Biblio

Covert communication, i.e., communication with a low probability of detection (LPD), has attracted a huge body of work. Recent studies have concluded that the maximal covert coding rate of the discrete memoryless channels and the additive white Gaussian noise (AWGN) channels is diminishing with the blocklength: the maximum information nats that can be transmitted covertly and reliably over such channels is only on the order of the square root of the blocklength. In this paper, we study covert communication over multiple-input multiple-output (MIMO) AWGN channels. We derive the order-optimal scaling law of the number of covert nats when the maximal covert coding rate of MIMO AWGN channels is diminishing with the blocklength. Furthermore, we provide a comparative discussion for the case in which secrecy and energy undetectability constraints are combined.

In an era of technological revolution in which everything becomes smarter and connected, the blockchain can introduce a new model for energy transactions able to grant more simplicity, security and transparency for end-users. The blockchain technology is characterized by a distributed architecture without a trusted and centralized authority, and, therefore, it appears as the perfect solutions for managing exchanges between peers. In this paper, a market algorithm that can be easily transferred to a smart contract for maximizing the match between produced and consumed energy in a micro-grid is presented. The algorithm supports energy transactions between peers (both producers and consumers) and could be one of the main executables implemented using a blockchain platform. The case study presented in this paper shows how the end-users through the blockchain could select among the possible energy transactions those more suitable to offer specific ancillary services to the grid operator without involving the grid operator itself or a third-party aggregator.

We present our journey in constructing the first integrated data warehouse for Philippine transportation research in the hopes of developing a Transportation Decision Support System for impact studies and policy making. We share how we collected data from diverse sources, processed them into a homogeneous format and applied them to our multimodal platform. We also list the challenges we encountered, including bureaucratic delays, data privacy concerns, lack of software, and overlapping datasets. The data warehouse shall serve as a public resource for researchers and professionals, and for government officials to make better-informed policies. The warehouse will also function within our multi-modal platform for measurement, modelling, and visualization of road transportation. This work is our contribution to improve the transportation situation in the Philippines, both in the local and national levels, to boost our economy and overall quality of life.

Existing consumer devices represent the most pervasive computational platform available, but their inherently decentralized nature poses significant challenges for distributed computing adoption. In particular, device owners must willingly cooperate in collective deployments even while others may intentionally work to maliciously disrupt that cooperation. Public, cooperative systems benefit from low barriers to entry improving scalability and adoption, but simultaneously increase risk exposure to adversarial threats via promiscuous participant adoption. In this work, I aim to facilitate widespread adoption of cooperative systems by discussing the unique security and operational challenges of these systems, and highlighting several novel approaches that mitigate these disadvantages.

Groups often struggle to reach decisions, especially when populations are strongly divided by conflicting views. Traditional methods for collective decision-making involve polling individuals and aggregating results. In recent years, a new method called Artificial Swarm Intelligence (ASI) has been developed that enables networked human groups to deliberate in real-time systems, moderated by artificial intelligence algorithms. While traditional voting methods aggregate input provided by isolated participants, Swarm-based methods enable participants to influence each other and converge on solutions together. In this study we compare the output of traditional methods such as Majority vote and Borda count to the Swarm method on a set of divisive policy issues. We find that the rankings generated using ASI and the Borda Count methods are often rated as significantly more satisfactory than those generated by the Majority vote system (p\textbackslashtextless; 0.05). This result held for both the population that generated the rankings (the “in-group”) and the population that did not (the “out-group”): the in-group ranked the Swarm prioritizations as 9.6% more satisfactory than the Majority prioritizations, while the out-group ranked the Swarm prioritizations as 6.5% more satisfactory than the Majority prioritizations. This effect also held even when the out-group was subject to a demographic sampling bias of 10% (i.e. the out-group was composed of 10% more Labour voters than the in-group). The Swarm method was the only method to be perceived as more satisfactory to the “out-group” than the voting group.

