Biblio

This work describes a three-times (\$3$\backslash$times\$) improvement to the performance of secure computation of AES over a network of three parties with an honest majority. The throughput that is achieved is even better than that of computing AES in some scenarios of local (non-private) computation. The performance improvement is achieved through an optimization of the generic secure protocol, and, more importantly, through an optimization of the description of the AES function to support more efficient secure computation, and an optimization of the protocol to the underlying architecture. This demonstrates that the development process of efficient secure computation must include adapting the description of the computed function to be tailored to the protocol, and adapting the implementation of the protocol to the architecture. This work focuses on the secure computation of AES since it has been widely investigated as a de-facto standard performance benchmark for secure computation, and is also important by itself for many applications. Furthermore, parts of the improvements are general and not specific to AES, and can be applied to secure computation of arbitrary functions.

Swarm intelligence is rather a simple implementation but has a good performance in function optimization. There are a variety of instances of swarm model and has its inherent dynamic property. In this study we consider a hybrid swarm model where agents complement each other using its native property. Employing popular swarm intelligence model Particle swarm and Firefly we consider hybridization methods in this study. This paper presents a hybridization that agents in Particle swarm selected by a simple rule or a random choice are changing its property to Firefly. Numerical studies are carried out by using complex function optimization benchmarks, the proposed method gives better performance compared with standard PSO.

With the continuing growth of the Internet landscape, users share large amount of personal, sometimes, privacy sensitive data. When doing so, often, users have little or no clear knowledge about what service providers do with the trails of personal data they leave on the Internet. While regulations impose rather strict requirements that service providers should abide by, the defacto approach seems to be communicating data processing practices through privacy policies. However, privacy policies are long and complex for users to read and understand, thus failing their mere objective of informing users about the promised data processing behaviors of service providers. To address this pertinent issue, we propose a machine learning based approach to summarize the rather long privacy policy into short and condensed notes following a risk-based approach and using the European Union (EU) General Data Protection Regulation (GDPR) aspects as assessment criteria. The results are promising and indicate that our tool can summarize lengthy privacy policies in a short period of time, thus supporting users to take informed decisions regarding their information disclosure behaviors.

Collaborative trajectory privacy preservation (CTPP) scheme is an effective method for continuous queries. However, collaborating with other users need pay some cost. Therefore, some rational and selfish users will not choose collaboration, which will result in users' privacy disclosing. To solve the problem, this paper proposes a collaboration incentive mechanism by rewarding collaborative users and punishing non-collaborative users. The paper models the interactions of users participating in CTPP as a repeated game and analysis the utility of participated users. The analytical results show that CTPP with the proposed incentive mechanism can maximize user's payoffs. Experiments show that the proposed mechanism can effectively encourage users' collaboration behavior and effectively preserve the trajectory privacy for continuous query users.

Behavioral realism and realistic interactions are major criteria for improving social presence in virtual reality environments. We focus on multi-party VR applications where computer agents and avatars interact, share and collaborate with each other using objects. Our formulation employs realistic animations to simulate human-like behavioral motions of computer agents while they interact with avatars to enhance the sense of social presence in the VR environment. We exemplify our proposed model in a VR volleyball game setup. We model specific underlying interactions like gazing, collision detection and miscellaneous reactions (like how to pick a volleyball, how to transfer the ball to server) between computers players and avatars in the VR Volleyball game. We conduct a preliminary user survey to illustrate the significance of inclusion of realistic interactions for improving sense of social presence in a multi-party VR environment.

This paper analyzes information network security risk assessment methods and models. Firstly an improved AHP method is proposed to assign the value of assets for solving the problem of risk judgment matrix consistency effectively. And then the neural network technology is proposed to construct the neural network model corresponding to the risk judgment matrix for evaluating the individual risk of assets objectively, the methods for calculating the asset risk value and system risk value are given. Finally some application results are given. Practice proves that the methods are correct and effective, which has been used in information network security risk assessment application and offers a good foundation for the implementation of the automatic assessment.

