened up new challenges. Namely, their decentralized nature, the metadata descriptions, the number of users, agents, and services, makes securing Stream Reasoning systems difficult to handle. Thus, there is an inherent need of developing new security models which will handle security and automate security mechanism to a more autonomous system that supports complex and dynamic relationships between data, clients and service providers. We plan to validate our proposed security model on a typical application of stream data, on Wireless Sensor Networks (WSNs). In particular, WSNs for water quality monitoring will serve as a case study. The proposed model can be a guide when deploying and maintaining WSNs in different contexts. Moreover, this model will point out main segments which are most important in ensuring security in semantic stream reasoning systems, and their interrelationships. In this paper we propose a security framework to handle most important issues of security within WSN. The security model in itself should be an incentive for other researchers in creating other models to improve information security within semantic stream reasoning systems.

Wireless sensor networks are called wireless networks consisting of low-cost sensor nodes that use limited resources, collect and distribute data. Wireless sensor networks make observation and control of physical environments from distance easier. They are used in a variety of areas, such as environmental surveillance, military purposes, and the collection of information in specific areas. While the low cost of sensor nodes allows it to spread and increase it's quantitative, battery and computational constraints, noise and manipulation threats from the environment cause various challenges in wireless sensor applications. To overcome these challenges, researches have conducted a lot of researches on various fields like power consumption, use of resources and security approaches. In these studies, routing, placement algorithms and system designs are generally examined for efficient energy consumption. In this article, the relationship between the security of sensor networks and efficient resource usage and various scenarios are presented.

Many applications use asymmetric cryptography to secure communications between two parties. One of the main issues with asymmetric cryptography is the need for vast amounts of computation and storage. While this may be true, elliptic curve cryptography (ECC) is an approach to asymmetric cryptography used widely in low computation devices due to its effectiveness in generating small keys with a strong encryption mechanism. The ECC decreases power consumption and increases device performance, thereby making it suitable for a wide range of devices, ranging from sensors to the Internet of things (IoT) devices. It is necessary for the ECC to have a strong implementation to ensure secure communications, especially when encoding a message to an elliptic curve. It is equally important for the ECC to secure the mapping of the message to the curve used in the encryption. This work objective is to propose a trusted and proofed scheme that offers authenticated encryption (AE) for both encoding and mapping a message to the curve. In addition, this paper provides analytical results related to the security requirements of the proposed scheme against several encryption techniques. Additionally, a comparison is undertaken between the SE-Enc and other state-of-the-art encryption schemes to evaluate the performance of each scheme.

Emerging next generation wireless communication devices call for high-performance filters that operate at 3-10 GHz frequency range and offer low loss, small form factor, wide bandwidth and steep skirts. Bulk and surface acoustic wave devices have been long used in the RF front-end for filtering applications, however their operation frequencies are mostly below 2.6 GHz band. To scale up the frequency of the filters, the thickness of the piezoelectric material needs to be reduced to sub-micron ranges. One of the challenges of such scaling is maintaining high electromechanical coupling as the film thickness decreases, which in turn, determines the filter bandwidth.Aluminum Nitride (AlN) - popular in today's film bulk acoustic resonators (FBARs) and mostly deposited using sputtering techniques-shows degraded crystal quality and poor electromechanical coupling when the thickness of AlN film is smaller than 1 μm.In this work, we propose using high-quality single-crystalline AlN and Scandium (Sc)-doped AlN epi-layers grown on Si substrates, wherein high crystal quality is maintained for ultra-thin films of only 400 nm thickness. Experimental results verify improved kt2 for 3-10 GHz resonators, with quality factors of the order of 250 and kt2 values of up to 5%based on bulk acoustic wave resonators. The experimental results suggest that single-crystal Sc-AlN is a great material candidate for 5G resonators and filters.

Personalized IoT adapt their behavior based on contextual information, such as user behavior and location. Unfortunately, the fact that personalized IoT adapt to user context opens a side-channel that leaks private information about the user. To that end, we start by studying the extent to which a malicious eavesdropper can monitor the actions taken by an IoT system and extract user's private information. In particular, we show two concrete instantiations (in the context of mobile phones and smart homes) of a new category of spyware which we refer to as Context-Aware Adaptation Based Spyware (SpyCon). Experimental evaluations show that the developed SpyCon can predict users' daily behavior with an accuracy of 90.3%. Being a new spyware with no known prior signature or behavior, traditional spyware detection that is based on code signature or system behavior are not adequate to detect SpyCon. We discuss possible detection and mitigation mechanisms that can hinder the effect of SpyCon.

Authentication is achieved by using different techniques, like using smart-card, identity password and biometric techniques. Some of the proposed schemes use a single factor for authentication while others combine multiple ways to provide multi-factor authentication for better security. lately, a new scheme for multi-factor authentication was presented by Cao and Ge and claimed that their scheme is highly secure and can withstand against all known attacks. In this paper, it is revealed that their scheme is still vulnerable and have some loopholes in term of reflection attack. Therefore, an improved scheme is proposed to overcome the security weaknesses of Cao and Ge's scheme. The proposed scheme resists security attacks and secure. Formal testing is carried out under a broadly-accepted simulated tool ProVerif which demonstrates that the proposed scheme is well secure.

