Biblio

A method for providing energy and structural secrecy of a signal is presented, which is based on the method of pseudo-random restructuring of the spreading sequence. This method complicates the implementation of the accumulation mode, and therefore the detection of the signal-code structure of the signal in a third-party receiver, due to the use of nested pseudo-random sequences (PRS) and their restructuring. And since the receiver-detector is similar to the receiver of the communication system, it is necessary to ensure optimal signal processing to implement an acceptable level of structural secrecy.

Nowadays, an increasing trend to use autonomous Unmanned Aerial Vehicles (UAV) for applications like logistics as well as security and surveillance can be recorded. Autonomic UAVs require robust and precise navigation to ensure efficient and safe operation even in strong multipath environments and (intended) interference. The need for robust navigation on UAVs implies the necessary integration of low-cost, lightweight, and compact array antennas as well as structures for multipath mitigation into the UAV platform. This article investigates a miniaturized antenna array mounted on top of vertical choke rings for robust navigation purposes. The array employs four 3D printed elements based on dielectric resonators capable of operating in all GNSS bands while compact enough for mobile applications such as UAV.

The continuous increase in sophistication of threat actors over the years has made the use of actionable threat intelligence a critical part of the defence against them. Such Cyber Threat Intelligence is published daily on several online sources, including vulnerability databases, CERT feeds, and social media, as well as on forums and web pages from the Surface and the Dark Web. Named Entity Recognition (NER) techniques can be used to extract the aforementioned information in an actionable form from such sources. In this paper we investigate how the latest advances in the NER domain, and in particular transformer-based models, can facilitate this process. To this end, the dataset for NER in Threat Intelligence (DNRTI) containing more than 300 pieces of threat intelligence reports from open source threat intelligence websites is used. Our experimental results demonstrate that transformer-based techniques are very effective in extracting cybersecurity-related named entities, by considerably outperforming the previous state- of-the-art approaches tested with DNRTI.

Automated analysis of facial expressions is one of the most interesting and challenging problems in many areas such as human-computer interaction. Facial images are affected by many factors, such as intensity, pose and facial expressions. These factors make facial expression recognition problem a challenge. The aim of this paper is to propose a new method based on the pyramid local binary pattern (PLBP) and the pyramid local phase quantization (PLPQ), which are the extension of the local binary pattern (LBP) and the local phase quantization (LPQ) as two methods for extracting texture features. LBP operator is used to extract LBP feature in the spatial domain and LPQ operator is used to extract LPQ feature in the frequency domain. The combination of features in spatial and frequency domains can provide important information in both domains. In this paper, PLBP and PLPQ operators are separately used to extract features. Then, these features are combined to create a new feature vector. The advantage of pyramid transform domain is that it can recognize facial expressions efficiently and with high accuracy even for very low-resolution facial images. The proposed method is verified on the CK+ facial expression database. The proposed method achieves the recognition rate of 99.85% on CK+ database.

Physically Unclonable Functions (PUFs) have been considered as promising lightweight primitives for random number generation and device authentication. Thanks to the imperfections occurring during the fabrication process of integrated circuits, each PUF generates a unique signature which can be used for chip identification. Although supposed to be unclonable, PUFs have been shown to be vulnerable to modeling attacks where a set of collected challenge response pairs are used for training a machine learning model to predict the PUF response to unseen challenges. Challenge obfuscation has been proposed to tackle the modeling attacks in recent years. However, knowing the obfuscation algorithm can help the adversary to model the PUF. This paper proposes a modeling-resilient arbiter-PUF architecture that benefits from the randomness provided by PUFs in concealing the obfuscation scheme. The experimental results confirm the effectiveness of the proposed structure in countering PUF modeling attacks.

Physical-layer security is a new paradigm that offers data protection against eavesdropping in wireless 5G networks. In this context, the Gaussian channel is a typical model that captures the practical aspects of confidentially transmitting a message through the wireless medium. In this paper, we consider the peculiar case of transmitting a message through a wireless, state-dependent channel which is prone to eavesdropping, where the state knowledge is non-causally known and shared between the sender and the eavesdropper. We show that a novel structured coding scheme, which combines random coding arguments and the dirty-paper coding technique, achieves the fundamental limit of secure and reliable communication for the considered model.

