Biblio

A network middlebox benefits both users and network operators by offering a wide range of security-related in-network functions, such as web firewalls and intrusion detection systems (IDS). However, the wide usage of encryption protocol restricts functionalities of network middleboxes. This forces network operators and users to make a choice between end-to-end privacy and security. This paper presents SGX-Box, a secure middlebox system that enables visibility on encrypted traffic by leveraging Intel SGX technology. The entire process of SGX-Box ensures that the sensitive information, such as decrypted payloads and session keys, is securely protected within the SGX enclave. SGX-Box provides easy-to-use abstraction and a high-level programming language, called SB lang for handling encrypted traffic in middleboxes. It greatly enhances programmability by hiding details of the cryptographic operations and the implementation details in SGX enclave processing. We implement a proof-of-concept IDS using SB lang. Our preliminary evaluation shows that SGX-Box incurs acceptable performance overhead while it dramatically reduces middlebox developer's effort.

This paper describes a unified framework for the simulation and analysis of cyber physical systems (CPSs). The framework relies on the FreeBSD-based IMUNES network simulator. Components of the CPS are modeled as nodes within the IMUNES network simulator; nodes that communicate using real TCP/IP traffic. Furthermore, the simulated system can be exposed to other networks and the Internet to make it look like a real SCADA system. The frame-work has been used to simulate a TRIGA nuclear reactor. This is accomplished by creating nodes within the IMUNES network capable of running system modules simulating different CPS components. Nodes communicate using MODBUS/TCP, a widely used process control protocol. A goal of this work is to eventually integrate the simulator with a honeynet. This allows researchers to not only simulate a digital control system using real TCP/IP traffic to test control strategies and network topologies, but also to explore possible cyber attacks and mitigation strategies.

Supply Chain wide proactive risk management based on real-time risk related information transparency is required to increase the security of modern, volatile supply chains. At this time, none or only limited empirical/objective information about digitalization benefits for supply chain risk management is available. A method is needed, which draws conclusion on the estimation of costs and benefits of digitalization initiatives. The paper presents a flexible simulation based approach for assessing digitalization scenarios prior to realization. The assessment approach is integrated into a framework and its applicability will be shown in a case study of a German steel producer, evaluating digitalization effects on the Mean Lead time-at-risk.

Smart grid personalized service to improve the accuracy of the grid network query, along with the data security issues worthy of our thinking. How to solve the privacy problem in the smart grid, which is a challenge to the smart grid. As data in the grid becomes more and more important, better algorithms are needed to protect the data. In this paper, we first summarize the influence of k-anonymous algorithm on sensitive attributes in standard identifiers, and then analyze the improved L-diversity algorithm from the perspective of anonymous data privacy and security. Experiments show that the algorithm can protect the data in the smart grid.

the terms Smart grid, IntelliGrid, and secure astute grid are being used today to describe technologies that automatically and expeditiously (separate far from others) faults, renovate potency, monitor demand, and maintain and recuperate (firm and steady nature/lasting nature/vigor) for more reliable generation, transmission, and distribution of electric potency. In general, the terms describe the utilization of microprocessor-predicated astute electronic contrivances (IEDs) communicating with one another to consummate tasks afore now done by humans or left undone. These IEDs watch/ notice/ celebrate/ comply with the state of the puissance system, make edified decisions, and then take action to preserve the (firm and steady nature/lasting nature/vigor) and performance of the grid. Technology use/military accommodation in the home will sanction end users to manage their consumption predicated on their own predilections. In order to manage their consumption or the injuctive authorization placed on the grid, people (who utilize a product or accommodation) need information and an (able to transmute and get better) power distribution system. The astute grid is an accumulation of information sources and the automatic control system that manages the distribution of puissance, understands the transmutations in demand, and reacts to it by managing demand replication. Different billing (prosperity plans/ways of reaching goals) for mutable time and type of avail, as well as conservation and use or sale of distributed utilizable things/valuable supplies, will become part of perspicacious solutions. The traditional electrical power grid is currently evolving into the perspicacious grid. Perspicacious grid integrates the traditional electrical power grid with information and communication technologies (ICT). Such integration empowers the electrical utilities providers and consumers, amends the efficiency and the availability of the puissance system while perpetually monitoring, - ontrolling and managing the authoritative ordinances of customers. A keenly intellective grid is an astronomically immense intricate network composed of millions of contrivances and entities connected with each other. Such a massive network comes with many security concerns and susceptibilities. In this paper, we survey the latest on keenly intellective grid security. We highlight the involution of the keenly intellective grid network and discuss the susceptibilities concrete to this sizably voluminous heterogeneous network. We discuss then the challenges that subsist in securing the keenly intellective grid network and how the current security solutions applied for IT networks are not adequate to secure astute grid networks. We conclude by over viewing the current and needed security solutions for the keenly intellective gird.

