Biblio

With the increasing prevalence of mobile devices, face-to-face device-to-device (D2D) communication has been applied to a variety of daily scenarios such as mobile payment and short distance file transfer. In D2D communications, a critical security problem is verifying the legitimacy of devices when they share no secrets in advance. Previous research addressed the problem with device authentication and pairing schemes based on user intervention or exploiting physical properties of the radio or acoustic channels. However, a remaining challenge is to secure face-to-face D2D communication even in the middle of a crowd, within which an attacker may hide. In this paper, we present Nhuth, a nonlinearity-enhanced, location-sensitive authentication mechanism for such communication. Especially, we target at the secure authentication within a limited range such as 20 cm, which is the common case for face-to-face scenarios. Nhuth contains averification scheme based on the nonlinear distortion of speaker-microphone systems and a location-based-validation model. The verification scheme guarantees device authentication consistency by extracting acoustic nonlinearity patterns (ANP) while the validation model ensures device legitimacy by measuring the time difference of arrival (TDOA) at two microphones. We analyze the security of Nhuth theoretically and evaluate its performance experimentally. Results show that Nhuth can verify the device legitimacy in the presence of nearby attackers.

In this paper, we design NETHCF, a line-rate in-network system for filtering spoofed traffic. NETHCF leverages the opportunity provided by programmable switches to design a novel defense against spoofed IP traffic, and it is highly efficient and adaptive. One key challenge stems from the restrictions of the computational model and memory resources of programmable switches. We address this by decomposing the HCF system into two complementary components-one component for the data plane and another for the control plane. We also aggregate the IP-to-Hop-Count (IP2HC) mapping table for efficient memory usage, and design adaptive mechanisms to handle end-to-end routing changes, IP popularity changes, and network activity dynamics. We have built a prototype on a hardware Tofino switch, and our evaluation demonstrates that NETHCF can achieve line-rate and adaptive traffic filtering with low overheads.

NeuronUnityIntgration2.0 (demo video is avilable at http://tiny.cc/u1lz6y) is a plugin for Unity which provides gesture recognition functionalities through the Perception Neuron motion capture suit. The system offers a recording mode, which guides the user through the collection of a dataset of gestures, and a recognition mode, capable of detecting the recorded actions in real time. Gestures are recognized by training Support Vector Machines directly within our plugin. We demonstrate the effectiveness of our application through an experimental evaluation on a newly collected dataset. Furthermore, external applications can exploit NeuronUnityIntgration2.0's recognition capabilities thanks to a set of exposed API.

Power system intelligent terminal equipment is widely used in real-time monitoring, data acquisition, power management, power distribution and other tasks of smart grid. The power system intelligent terminal can obtain various information of users and power companies in the power grid, but there is still a lack of protection means for the connection and communication process of the terminal components. In this paper, a novel method based on improved deep belief network(IDBN) is proposed to accomplish the business-level security monitoring and attack detection of power system terminal. A non-intrusive business-level monitoring platform for power system terminals is established, which uses energy metering intelligent terminals as an example for non-intrusive data collection. Based on this platform, the I-DBN extracts the spatial and temporal attack characteristics of the external monitoring data of the system. Some fault conditions and cyber attacks of the model have been simulated to demonstrate the effectiveness of the proposed detection method and the results show excellent performance. The method and platform proposed in this paper can be extended to other services in the power industry, providing a theoretical basis and implementation method for realizing the security monitoring of power system intelligent terminals from the business level.

Mechanism to-Rube Goldberg invention accord is normal habituated to for apartment phones and Internet of Things. Agree and central knowledge are open to meet an unfailing turning between twosome gadgets. In ignoble fracas, factual methodologies many a time eon wait on a prefabricated solitarily pronunciation database and bear the ill effects of serene age rate. We verifiable GeneWave, a brusque gadget inspection and root assention convention for item cell phones. GeneWave mischievous accomplishes bidirectional ingenious inspection office on the physical reaction meantime between two gadgets. To evade the resolution of interim in compliance, we overshadow overseas time fragility on ware gadgets skim through steep flag location and excess time crossing out. At zigzag goal, we success out the elementary acoustic channel reaction for gadget verification. We combination an extraordinary coding pointing for virtual key assention while guaranteeing security. Consequently, two gadgets heart signal couple choice and safely concur on a symmetric key.