A code smells detection rule is a combination of metrics with their corresponding crisp thresholds and labels. The goal of this paper is to deal with metrics' thresholds uncertainty; as usually such thresholds could not be exactly determined to judge the smelliness of a particular software class. To deal with this issue, we first propose to encode each metric value into a binary possibility distribution with respect to a threshold computed from a discretization technique; using the Possibilistic C-means classifier. Then, we propose ADIPOK-UMT as an evolutionary algorithm that evolves a population of PK-NN classifiers for the detection of smells under thresholds' uncertainty. The experimental results reveal that the possibility distribution-based encoding allows the implicit weighting of software metrics (features) with respect to their computed discretization thresholds. Moreover, ADIPOK-UMT is shown to outperform four relevant state-of-art approaches on a set of commonly adopted benchmark software systems.

This study used the support vector machine (SVM) algorithm to predict Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks on a proxy server. Proxy-servers are prone to attacks such as DoS and DDoS and existing detection and prediction systems are inefficient. Three convex optimization problems using the Gaussian, linear and non-linear kernel methods were solved using the SVM module to detect the attacks. The SVM module and proxy server were implemented in Python and javascript respectively and made to run on a local network. Four other computers running on the same network where made to each communicate with the proxy server (two dedicated to attack the server). The server was able to detect and filter out the malicious requests from the attacking clients. Hence, the SVM module can effectively predict cyber attacks and can be integrated into any server to detect such attacks for improved security.

Autonomous cyber-physical systems (CPS) are susceptible to non-invasive physical attacks such as sensor spoofing attacks that are beyond the classical cybersecurity domain. These attacks have motivated numerous research efforts on attack detection, but little attention on what to do after detecting an attack. The importance of attack recovery is emphasized by the need to mitigate the attack’s impact on a system and restore it to continue functioning. There are only a few works addressing attack recovery, but they all rely on prior knowledge of system dynamics. To overcome this limitation, we propose Recovery-by-Learning, a data-driven attack recovery framework that restores CPS from sensor attacks. The framework leverages natural redundancy among heterogeneous sensors and historical data for attack recovery. Specially, the framework consists of two major components: state predictor and data checkpointer. First, the predictor is triggered to estimate systems states after the detection of an attack. We propose a deep learning-based prediction model that exploits the temporal correlation among heterogeneous sensors. Second, the checkpointer executes when no attack is detected. We propose a double sliding window based checkpointing protocol to remove compromised data and keep trustful data as input to the state predictor. Third, we implement and evaluate the effectiveness of our framework using a realistic data set and a ground vehicle simulator. The results show that our method restores a system to continue functioning in presence of sensor attacks.

New services and products are increasingly becoming integral parts of our daily lives rising our technological dependence, as well as our exposure to risks from cyber. Critical sectors such as transport are progressively depending on digital technologies to run their core operations and develop novel solutions to exploit the economic strengths of the European Union. However, despite the fact that the continuously increasing number of visitors, entering the European Union through land-border crossing points or seaports, brings tremendous economic benefits, novel border control solutions, such as mobile devices for passenger identification for land and sea border control, are essential to accurately identify passengers ``on the fly'' while ensuring their comfort. However, the highly confidential personal data managed by these devices makes them an attractive target for cyberattacks. Therefore, novel secure and usable user authentication mechanisms are required to increase the level of security of this kind of devices without interrupting border control activities. Towards this direction, we, firstly, discuss risk-based and adaptive authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge. Besides that, a novel risk-based adaptive user authentication mechanism is proposed for mobile passenger identification devices used by border control officers at land and sea borders.