In a spectrally congested environment or a spectrally contested environment which often occurs in cyber security applications, multiple signals are often mixed together with significant overlap in spectrum. This makes the signal detection and parameter estimation task very challenging. In our previous work, we have demonstrated the feasibility of using a second order spectrum correlation function (SCF) cyclostationary feature to perform mixed signal detection and parameter estimation. In this paper, we present our recent work on software defined radio (SDR) based implementation and demonstration of such mixed signal detection algorithms. Specifically, we have developed a software defined radio based mixed RF signal generator to generate mixed RF signals in real time. A graphical user interface (GUI) has been developed to allow users to conveniently adjust the number of mixed RF signal components, the amplitude, initial time delay, initial phase offset, carrier frequency, symbol rate, modulation type, and pulse shaping filter of each RF signal component. This SDR based mixed RF signal generator is used to transmit desirable mixed RF signals to test the effectiveness of our developed algorithms. Next, we have developed a software defined radio based mixed RF signal detector to perform the mixed RF signal detection. Similarly, a GUI has been developed to allow users to easily adjust the center frequency and bandwidth of band of interest, perform time domain analysis, frequency domain analysis, and cyclostationary domain analysis.

Software Defined Radio (SDR) can move the complicated signal processing and handling procedures involved in communications from radio equipment into computer software. Consequently, SDR equipment could consist of only a few chips connected to an antenna. In this paper, we present an implemented SDR testbed, which consists of four complete SDR nodes. Using the designed testbed, we have conducted two case studies. The first is designed to facilitate video transmission via adaptive LTE links. Our experimental results demonstrate that adaptive LTE link video transmission could reduce the bandwidth usage for data transmission. In the second case study, we perform UE location estimation by leveraging the signal strength from nearby cell towers, pertinent to various applications, such as public safety and disaster rescue scenarios where GPS (Global Position System) is not available (e.g., indoor environment). Our experimental results show that it is feasible to accurately derive the location of a UE (User Equipment) by signal strength. In addition, we design a Hardware In the Loop (HIL) simulation environment using the Vienna LTE simulator, srsLTE library, and our SDR testbed. We develop a software wrapper to connect the Vienna LTE simulator to our SDR testbed via the srsLTE library. Our experimental results demonstrate the comparative performance of simulated UEs and eNodeBs against real SDR UEs and eNodeBs, as well as how a simulated environment can interact with a real-world implementation.

The past ten years has seen increasing calls to make security research more “scientific”. On the surface, most agree that this is desirable, given universal recognition of “science” as a positive force. However, we find that there is little clarity on what “scientific” means in the context of computer security research, or consensus on what a “Science of Security” should look like. We selectively review work in the history and philosophy of science and more recent work under the label “Science of Security”. We explore what has been done under the theme of relating science and security, put this in context with historical science, and offer observations and insights we hope may motivate further exploration and guidance. Among our findings are that practices on which the rest of science has reached consensus appear little used or recognized in security, and a pattern of methodological errors continues unaddressed.