Internet of Things(IoT) is an important part of the new generation of information technology and an important stage of development in the era of informatization. As a next generation network, Information Centric Network (ICN) has been introduced into the IoT, leading to the content independence of IC-IoT. To manage the changing network conditions and diagnose the cause of anomalies within it, network operators must obtain and analyze network status information from monitoring tools. However, traditional network supervision method will not be applicable to IC-IoT centered on content rather than IP. Moreover, the surge in information volume will also bring about insufficient information distribution, and the data location in the traditional management information base is fixed and cannot be added or deleted. To overcome these problems, we propose a name-based smart tracking system to store network state information in the IC-IoT. Firstly, we design a new structure of management information base that records various network state information and changes its naming format. Secondly, we use a tracking method to obtain the required network status information. When the manager issues a status request, each data block has a defined data tracking table to record past requests, the location of the status data required can be located according to it. Thirdly, we put forward an adaptive network data location replacement strategy based on the importance of stored data blocks, so that the information with higher importance will be closer to the management center for more efficient acquisition. Simulation results indicate the feasibility of the proposed scheme.

Anonymous Communication (AC) hides traffic patterns and protects message metadata from being leaked during message transmission. Many practical AC systems have been proposed aiming to reduce communication latency and support a large number of users. However, how to design AC systems which possess strong security property and at the same time achieve optimal performance (i.e., the lowest latency or highest horizontal scalability) has been a challenging problem. In this paper, we propose an ObliComm framework, which consists of six modular AC subroutines. We also present a strong security definition for AC, named oblivious communication, encompassing confidentiality, unobservability, and a new requirement sending-and-receiving operation hiding. The AC subroutines in ObliComm allow for modular construction of oblivious communication systems in different network topologies. All constructed systems satisfy oblivious communication definition and can be provably secure in the universal composability (UC) framework. Additionally, we model the relationship between the network topology and communication measurements by queuing theory, which enables the system's efficiency can be optimized and estimated by quantitative analysis and calculation. Through theoretical analyses and empirical experiments, we demonstrate the efficiency of our scheme and soundness of the queuing model.

With the development of artificial intelligence (AI), multimedia privacy issues have become more challenging than ever. AI-assisted malicious entities can steal private information from multimedia data more easily than humans. Traditional multimedia privacy protection only considers the situation when humans are the adversaries, therefore they are ineffective against AI-assisted attackers. In this paper, we develop a new framework and new algorithms that can protect image privacy from both humans and AI. We combine the idea of adversarial image perturbation which is effective against AI and the obfuscation technique for human adversaries. Experiments show that our proposed methods work well for all types of attackers.

Recent advances in the development of the first generation of quantum computing devices have provided researchers with computational platforms to explore new ideas and reformulate conventional computational codes suitable for a quantum computer. Developers can now implement these reformulations on both quantum simulators and hardware platforms through a cloud computing software environment. For example, the IBM Q Experience provides the direct access to their quantum simulators and quantum computing hardware platforms. However these current access options may not be an optimal environment for developers needing to download and modify the source codes and libraries. This paper focuses on the construction of a Docker container environment with Qiskit source codes and libraries running on a local cloud computing system that can directly access the IBM Q Experience. This prototype container based system allows single user and small project groups to do rapid prototype development, testing and implementation of extreme capability algorithms with more agility and flexibility than can be provided through the IBM Q Experience website. This prototype environment also provides an excellent teaching environment for labs and project assignments within graduate courses in cloud computing and quantum computing. The paper also discusses computer security challenges for expanding this prototype container system to larger groups of quantum computing researchers.