SPARQL is a standard query language for knowledge graphs (KGs). However, it is hard to find correct answer if KGs are incomplete or incorrect. Knowledge graph embedding (KGE) enables answering queries on such KGs by inferring unknown knowledge and removing incorrect knowledge. Hence, our long-term goal in this line of research is to propose a new framework that integrates KGE and SPARQL, which opens various research problems to be addressed. In this paper, we solve one of the most critical problems, that is, optimizing the performance of nearest neighbor (NN) search. In our evaluations, we demonstrate that the search time of state-of-the-art NN search algorithms is improved by 40% without sacrificing answer accuracy.

The process of information and transformation of society has become a habit in modem people. We are accustomed to using the mobile phone for all kinds of operations, such as: sweep code to order meals, buy tickets and payment, thanks to the popularity of QR code technology in our country. There are many applications in the market with the function of scanning QR code, however, some QR codes can only be parsed by the specified application software. For instance, it can not work when using Alipay scanning QR code which configured by WeChat payment certificate Web program. The user will not be able to pay for such operations. For a product or service provider, different QR codes need to be created for different applications; for a user, a certain business operation needs to face multiple QR codes to select corresponding software in the device. The integration of QR code technology has become a key breakthrough point to improve the competitiveness of enterprises.

The complete digitization of telecommunications allows new attack scenarios, which have not been possible with legacy phone technologies before. The reason is that physical access to legacy phone technologies was necessary. Regarding internet-based communication like voice over the internet protocol (VoIP), which can be established between random nodes, eavesdropping can happen everywhere and much easier. Additionally, injection of undesirable communication like SPAM or SPIT in digital networks is simpler, too. Encryption is not sufficient because it is also necessary to know which participants are talking to each other. For that reason, the research project INTEGER has been started with the main goals of providing secure authentication and integrity of a VoIP communication by using a digital signature. The basis of this approach is the Trusted Platform Module (TPM) of the Trusted Computing Group (TCG) which works as a hardware-based trusted anchor. The TPM will be used inside of wireless IP devices with VoIP softphones. The question is if it is possible to fulfill the main goals of the project in wireless scenarios with Wi-Fi technologies. That is what this contribution aims to clarify.

Emerging IoT technologies promise to bring revolutionary changes to many domains including health, transportation, and building management. However, continuous monitoring of individuals threatens privacy. The success of IoT thus depends on integrating privacy protections into IoT infrastructures. This demonstration adapts a recently-proposed system, PeGaSus, which releases streaming data under the formal guarantee of differential privacy, with a state-of-the-art IoT testbed (TIPPERS) located at UC Irvine. PeGaSus protects individuals' data by introducing distortion into the output stream. While PeGaSuS has been shown to offer lower numerical error compared to competing methods, assessing the usefulness of the output is application dependent. The goal of the demonstration is to assess the usefulness of private streaming data in a real-world IoT application setting. The demo consists of a game, IoT-Detective, in which participants carry out visual data analysis tasks on private data streams, earning points when they achieve results similar to those on the true data stream. The demo will educate participants about the impact of privacy mechanisms on IoT data while at the same time generating insights into privacy-utility trade-offs in IoT applications.

Private Set Intersection (PSI) allows two parties, the sender and the receiver, to compute the intersection of their private sets without revealing extra information to each other. We are interested in the unbalanced PSI setting, where (1) the receiver's set is significantly smaller than the sender's, and (2) the receiver (with the smaller set) has a low-power device. Also, in a Labeled PSI setting, the sender holds a label per each item in its set, and the receiver obtains the labels from the items in the intersection. We build upon the unbalanced PSI protocol of Chen, Laine, and Rindal (CCS\textbackslashtextasciitilde2017) in several ways: we add efficient support for arbitrary length items, we construct and implement an unbalanced Labeled PSI protocol with small communication complexity, and also strengthen the security model using Oblivious Pseudo-Random Function (OPRF) in a pre-processing phase. Our protocols outperform previous ones: for an intersection of 220 and \$512\$ size sets of arbitrary length items our protocol has a total online running time of just \$1\$\textbackslashtextasciitildesecond (single thread), and a total communication cost of 4 MB. For a larger example, an intersection of 228 and 1024 size sets of arbitrary length items has an online running time of \$12\$ seconds (multi-threaded), with less than 18 MB of total communication.

