Biblio

This chapter presents a game‐theoretic model to analyze attack–defense scenarios that use fake nodes (computing devices) for deception under consideration of the system deploying defense resources to protect individual nodes in a cost‐effective manner. The developed model has important applications in the Internet of Battlefield Things (IoBT). Our game‐theoretic model illustrates how the concept of the Nash equilibrium can be used by the defender to intelligently choose which nodes should be used for performing a computation task while deceiving the attacker into expending resources for attacking fake nodes. Our model considers the fact that defense resources may become compromised under an attack and suggests that the defender, in a probabilistic manner, may utilize unprotected nodes for performing a computation while the attacker is deceived into attacking a node with defense resources installed. The chapter also presents a deception‐based strategy to protect a target node that can be accessed via a tree network. Numerical results provide insights into the strategic deception techniques presented in this chapter.

The present work describes a remote environment monitoring system based on the paradigms of mesh networks and opportunistic networks, whereby a sensor node can explore “con-nectivity windows” to transmit information that will eventually reach another network participants. We discuss the threats to the system's security and propose security mechanisms for the system ensuring the integrity and availability of monitoring information, something identified as critical to its proper operation.

In this paper, we propose a novel method to obtain the damage model (connectivity) of a power distribution system (PDS) based on distributed consensus algorithm. The measurement and sensing units in the distribution network are modeled as an agent with limited communication capability that exchanges the information (switch status) to reach an agreement in a consensus algorithm. Besides, a communication graph is designed for agents to run the consensus algorithm which is efficient and robust during the disaster event. Agents can dynamically communicate with the other agent based on available links that are established and solve the distributed consensus algorithm quickly to come up with the correct topology of PDS. Numerical simulations are performed to demonstrate the effectiveness of the proposed approach with the help of an IEEE 123-node test case with 3 different sub-graphs.

Dealing with algorithms, which process large amount of similar data by using significant number of small and various sizes of memory allocation/de-allocation in a dynamic yet deterministic way, is an important issue for soft real-time systems designs. In order to improve the response time, efficiency and security of this kind of processing, we propose a software-based memory management method based on hierarchy of shared memory pools, which could be used to replace standard heap management mechanism of the operating system for some cases. Implementation of this memory management scheme can allocate memory through processing allocation/de-allocation requests of required space. Lockable implementation of this model can safely deal with the multi-threaded concurrent access. We also provide the results of experiments, according to which response time of test systems with soft time-bounded execution demand were considerably improved.

Here, we propose a simple design approach based on metal-masked titanium dioxide nanopillars, which can realize strong Mie resonance in metasurfaces and enables light confinement within itself over the range of visible wavelengths. By selecting the appropriate period and diameter of individual titanium dioxide nanopillars, the coincidence of resonance peak positions derived from excited electric and magnetic dipoles can be achived. And the optical properties in this design have been investigated with the Finite-Difference Time-Domain(FDTD) solutions.

The smart electricity grids have been evolving to a more complex cyber-physical ecosystem of infrastructures with integrated communication networks, new carbon-free sources of power generation, advanced monitoring and control systems, and a myriad of emerging modern physical hardware technologies. With the unprecedented complexity and heterogeneity in dynamic smart grid networks comes additional vulnerability to emerging threats such as cyber attacks. Rapid development and deployment of advanced network monitoring and communication systems on one hand, and the growing interdependence of the electric power grids to a multitude of lifeline critical infrastructures on the other, calls for holistic defense strategies to safeguard the power grids against cyber adversaries. In order to improve the resilience of the power grid against adversarial attacks and cyber intrusions, advancements should be sought on detection techniques, protection plans, and mitigation practices in all electricity generation, transmission, and distribution sectors. This survey discusses such major directions and recent advancements from a lens of different detection techniques, equipment protection plans, and mitigation strategies to enhance the energy delivery infrastructure resilience and operational endurance against cyber attacks. This undertaking is essential since even modest improvements in resilience of the power grid against cyber threats could lead to sizeable monetary savings and an enriched overall social welfare.