Remote Attestation ( RA) is a security service that enables a trusted verifier ( Vrf) to measure current memory state of an untrusted remote prover ( Prv). If correctly implemented, RA allows Vrf to remotely detect if Prv's memory reflects a compromised state. However, RA by itself offers no means of remedying the situation once P rv is determined to be compromised. In this work we show how a secure RA architecture can be extended to enable important and useful security services for low-end embedded devices. In particular, we extend the formally verified RA architecture, VRASED, to implement provably secure software update, erasure, and system-wide resets. When (serially) composed, these features guarantee to Vrf that a remote Prv has been updated to a functional and malware-free state, and was properly initialized after such process. These services are provably secure against an adversary (represented by malware) that compromises Prv and exerts full control of its software state. Our results demonstrate that such services incur minimal additional overhead (0.4% extra hardware footprint, and 100-s milliseconds to generate combined proofs of update, erasure, and reset), making them practical even for the lowest-end embedded devices, e.g., those based on MSP430 or AVR ATMega micro-controller units (MCUs). All changes introduced by our new services to VRASED trusted components are also formally verified.

SCADA systems are being constantly migrated to modern information and communication technologies (ICT) -based systems named cyber-physical systems. Unfortunately, this allows attackers to execute exploitation techniques into these architectures. In addition, ransomware insertion is nowadays the most popular attacking vector because it denies the availability of critical files and systems until attackers receive the demanded ransom. In this paper, it is analysed the risk impact of ransomware insertion into SCADA systems and it is suggested countermeasures addressed to the protection of SCADA systems and its components to reduce the impact of ransomware insertion.

This paper addresses the fundamental problem of identifying driver talking directions using a single smartphone, which can help drivers by warning distraction of having conversations with passengers in a vehicle and enable safety enhancement. The basic idea of our system is to perform talking status and direction identification using two microphones on a smartphone. We first use the sound recorded by the two microphones to identify whether the driver is talking or not. If yes, we then extract the so-called channel fingerprint from the speech signal and classify it into one of three typical driver talking directions, namely, front, right and back, using a trained model obtained in advance. The key novelty of our scheme is the proposition of channel fingerprint which leverages the heavy multipath effects in the harsh in-vehicle environment and cancels the variability of human voice, both of which combine to invalidate traditional TDoA, DoA and fingerprint based sound source localization approaches. We conducted extensive experiments using two kinds of phones and two vehicles for four phone placements in three representative scenarios, and collected 23 hours voice data from 20 participants. The results show that our system can achieve 95.0% classification accuracy on average.

Security has been a challenging aspect recently in the field of Web Development. A failure to obtain security in web applications may lead to complete destruction of the web application or may cause some loss to the user or the owner. To tackle this, a huge research on how to secure a web app has been going on for quite some time, yet to achieve security in today's modern era is a very difficult and no less than a challenge for web applications. All these things lead only to a vulnerable/faulty source code, formulated in coding such as PHP. Static Source Code analysis (SCSA) tools tend to give a solution to detect vulnerabilities, but they tend to detect vulnerabilities which actually are false positives, which leads to excess code reexamination. The proposed system will tackle the current situation of SCSA. This will be achieved by two additional modules to SCSA i.e. Taint analysis with False Positive Predictor which will detect and segregate the true vulnerable code from false positives respectively. The proposed system will be used by the Web Application programmers during testing of web application.

Automatic Speech Verification (ASV) systems are highly vulnerable to spoofing attacks, and replay attack poses the greatest threat among various spoofing attacks. In this paper, we propose a novel multi-channel feature extraction method with attention-based adaptive filters (AAF). Original phase information, discarded by conventional feature extraction techniques after Fast Fourier Transform (FFT), is promising in distinguishing genuine from replay spoofed speech. Accordingly, phase and magnitude information are respectively extracted as phase channel and magnitude channel complementary features in our system. First, we make discriminative ability analysis on full frequency bands with F-ratio methods. Then attention-based adaptive filters are implemented to maximize capturing of high discriminative information on frequency bands, and the results on ASVspoof 2017 challenge indicate that our proposed approach achieved relative error reduction rates of 78.7% and 59.8% on development and evaluation dataset than the baseline method.

