Biblio

Wireless transmission of power has been in research for over a century. Our project aims at transmitting electric power over a distance of room. Various methods using microwaves, lasers, inductive coupling, capacitive coupling and acoustic medium have been used. In our project, we are majorly focusing on acoustic method of transferring power. Previous attempts of transferring power using acoustic methods have employed the usage of ultrasonic sound. In our project, we are using infrasonic sound as a medium to transfer electrical power. For this purpose, we are using suitable transducers and converters to transmit electric power from the 220V AC power supply to a load over a considerable distance. This technology can be used to wirelessly charge various devices more effectively.

Examining implementations of the 6LoWPAN Internet Standard in major embedded operating systems, we observe that they do not fully interoperate. We find this is due to some inherent design flaws in 6LoWPAN. We propose and demonstrate four principles that can be used to structure protocols for low power devices that encourage interoperability between diverse implementations.

Users often need to authenticate at situated displays in order to, for example, make purchases, access sensitive information, or confirm an identity. However, the exposure of interactions in public spaces introduces a large attack surface (e.g., observation, smudge or thermal attacks). A plethora of authentication models and input modalities that aim at disguising users' input has been presented in the past. However, a comprehensive analysis on the requirements for secure and usable authentication on public displays is still missing. This work presents 13 design considerations suitable to inform practitioners and researchers during the development process of authentication systems for situated displays in public spaces. It draws on a comprehensive analysis of prior literature and subsequent discussion with five experts in the fields of pervasive displays, human-computer-interaction and usable security.

Robotic vehicles (RVs), such as drones and ground rovers, are a type of cyber-physical systems that operate in the physical world under the control of computing components in the cyber world. Despite RVs' robustness against natural disturbances, cyber or physical attacks against RVs may lead to physical malfunction and subsequently disruption or failure of the vehicles' missions. To avoid or mitigate such consequences, it is essential to develop attack detection techniques for RVs. In this paper, we present a novel attack detection framework to identify external, physical attacks against RVs on the fly by deriving and monitoring Control Invariants (CI). More specifically, we propose a method to extract such invariants by jointly modeling a vehicle's physical properties, its control algorithm and the laws of physics. These invariants are represented in a state-space form, which can then be implemented and inserted into the vehicle's control program binary for runtime invariant check. We apply our CI framework to eleven RVs, including quadrotor, hexarotor, and ground rover, and show that the invariant check can detect three common types of physical attacks – including sensor attack, actuation signal attack, and parameter attack – with very low runtime overhead.

Sybil security threat in vehicular ad hoc networks (VANETs) has attracted much attention in recent times. The attacker introduces malicious nodes with multiple identities. As the roadside unit fails to synchronize its clock with legitimate vehicles, unintended vehicles are identified, and therefore erroneous messages will be sent to them. This paper proposes a novel biologically inspired spider-monkey time synchronization technique for large-scale VANETs to boost packet delivery time synchronization at minimized energy consumption. The proposed technique is based on the metaheuristic stimulated framework approach by the natural spider-monkey behavior. An artificial spider-monkey technique is used to examine the Sybil attacking strategies on VANETs to predict the number of vehicular collisions in a densely deployed challenge zone. Furthermore, this paper proposes the pseudocode algorithm randomly distributed for energy-efficient time synchronization in two-way packet delivery scenarios to evaluate the clock offset and the propagation delay in transmitting the packet beacon message to destination vehicles correctly. The performances of the proposed technique are compared with existing protocols. It performs better over long transmission distances for the detection of Sybil in dynamic VANETs' system in terms of measurement precision, intrusion detection rate, and energy efficiency.