In this study, it is proposed to carry out an efficient formulation in order to figure out the stochastic security-constrained generation capacity expansion planning (SC-GCEP) problem. The main idea is related to directly compute the line outage distribution factors (LODF) which could be applied to model the N - m post-contingency analysis. In addition, the post-contingency power flows are modeled based on the LODF and the partial transmission distribution factors (PTDF). The post-contingency constraints have been reformulated using linear distribution factors (PTDF and LODF) so that both the pre- and post-contingency constraints are modeled simultaneously in the SC-GCEP problem using these factors. In the stochastic formulation, the load uncertainty is incorporated employing a two-stage multi-period framework, and a K - means clustering technique is implemented to decrease the number of load scenarios. The main advantage of this methodology is the feasibility to quickly compute the post-contingency factors especially with multiple-line outages (N - m). This concept would improve the security-constraint analysis modeling quickly the outage of m transmission lines in the stochastic SC-GCEP problem. It is carried out several experiments using two electrical power systems in order to validate the performance of the proposed formulation.

Today, we witness the emergence of smart environments, where devices are able to connect independently without human- intervention. Mobile ad hoc networks are an example of smart environments that are widely deployed in public spaces. They offer great services and features compared with wired systems. However, these networks are more sensitive to malicious attacks because of the lack of infrastructure and the self-organizing nature of devices. Thus, communication between nodes is much more exposed to various security risks, than other networks. In this paper, we will present a synthetic study on security concept for MANETs, and then we will introduce a contribution based on evaluating link quality, using ETX metric, to enhance network availability.

Today, we witness the emergence of smart environments, where devices are able to connect independently without human- intervention. Mobile ad hoc networks are an example of smart environments that are widely deployed in public spaces. They offer great services and features compared with wired systems. However, these networks are more sensitive to malicious attacks because of the lack of infrastructure and the self-organizing nature of devices. Thus, communication between nodes is much more exposed to various security risks, than other networks. In this paper, we will present a synthetic study on security concept for MANETs, and then we will introduce a contribution based on evaluating link quality, using ETX metric, to enhance network availability.

In this paper, we propose an autoencoder-based generative adversarial network (GAN) for automatic image generation, which is called "stylized adversarial autoencoder". Different from existing generative autoencoders which typically impose a prior distribution over the latent vector, the proposed approach splits the latent variable into two components: style feature and content feature, both encoded from real images. The split of the latent vector enables us adjusting the content and the style of the generated image arbitrarily by choosing different exemplary images. In addition, a multiclass classifier is adopted in the GAN network as the discriminator, which makes the generated images more realistic. We performed experiments on hand-writing digits, scene text and face datasets, in which the stylized adversarial autoencoder achieves superior results for image generation as well as remarkably improves the corresponding supervised recognition task.

Data deduplication has attracted many cloud service providers (CSPs) as a way to reduce storage costs. Even though the general deduplication approach has been increasingly accepted, it comes with many security and privacy problems due to the outsourced data delivery models of cloud storage. To deal with specific security and privacy issues, secure deduplication techniques have been proposed for cloud data, leading to a diverse range of solutions and trade-offs. Hence, in this article, we discuss ongoing research on secure deduplication for cloud data in consideration of the attack scenarios exploited most widely in cloud storage. On the basis of classification of deduplication system, we explore security risks and attack scenarios from both inside and outside adversaries. We then describe state-of-the-art secure deduplication techniques for each approach that deal with different security issues under specific or combined threat models, which include both cryptographic and protocol solutions. We discuss and compare each scheme in terms of security and efficiency specific to different security goals. Finally, we identify and discuss unresolved issues and further research challenges for secure deduplication in cloud storage.