To solve the problems of weak linkage ability and low intellectualization of strategy allocation in existing network security devices, a new method of cognitive linkage of network security equipment is proposed by learning from human brain. Firstly, the basic connotation and cognitive cycle of cognitive linkage are expounded. Secondly, the main functions of cognitive linkage are clarified. Finally, the cognitive linkage system model is constructed, and the information process flow of cognitive linkage is described. Cognitive linkage of network security equipment provides a new way to effectively enhance the overall protection capability of network security equipment.

As a new generation of network architecture with subversive changes to traditional IP networks, Content Centric Networks (CCN) has attracted widespread attention from domestic and foreign scholars for its efficient content distribution, multi-path and secure routing features. The design architecture of CCN network has many advantages. However, it is also easily used illegally, which brings certain security problems. For example, objectified network resources which include requesters, publishers, content and node routes, are faced with many security threats, such as privacy attribute disclosure, privacy detection, content information disclosure, and spoofing and denial of service attacks. A node routing security scheme based on dynamic reputation value is proposed for the security problem of node routing. It is convenient for detecting node routing attacks and defending in time. And it could provide security for the Content Centric Networks node routing without affecting the node routing advantages and normal user requests.

Aiming at the poor stability of traditional communication data encryption methods, a point-to-point encryption method of power system communication data based on block chain technology is studied and designed. According to the principle of asymmetric key encryption, the design method makes use of the decentralization and consensus mechanism of block chain technology to develop the public key distribution scheme. After the public key distribution is completed, the sender and receiver of communication data generate the transfer key and pair the key with the public key to realize the pairing between data points. Xor and modular exponentiation are performed on the communication data content, and prime Numbers are used to fill the content data block. The receiver decrypts the data according to the encryption identifier of the data content, and completes the design of the encryption method of communication data point to ground. Through the comparison with the traditional encryption method, it is proved that the larger the amount of encrypted data is, the more secure the communication data can be, and the stability performance is better than the traditional encryption method.

This paper surveys a review of Internet of Things (IoT) protocols, Service oriented Middleware in IoT. The modern development of IoT, expected to create many divorce application in health care without human intervention. Various protocols are involved in the applications development. Researchers are doing research for desirable protocol with all functionalities. Middleware for an IoT provides interoperability between the devices or applications. The engineering of an IoT dependent on Service Oriented Architecture (SOA), it operates as middleware. We survey the existing SOA based IoT middleware and its functionalities.

Power-noise viruses can be used as denial-of-service attacks by causing voltage emergencies in multi-core microprocessors that may lead to data corruptions and system crashes. In this paper, we present a run-time system for detecting and mitigating power-noise viruses. We present voltage noise data from a power-noise virus and benchmarks collected from an Arm multi-core processor, and we observe that the frequency of voltage emergencies is dramatically increasing during the execution of power-noise attacks. Based on this observation, we propose a regression model that allows for a run-time estimation of the severity of voltage emergencies by monitoring the frequency of voltage emergencies and the operating frequency of the microprocessor. For mitigating the problem, during the execution of critical tasks that require protection, we propose a system which periodically evaluates the severity of voltage emergencies and adapts its operating frequency in order to honour a predefined severity constraint. We demonstrate the efficacy of the proposed run-time system.

Virtual Prototypes (VPs) at the Electronic System Level (ESL) written in SystemC language using its Transaction Level Modeling (TLM) framework are increasingly adopted by the semiconductor industry. The main reason is that VPs are much earlier available, and their simulation is orders of magnitude faster in comparison to the hardware models implemented at lower levels of abstraction (e.g. RTL). This leads designers to use VPs as reference models for an early design verification. Hence, the correctness assurance of these reference models (VPs) is critical as undetected faults may propagate to less abstract levels in the design process, increasing the fixing cost and effort. In this paper, we propose a novel simulation-based verification approach to automatically validate the simulation behavior of a given SystemC VP against both the TLM-2.0 rules and its specifications (i.e. functional and timing behavior of communications in the VP). The scalability and the efficiency of the proposed approach are demonstrated using an extensive set of experiments including a real-word VP.