Location-based services, which provide services based on locations of consumers' interests, are becoming essential for our daily lives. Since the location of a consumer's interest contains private information, several studies propose location privacy protection mechanisms using an anonymizer, which sends queries specifying anonymous location sets, each of which contains k - 1 locations in addition to a location of a consumer's interest, to an LBS provider based on the k-anonymity principle. The anonymizer is, however, assumed to be trusted/honest, and hence it is a single point of failure in terms of privacy leakage. To address this privacy issue, this paper designs a semi-honest anonymizer to protect location privacy in NDN networks. This study first reveals that session anonymity and location anonymity must be achieved to protect location privacy with a semi-honest anonymizer. Session anonymity is to hide who specifies which anonymous location set and location anonymity is to hide a location of a consumer's interest in a crowd of locations. We next design an architecture to achieve session anonymity and an algorithm to generate anonymous location sets achieving location anonymity. Our evaluations show that the architecture incurs marginal overhead to achieve session anonymity and anonymous location sets generated by the algorithm sufficiently achieve location anonymity.

The number of Virtual Reality applications has increased tremendously in the recent years to the point where every single digital entertainment company is investing heavily in VR systems. This increase in VR products demands the improvement in the evaluation of VR experience since current evaluations require an attendee per survey taker and can only move onto the next survey taker after the current survey is done. Traditional evaluations also require many evaluation machines if done digitally, costing survey takers unnecessary expenses. "MasQueRade" is a QR code based instant user feedback online system. This system allows users to scan the QR code on their VR sanitary masks and access an online evaluation system on their own mobile phones. This enables users to conduct the evaluation on their own free time and decreases the expenses surveyors have to spend on machines, therefore greatly decreases the manpower and time required to conduct the evaluations. While this approach to solving the issue of obtaining user feedback may sound elementary, the amount of efforts and resources "MasQueRade" saves by transferring the evaluation from a paper or digital form into an online database gives near infinite possibilities in the future of gathering feedback and evaluation. This paper seeks to explain the functions of "MasQueRade" and the results the team obtains during Anime Expo 2017 and propose a real-time live user VR commentary system drawing inputs form the attendees.

Security and protection are among the most squeezing worries that have developed with the Internet. As systems extended and turned out to be more open, security hones moved to guarantee insurance of the consistently developing Internet, its clients, and information. Today, the Internet of Things (IoT) is rising as another sort of system that associates everything to everybody, all over. Subsequently, the edge of resistance for security and protection moves toward becoming smaller on the grounds that a break may prompt vast scale irreversible harm. One element that eases the security concerns is validation. While diverse confirmation plans are utilized as a part of vertical system storehouses, a typical personality and validation plot is expected to address the heterogeneity in IoT and to coordinate the distinctive conventions exhibit in IoT. In this paper, a light weight secure framework is proposed. The proposed framework is analyzed for performance with security mechanism and found to be better over critical parameters.

The increasingly networked human society requires that human beings have a clear understanding and control over the structure, nature and behavior of various social networks. There is a tendency towards privacy in the study of network evolutions because privacy disclosure behavior in the network has gradually developed into a serious concern. For this purpose, we extended information theory and proposed a brand-new concept about so-called “habitual privacy” to quantitatively analyze privacy exposure behavior and facilitate privacy computation. We emphasized that habitual privacy is an inherent property of the user and is correlated with their habitual behaviors. The widely approved driving force in recent modeling complex networks is originated from activity. Thus, we propose the privacy-driven model through synthetically considering the activity impact and habitual privacy underlying the decision process. Privacy-driven model facilitates to more accurately capture highly dynamical network behaviors and figure out the complex evolution process, allowing a profound understanding of the evolution of network driven by privacy.

Security issues in a Software Defined Network (SDN) environment like system vulnerabilities and intrusion attempts can pose a security risk for multi-tenant network managed by SDN. In this research work, Moving target defense (MTD)technique based on shuffle strategy - port hopping has been employed to increase the difficulty for the attacker trying to exploit the cloud network. Our research workMASON, considers the problem of multi-stage attacks in a network managed using SDN. SDN controller can be used to dynamically reconfigure the network and render attacker»s knowledge in multi-stage attacks redundant. We have used a threat score based on vulnerability information and intrusion attempts to identify Virtual Machines (VMs) in systems with high-security risk and implement MTD countermeasures port hopping to assess threat score reduction in a cloud network.

