Biblio

Named Data Network (NDN) is an alternative to host-centric networking exemplified by today's Internet. One key feature of NDN is in-network caching that reduces access delay and query overhead by caching popular contents at the source as well as at a few other nodes. Unfortunately, in-network caching suffers various privacy risks by different attacks, one of which is termed timing attack. This is an attack to infer whether a consumer has recently requested certain contents based on the time difference between the delivery time of those contents that are currently cached and those that are not cached. In order to prevent the privacy leakage and resist such kind of attacks, we propose a detection scheme by adopting Long Short-term Memory (LSTM) model. Based on the four input features of LSTM, cache hit ratio, average request interval, request frequency, and types of requested contents, we timely capture more important eigenvalues by dividing a constant time window size into a few small slices in order to detect timing attacks accurately. We have performed extensive simulations to compare our scheme with several other state-of-the-art schemes in classification accuracy, detection ratio, false alarm ratio, and F-measure. It has been shown that our scheme possesses a better performance in all cases studied.

The huge volume, variety, and velocity of big data have empowered Machine Learning (ML) techniques and Artificial Intelligence (AI) systems. However, the vast portion of data used to train AI systems is sensitive information. Hence, any vulnerability has a potentially disastrous impact on privacy aspects and security issues. Nevertheless, the increased demands for high-quality AI from governments and companies require the utilization of big data in the systems. Several studies have highlighted the threats of big data on different platforms and the countermeasures to reduce the risks caused by attacks. In this paper, we provide an overview of the existing threats which violate privacy aspects and security issues inflicted by big data as a primary driving force within the AI/ML workflow. We define an adversarial model to investigate the attacks. Additionally, we analyze and summarize the defense strategies and countermeasures of these attacks. Furthermore, due to the impact of AI systems in the market and the vast majority of business sectors, we also investigate Standards Developing Organizations (SDOs) that are actively involved in providing guidelines to protect the privacy and ensure the security of big data and AI systems. Our far-reaching goal is to bridge the research and standardization frame to increase the consistency and efficiency of AI systems developments guaranteeing customer satisfaction while transferring a high degree of trustworthiness.

This work presents a new method of encrypting and decrypting speech based on a chaotic key generator. The proposed scheme takes advantage of the best features of chaotic systems. In the proposed method, the input speech signal is converted into an image which is ciphered by an encryption function using a chaotic key matrix generated from a fractional-order chaotic map. Based on a deadbeat observer, the exact synchronization of system used is established, and the decryption is performed. Different analysis are applied for analyzing the effectiveness of the encryption system. The obtained results confirm that the proposed system offers a higher level of security against various attacks and holds a strong key generation mechanism for satisfactory speech communication.

The emergence of novel technologies and high speed networks has enabled a continually generation of huge volumes of data that should be stored and processed. These big data have allowed the emergence of new forms of complex attacks whose resolution represents a big challenge. Different methods and tools are developed to deal with this issue but definite detection is still needed since various features are not considered and tracing back an attack remains a timely activity. In this context, we propose an investigation framework that allows the reconstruction of complex attack scenarios based on huge volume of data. This framework used a temporal conceptual graph to represent the big data and the dependency between them in addition to the tracing back of the whole attack scenario. The selection of the most probable attack scenario is assisted by a developed decision model based on hybrid neural network that enables the real time classification of the possible attack scenarios using RBF networks and the convergence to the most potential attack scenario within the support of an Elman network. The efficiency of the proposed framework has been illustrated for the global attack reconstruction process targeting a smart city where a set of available services are involved.

The evolution of smart automobiles and vehicles within the Internet of Things (IoT) - particularly as that evolution leads toward a proliferation of completely autonomous vehicles - has sparked considerable interest in the subject of vehicle/automotive security. While the attack surface is wide, there are patterns of exploitable vulnerabilities. In this study we reviewed, classified according to their attack surface and evaluated some of the common vehicle and infrastructure attack vectors identified in the literature. To remediate these attack vectors, specific technical recommendations have been provided as a way towards secure deployments of smart automobiles and transportation infrastructures.

This paper presents a scheme of intellectual property protection of hardware circuit based on digital compression coding technology. The aim is to solve the problem of high embedding cost and low resource utilization of IP watermarking. In this scheme, the watermark information is preprocessed by dynamic compression coding around the idle circuit of FPGA, and the free resources of the surrounding circuit are optimized that the IP watermark can get the best compression coding model while the extraction and detection of IP core watermark by activating the decoding function. The experimental results show that this method not only expands the capacity of watermark information, but also reduces the cost of watermark and improves the security and robustness of watermark algorithm.