In cognitive radio networks with mobile terminals, it is not enough for spectrum sensing only to determine whether primary user (PU) occupy the spectrum band. Sometimes we also want to know more priori information, such as, the number of PUs, which can help to estimate its carrier frequency, direction of arrival, and location. In this paper, a machine learning based method is proposed to estimate a large number of primary users. In the proposed method, support vector machine (SVM) is used to achieve the number of primary users while genetic algorithm (GA) is to optimize the parameters of SVM kernel. The first class feature of SVM is the ratio of the element sum and the trace of sample covariance matrix, and the second class feature is the mean of Gerschgorin radii. The simulation results show that our proposed SVM-GA algorithm has higher accuracy than SVM.

Android privacy control is an important but difficult problem to solve. Previously, there was much research effort either focusing on extending the Android permission model with better policies or modifying the Android framework for fine-grained access control. In this work, we take an integral approach by designing and implementing SweetDroid, a calling-context-sensitive privacy policy enforcement framework. SweetDroid combines automated policy generation with automated policy enforcement. The automatically generated policies in SweetDroid are based on the calling contexts of privacy sensitive APIs; hence, SweetDroid is able to tell whether a particular API (e.g., getLastKnownLocation) under a certain execution path is leaking private information. The policy enforcement in SweetDroid is also fine-grained - it is at the individual API level, not at the permission level. We implement and evaluate the system based on thousands of Android apps, including those from a third-party market and malicious apps from VirusTotal. Our experiment results show that SweetDroid can successfully distinguish and enforce different privacy policies based on calling contexts, and the current design is both developer hassle-free and user transparent. SweetDroid is also efficient because it only introduces small storage and computational overhead.

To improve the security of user-chosen Android screen lock patterns, we propose a novel system-guided pattern lock scheme called "SysPal" that mandates the use of a small number of randomly selected points while selecting a pattern. Users are given the freedom to use those mandated points at any position. We conducted a large-scale online study with 1,717 participants to evaluate the security and usability of three SysPal policies, varying the number of mandatory points that must be used (upon selecting a pattern) from one to three. Our results suggest that the two SysPal policies that mandate the use of one and two points can help users select significantly more secure patterns compared to the current Android policy: 22.58% and 23.19% fewer patterns were cracked. Those two SysPal policies, however, did not show any statistically significant inferiority in pattern recall success rate (the percentage of participants who correctly recalled their pattern after 24 hours). In our lab study, we asked participants to install our screen unlock application on their own Android device, and observed their real-life phone unlock behaviors for a day. Again, our lab study did not show any statistically significant difference in memorability for those two SysPal policies compared to the current Android policy.

Quantum Key Distribution (QKD) is a revolutionary technology which leverages the laws of quantum mechanics to distribute cryptographic keying material between two parties with theoretically unconditional security. Terrestrial QKD systems are limited to distances of \textbackslashtextless;200 km in both optical fiber and line-of-sight free-space configurations due to severe losses during single photon propagation and the curvature of the Earth. Thus, the feasibility of fielding a low Earth orbit (LEO) QKD satellite to overcome this limitation is being explored. Moreover, in August 2016, the Chinese Academy of Sciences successfully launched the world's first QKD satellite. However, many of the practical engineering performance and security tradeoffs associated with space-based QKD are not well understood for global secure key distribution. This paper presents several system-level considerations for modeling and studying space-based QKD architectures and systems. More specifically, this paper explores the behaviors and requirements that researchers must examine to develop a model for studying the effectiveness of QKD between LEO satellites and ground stations.

The concept of Extension Headers, newly introduced with IPv6, is elusive and enables new types of threats in the Internet. Simply dropping all traffic containing any Extension Header - a current practice by operators-seemingly is an effective solution, but at the cost of possibly dropping legitimate traffic as well. To determine whether threats indeed occur, and evaluate the actual nature of the traffic, measurement solutions need to be adapted. By implementing these specific parsing capabilities in flow exporters and performing measurements on two different production networks, we show it is feasible to quantify the metrics directly related to these threats, and thus allow for monitoring and detection. Analysing the traffic that is hidden behind Extension Headers, we find mostly benign traffic that directly affects end-user QoE: simply dropping all traffic containing Extension Headers is thus a bad practice with more consequences than operators might be aware of.