Cryptographic algorithms are playing an important role in the information security field. Strong and unbreakable algorithms provide high security and good throughput. The strength of any encryption algorithm is basically based on the degree of difficulty to obtain the encryption key by such cyber-attacks as brute. It is supposed that the bigger the key size, the more difficult it is to compute the key. But increasing the key size will increase both the computational complexity and the processing time of algorithms. In this paper, we proposed a reliable, effective, and more secure symmetric stream cipher algorithm for encryption and decryption called Symmetric Cipher based on Key Hashing Algorithm (SCKHA). The idea of this algorithm is based on hashing and splitting the encryption symmetric key. Hashing the key will hide the encrypted key to prevent any intruder from forging the hash code, and, thus, it satisfies the purpose of security, authentication, and integrity for a message on the network. In addition, the algorithm is secure against a brute-force attack by increasing the resources it takes for testing each possible key. Splitting the hashed value of the encryption key will divide the hashed key into two key chunks. The encryption process performed using such one chunk based on some calculations on the plaintext. This algorithm has three advantages that are represented in computational simplicity, security and efficiency. Our algorithm is characterized by its ability to search on the encrypted data where the plaintext character is represented by two ciphertext characters (symbols).

Internet security is constantly at risk as a result of the fast developing and highly sophisticated exploitation methods. These attacks use numerous media to take advantage of the most vulnerable of Internet users. Phishing, spam calling, unsecure content and other means of intrusion threaten Internet users every day. In order to maintain the security and privacy of sensitive user data, the user must pay for services that include the storage and generation of secure passwords, monitoring internet traffic to discourage navigation to malicious websites, among other services. Some people do not have the money to purchase privacy protection services and others find convoluted euphemisms baked into privacy policies quite confusing. In response to this problem, we developed an Internet security software package, Secure Suite, which we provide as open source and hence free of charge. Users can easily deploy and manage Secure Suite. It is composed of a password manager, a malicious URL detection service, dubbed MalURLNet, a URL extender, data visualization tools, a browser extension to interact with the web app, and utility tools to maintain data integrity. MalURLNet is one of the main components of Secure Suite. It utilizes deep learning and other open-source software to mitigate security threats by identifying malicious URLs. We exhaustively tested our proposed MalURLNet service. Our studies show that MalURLNet outperforms four other well-known URL classifiers in terms of accuracy, loss, precision, recall, and F1-Score.

This position paper presents and illustrates the concept of security requirements as code – a novel approach to security requirements specification. The aspiration to minimize code duplication and maximize its reuse has always been driving the evolution of software development approaches. Object-Oriented programming (OOP) takes these approaches to the state in which the resulting code conceptually maps to the problem that the code is supposed to solve. People nowadays start learning to program in the primary school. On the other hand, requirements engineers still heavily rely on natural language based techniques to specify requirements. The key idea of this paper is: artifacts produced by the requirements process should be treated as input to the regular object-oriented analysis. Therefore, the contribution of this paper is the presentation of the major concepts for the security requirements as the code method that is illustrated with a real industry example from the VeriDevOps project.

Random number generators (RNGs) has an extensive application area from cryptography to simulation software. Piecewise linear one-dimensional (PL1D) maps are commonly preferred structures used as the basis of RNGs due to their theoretically proven chaotic behavior and ease of implementation. In this work, a skew-tent map based RNG is designed by using the chaotic sampling method in TSMC 180 nm CMOS process. Simulation data of the designed RNG is validated by the statistical randomness tests of the FIPS-140-2 and NIST 800-22 suites. The proposed RNG has three key features: the generated bitstreams can fulfill the randomness tests without using any post processing methods; the proposed RNG has immunity against external interference thanks to the chaotic sampling method; and higher bitrates (4.8 Mbit/s) can be achieved with relatively low power consumption (9.8 mW). Thus, robust RNG systems can be built for high-speed security applications with low power by using the proposed architecture.

Business's strength arises from the strength of its supply chain. Therefore, a proper supply chain management is vital for business continuity. One of the most challenging parts of SCM is the contract negotiation, and one main aspect of the negotiation is to know the risk associated with each range of quantity agreed on. Currently Managers assess the quantity to be supplied based on a binary way of either full or 0 supply, This paper aims to assess the corresponding quantities risks of the suppliers on a multilayer basis. The proposed approach uses fuzzy logic as an artificial intelligence tool that would develop the verbal terms of managers into numbers to be dealt with. A company that produces fresh frozen vegetables and fruits in Egypt who faces the problem of getting the required quantities from the suppliers with a fulfilment rate of 33% was chosen to apply the proposed model. The model allowed the managers to have full view of risk in their supply chain effectively and decide their needed capacity as well as the negotiation terms with both suppliers and customers. Future work should be the use of more data in the fuzzy database and implement the proposed methodology in an another industry.