For a computing platform that is compliant with the Trusted Platform Module (TPM) standard, direct anonymous attestation (DAA) is an appropriate cryptographic protocol for realizing an anonymous subscription system. This approach takes advantage of a cryptographic key that is securely embedded in the platform's hardware, and enables privacy-preserving authentication of the platform. In all of the existing DAA schemes, the platform suffers from significant computational and communication costs that increase proportionally to the size of the revocation list. This drawback renders the existing schemes to be impractical when the size of the revocation list grows beyond a relatively modest size. In this paper, we propose a novel scheme called Lightweight Anonymous Subscription with Efficient Revocation (LASER) that addresses this very problem. In LASER, the computational and communication costs of the platform's signature are multiple orders of magnitude lower than the prior art. LASER achieves this significant performance improvement by shifting most of the computational and communication costs from the DAA's online procedure (i.e., signature generation) to its offline procedure (i.e., acquisition of keys/credentials). We have conducted a thorough analysis of LASER's performance related features. We have implemented LASER on a laptop with an on-board TPM. To the best of our knowledge, this is the first implementation of a DAA scheme on an actual TPM cryptoprocessor that is compliant with the most recent TPM specification, viz., TPM 2.0.

Now a day document such as Degree certificate can be easily forged fully or partially modifying obtained score result like GPA (Grade Point Average). Digital signature are used to detect unauthorized modification to data and to authenticate the identity of signatory. The Quick Response (QR) code was designed for storage information and high-speed readability. This paper proposed a method that QR code will contain a digital signature with the student data such as degree holder's name, major program, GPA obtained and more, which will be signed by Higher Educational Institute (HEI). In order to use this system, all HEI have to register in central system, the central system provide another system that will deploy in each HEI. All digitally signed certificate generating process are offline. To verify the digital signature signed with QR code, we developed specific smart phone application which will scan and authenticate the certificate without the need to address the certificate issuing institution and gaining access to user's security credentials.

This paper aims at identifying the neural correlates of human trust in autonomous systems using electroencephalography (EEG) signals. Quantifying the relationship between trust and brain activities allows for real-time assessment of human trust in automation. This line of effort contributes to the design of trusted autonomous systems, and more generally, modeling the interaction in human-autonomy interaction. To study the correlates of trust, we use an investment game in which artificial agents with different levels of trustworthiness are employed. We collected EEG signals from 10 human subjects while they are playing the game; then computed three types of features from these signals considering the signal time-dependency, complexity and power spectrum using an autoregressive model (AR), sample entropy and Fourier analysis, respectively. Results of a mixed model analysis showed significant correlation between human trust and EEG features from certain electrodes. The frontal and the occipital area are identified as the predominant brain areas correlated with trust.

Live VM migration is the most vulnerable process in cloud federations for DDOS attacks, loss of data integrity, confidentiality, unauthorized access and injection of malicious viruses on VM disk images. We have scrutinized following set of crucial security features which are; authorization, confidentiality, replay protection (accountability), integrity, mutual authentication and source non-repudiation (availability) to cater different threats and vulnerabilities during live VM migration. The investigated threats and vulnerabilities are catered and implemented in a proposed solution, presented in this paper. Six security features-authorization, confidentiality, replay protection, integrity, mutual authentication and source non-repudiation are focused and modular implementation has been done. Solution is validated in AVISPA tool in modules for threats for all the notorious security requirements and no outbreak were seen.

The Time-Slotted Channel Hopping (TSCH) mode, defined by the IEEE 802.15.4e protocol, aims to reduce the effects of narrowband interference and multipath fading on some channels through the frequency hopping method. To work satisfactorily, this method must be based on the evaluation of the channel quality through which the packets will be transmitted to avoid packet losses. In addition to the estimation, it is necessary to manage channel blacklists, which prevents the sensors from hopping to bad quality channels. The blacklists can be applied locally or globally, and this paper evaluates the use of a local blacklist through simulation of a TSCH network in a simulated harsh industrial environment. This work evaluates two approaches, and both use a developed protocol based on TSCH, called Adaptive Blacklist TSCH (AB-TSCH), that considers beacon packets and includes a link quality estimation with blacklists. The first approach uses the protocol to compare a simple version of TSCH to configurations with different sizes of blacklists in star topology. In this approach, it is possible to analyze the channel adaption method that occurs when the blacklist has 15 channels. The second approach uses the protocol to evaluate blacklists in tree topology, and discusses the inherent problems of this topology. The results show that, when the estimation is performed continuously, a larger blacklist leads to an increase of performance in star topology. In tree topology, due to the simultaneous transmissions among some nodes, the use of smaller blacklist showed better performance.