In this New Age where information has an indispensable value for companies and data mining technologies are growing in the area of Information Technology, privacy remains a sensitive issue in the approach to the exploitation of the large volume of data generated and processed by companies. The way data is collected, handled and destined is not yet clearly defined and has been the subject of constant debate by several areas of activity. This literature review gives an overview of privacy in the era of Business Analytics and Big Data in different timelines, the opportunities and challenges faced, aiming to broaden discussions on a subject that deserves extreme attention and aims to show that, despite measures for data protection have been created, there is still a need to discuss the subject among the different parties involved in the process to achieve a positive ideal for both users and companies.

Many organizations are still reluctant to move sensitive data to the cloud. Moreover, data protection regulations have established considerable punishments for violations of privacy and security requirements. Privacy, however, is a concept that is difficult to measure and to demonstrate. While many privacy design strategies, tactics and patterns have been proposed for privacy-preserving system design, it is difficult to evaluate an existing system with regards to whether these strategies have or have not appropriately been implemented. In this paper we propose indicators for a system's non-compliance with privacy design strategies, called privacy smells. To that end we first identify concrete metrics that measure certain aspects of existing privacy design strategies. We then define smells based on these metrics and discuss their limitations and usefulness. We identify these indicators on two levels of a cloud system: the data flow level and the access control level. Using a cloud system built in Microsoft Azure we show how the metrics can be measured technically and discuss the differences to other cloud providers, namely Amazon Web Services and Google Cloud Platform. We argue that while it is difficult to evaluate the privacy-awareness in a cloud system overall, certain privacy aspects in cloud systems can be mapped to useful metrics that can indicate underlying privacy problems. With this approach we aim at enabling cloud users and auditors to detect deep-rooted privacy problems in cloud systems.

Online privacy policies are lengthy and hard to comprehend. To address this problem, researchers have utilized machine learning (ML) to devise tools that automatically summarize online privacy policies for web users. One such tool is our free and publicly available browser extension, PrivacyCheck. In this paper, we enhance PrivacyCheck by adding a competitor analysis component-a part of PrivacyCheck that recommends other organizations in the same market sector with better privacy policies. We also monitored the usage patterns of about a thousand actual PrivacyCheck users, the first work to track the usage and traffic of an ML-based privacy analysis tool. Results show: (1) there is a good number of privacy policy URLs checked repeatedly by the user base; (2) the users are particularly interested in privacy policies of software services; and (3) PrivacyCheck increased the number of times a user consults privacy policies by 80%. Our work demonstrates the potential of ML-based privacy analysis tools and also sheds light on how these tools are used in practice to give users actionable knowledge they can use to pro-actively protect their privacy.

Bluetooth technologies have widespread applications in personal area networks, device-to-device communications and forming ad hoc networks. Studying Bluetooth devices security is a challenging task as they lack support for monitor mode available with other wireless networks (e.g. 802.11 WiFi). In addition, the frequency-hoping spread spectrum technique used in its operation necessitates special hardware and software to study its operation. This investigation examines methods for analyzing Bluetooth devices' security and presents a proof-of-concept DoS attack on the Link Manager Protocol (LMP) layer using the InternalBlue framework. Through this study, we demonstrate a method to study Bluetooth device security using existing tools without requiring specialized hardware. Consequently, the methods proposed in the paper can be used to study Bluetooth security in many applications.

Software Defined Networking (SDN) focus on the isolation of control plane and data plane, greatly enhancing the network's support for heterogeneity and flexibility. However, although the programmable network greatly improves the performance of all aspects of the network, flexible load balancing across controllers still challenges the current SDN architecture. Complex application scenarios lead to flexible and changeable communication requirements, making it difficult to guarantee the Quality of Service (QoS) for SDN users. To address this issue, this paper proposes a paradigm that uses blockchain to incentive safe load balancing for multiple controllers. We proposed a controller consortium blockchain for secure and efficient load balancing of multi-controllers, which includes a new cryptographic currency balance coin and a novel consensus mechanism Proof-of-Balance (PoB). In addition, we have designed a novel game theory-based incentive mechanism to incentive controllers with tight communication resources to offload tasks to idle controllers. The security analysis and performance simulation results indicate the superiority and effectiveness of the proposed scheme.