BYOD (Bring Your Own Device) trends allows employees to use the smartphone as a tool in everyday work and also as an attendance device. The security of employee attendance system is important to ensure that employees do not commit fraud in recording attendance and when monitoring activities at working hours. In this paper, we propose a combination of fingerprint, secure android ID, and GPS as authentication factors, also addition of anti emulator and anti fake location module turn Mobile Attendance System into Mobile Secure Attendance System. Testing based on scenarios that have been adapted to various possible frauds is done to prove whether the system can minimize the occurrence of fraud in attendance recording and monitoring of employee activities.

The concept of network slicing in 5G mobile networks introduces new challenges for security management: Given the combination of Infrastructure-as-a-Service cloud providers, mobile network operators as Software-as-a-Service providers, and the various verticals as customers, multi-layer and multi-tenancy-capable management architectures are required. This paper addresses the challenges for correlation of security events in such 5G scenarios with a focus on event processing at telecommunication service providers. After an analysis of the specific demand for network-slice-centric security event correlation in 5G networks, ongoing standardization efforts, and related research, we propose a multi-tenancy-capable event correlation architecture along with a scalable information model. The event processing, alerting, and correlation workflow is discussed and has been implemented in a network and security management system prototype, leading to a demonstration of first results acquired in a lab setup.

Modern vehicles equipped with a large number of electronic components, sensors, actuators, and extensive connectivity, are the classical example of cyber-physical systems (CPS). Communication as an integral part of the CPS has enabled and offered many value-added services for vehicular networks. The communication mechanism helps to share contents with all vehicular network nodes and the surrounding environment, e.g., vehicles, traffic lights, and smart road signs, to efficiently take informed and smart decisions. Thus, it opens the doors to many security threats and vulnerabilities. Traditional TCP/IP-based communication paradigm focuses on securing the communication channel instead of the contents that travel through the network. Nevertheless, for content-centered application, content security is more important than communication channel security. To this end, named data networking (NDN) is one of the future Internet architectures that puts the contents at the center of communication and offers embedded content security. In this paper, we first identify the cyberattacks and security challenges faced by the vehicular CPS (VCPS). Next, we propose the NDN-based cyber-resilient, the layered and modular architecture for VCPS. The architecture includes the NDN's forwarding daemon, threat aversion, detection, and resilience components. A detailed discussion about the functionality of each component is also presented. Furthermore, we discuss the future challenges faced by the integration of NDN with VCPS to realize NDN-based VCPS.

Modern critical infrastructures such as Smart Grids (SGs) rely heavily on Information and Communication Technology (ICT) systems to monitor and control operations and states within large-scale facilities. The potential offered by SGs includes an effective integration of renewables, a demand-response action and a dynamic pricing system. The increasing use of ICT for the communication infrastructure of modern power systems offers advantages but can give rise to cyber attacks that compromise the security of the SG. To deal efficiently with the security concerns of SGs, a survey of the different attacks that consider the physical as well as the cyber characteristics of modern power grids is required. In the present paper, first the specific differences between SGs with respect to both Information Technology (IT) systems and conventional energy grids are discussed. Thereafter, the specific security requirements of SGs are presented in order to raise awareness of the new security challenges. Finally, a new classification of cyber attacks, based on the architecture of the SG, is proposed and details for each category are provided. The new classification is distinguished by its focus on the cyber-physical security of the SG in particular, which gives a comprehensive overview of the different threats. Thus, this new classification forms the necessary knowledge-basis for the design of respective countermeasures.