Timely detection of a malicious piece of code accurately, in an enterprise network or in an individual device, before it propagates and mutate itself, is one of the most challenging tasks in the domain of cyber security. Millions of variants of each latest malware are released every day and each of these variants have a unique static signature. Conventional anti-malware tools use signatures and static heuristics of malware to segregate them from legitimate files, which is not an effective technique because of the number of malware variants released every passing day. To overcome the fundamental flaw of operational techniques, we propose a framework that generalizes the static and dynamic malwarefeaturesthatareusedtotrainmultiplemachinelearning algorithms. The generalization of clean and malicious features enables the framework to accurately differentiate between clean and malicious files.

The prevalence of social botnets has increased public distrust of social media networks. Current methods exist for detecting bot activity on Twitter, Reddit, Facebook, and other social media platforms. Most of these detection methods rely upon observing user behavior for a period of time. Unfortunately, the behavior observation period allows time for a botnet to successfully propagate one or many posts before removal. In this paper, we model the post propagation patterns of normal users and social botnets. We prove that a botnet may exploit deterministic propagation actions to elevate a post even with a small botnet population. We propose a probabilistic model which can limit the impact of social media botnets until they can be detected and removed. While our approach maintains expected results for non-coordinated activity, coordinated botnets will be detected before propagation with high probability.

Cyber attacks against automobiles have increased over the last decade due to the expansion in attack surfaces. This is the result of modern automobiles having connections such as Bluetooth, WiFi, and other broadband services. While there has been numerous proposed solutions in the literature, none have been widely adopted as maintaining real-time message deliverability in the Controller Area Networks (CAN) outweighs proposed security solutions. Through iterative research, we have developed a solution which mitigates an attacker's impact on the CAN bus by using CAN's inherent features of arbitration, error detection and signaling, and fault confinement mechanism. The solution relies on an access controller and message priority thresholds added to the CAN data-link layer. The results provide no time delay for non-malicious traffic and mitigates bus impact of a subverted node attempting to fabricate messages at an unauthorized priority level.

Software Defined Networking (SDN) has emerged as a revolutionary paradigm to manage cloud infrastructure. SDN lacks scalable trust setup and verification mechanism between Data Plane-Control Plane elements, Control Plane elements, and Control Plane-Application Plane. Trust management schemes like Public Key Infrastructure (PKI) used currently in SDN are slow for trust establishment in a larger cloud environment. We propose a distributed trust mechanism - TRUFL to establish and verify trust in SDN. The distributed framework utilizes parallelism in trust management, in effect faster transfer rates and reduced latency compared to centralized trust management. The TRUFL framework scales well with the number of OpenFlow rules when compared to existing research works.

Two-factor authentication (2FA) is widely prevalent in banking, emails and virtual private networks (VPN) connections or in accessing any secure web service. In 2FA, to get authenticated the users are expected to provide additional secret information along with the password. Typically, this secret information (tokens) is generated by a centralized trusted third party upon receiving an authentication request from users. Thus, this additional layer of security comes at the cost of inherently trusting the third party for their services. The security of such authentication systems is always under the threat of the trusted party is being compromised. In this paper, we propose a novel approach to make server authentication even more secure by building 2FA over the blockchain platform which is distributed in nature. The proposed solution does not require any trusted third party between claimant (user) and the verifier (server) for the authentication purpose. To demonstrate the idea of using blockchain technology for 2FA, we have added an extra layer of security component to the OpenSSH server a widely used application for Secure Shell (SSH) protocol.

The idea behind collective perception is to improve vehicles' awareness about their surroundings. Every vehicle shares information describing its perceived environment by means of V2X communication. Similar to other information shared using V2X communication, collective perception information is potentially safety relevant, which means there is a need to assess the reliability and quality of received information before further processing. Transmitted information may have been forged by attackers or contain inconsistencies e.g. caused by malfunctions. This paper introduces a novel approach for estimating a belief that a pair of entities, e.g. two remote vehicles or the host vehicle and a remote vehicle, within a Vehicular ad hoc Network (VANET) are both trustworthy. The method updates the belief based on the consistency of the data that both entities provide. The evaluation shows that the proposed method is able to identify forged information.

We report on the significant enhancement of perpendicular magnetic anisotropy of Ni/NiO multilayers after mild annealing up to 90 min at 250 °C. Transmission electron microscopy shows that after annealing, a partial crystallization of the initially amorphous NiO layers occurs. This turns out to be the source of the anisotropy enhancement. Magnetic measurements reveal that even multilayers with Ni layers as thick as 7 nm, which in the as-deposited state showed inplane anisotropy with square hysteresis loops, show reduced in-plane remanence after thermal treatment. Hysteresis loops recorded with the field in the normal-to-film-plane direction provide evidence for perpendicular magnetic anisotropy with up and down magnetic domains at remanence. A plot of effective uniaxial magnetic anisotropy constant times individual Ni layer thickness as a function of individual Ni layer thickness shows a large change in the slope of the data attributed to a drastic change of volume anisotropy. Surface anisotropy showed a small decrease because of some layer roughening introduced by annealing.

An approach for effective regression test selection is proposed, which minimizes the resource usage and amount of time required for complete testing of new features. Provided are the details of the analysis of hashing algorithms used during implementation in-depth review of the software, together with the results achieved during the testing process.

In this paper, we use machine learning, namely an artificial neural network to determine what are the chances that Facebook friend request is authentic or not. We also outline the classes and libraries involved. Furthermore, we discuss the sigmoid function and how the weights are determined and used. Finally, we consider the parameters of the social network page which are utmost important in the provided solution.