Advanced Persistent Threats (APTs) are stealthy, sophisticated, long-term, multi-stage attacks that threaten the security of sensitive information. Dynamic Information Flow Tracking (DIFT) has been proposed as a promising mechanism to detect and prevent various cyber attacks in computer systems. DIFT tracks suspicious information flows in the system and generates security analysis when anomalous behavior is detected. The number of information flows in a system is typically large and the amount of resources (such as memory, processing power and storage) required for analyzing different flows at different system locations varies. Hence, efficient use of resources is essential to maintain an acceptable level of system performance when using DIFT. On the other hand, the quickest detection of APTs is crucial as APTs are persistent and the damage caused to the system is more when the attacker spends more time in the system. We address the problem of detecting APTs and model the trade-off between resource efficiency and quickest detection of APTs. We propose a game model that captures the interaction of APT and a DIFT-based defender as a two-player, multi-stage, zero-sum, Stackelberg semi-Markov game. Our game considers the performance parameters such as false-negatives generated by DIFT and the time required for executing various operations in the system. We propose a two-time scale Q-learning algorithm that converges to a Stackelberg equilibrium under infinite horizon, limiting average payoff criteria. We validate our model and algorithm on a real-word attack dataset obtained using Refinable Attack INvestigation (RAIN) framework.

The complexity of building, deploying, and managing cross-organizational enterprise computing services with self-service, security, and quality assurances has been increasing exponentially in the era of hybrid multiclouds. AI-accelerated material discovery capabilities, for example, are desirable for enterprise application users to consume through business API services with assurance of satisfactory nonfunctional properties, e.g., enterprise-compliant self-service management of sharable sensitive data and machine learning capabilities at Internet scale. This paper presents a composable microservices based approach to creating and continuously improving enterprise computing services. Moreover, it elaborates on several key architecture design decisions for Navarch, a composable enterprise microservices fabric that facilitates consuming, managing, and composing enterprise API services. Under service management model of individual administration, every Navarch microservice is a managed composable API service that can be provided by an internal organization, an enterprise partner, or a public service provider. This paper also illustrates a Navarch-enabled systematic and efficient approach to transforming an AI-accelerated material discovery tool into secure, scalable, and composable enterprise microservices. Performance of the microservices can be continuously improved by exploiting advanced heterogeneous microservice hosting infrastructures. Factual comparative performance analyses are provided before the paper concludes with future work.

Blockchain become a suitable platform for peer to peer energy trade as it facilitates secure interactions among parties with trust or a mutual trusted 3rd party. However, the scalability issue of blockchains is a problem for real-time energy trade to be completed within a small time duration. In this paper, we use offline channels for blockchains to circumvent scalability problems of blockchains for peer to peer energy trade with small trade duration. We develop algorithms to find stable coalitions for energy trade using blockchain offline channels. We prove that our solution is secure against adversarial prosumer behaviors, it supports real-time trade as the algorithm is guaranteed to find and record stable coalitions before a fixed time, and the coalition structure generated by the algorithm is efficient.

The advanced complex electronic systems increasingly demand safer and more secure hardware parts. Correspondingly, fault injection became a major verification milestone for both safety- and security-critical applications. However, fault injection campaigns for gate-level designs suffer from huge execution times. Therefore, designers need to apply early design evaluation techniques to reduce the execution time of fault injection campaigns. In this work, we propose a method to represent gate-level Single-Event Transient (SET) faults by multiple Single-Event Upset (SEU) faults at the Register-Transfer Level. Introduced approach is to identify true and false logic paths for each SET in the flip-flops' fan-in logic cones to obtain more accurate sets of flip-flops for multiple SEUs injections at RTL. Experimental results demonstrate the feasibility of the proposed method to successfully reduce the fault space and also its advantage with respect to state of the art. It was shown that the approach is able to reduce the fault space, and therefore the fault-injection effort, by up to tens to hundreds of times.