Vehicular communication systems increase traffic efficiency and safety by allowing vehicles to share safety-related information and location-based services. Pseudonym schemes are the standard solutions providing driver/vehicle anonymity, whilst enforcing vehicle accountability in case of liability issues. State-of-the-art PKI-based pseudonym schemes present scalability issues, notably due to the centralized architecture of certificate-based solutions. The first Direct Anonymous Attestation (DAA)-based pseudonym scheme was introduced at VNC 2017, providing a decentralized approach to the pseudonym generation and update phases. The DAA-based construction leverages the properties of trusted computing, allowing vehicles to autonomously generate their own pseudonyms by using a (resource constrained) Trusted Hardware Module or Component (TC). This proposition however requires the TC to delegate part of the (heavy) pseudonym generation computations to the (more powerful) vehicle's On-Board Unit (OBU), introducing security and privacy issues in case the OBU becomes compromised. In this paper, we introduce a novel pseudonym scheme based on a variant of DAA, namely a pre-DAA-based pseudonym scheme. All secure computations in the pre-DAA pseudonym lifecycle are executed by the secure element, thus creating a secure enclave for pseudonym generation, update, and revocation. We instantiate vehicle-to-everything (V2X) with our pre-DAA solution, thus ensuring user anonymity and user-controlled traceability within the vehicular network. In addition, the pre-DAA-based construction transfers accountability from the vehicle to the user, thus complying with the many-to-many driver/vehicle relation. We demonstrate the efficiency of our solution with a prototype implementation on a standard Javacard (acting as a TC), showing that messages can be anonymously signed and verified in less than 50 ms.

When employing biometric recognition systems, we have to take into account that biometric data are considered sensitive data. This has raised some privacy issues, and therefore secure systems providing template protection are required. Using homomorphic encryption, permanent protection can be ensured, since templates are stored and compared in the encrypted domain. In addition, the unprotected system's accuracy is preserved. To solve the problem of the computational overload linked to the encryption scheme, we present an early decision making strategy for iris-codes. In order to improve the recognition accuracy, the most consistent bits of the iris-code are moved to the beginning of the template. This allows an accurate block-wise comparison, thereby reducing the execution time. Hence, the resulting system grants template protection in a computationally efficient way. More specifically, in the experimental evaluation in identification mode, the block-wise comparison achieves a 92% speed-up on the IITD database with 300 enrolled templates.

The growing number of internet based services and applications along with increasing adoption rate of connected wired and wireless devices presents opportunities as well as technical challenges and threads. Distributed Denial of Service (DDoS) attacks have huge devastating effects on internet enabled services. It can be implemented diversely with a variety of tools and codes. Therefore, it is almost impossible to define a single solution to prevent DDoS attacks. The available solutions try to protect internet services from DDoS attacks, but there is no accepted best-practice yet to this security breach. On the other hand, distinguishing DDoS attacks from analogous Flash Events (FEs) wherein huge number of legitimate users try to access a specific internet based services and applications is a tough challenge. Both DDoS attacks and FEs result in unavailability of service, but they should be treated with different countermeasures. Therefore, it is worthwhile to investigate novel methods which can detect well disguising DDoS attacks from similar FE traffic. This paper will contribute to this topic by proposing a hybrid DDoS and FE detection scheme; taking 3 isolated approaches including Kernel Online Anomaly Detection (KOAD), Shannon Entropy and Mahalanobis Distance. In this study, Shannon entropy is utilized with an online machine learning technique to detect abnormal traffic including DDoS attacks and FE traffic. Subsequently, the Mahalanobis distance metric is employed to differentiate DDoS and FE traffic. the purposed method is validated using simulated DDoS attacks, real normal and FE traffic. The results revealed that the Mahalanobis distance metric works well in combination with machine learning approach to detect and discriminate DDoS and FE traffic in terms of false alarms and detection rate.

In this paper, an image encryption scheme based on dynamic DNA sequence and two dimension logistic map is proposed. Firstly two different pseudo random sequences are generated using two dimension Sine-Henon alteration map. These sequences are used for altering the positions of each pixel of plain image row wise and column wise respectively. Secondly each pixels of distorted image and values of random sequences are converted into a DNA sequence dynamically using one dimension logistic map. Reversible DNA operations are applied between DNA converted pixel and random values. At last after decoding the results of DNA operations cipher image is obtained. Different theoretical analyses and experimental results proved the effectiveness of this algorithm. Large key space proved that it is possible to protect different types of attacks using our proposed encryption scheme.