Steganography is the concept to conceal information and the data by embedding it as secret data into various digital medium in order to achieve higher security. To achieve this, many steganographic algorithms are already proposed. The ability of human eyes as well as invisibility remain the most important and prominent factor for the security and protection. The most commonly used security measure of data hiding within imagesYet it is ineffective against Steganalysis and lacks proper verifications. Thus the proposed system of Image Steganography using PVD (Pixel Value Differentiating) proves to be a better choice. It compresses and embeds data in images at the pixel value difference calculated between two consecutive pixels. To increase the security, another technique called Edge Detection is used along with PVD to embed data at the edges. Edge Detection techniques like Canny algorithm are used to find the edges in an image horizontally as well as vertically. The edge pixels in an image can be used to handle more bits of messages, because more pixel value shifts can be handled by the image edge area.

Owing to the advancements in communication media and devices all over the globe, there has arisen a dire need for to limit the alarming number of attacks targeting these and to enhance their security. Multiple techniques have been incorporated in different researches and various protocols and schemes have been put forward to cater security issues of session initiation protocol (SIP). In 2008, Qiu et al. presented a proposal for SIP authentication which while effective than many existing schemes, was still found vulnerable to many security attacks. To overcome those issues, Zhang et al. proposed an authentication protocol. This paper presents the analysis of Zhang et al. authentication scheme and concludes that their proposed scheme is susceptible to user traceablity. It also presents an improved SIP authentication scheme that eliminates the possibility of traceability of user's activities. The proposed scheme is also verified by contemporary verification tool, ProVerif and it is found to be more secure, efficient and practical than many similar SIP authetication scheme.

In the existing scheduling algorithms of mimicry structure, the random algorithm cannot solve the problem of large vulnerability window in the process of random scheduling. Based on known vulnerabilities, the algorithm with diversity and complexity as scheduling indicators can not only fail to meet the characteristic requirements of mimic's endogenous security for defense, but also cannot analyze the unknown vulnerabilities and measure the continuous differences in time of mimic Executive Entity. In this paper, from the Angle of attack surface is put forward based on mimicry attack the mimic Executive Entity scheduling algorithm, its resources to measure analysis method and mimic security has intrinsic consistency, avoids the random algorithm to vulnerability and modeling using known vulnerabilities targeted, on time at the same time can ensure the diversity of the Executive body, to mimic the attack surface web server scheduling system in continuous time is less, and able to form a continuous differences. Experiments show that the minimum symbiotic resource scheduling algorithm based on time continuity is more secure than the random scheduling algorithm.

Deepfake imagery that contains altered faces has become a threat to online content. Current anti-deepfake approaches usually do so by detecting image anomalies, such as visible artifacts or inconsistencies. However, with deepfake advances, these visual artifacts are becoming harder to detect. In this paper, we show that one can use biometric eyebrow matching as a tool to detect manipulated faces. Our method could provide an 0.88 AUC and 20.7% EER for deepfake detection when applied to the highest quality deepfake dataset, Celeb-DF.

Key Management in Delay Tolerant Networks (DTN) still remains an unsolved complex problem. Due to peculiar characteristics of DTN, important challenges that make it difficult to design key management architecture are: 1) no systematic requirement analysis is undertaken to define its components, their composition and prescribed functions; and 2) no framework is available for its seamless integration with Bundle Security Protocol (BSP). This paper proposes a Key Management Architecture for DTN (KMAD) to address challenges in DTN key management. The proposed architecture not only provides guidelines for key management in DTN but also caters for seamless integration with BSP. The framework utilizes public key cryptography to provide required security services to enable exchange of keying material, and information about security policy and cipher suites. The framework also supports secure exchange of control and data information in DTNs.