With the rapid development of internet technology, informatization and digitalization have penetrated into every link of human social life. A large amount of sensitive data has been accumulated and is still being generated within the enterprise. These sensitive data runs through the daily operation of enterprises and is widely used in business analysis, development and testing, and even some outsourcing business scenarios, which are increasing the possibility of sensitive data leakage and tampering. In fact, due to the improper use of data and the lack of protective measures and other reasons, data leakage events have happened again and again. Therefore, by introducing the concept of fuzzy set and using the membership function method, this paper proposes a desensitization technology framework for industrial data and a data desensitization algorithm based on fuzzy set, and verifies the desensitization effect and protective action on sensitive data of this algorithm through the test data desensitization experiment.

With the continuous popularization of smart terminals, Android and IOS systems are the most mainstream mobile operating systems in the market, and their application types and application numbers are constantly increasing. As an open system, the security issues of Android application emerge in endlessly, such as the reverse decompilation of installation package, malicious code injection, application piracy, interface hijacking, SMS hijacking and input monitoring. These security issues will also appear on mobile applications in the power industry, which will not only result in the embezzlement of applied knowledge copyrights but also lead to serious leakage of users' information and even economic losses. It may even result in the remote malicious control of key facilities, which will cause serious social issues. Under the background of the development of smart grid information construction, also with the application and promotion of power services in mobile terminals, information security protection for mobile terminal applications and interactions with the internal system of the power grid has also become an important research direction. While analyzing the risks faced by mobile applications, this article also enumerates and analyzes the necessary measures for risk resolution.

Modern System-on-Chip (SoC) designs integrate a number of third party IPs (3PIPs) that coordinate and communicate through a Network-on-Chip (NoC) fabric to realize system functionality. An important class of SoC security attack involves a rogue IP tampering with the inter-IP communication. These attacks include message snoop, message mutation, message misdirection, IP masquerade, and message flooding. Static IP-level trust verification cannot protect against these SoC-level attacks. In this paper, we analyze the vulnerabilities of system level communication among IPs and develop a novel SoC security architecture that provides system resilience against exploitation by untrusted 3PIPs integrated over an NoC fabric. We show how to address the problem through a collection of fine-grained SoC security policies that enable on-the-fly monitoring and control of appropriate security-relevant events. Our approach, for the first time to our knowledge, provides an architecture-level solution for trusted SoC communication through run-time resilience in the presence of untrusted IPs. We demonstrate viability of our approach on a realistic SoC design through a series of attack models and show that our architecture incurs minimal to modest overhead in area, power, and system latency.

Electronic crimes like data breaches in healthcare systems are often a fundamental failures of access control mechanisms. Most of current access control systems do not provide an accessible way to engage users in decision making processes, about who should have access to what data and when. We advocate that a policy ontology can contribute towards the development of an effective access control system by attributing responsibility for data breaches. We propose a responsibility attribution model as a theoretical construct and discuss its implication by introducing a cost model for data breach countermeasures. Then, a policy ontology is presented to realize the proposed responsibility and cost models. An experimental study on the performance of the proposed framework is conducted with respect to a more generic access control framework. The practicality of the proposed solution is demonstrated through a case study from the healthcare domain.

One of the emerging methodologies nowadays in the field of cryptography based on human DNA sequences. As the research says that even a limited quantity of DNA can store gigantic measure of information likewise DNA can process and transmit the information, such potential of DNA give rise to the idea of DNA cryptography. A synopsis of the research carried out in DNA based security presented in this paper. Included deliberation contain encryption algorithms based on random DNA, chaotic systems, polymerase chain reaction, coupled map lattices, and other common encryption algorithms. Purpose of algorithms are specific or general as some of them are only designed to encrypt the images or more specific images like medical images or text data and others designed to use it as general for images and text data. We discussed divergent techniques that proposed earlier based on random sample DNA, medical image encryption, image encryption, and cryptanalysis done on various algorithms. With the help of this paper, one can understand the existing algorithms and can design a DNA based encryption algorithm.