Semi-supervised learning is especially important in data mining applications because it can make use of plentiful unlabeled data to train the high-quality learning models. Semi-Supervised Support Vector Machine (S3VM) is a powerful semi-supervised learning model. However, the high computational cost and non-convexity severely impede the S3VM method in large-scale applications. Although several learning algorithms were proposed for S3VM, scaling up S3VM is still an open problem. To address this challenging problem, in this paper, we propose a new incremental learning algorithm to scale up S3VM (IL-S3VM) based on the path following technique in the framework of Difference of Convex (DC) programming. The traditional DC programming based algorithms need multiple outer loops and are not suitable for incremental learning, and traditional path following algorithms are limited to convex problems. Our new IL-S3VM algorithm based on the path-following technique can directly update the solution of S3VM to converge to a local minimum within one outer loop so that the efficient incremental learning can be achieved. More importantly, we provide the finite convergence analysis for our new algorithm. To the best of our knowledge, our new IL-S3VM algorithm is the first efficient path following algorithm for a non-convex problem (i.e., S3VM) with local minimum convergence guarantee. Experimental results on a variety of benchmark datasets not only confirm the finite convergence of IL-S3VM, but also show a huge reduction of computational time compared with existing batch and incremental learning algorithms, while retaining the similar generalization performance.

Software Defined Network (SDN) is a revolutionary idea to realize software-driven network with the separation of control and data planes. In essence, SDN addresses the problems faced by the traditional network architecture; however, it may as well expose the network to new attacks. Among other attacks, distributed denial of service (DDoS) attacks are hard to contain in such software-based networks. Existing DDoS mitigation techniques either lack in performance or jeopardize the accuracy of the attack detection. To fill the voids, we propose in this paper a machine learning-based DDoS mitigation technique for SDN. First, we create a model for DDoS detection in SDN using NSL-KDD dataset and then after training the model on this dataset, we use real DDoS attacks to assess our proposed model. Obtained results show that the proposed technique equates favorably to the current techniques with increased performance and accuracy.

We present nQUIC, a variant of QUIC-TLS that uses the Noise protocol framework for its key exchange and basis of its packet protector with no semantic transport changes. nQUIC is designed for deployment in systems and for applications that assert trust in raw public keys rather than PKI-based certificate chains. It uses a fixed key exchange algorithm, compromising agility for implementation and verification ease. nQUIC provides mandatory server and optional client authentication, resistance to Key Compromise Impersonation attacks, and forward and future secrecy of traffic key derivation, which makes it favorable to QUIC-TLS for long-lived QUIC connections in comparable applications. We developed two interoperable prototype implementations written in Go and Rust. Experimental results show that nQUIC finishes its handshake in a comparable amount of time as QUIC-TLS.

Distinguishing analysis is an important part of cryptanalysis. It is an important content of discriminating analysis that how to identify ciphertext is encrypted by which cryptosystems when it knows only ciphertext. In this paper, Fisher's discriminant analysis (FDA), which is based on statistical method and machine learning, is used to identify 4 stream ciphers and 7 block ciphers one to one by extracting 9 different features. The results show that the accuracy rate of the FDA can reach 80% when identifying files that are encrypted by the stream cipher and the block cipher in ECB mode respectively, and files encrypted by the block cipher in ECB mode and CBC mode respectively. The average one to one identification accuracy rates of stream ciphers RC4, Grain, Sosemanuk are more than 55%. The maximum accuracy rate can reach 60% when identifying SMS4 from block ciphers in CBC mode one to one. The identification accuracy rate of entropy-based features is apparently higher than the probability-based features.

We consider privacy-preserving k-means clustering. For the objective of minimizing the Wasserstein distance between the output and the optimal solution, we show that there is a polynomial-time (ε,δ)-differentially private algorithm which, for any sufficiently large Φ2 well-separated datasets, outputs k centers that are within Wasserstein distance Ø(Φ2) from the optimal. This result improves the previous bounds by removing the dependence on ε, number of centers k, and dimension d. Further, we prove a matching lower bound that no (ε, δ)-differentially private algorithm can guarantee Wasserstein distance less than Ømega (Φ2) and, thus, our positive result is optimal up to a constant factor. For minimizing the k-means objective when the dimension d is bounded, we propose a polynomial-time private local search algorithm that outputs an αn-additive approximation when the size of the dataset is at least \textbackslashtextasciitildeØ (k3/2 · d · ε-1 · poly(α-1)).