Malware has remained a consistent threat since its emergence, growing into a plethora of types and in large numbers. In recent years, numerous new malware variants have enabled the identification of new attack surfaces and vectors, and have become a major challenge to security experts, driving the enhancement and development of new malware analysis techniques to contain the contagion. One of the preliminary steps of malware analysis is to remove the abundance of counterfeit malware samples from the large collection of suspicious samples. This process assists in the management of man and machine resources effectively in the analysis of both unknown and likely malware samples. Hashing techniques are one of the fastest and efficient techniques for performing this preliminary analysis such as fuzzy hashing and import hashing. However, both hashing methods have their limitations and they may not be effective on their own, instead the combination of two distinctive methods may assist in improving the detection accuracy and overall performance of the analysis. This paper proposes a Fuzzy-Import hashing technique which is the combination of fuzzy hashing and import hashing to improve the detection accuracy and overall performance of malware analysis. This proposed Fuzzy-Import hashing offers several benefits which are demonstrated through the experimentation performed on the collected malware samples and compared against stand-alone techniques of fuzzy hashing and import hashing.

Caching strategies have been evaluated and compared in many studies, most often via simulation, but also in analytic methods. Knapsack solutions provide a general analytical approach for upper bounds on web caching performance. They assume objects of maximum (value/size) ratio being selected as cache content, with flexibility to define the caching value. Therefore the popularity, cost, size, time-to-live restrictions etc. per object can be included an overall caching goal, e.g., for reducing delay and/or transport path length in content delivery. The independent request model (IRM) leads to basic knapsack bounds for static optimum cache content. We show that a 2-dimensional (2D-)knapsack solution covers arbitrary request pattern, which selects dynamically changing content yielding maximum caching value for any predefined request sequence. Moreover, Belady's optimum strategy for clairvoyant caching is identified as a special case of our 2D-knapsack solution when all objects are unique. We also summarize a comprehensive picture of the demands and efficiency criteria for web caching, including updating speed and overheads. Our evaluations confirm significant performance gaps from LRU to advanced GreedyDual and score-based web caching methods and to the knapsack bounds.

Currently, data security issues are remaining as a major concern during digital communication. A large amount of crucial data is transmitted through the communication channel. There are many cryptographic algorithms available, which are used for providing data security during communication and storage process. However, the data needs to be decrypted for performing operations, which may lead to elevation of the privilege of data. The pin or passwords used for decryption of data can be easily identified using a brute force attack. This leads to losing the confidentiality of crucial data to an unauthorized user. In the proposed system, a combination of Homomorphic and Honey encryption is used to improve data confidentiality and user authentication problems. Thus, the system provides better data security for the issues related to outsourced databases.

Once constellation of satellites are working in a collaborative manner, the security of their messages would have to be highly secure from all angles of scenarios by which the praxis of eavesdropping constitutes a constant thread for the instability of the different tasks and missions. In this paper we employ the Bennet-Brassard commonly known as the BB84 protocol in conjunction to the technique of Cognitive Radio applied to the Internet of Space Things to build a prospective technology to guarantee the communications among geocentric orbital satellites. The simulations have yielded that for a constellation of 5 satellites, the probability of successful of completion the communication might be of order of 75% ±5%.

The Internet of Things (IoT) is more and more present in fundamental aspects of our societies and personal life. Billions of objects now have access to the Internet. This networking capability allows for new beneficial services and applications. However, it is also the entry-point for a wide variety of cyber-attacks that target these devices. The security measures present in real IoT systems lag behind those of the standard Internet. Security is sometimes completely absent. Moving Target Defense (MTD) is a 10-year-old cyber-defense paradigm. It proposes to randomize components of a system. Reasonably, an attacker will have a higher cost attacking an MTD-version of a system compared with a static-version of it. Even if MTD has been successfully applied to standard systems, its deployment for IoT is still lacking. In this paper, we propose a generic MTD framework suitable for IoT systems: IANVS (pronounced Janus). Our framework has a modular design. Its components can be adapted according to the specific constraints and requirements of a particular IoT system. We use it to instantiate two concrete MTD strategies. One that targets the UDP port numbers (port-hopping), and another a CoAP resource URI. We implement our proposal on real hardware using Pycom LoPy4 nodes. We expose the nodes to a remote Denial-of-Service attack and evaluate the effectiveness of the IANVS-based port-hopping MTD proposal.

