Biblio

The ability to discover patterns of interest in criminal networks can support and ease the investigation tasks by security and law enforcement agencies. By considering criminal networks as a special case of social networks, we can properly reuse most of the state-of-the-art techniques to discover patterns of interests, i.e., hidden and potential links. Nevertheless, in time-sensible scenarios, like the one involving criminal actions, the ability to discover patterns in a (near) real-time manner can be of primary importance.In this paper, we investigate the identification of patterns for link detection and prediction on an evolving criminal network. To extract valuable information as soon as data is generated, we exploit a stream processing approach. To this end, we also propose three new similarity social network metrics, specifically tailored for criminal link detection and prediction. Then, we develop a flexible data stream processing application relying on the Apache Flink framework; this solution allows us to deploy and evaluate the newly proposed metrics as well as the ones existing in literature. The experimental results show that the new metrics we propose can reach up to 83% accuracy in detection and 82% accuracy in prediction, resulting competitive with the state of the art metrics.

Access control is one of the most challenging issues in Cloud environment, it must ensure data confidentiality through enforced and flexible access policies. The revocation is an important task of the access control process, generally it consists on banishing some roles from the users. Attribute-based encryption is a promising cryptographic method which provides the fine-grained access, which makes it very useful in case of group sharing applications. This solution has initially been developed on a central authority model. Later, it has been extended to a multi-authority model which is more convenient and more reliable. However, the revocation problem is still the major challenge of this approach. There have been few proposed revocation solutions for the Multi-authority scheme and these solutions suffer from the lack of efficiency. In this paper, we propose an access control mechanism on a multi-authority architecture with an immediate and efficient attributes' or users' revocation. The proposed scheme uses decentralized CP-ABE to provide flexible and fine-grained access. Our solution provides collusion resistance, prevents security degradations, supports scalability and does not require keys' redistribution.

Efficient management and control of modern and next-gen networks is of paramount importance as networks have to maintain highly reliable service quality whilst supporting rapid growth in traffic demand and new application services. Rapid mitigation of network service degradations is a key factor in delivering high service quality. Automation is vital to achieving rapid mitigation of issues, particularly at the network edge where the scale and diversity is the greatest. This automation involves the rapid detection, localization and (where possible) repair of service-impacting faults and performance impairments. However, the most significant challenge here is knowing what events to detect, how to correlate events to localize an issue and what mitigation actions should be performed in response to the identified issues. These are defined as policies to systems such as ECOMP. In this paper, we present AESOP, a data-driven intelligent system to facilitate automatic learning of policies and rules for triggering remedial actions in networks. AESOP combines best operational practices (domain knowledge) with a variety of measurement data to learn and validate operational policies to mitigate service issues in networks. AESOP's design addresses the following key challenges: (i) learning from high-dimensional noisy data, (ii) capturing multiple fault models, (iii) modeling the high service-cost of false positives, and (iv) accounting for the evolving network infrastructure. We present the design of our system and show results from our ongoing experiments to show the effectiveness of our policy leaning framework.

Entity authentication is one of the fundamental information security properties for secure transactions and communications. The combination of biometrics with cryptography is an emerging topic for authentication protocol design. Among the existing biometrics (e.g., fingerprint, face, iris, voice, heart), the heart-signal contains liveness property of biometric samples. In this paper, a remote entity authentication protocol has been proposed based on the randomness of heart biometrics combined with chaos cryptography. To this end, initial keys are generated for chaotic logistic maps based on the heart-signal. The authentication parameters are generated from the initial keys that can be used for claimants and verifiers to authenticate and verify each other, respectively. In this proposed technique, as each session of communication is different from others, therefore many session-oriented attacks are prevented. Experiments have been conducted on sample heart-signal for remote authentication. The results show that the randomness property of the heart-signal can help to implement one of the famous secure encryption, namely one-time pad encryption.