This work introduces a novel adaptation framework to energy-efficiently adapt small-sized circuits operating under scarce resources in dynamic environments, as autonomous swarm of sensory agents. This framework makes it possible to optimally configure the circuit based on three key mechanisms: (a) an off-line optimization phase relying on R2 indicator based Evolutionary Multi-objective Optimization Algorithm (EMOA), (b) an on-line phase based on hardware instincts and (c) the possibility to include the environment in the optimization loop. Specifically, the evolutionary algorithm is able to simultaneously determine an optimal combination of static settings and dynamic instinct for the hardware, considering highly dynamic environments. The instinct is then run on-line with minimal on-chip resources so that the circuit efficiently react to environmental changes. This framework is demonstrated on an ultrasonic communication system between energy-scarce wireless nodes. The proposed approach is environment-adaptive and enables power savings up to 45% for the same performance on the considered case studies.

With the advent of deep learning based methods, facial recognition algorithms have become more effective and efficient. However, these algorithms have usually the disadvantage of requiring the use of dedicated hardware devices, such as graphical processing units (GPUs), which pose restrictions on their usage on embedded devices with limited computational power. In this paper, we present an approach that allows building an intrusion detection system, based on face recognition, running on embedded devices. It relies on deep learning techniques and does not exploit the GPUs. Face recognition is performed using a knn classifier on features extracted from a 50-layers Residual Network (ResNet-50) trained on the VGGFace2 dataset. In our experiment, we determined the optimal confidence threshold that allows distinguishing legitimate users from intruders. In order to validate the proposed system, we created a ground truth composed of 15,393 images of faces and 44 identities, captured by two smart cameras placed in two different offices, in a test period of six months. We show that the obtained results are good both from the efficiency and effectiveness perspective.

The localization and classification of cryptographic functions in binary files is a growing challenge in information security, not least because of the increasing use of such functions in malware. Nevertheless, it is still a time consuming and laborious task. Some of the most commonly used techniques are based on dynamic methods, signatures or manual reverse engineering. In this paper we present FALKE-MC, a novel framework that creates classifiers for arbitrary cryptographic algorithms from sample binaries. It processes multiple file formats and architectures and is easily expandable due to its modular design. Functions are automatically detected and features as well as constants are extracted. They are used to train a neural network, which can then be applied to classify functions in unknown binary files. The framework is fully automated, from the input of binary files and the creation of a classifier through to the output of classification results. In addition to that, it can deal with class imbalance between cryptographic and non-cryptographic samples during training. Our evaluation shows that this approach offers a high detection rate in combination with a low false positive rate. We are confident that FALKE-MC can accelerate the localization and classification of cryptographic functions in practice.

Automatic speaker verification systems are increasingly used as the primary means to authenticate costumers. Recently, it has been proposed to train speaker verification systems using end-to-end deep neural models. In this paper, we show that such systems are vulnerable to adversarial example attacks. Adversarial examples are generated by adding a peculiar noise to original speaker examples, in such a way that they are almost indistinguishable, by a human listener. Yet, the generated waveforms, which sound as speaker A can be used to fool such a system by claiming as if the waveforms were uttered by speaker B. We present white-box attacks on a deep end-to-end network that was either trained on YOHO or NTIMIT. We also present two black-box attacks. In the first one, we generate adversarial examples with a system trained on NTIMIT and perform the attack on a system that trained on YOHO. In the second one, we generate the adversarial examples with a system trained using Mel-spectrum features and perform the attack on a system trained using MFCCs. Our results show that one can significantly decrease the accuracy of a target system even when the adversarial examples are generated with different system potentially using different features.