This paper presents an approach for the identification of vulnerable IoT applications using deep learning algorithms. The approach focuses on a category of vulnerabilities that leads to sensitive information leakage which can be identified using taint flow analysis. First, we analyze the source code of IoT apps in order to recover tokens along their frequencies and tainted flows. Second, we develop, Token2Vec, which transforms the source code tokens into vectors. We have also developed Flow2Vec, which transforms the identified tainted flows into vectors. Third, we use the recovered vectors to train a deep learning algorithm to build a model for the identification of tainted apps. We have evaluated the approach on two datasets and the experiments show that the proposed approach of combining tainted flows features with the base benchmark that uses token frequencies only, has improved the accuracy of the prediction models from 77.78% to 92.59% for Corpus1 and 61.11% to 87.03% for Corpus2.

Intrusion Detection System (IDS) is a network security software and hardware widely used to detect anomaly network traffics by comparing the traffics against rules specified beforehand. Snort is one of the most famous open-source IDS system. To write a rule, Snort specifies structure and values in Snort manual. This specification is expressive enough to write in different way with the same meaning. If there are rule redundancy, it could distract performance. We, thus, propose a proof of semantical issues for Snort rule and found four pairs of Snort rule combinations that can cause redundancy. In addition, we create a tool to verify such redundancy between two rules on the public rulesets from Snort community and Emerging threat. As a result of our test, we found several redundancy issues in public rulesets if the user enables commented rules.

As the computer architecture technology evolves, communication protocols have been demanded not only having reliable security but also flexible functionality. Advanced cryptography has been expected as a new generation cryptography which suffices such the requirements. A pairing is one of the key technologies of the cryptography and the pairing has been known as having a substantial amount of construction parameters. Recently, the elliptic curve with embedding degree 14 is evaluated as one of the efficient curves for pairing. In the paper, we implement an optimal ate pairing on the elliptic curve by applying several variants of multiplication algorithms of extension field of degree 7 on multiple devices. The best multiplication algorithm among the candidates is derived. Besides, for efficient calculations, we propose a pseudo 7-sparse algorithm and a fast calculation method of final exponentiation. As a result, we discover the proper multiplication algorithm bases on the rate of addition and multiplications on several different computer platforms. Our proposed pseudo 7-sparse algorithm is approximately 1.54% faster than a regular algorithm on almost all tested platforms. Eventually, for the total execution time of pairing we record 9.33ms on Corei5-9500.

Chaos-based encryption is one of the promising cryptography techniques that can be used. Although chaos-based encryption provides excellent security, the finite precision of number representation in computers affects decryption accuracy negatively. In this paper, a way to mitigate some problems regarding finite precision is analyzed. We show that the use of maps with small Lyapunov exponents can improve the performance of chaotic encryption scheme, making it suitable for image encryption.

The traditional reactive web caching system is getting less popular day by day due to its inefficiency in handling the overwhelming requests for multimedia content. An intelligent web caching system intends to take optimal cache decisions by predicting future popular contents (FPC) proactively. In recent years, a few approaches have proposed some intelligent caching system where they were concerned about proactive caching. Those works intensified the importance of FPC prediction using the prediction models. However, only FPC prediction may not help to get the optimal solution in every scenario. In this paper, a technique named IntellCache has been proposed that increases the caching efficiency by taking a cache decision i.e. content storing decision before storing the predicted FPC. Different deep learning models such as- multilayer perceptron (MLP), Long short-term memory (LSTM) of Recurrent Neural Network (RNN) and ConvLSTM a combination of LSTM and Convolutional Neural Network (CNN) are compared to identify the most efficient model for FPC. The information on the contents of 18 years from the MovieLens data repository has been mined to evaluate the proposed approach. Results show that this proposed scheme outperforms previous solutions by achieving a higher cache hit ratio and lower average delay and thus, ensures users' satisfaction.