As the population of electric vehicles (EVs) grows, coordinating their charging over a finite time horizon will become increasingly important. Recent work established a framework for EV charging coordination where a central node broadcast a price signal that facilitated the tradeoff between the total generation cost and local costs associated with battery degradation and distribution network overloading. This paper considers a completely distributed protocol where the central node is eliminated. Instead, a consensus algorithm is used to fully distribute the price update mechanism. Each EV computes a local price through its estimate of the total EV charging demand, and exchanges this information with its neighbours. A consensus algorithm establishes the average over all the EV-based prices. It is shown that under a reasonable assumption, the price update mechanism is a Krasnoselskij iteration, and this iteration is guaranteed to converge to a fixed point. Furthermore, this iterative process converges to the unique and efficient solution.

This paper considers the coordination of controlled loads in a framework that loads connect to the distribution network through transformers. Our objective is designing a decentralized control method that can motivate selfish loads to achieve global benefits. We formulate this problem as a hierarchical model. In the lower level, each transformer broadcasts a price signal to the loads connect to it, under which loads implement individual best strategies. While in the upper level, transformers communicate with the distribution network and obtain a price reflecting the system generation cost. Each transformer determines a price including this price and another part reflecting individual characteristics. By proposing a dynamic update algorithm, our results build that the system converges to the unique and efficient solution with fast convergence speed.

Transactive or market-based coordination strategies have recently been proposed to control the aggregate demand of a large number of electric loads. While several operational benefits can be achieved, such as reducing the demand below distribution feeder capacity limits and providing users with flexibility to consume energy based on the price they are willing to pay, our work focuses on studying the impact of market based coordination mechanisms on load synchronization and power oscillations. We adopt the transactive energy framework and apply it to a population of thermostatically controlled loads (TCLs). We present a modified TCL switching logic that takes into account market coordination signals, alongside the natural switching conditions. Our studies suggest that several factors, in a market-based coordination mechanism, could contribute to load synchronism, including sharp changes in market prices broadcast to loads, lack of diversity in user specified bid curves, feeder limits being encountered periodically and being set too low, and the form of user bid curves. All these factors can contribute in various ways to synchronization of TCL behavior and lead to power oscillations. The case studies provide novel insights into challenges associated with market-based coordination strategies, thereby providing a basis for modifications that address those issues.

Aggregate models are used in the analysis and control of large populations of thermostatically controlled loads (TCLs), such as air-conditioners and water heaters. The fidelity of such models is studied by analyzing the influences of noise and parameter heterogeneity on TCL aggregate dynamics. While TCLs can provide valuable services to the power systems, control may cause their temperatures to synchronize, which may then lead to undesirable power oscillations. Recent works have shown that the aggregate dynamics of TCLs can be modeled by tracking the evolution of probability densities over discrete temperature ranges or bins. To accurately capture oscillations in aggregate power, such bin-based models require a large number of bins. The process of obtaining the Markov state transition matrix that governs the dynamics can be computationally intensive when using Monte Carlo based system identification techniques. Existing analytical techniques are further limited as noise and heterogeneity in several thermal parameters are difficult to incorporate. These challenges are addressed by developing a fast analytical technique that incorporates noise and heterogeneity into bin-based aggregate models. Results show the identified and the analytical models match very closely. Studies consider the influence of model error, noise and parameter heterogeneity on the damping of oscillations. Results demonstrate that for a specific bin width, the model can be invariant to quantifiable levels of noise and parameter heterogeneity. Finally, a discussion is provided of cases where existing bin models may face challenges in capturing the influence of heterogeneity.

In this paper, we propose a lightweight multi-receiver encryption scheme for the device to device communications on Internet of Things (IoT) applications. In order for the individual user to control the disclosure range of his/her own data directly and to prevent sensitive personal data disclosure to the trusted third party, the proposed scheme uses device-generated public keys. For mutual authentication, third party generates Schnorr-like lightweight identity-based partial private keys for users. The proposed scheme provides source authentication, message integrity, replay-attack prevention and implicit user authentication. In addition to more security properties, computation expensive pairing operations are eliminated to achieve less time usage for both sender and receiver, which is favourable property for IoT applications. In this paper, we showed a proof of security of our scheme, computational cost comparison and experimental performance evaluations. We implemented our proposed scheme on real embedded Android devices and confirmed that it achieves less time cost for both encryption and decryption comparing with the existing most efficient certificate-based multi-receiver encryption scheme and certificateless multi-receiver encryption scheme.