To be able to meet demanding application performance requirements within a tight power budget, runtime power management must track hardware activity at a very fine granularity in both space and time. This gives rise to sophisticated power management algorithms, which need the underlying system to be both highly observable (to be able to sense changes in instantaneous power demand timely) and controllable (to be able to react to changes in instantaneous power demand timely). The end goal is allocating the power budget, which itself represents a very critical shared resource, in a fair way among active tasks of execution. Fundamentally, if not carefully managed, any system-wide shared resource can give rise to covert communication. Power budget does not represent an exception, particularly as systems are becoming more and more observable and controllable. In this paper, we demonstrate how power management vulnerabilities can enable covert communication over a previously unexplored, novel class of covert channels which we will refer to as POWERT channels. We also provide a comprehensive characterization of the POWERT channel capacity under various sharing and activity scenarios. Our analysis based on experiments on representative commercial systems reveal a peak channel capacity of 121.6 bits per second (bps).

Bio-modalities are ideal for user authentication in Medical Cyber-Physical Systems. Various forms of bio-modalities, such as the face, iris, fingerprint, are commonly used for secure user authentication. Concurrently, various spoofing approaches have also been developed over time which can fail traditional bio-modality detection systems. Image synthesis with play-doh, gelatin, ecoflex etc. are some of the ways used in spoofing bio-identifiable property. Since the bio-modality detection sensors are small and resource constrained, heavy-weight detection mechanisms are not suitable for these sensors. Recently, Fog based architectures are proposed to support sensor management in the Medical Cyber-Physical Systems (MCPS). A thin software client running in these resource-constrained sensors can enable communication with fog nodes for better management and analysis. Therefore, we propose a fog-based security application to detect bio-modality spoofing in a Fog based MCPS. In this regard, we propose a machine learning based security algorithm run as an application at the fog node using a binarized multi-factor boosted ensemble learner algorithm coupled with feature selection. Our proposal is verified on real datasets provided by the Replay Attack, Warsaw and LiveDet 2015 Crossmatch benchmark for face, iris and fingerprint modality spoofing detection used for authentication in an MCPS. The experimental analysis shows that our approach achieves significant performance gain over the state-of-the-art approaches.

Security of VMs is now becoming a hot topic due to their outsourcing in cloud computing paradigm. All VMs present on the network are connected to each other, making exploited VMs danger to other VMs. and threats to organization. Rejuvenation of virtualization brought the emergence of hyper-visor based security services like VMI (Virtual machine introspection). As there is a greater chance for any intrusion detection system running on the same system, of being dis-abled by the malware or attacker. Monitoring of VMs using VMI, is one of the most researched and accepted technique, that is used to ensure computer systems security mostly in the paradigm of cloud computing. This thesis presents a work that is to integrate LibVMI with Volatility on a KVM, a Linux based hypervisor, to introspect memory of VMs. Both of these tools are used to monitor the state of live VMs. VMI capability of monitoring VMs is combined with the malware analysis and virtual honeypots to achieve the objective of this project. A testing environment is deployed, where a network of VMs is used to be introspected using Volatility plug-ins. Time execution of each plug-in executed on live VMs is calculated to observe the performance of Volatility plug-ins. All these VMs are deployed as Virtual Honeypots having honey-pots configured on them, which is used as a detection mechanism to trigger alerts when some malware attack the VMs. Using STIX (Structure Threat Information Expression), extracted IOCs are converted into the understandable, flexible, structured and shareable format.

This paper designed a longitudinal bending coupled piezoelectric transducer. The transducer is composed of a rear metal block, a longitudinally polarized piezoelectric ceramic piece and a slotted round front cover. The longitudinal vibration of the piezoelectric oscillators drive the front cover to generate bending vibration to widen the operating frequency band while reducing the fluctuation of transmission voltage response. In this paper, the design method of this multimode coupled transducer is given, and the method is verified by numerical simulation. The results show that the analytical theory and numerical simulation results have good consistency. This longitudinal-flexural coupled vibration transducer widens the bandwidth while preserving the emission voltage response.