With the proliferation of Mobile Internet, handheld devices are facing continuous threats from apps that contain malicious intents. These malicious apps, or malware, have the capability of dynamically changing their intended code as they spread. Moreover, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses, which typically use signature-based techniques, and make them unable to detect the previously unknown malware. However, the variants of malware families share typical behavioral patterns reflecting their origin and purpose. The behavioral patterns, obtained either statically or dynamically, can be exploited to detect and classify unknown malware into their known families using machine learning techniques. In this paper, we propose a new approach for detecting and analyzing a malware. Mainly focused on android apps, our approach adopts the two following steps: (1) performs a transformation of an APK file into a lightweight RGB image using a predefined dictionary and intelligent mapping, and (2) trains a convolutional neural network on the obtained images for the purpose of signature detection and malware family classification. The results obtained using the Androzoo dataset show that our system classifies both legacy and new malware apps with high accuracy, low false-negative rate (FNR), and low false-positive rate (FPR).

Some of the key challenges in steganography are imperceptibility and resistance to detection of steganalysis algorithms. Zero steganography is an approach to data hiding such that the cover image is not modified. This paper focuses on the generation of stego-key, which is an essential component of this steganographic approach. This approach utilizes DNA sequences and shifting and flipping operations in its binary code representation. Experimental results show that the key generation algorithm has a low cracking probability. The algorithm satisfies the avalanche criterion.

Side-channel analysis (SCA) is a big threat to the security of connected embedded devices. Over the last few years, physical non-invasive SCA attacks utilizing the electromagnetic (EM) radiation (EM side-channel `leakage') from a crypto IC has gained huge momentum owing to the availability of the low-cost EM probes and development of the deep-learning (DL) based profiling attacks. In this paper, our goal is to understand the source of the EM leakage by analyzing a white-box modeling of the EM leakage from the crypto IC, leading towards a low-overhead generic countermeasure. To kill this EM leakage from its source, the solution utilizes a signature attenuation hardware (SAH) encapsulating the crypto core locally within the lower metal layers such that the critical correlated crypto current signature is significantly attenuated before it passes through the higher metal layers to connect to the external pin. The protection circuit utilizing AES256 as the crypto core is fabricated in 65nm process and shows for the first time the effects of metal routing on the EM leakage. The \textbackslashtextgreater 350× signature attenuation of the SAH together with the local lower metal routing ensured that the protected AES remains secure even after 1B measurements for both EM and power SCA, which is an 100× improvement over the state-of-the-art with comparable overheads. Overall, with the combination of the 2 techniques - signature suppression and local lower metal routing, we are able to kill the EM side-channel leakage at its source such that the correlated signature is not passed through the top-level metals, MIM capacitors, or on-board inductors, which are the primary sources of EM leakage, thereby preventing EM SCA attacks.

Mobile browsers have become one of the main mediators of our online activities. However, as web pages continue to increase in size and streaming media on-the-go has become commonplace, mobile data plan constraints remain a significant concern for users. As a result, data-saving features can be a differentiating factor when selecting a mobile browser. In this paper, we present a comprehensive exploration of the security and privacy threat that data-saving functionality presents to users. We conduct the first analysis of Android's data-saving browser (DSB) ecosystem across multiple dimensions, including the characteristics of the various browsers' infrastructure, their application and protocol-level behavior, and their effect on users' browsing experience. Our research unequivocally demonstrates that enabling data-saving functionality in major browsers results in significant degradation of the user's security posture by introducing severe vulnerabilities that are not otherwise present in the browser during normal operation. In summary, our experiments show that enabling data savings exposes users to (i) proxy servers running outdated software, (ii) man-in-the-middle attacks due to problematic validation of TLS certificates, (iii) weakened TLS cipher suite selection, (iv) lack of support of security headers like HSTS, and (v) a higher likelihood of being labelled as bots. While the discovered issues can be addressed, we argue that data-saving functionality presents inherent risks in an increasingly-encrypted Web, and users should be alerted of the critical savings-vs-security trade-off that they implicitly accept every time they enable such functionality.