Opportunistic Networks are delay-tolerant mobile networks with intermittent node contacts in which data is transferred with the store-carry-forward principle. Owners of smartphones and smart objects form such networks due to their social behaviour. Opportunistic Networking can be used in remote areas with no access to the Internet, to establish communication after disasters, in emergency situations or to bypass censorship, but also in parallel to familiar networking. In this work, we create a mobile network application that connects Android devices over Wi-Fi, offers identification and encryption, and gathers information for routing in the network. The network application is constructed in such a way that third party applications can use the network application as network layer to send and receive data packets. We create secure and reliable connections while maintaining a high transmission speed, and with the gathered information about the network we offer knowledge for state of the art routing protocols. We conduct tests on connectivity, transmission range and speed, battery life and encryption speed and show a proof of concept for routing in the network.

The emergence of general-purpose system-on-chip (SoC) architectures has given rise to a number of significant security challenges. The current trend in SoC design is system-level integration of heterogeneous technologies consisting of a large number of processing elements such as programmable RISC cores, memory, DSPs, and accelerator function units/ASIC. These processing elements may come from different providers, and application executable code may have varying levels of trust. Some of the pressing architecture design questions are: (1) how to implement multi-level user-defined security; (2) how to optimally and securely share resources and data among processing elements. In this work, we develop a secure multicore architecture, named Hermes. It represents a new architectural framework that integrates multiple processing elements (called tenants) of secure and non-secure cores into the same chip design while (a) maintaining individual tenant security, (b) preventing data leakage and corruption, and (c) promoting collaboration among the tenants. The Hermes architecture is based on a programmable secure router interface and a trust-aware routing algorithm. With 17% hardware overhead, it enables the implementation of processing-element-oblivious secure multicore systems with a programmable distributed group key management scheme.

Clone-and-own approach is a natural way of source code reuse for software developers. To assess how known bugs and security vulnerabilities of a cloned component affect an application, developers and security analysts need to identify an original version of the component and understand how the cloned component is different from the original one. Although developers may record the original version information in a version control system and/or directory names, such information is often either unavailable or incomplete. In this research, we propose a code search method that takes as input a set of source files and extracts all the components including similar files from a software ecosystem (i.e., a collection of existing versions of software packages). Our method employs an efficient file similarity computation using b-bit minwise hashing technique. We use an aggregated file similarity for ranking components. To evaluate the effectiveness of this tool, we analyzed 75 cloned components in Firefox and Android source code. The tool took about two hours to report the original components from 10 million files in Debian GNU/Linux packages. Recall of the top-five components in the extracted lists is 0.907, while recall of a baseline using SHA-1 file hash is 0.773, according to the ground truth recorded in the source code repositories.

Software Defined Networks (SDNs) is a new networking paradigm that has gained a lot of attention in recent years especially in implementing data center networks and in providing efficient security solutions. The popularity of SDN and its attractive security features suggest that it can be used in the context of smart grid systems to address many of the vulnerabilities and security problems facing such critical infrastructure systems. This paper studies the impact of different cyber attacks that can target smart grid communication network which is implemented as a software defined network on the operation of the smart grid system in general. In particular, we perform different attack scenarios including DDoS attacks, location highjacking and link overloading against SDN networks of different controller types that include POX, Floodlight and RYU. Our experiments were carried out using the mininet simulator. The experiments show that SDN-enabled smartgrid systems are vulnerable to different types of attacks.

As the development of technology increases, the security risk also increases. This has affected most organizations, irrespective of size, as they depend on the increasingly pervasive technology to perform their daily tasks. However, the dependency on technology has introduced diverse security vulnerabilities in organizations which requires a reliable preparedness for probable forensic investigation of the unauthorized incident. Keystroke dynamics is one of the cost-effective methods for collecting potential digital evidence. This paper presents a keystroke pattern analysis technique suitable for the collection of complementary potential digital evidence for forensic readiness. The proposition introduced a technique that relies on the extraction of reliable behavioral signature from user activity. Experimental validation of the proposition demonstrates the effectiveness of proposition using a multi-scheme classifier. The overall goal is to have forensically sound and admissible keystroke evidence that could be presented during the forensic investigation to minimize the costs and time of the investigation.