The process of release of a single domain wall from the closure domain structure at the microwire ends and the process of nucleation of the reversed domain in regions far from the microwire ends were studied using the technique that consists in determining the critical parameters of the rectangular magnetic field pulse (magnitude-Hpc and length-τc) needed for free domain wall production. Since these processes can be influenced by the magnitude of the magnetic field before or after the application of the field pulse (Hi, τ), we propose a modified experiment in which the so-called three-level pulse is used. The three-level pulse starts from the first level, then continues with the second measuring rectangular pulse (Hi, τ), which ends at the third field level. Based on the results obtained in experiments using three-level field pulses, it has been shown that reversed domains are not present in the remanent state in regions far from the microwire ends. Some modification of the theoretical model of a single domain wall trapped in a potential well will be needed for an adequate description of the depinning processes.

Smart technologies at hand have facilitated generation and collection of huge volumes of data, on daily basis. It involves highly sensitive and diverse data like personal, organisational, environment, energy, transport and economic data. Data Analytics provide solution for various issues being faced by smart cities like crisis response, disaster resilience, emergence management, smart traffic management system etc.; it requires distribution of sensitive data among various entities within or outside the smart city,. Sharing of sensitive data creates a need for efficient usage of smart city data to provide smart applications and utility to the end users in a trustworthy and safe mode. This shared sensitive data if get leaked as a consequence can cause damage and severe risk to the city's resources. Fortification of critical data from unofficial disclosure is biggest issue for success of any project. Data Leakage Detection provides a set of tools and technology that can efficiently resolves the concerns related to smart city critical data. The paper, showcase an approach to detect the leakage which is caused intentionally or unintentionally. The model represents allotment of data objects between diverse agents using Bigraph. The objective is to make critical data secure by revealing the guilty agent who caused the data leakage.

This research proposes an inspection on Trust Based Routing protocols to protect Internet of Things directing to authorize dependability and privacy amid to direction-finding procedure in inaccessible systems. There are number of Internet of Things (IOT) gadgets are interrelated all inclusive, the main issue is the means by which to protect the routing of information in the important systems from different types of stabbings. Clients won't feel secure on the off chance that they know their private evidence could without much of a stretch be gotten to and traded off by unapproved people or machines over the system. Trust is an imperative part of Internet of Things (IOT). It empowers elements to adapt to vulnerability and roughness caused by the through and through freedom of other devices. In Mobile Ad-hoc Network (MANET) host moves frequently in any bearing, so that the topology of the network also changes frequently. No specific algorithm is used for routing the packets. Packets/data must be routed by intermediate nodes. It is procumbent to different occurrences ease. There are various approaches to compute trust for a node such as fuzzy trust approach, trust administration approach, hybrid approach, etc. Adaptive Information Dissemination (AID) is a mechanism which ensures the packets in a specific transmission and it analysis of is there any attacks by hackers.It encompasses of ensuring the packet count and route detection between source and destination with trusted path.Trust estimation dependent on the specific condition or setting of a hub, by sharing the setting information onto alternate hubs in the framework would give a superior answer for this issue.Here we present a survey on various trust organization approaches in MANETs. We bring out instantaneous of these approaches for establishing trust of the partaking hubs in a dynamic and unverifiable MANET atmosphere.

Privacy is a fundamental concern that confronts systems dealing with sensitive data. The lack of robust solutions for defining and enforcing privacy measures continues to hinder the general acceptance and adoption of these systems. Edge computing has been recognized as a key enabler for privacy enhanced applications, and has opened new opportunities. In this paper, we propose a novel privacy model based on context-aware edge computing. Our model leverages the context of data to make decisions about how these data need to be processed and managed to achieve privacy. Based on a scenario from the eHealth domain, we show how our generalized model can be used to implement and enact complex domain-specific privacy policies. We illustrate our approach by constructing real world use cases involving a mobile Electronic Health Record that interacts with, and in different environments.

We propose an approach for allowing data owners to trade their data in digital data market scenarios, while keeping control over them. Our solution is based on a combination of selective encryption and smart contracts deployed on a blockchain, and ensures that only authorized users who paid an agreed amount can access a data item. We propose a safe interaction protocol for regulating the interplay between a data owner and subjects wishing to purchase (a subset of) her data, and an audit process for counteracting possible misbehaviors by any of the interacting parties. Our solution aims to make a step towards the realization of data market platforms where owners can benefit from trading their data while maintaining control.