IP piracy, reverse engineering, and tampering with FPGA based IP is increasing over time. ROPUF based IP obfuscation can provide a feasible solution. In this paper, a novel approach of FPGA IP obfuscation is implemented using Ring Oscillator based Physical Unclonable Function (ROPUF) and random logic gates. This approach provides a lock and key mechanism as well as authentication of FPGA based designs to protect from security threats. Using the Xilinx ISE design tools and ISCAS 89 benchmarks we have designed a secure FPGA based IP protection scheme with an average of 15% area and 10% of power overhead.

What makes a security visualization effective? How do we measure visualization effectiveness in the context of investigating, analyzing, understanding and reporting cyber security incidents? Identifying and understanding cyber-attacks are critical for decision making - not just at the technical level, but also the management and policy-making levels. Our research studied both questions and extends our Security Visualization Effectiveness Measurement (SvEm) framework by providing a full-scale effectiveness approach for both theoretical and user-centric visualization techniques. Our framework facilitates effectiveness through interactive three-dimensional visualization to enhance both single and multi-user collaboration. We investigated effectiveness metrics including (1) visual clarity, (2) visibility, (3) distortion rates and (4) user response (viewing) times. The SvEm framework key components are: (1) mobile display dimension and resolution factor, (2) security incident entities, (3) user cognition activators and alerts, (4) threat scoring system, (5) working memory load and (6) color usage management. To evaluate our full-scale security visualization effectiveness framework, we developed VisualProgger - a real-time security visualization application (web and mobile) visualizing data provenance changes in SvEm use cases. Finally, the SvEm visualizations aims to gain the users' attention span by ensuring a consistency in the viewer's cognitive load, while increasing the viewer's working memory load. In return, users have high potential to gain security insights in security visualization. Our evaluation shows that viewers perform better with prior knowledge (working memory load) of security events and that circular visualization designs attract and maintain the viewer's attention span. These discoveries revealed research directions for future work relating to measurement of security visualization effectiveness.

Deterministic chaotic systems have been studied and developed in various fields of research. Dynamical systems with chaotic dynamics have different applications in communication, security and computation. Chaotic behaviors can be created by even simple nonlinear systems which can be implemented on low-cost hardware platforms. This paper presents a high-speed and low-cost hardware of three-dimensional chaotic flows without equilibrium. The proposed chaotic hardware is able to reproduce the main mechanism and dynamical behavior of the 3D chaotic flows observed in simulation, then a Chaotic Pseudo Random Number Generator is designed based on a 3D chaotic system. The proposed hardware is implemented with low computational overhead on an FPGA board, as a proof of concept. This low-cost chaotic hardware can be utilized in embedded and lightweight systems for a variety of chaotic based digital systems such as digital communication systems, and cryptography systems based on chaos theory for Security and IoT applications.

Because major smartphone platforms are equipped with Bluetooth Low Energy (BLE) capabilities, more and more smart devices have adopted BLE technologies to communicate with smartphones. In order to support the mesh topology in BLE networks, several proposals have been designed. Among them, the Bluetooth Special Interest Group (SIG) recently released a specification for Bluetooth mesh networks based upon BLE technology. This paper focuses on this standard solution and analyses its security protocol with hardware security in mind. As it is expected that internet of things (IoT) devices will be deployed everywhere, the risk of physical attacks must be assessed. First, we provide a comprehensive survey of the security features involved in Bluetooth mesh. Then, we introduce some physical attacks identified as serious threats for the IoT and discuss their relevance in the case of Bluetooth mesh networks. Finally, we briefly discuss possible countermeasures to reach a secure implementation.