Routing protocol running over low power and lossy networks (RPL) is currently one of the main routing protocols for the Internet of Things (IoT). This protocol has some vulnerabilities that can be exploited by attackers to change its behavior and deteriorate its performance. In the RPL rank attack, a malicious node announces a wrong rank, which leads the neighboring’s nodes to choose this node as a preferred parent. In this study, we used different metrics to assess RPL protocol in the presence of misbehaving nodes, namely the overhead, convergence time, energy consumption, preferred parent changes, and network lifetime. Our simulations results show that a mobile environment is more damaged by the rank attack than a static environment.

Fog Computing paradigm extends the cloud computing to the edge of the network to resolve the problem of latency but this introduces new security and privacy issues. So, it is necessary that a user must be authenticated before initiating data exchange in order to preserve the integrity. Secondly, in fog computing, fog node must also be authorized for ensuring the proper behaviour of fog node and validate that the fog node is not corrupted. Hence, we proposed a mutual authentication scheme which verifies both the fog node and the end user before the transfer of data. Traditional authentication protocol uses digital certificate and digital signature which faces the problem of scalability and more complexity respectively. So, in the proposed architecture, the problem of scalability and complexity is reduced to a greater extent compared to traditional authentication techniques. The proposed scheme also ensures multi-factor authentication of the user before sending the data and it is way too efficient.

Automated techniques for rigorous floating-point round-off error analysis are a prerequisite to placing important activities in HPC such as precision allocation, verification, and code optimization on a formal footing. Yet existing techniques cannot provide tight bounds for expressions beyond a few dozen operators-barely enough for HPC. In this work, we offer an approach embedded in a new tool called SATIHE that scales error analysis by four orders of magnitude compared to today's best-of-class tools. We explain how three key ideas underlying SATIHE helps it attain such scale: path strength reduction, bound optimization, and abstraction. SATIHE provides tight bounds and rigorous guarantees on significantly larger expressions with well over a hundred thousand operators, covering important examples including FFT, matrix multiplication, and PDE stencils.

This paper investigates the use of Software-Defined Networking (SDN) in the detection and mitigation of malware threat, focusing on the example of ExPetr ransomware. Extensive static and dynamic analysis of ExPetr is performed in a purpose-built SDN testbed. The results acquired from this analysis are then used to design and implement an SDN-based solution to detect the malware and prevent it from spreading to other machines inside a local network. Our solution consists of three security mechanisms that have been implemented as components/modules of the Python-based POX controller. These mechanisms include: port blocking, SMB payload inspection, and HTTP payload inspection. When malicious activity is detected, the controller communicates with the SDN switches via the OpenFlow protocol and installs appropriate entries in their flow tables. In particular, the controller blocks machines which are considered infected, by monitoring and reacting in real time to the network traffic they produce. Our experimental results demonstrate that the proposed designs are effective against self-propagating malware in local networks. The implemented system can respond to malicious activities quickly and in real time. Furthermore, by tuning certain thresholds of the detection mechanisms it is possible to trade-off the detection time with the false positive rate.

This paper presents a self-securing decentralized on-chip network interface (NI) architecture to Multicore System-on-Chip (McSoC) platforms. To protect intra-chip communication within McSoC, security framework proposal resides in initiator and target NIs. A comparison between block cipher and lightweight cryptographic algorithms is then given, so we can figure out the most suitable cipher for network-on-chip (NoC) architectures. AES and LED security algorithms was a subject of this comparison. The designs are developed in Xilinx ISE 14.7 tool using VHDL language.

An identity-based distributed key management scheme for airborne ad hoc networks is analyzed. It is demonstrated that in the generation phase of user private key, the user identity certificate is transmitted in the public channel, so that the attacker can use the intercepted identity certificate to fake the legitimate node and cheat the distributed key generation center to generate private key for it. Then, an improved authentication scheme is proposed. It constructs the signature of timestamp using the private key of the user node as authentication proof, so that the attacker can't forge the authentication information. It is showed that the improved scheme can effectively resist the forgery attack, and further reduce the computing cost of user nodes while realizing all the functions of the original scheme.