The article is devoted to the improvement of neural network means of recognition of emotions on human geometry, which are defined for use in information systems of general purpose. It is shown that modern means of emotional recognition are based on the usual networks of critical disadvantage, because there is a lack of accuracy of recognition under the influence of purchased, characteristic of general-purpose information systems. It is determined that the above remarks relate to the turning of the face and the size of the image. A typical approach to overcoming this disadvantage through training is unacceptable for all protection options that are inappropriate for reasons of duration and compilation of the required training sample. It is proposed to increase the accuracy of recognition by submitting an expert data model to the neural network. An appropriate method for representing expert knowledge is developed. A feature of the method is the use of productive rules and the PNN neural network. Experimental verification of the developed solutions has been carried out. The obtained results allow to increase the efficiency of the termination and disclosure of the set of age networks, the characteristics of which are not presented in the registered statistical data.

Deep learning techniques have been widely used in intrusion detection, but their application on convolutional neural networks (CNN) is still immature. The main challenge is how to represent the network traffic to improve performance of the CNN model. In this paper, we propose a network intrusion detection algorithm based on representation learning using Fast Fourier Transformation (FFT), which is first exploration that converts traffic to image by FFT to the best of our knowledge. Each traffic is converted to an image and then the intrusion detection problem is turned to image classification. The experiment results on NSL-KDD dataset show that the classification performence of the algorithm in the CNN model has obvious advantages compared with other algorithms.

Intelligent connected vehicle system tightly integrates computing, communication, and control strategy. It can increase the traffic throughput, minimize the risk of accidents and reduce the energy consumption. However, because of the openness of the vehicular ad hoc network, the system is vulnerable to cyber-attacks and may result in disastrous consequences. Hence, it is interesting in design of the connected vehicular systems to be resilient to the sensor attacks. The paper focuses on the estimation and control of the intelligent connected vehicle systems when the sensors or the wireless channels of the system are attacked by attackers. We give the upper bound of the corrupted sensors that can be corrected and design the state estimator to reconstruct the initial state by designing a closed-loop controller. Finally, we verify the algorithm for the connected vehicle system by some classical simulations.

IoT middleware is an additional layer between IoT devices and the cloud applications that reduces computation and data handling on the cloud. In a typical IoT system model, middleware primarily connects to different IoT devices via IoT gateway. Device data stored on middleware is sensitive and private to a user. Middleware must have built-in mechanisms to address these issues, as well as the implementation of user authentication and access control. This paper presents the current methods used for access control on middleware and introduces Attribute-based encryption (ABE) on middleware for access control. ABE combines access control with data encryption for ensuring the integrity of data. In this paper, we propose Ciphertext-policy attribute-based encryption, abbreviated CP-ABE scheme on the middleware layer in the IoT system architecture for user access control. The proposed scheme is aimed to provide security and efficiency while reducing complexity on middleware. We have used the AVISPA tool to strengthen the proposed scheme.

A systematic study of technologies and concepts used for the design and construction of distributed fail-safe web systems has been conducted. The general principles of the design of distributed web-systems and information technologies that are used in the design of web-systems are considered. As a result of scientific research, it became clear that data backup is a determining attribute of most web systems serving. Thus, the main role in building modern web systems is to scaling them. Scaling in distributed systems is used when performing a particular operation requires a large amount of computing resources. There are two scaling options, namely vertical and horizontal. Vertical scaling is to increase the performance of existing components in order to increase overall productivity. However, for the construction of distributed systems, use horizontal scaling. Horizontal scaling is that the system is split into small components and placed on various physical computers. This approach allows the addition of new nodes to increase the productivity of the web system as a whole.

Networks of and embedded (IoT) devices are becoming increasingly popular, particularly, in settings such as smart homes, factories and vehicles. These networks can include numerous (potentially diverse) devices that collectively perform certain tasks. In order to guarantee overall safety and privacy, especially in the face of remote exploits, software integrity of each device must be continuously assured. This can be achieved by Remote Attestation (RA) - a security service for reporting current software state of a remote and untrusted device. While RA of a single device is well understood, collective RA of large numbers of networked embedded devices poses new research challenges. In particular, unlike single-device RA, collective RA has not benefited from any systematic treatment. Thus, unsurprisingly, prior collective RA schemes are designed in an ad hoc fashion. Our work takes the first step toward systematic design of collective RA, in order to help place collective RA onto a solid ground and serve as a set of design guidelines for both researchers and practitioners. We explore the design space for collective RA and show how the notions of security and effectiveness can be formally defined according to a given application domain. We then present and evaluate a concrete collective RA scheme systematically designed to satisfy these goals.