Despite the popularity of wireless sensor networks (WSNs) in a wide range of applications, security problems associated with them have not been completely resolved. Middleware is generally introduced as an intermediate layer between WSNs and the end user to resolve some limitations, but most of the existing middleware is unable to protect data from malicious and unknown attacks during transmission. This paper introduces an intelligent middleware based on an unsupervised learning technique called Generative Adversarial Networks (GANs) algorithm. GANs contain two networks: a generator (G) network and a detector (D) network. The G creates fake data similar to the real samples and combines it with real data from the sensors to confuse the attacker. The D contains multi-layers that have the ability to differentiate between real and fake data. The output intended for this algorithm shows an actual interpretation of the data that is securely communicated through the WSN. The framework is implemented in Python with experiments performed using Keras. Results illustrate that the suggested algorithm not only improves the accuracy of the data but also enhances its security by protecting data from adversaries. Data transmission from the WSN to the end user then becomes much more secure and accurate compared to conventional techniques.

While it is relatively easy to imitate and evolve natural swarm behavior in simulations, less is known about the social characteristics of simulated, evolved swarms, such as the optimal (evolutionary) group size, why individuals in a swarm perform certain actions, and how behavior would change in swarms of different sizes. To address these questions, we used a genetic algorithm to evolve animats equipped with Markov Brains in a spatial navigation task that facilitates swarm behavior. The animats' goal was to frequently cross between two rooms without colliding with other animats. Animats were evolved in swarms of various sizes. We then evaluated the task performance and social behavior of the final generation from each evolution when placed with swarms of different sizes in order to evaluate their generalizability across conditions. According to our experiments, we find that swarm size during evolution matters: animats evolved in a balanced swarm developed more flexible behavior, higher fitness across conditions, and, in addition, higher brain complexity.

Cybersecurity is a growing concern for private individuals and professional entities. Thereby, reports have shown that the majority of cybersecurity incidents occur because users fail to behave securely. Research on human cybersecurity (HCS) behavior suggests that time pressure is one of the important driving factors behind insecure HCS behavior. However, as our review reveals, studies on the role of time pressure in HCS are scant and there is no framework that can inform researchers and practitioners on this matter. In this paper, we present a conceptual framework consisting of contexts, psychological constructs, and boundary conditions pertaining to the role time pressure plays on HCS behavior. The framework is also validated and extended by findings from semi-structured interviews of different stakeholder groups comprising of cybersecurity experts, professionals, and general users. The framework will serve as a guideline for future studies exploring different aspects of time pressure in cybersecurity contexts and also to identify potential countermeasures for the detrimental impact of time pressure on HCS behavior.

With the advent of the Internet of Things (IoT), wireless sensor and actuator networks, subsequently referred to as IoT networks (IoTNs), are proliferating at an unprecedented rate in several newfound areas such as smart cities, health care, and transportation, and consequently, securing them is of paramount importance. In this paper, we present several useful insights from an exploratory study of the impacts of network layer attacks on IoTNs. We envision that these insights will guide the design of future frameworks to defend against network layer attacks. We also present a preliminary such framework and demonstrate its effectiveness in detecting network layer attacks through experiments on a real IoTN test-bed.

Internet of Things (IoT) device authentication is weighed as a very important step from security perspective. Privacy and security of the IoT devices and applications is the major issue. From security perspective, important issue that needs to be addressed is the authentication mechanism, it has to be secure from different types of attacks and is easy to implement. The paper gives general idea about how different authentication mechanisms work, and then secure and efficient multi-factor device authentication scheme idea is proposed. The proposed scheme idea uses digital signatures and device capability to authenticate a device. In the proposed scheme device will only be allowed into the network if it is successfully authenticated through multi-factor authentication otherwise the authentication process fails and whole authentication process will restart. By analyzing the proposed scheme idea, it can be seen that the scheme is efficient and has less over head. The scheme not only authenticates the device very efficiently through multi-factor authentication but also authenticates the authentication server with the help of digital signatures. The proposed scheme also mitigates the common attacks like replay and man in the middle because of nonce and timestamp.