The test of security primitives is particularly strategic as any bias coming from the implementation or environment can wreck havoc on the security it is intended to provide. This paper presents how some security properties are tested on leading primitives: True Random Number Generation (TRNG), Physically Unclonable Function (PUF), cryptographic primitives and Digital Sensor (DS). The test of TRNG and PUF to ensure a high level of security is mainly about the entropy assessment, which requires specific statistical tests. The security against side-channel analysis (SCA) of cryptographic primitives, like the substitution box in symmetric cryptography, is generally ensured by masking. But the hardware implementation of masking can be damaged by glitches, which create leakages on sensitive variables. A test method is to search for nets of the cryptographic netlist, which are vulnerable to glitches. The DS is an efficient primitive to detect disturbances and rise alarms in case of fault injection attack (FIA). The dimensioning of this primitive requires a precise test to take into account the environment variations including the aging.

Critical infrastructures have to withstand advanced and persistent threats, which can be addressed using Byzantine fault tolerant state-machine replication (BFT-SMR). In practice, unattended cyberdefense systems rely on threat level detectors that synchronously inform them of changing threat levels. However, to have a BFT-SMR protocol operate unattended, the state-of-the-art is still to configure them to withstand the highest possible number of faulty replicas \$f\$ they might encounter, which limits their performance, or to make the strong assumption that a trusted external reconfiguration service is available, which introduces a single point of failure. In this work, we present ThreatAdaptive the first BFT-SMR protocol that is automatically strengthened or optimized by its replicas in reaction to threat level changes. We first determine under which conditions replicas can safely reconfigure a BFT-SMR system, i.e., adapt the number of replicas \$n\$ and the fault threshold \$f\$ so as to outpace an adversary. Since replicas typically communicate with each other using an asynchronous network they cannot rely on consensus to decide how the system should be reconfigured. ThreatAdaptive avoids this pitfall by proactively preparing the reconfiguration that may be triggered by an increasing threat when it optimizes its performance. Our evaluation shows that ThreatAdaptive can meet the latency and throughput of BFT baselines configured statically for a particular level of threat, and adapt 30% faster than previous methods, which make stronger assumptions to provide safety.

Nowadays a huge amount of sensitive information is sending via packet data networks and its security doesn't provided properly. Very often information leakage causes huge damage to organizations. One of the mechanisms to cause information leakage when it transmits through a communication channel is to construct a covert channel. Everywhere used packet networks provide huge opportunities for covert channels creating, which often leads to leakage of critical data. Moreover, covert channels based on packet length modifying can function in a system even if traffic encryption is applied and there are some data transfer schemes that are difficult to detect. The purpose of the paper is to construct and examine a normalization protection tool against covert channels. We analyze full and partial normalization, propose estimation of the residual covert channel capacity in a case of counteracting and determine the best parameters of counteraction tool.

Existing digital identity management systems fail to deliver the desirable properties of control by the users of their own identity data, credibility of disclosed identity data, and network-level anonymity. The recently proposed Self-Sovereign Identity (SSI) approach promises to give users these properties. However, we argue that without addressing privacy at the network level, SSI systems cannot deliver on this promise. In this paper we present the design and analysis of our solution TCID, created in collaboration with the Dutch government. TCID is a system consisting of a set of components that together satisfy seven functional requirements to guarantee the desirable system properties. We show that the latency incurred by network-level anonymization in TCID is significantly larger than that of identity data disclosure protocols but is still low enough for practical situations. We conclude that current research on SSI is too narrowly focused on these data disclosure protocols.

In this paper, two methods are introduced for securing voice communication. The first technique applies multilevel chaos-based block cipher and the second technique applies non-autonomous chaotic modulation. In the first approach, the encryption method is implemented by joining Arnold cat map with the Lorenz system. This method depends on permuting and substituting voice samples. Applying two levels of a chaotic system, enhances the security of the encrypted signal. the permutation process of the voice samples is implemented by applying Arnold cat map, then use Lorenz chaotic flow to create masking key and consequently substitute the permuted samples. In the second method, an encryption method based on non-autonomous modulation is implemented, in the master system, and the voice injection process is applied into one variable of the Lorenz chaotic flow without modifying the state of controls parameter. Non-autonomous modulation is proved to be more suitable than other techniques for securing real-time applications; it also masters the problems of chaotic parameter modulation and chaotic masking. A comparative study of these methods is presented.