Nowadays, with the diversification and decentralization of energy systems, the energy Internet makes it possible to interconnect distributed energy sources and consumers. In the energy trading market, the traditional centralized model relies entirely on trusted third parties. However, as the number of entities involved in the transactions grows and the forms of transactions diversify, the centralized model gradually exposes problems such as insufficient scalability, High energy consumption, and low processing efficiency. To address these challenges, we propose a secure and efficient energy renewable trading scheme based on blockchain. In our scheme, the electricity market trading model is divided into two levels, which can not only protect the privacy, but also achieve a green computing. In addition, in order to adapt to the relatively weak computing power of the underlying equipment in smart grid, we design a credibility-based equity proof mechanism to greatly improve the system availability. Compared with other similar distributed energy trading schemes, we prove the advantages of our scheme in terms of high operational efficiency and low computational overhead through experimental evaluations. Additionally, we conduct a detailed security analysis to demonstrate that our solution meets the security requirements.

With the vast increase in data transmission due to a large number of information collected by devices, data management, and security has been a challenge for organizations. Many data owners (DOs) outsource their data to cloud repositories due to several economic advantages cloud service providers present. However, DOs, after their data are outsourced, do not have complete control of the data, and therefore, external systems are incorporated to manage the data. Several kinds of research refer to the use of encryption techniques to prevent unauthorized access to data but prove to be deficient in providing suitable solutions to the problem. In this article, we propose a secure fine-grain access control system for outsourced data, which supports read and write operations to the data. We make use of an attribute-based encryption (ABE) scheme, which is regarded as a suitable scheme to achieve access control for security and privacy (confidentiality) of outsourced data. This article considers different categories of data users, and make provisions for distinct access roles and permissible actions on the outsourced data with dynamic and efficient policy updates to the corresponding ciphertext in cloud repositories. We adopt blockchain technologies to enhance traceability and visibility to enable control over outsourced data by a DO. The security analysis presented demonstrates that the security properties of the system are not compromised. Results based on extensive experiments illustrate the efficiency and scalability of our system.

In this paper, we propose an exact closed-form expression of secrecy outage probability (SOP) for underlay cognitive network with energy scavenging capable relay over Nakagami-m fading channels and under both (maximum transmit and interference) power constraints. Various results validated the proposed expression and shed insights into the security performance of this network in key specifications.

Cloud computing is one of the emerging area in the business world that help to access resources at low expense with high privacy. Security is a standout amongst the most imperative difficulties in cloud network for cloud providers and their customers. In order to ensure security in cloud, we proposed a framework using different encryption algorithm namely Extended hill cipher and homomorphic encryption. Firstly user data/information is isolated into two parts which is static and dynamic data (critical data). Extended hill cipher encryption is applied over more important dynamic part where we are encrypting the string using matrix multiplication. While homomorphic encryption is applied over static data in which it accepts n number of strings as information, encode each string independently and lastly combine all the strings. The test results clearly manifests that the proposed model provides better information security.

To contest the rapidly developing cyber-attacks, numerous collaborative security schemes, in which multiple security entities can exchange their observations and other relevant data to achieve more effective security decisions, are proposed and developed in the literature. However, the security-related information shared among the security entities may contain some sensitive information and such information exchange can raise privacy concerns, especially when these entities belong to different organizations. With such consideration, the interplay between the attacker and the collaborative entities is formulated as Quantitative Information Flow (QIF) games, in which the QIF theory is adapted to measure the collaboration gain and the privacy loss of the entities in the information sharing process. In particular, three games are considered, each corresponding to one possible scenario of interest in practice. Based on the game-theoretic analysis, the expected behaviors of both the attacker and the security entities are obtained. In addition, the simulation results are presented to validate the analysis.