The main objective of Human Activity Recognition (HAR) is to detect various activities in video frames. Video surveillance is an import application for various security reasons, therefore it is essential to classify activities as usual and unusual. This paper implements the deep learning model that has the ability to classify and localize the activities detected using a Single Shot Detector (SSD) algorithm with a bounding box, which is explicitly trained to detect usual and unusual activities for security surveillance applications. Further this model can be deployed in public places to improve safety and security of individuals. The SSD model is designed and trained using transfer learning approach. Performance evaluation metrics are visualised using Tensor Board tool. This paper further discusses the challenges in real-time implementation.

The secure functioning of automotive systems is vital to the safety of their passengers and other roadway users. One of the critical functions for safety is the controller area network (CAN), which interconnects the safety-critical electronic control units (ECUs) in the majority of ground vehicles. Unfortunately CAN is known to be vulnerable to several attacks. One such attack is the bus-off attack, which can be used to cause a victim ECU to disconnect itself from the CAN bus and, subsequently, for an attacker to masquerade as that ECU. A limitation of the bus-off attack is that it requires the attacker to achieve tight synchronization between the transmission of the victim and the attacker's injected message. In this paper, we introduce a schedule-based attack framework for the CAN bus-off attack that uses the real-time schedule of the CAN bus to predict more attack opportunities than previously known. We describe a ranking method for an attacker to select and optimize its attack injections with respect to criteria such as attack success rate, bus perturbation, or attack latency. The results show that vulnerabilities of the CAN bus can be enhanced by schedule-based attacks.

The Bitcoin blockchain is managed by an underlying peer-to-peer network. This network is responsible for the propagation of transactions carried out by users via the blocks (which contain the validated transactions), and to ensure consensus between the different nodes. The quality and safety of this network are therefore particularly essential. In this work, we present an open dataset on the peers composing the Bitcoin P2P Network that was made following a well defined and reproducible methodology. We also provide a first analysis of the dataset on three criteria: the number of public nodes and their client version and geographical distribution.

Malware poses a threat to computing systems worldwide, and security experts work tirelessly to detect and classify malware as accurately and quickly as possible. Since malware can use evasion techniques to bypass static analysis and security mechanisms, dynamic analysis methods are more useful for accurately analyzing the behavioral patterns of malware. Previous studies showed that malware behavior can be represented by sequences of executed system calls and that machine learning algorithms can leverage such sequences for the task of malware classification (a.k.a. malware categorization). Accurate malware classification is helpful for malware signature generation and is thus beneficial to antivirus vendors; this capability is also valuable to organizational security experts, enabling them to mitigate malware attacks and respond to security incidents. In this paper, we propose an improved methodology for malware classification, based on analyzing sequences of system calls invoked by malware in a dynamic analysis environment. We show that adding an attention mechanism to a LSTM model improves accuracy for the task of malware classification, thus outperforming the state-of-the-art algorithm by up to 6%. We also show that the transformer architecture can be used to analyze very long sequences with significantly lower time complexity for training and prediction. Our proposed method can serve as the basis for a decision support system for security experts, for the task of malware categorization.

Both the data science and scientific computing communities are embracing GPU acceleration for their most demanding workloads. For scientific computing applications, the massive volume of code and diversity of hardware platforms at supercomputing centers has motivated a strong effort toward performance portability. This property of a program, denoting its ability to perform well on multiple architectures and varied datasets, is heavily dependent on the choice of parallel programming model and which features of the programming model are used. In this paper, we evaluate performance portability in the context of a data science workload in contrast to a scientific computing workload, evaluating the same sparse matrix kernel on both. Among our implementations of the kernel in different performance-portable programming models, we find that many struggle to consistently achieve performance improvements using the GPU compared to simple one-line OpenMP parallelization on high-end multicore CPUs. We show one that does, and its performance approaches and sometimes even matches that of vendor-provided GPU math libraries.