Biblio

The sophistication and complexity of recent exploitation techniques, which rely on memory disclosure and whole-function reuse to bypass address space layout randomization and control flow integrity, is indicative of the effect that the combination of exploit mitigations has in challenging the construction of reliable exploits. In addition to software diversification and control flow enforcement, recent efforts have focused on the complementary approach of code and API specialization to restrict further the critical operations that an attacker can perform as part of a code reuse exploit. In this paper we propose Saffire, a compiler-level defense against code reuse attacks. For each calling context of a critical function, Saffire creates a specialized and hardened replica of the function with a restricted interface that can accommodate only that particular invocation. This is achieved by applying staticargumentbinding, to eliminate arguments with static values and concretize them within the function body, and dynamicargumentbinding, which applies a narrow-scope form of data flow integrity to restrict the acceptable values of arguments that cannot be statically derived. We have implemented Saffire on top of LLVM, and applied it to a set of 11 applications, including Nginx, Firefox, and Chrome. The results of our experimental evaluation with a set of 17 real-world ROP exploits and three whole-function reuse exploits demonstrate the effectiveness of Saffire in preventing these attacks while incurring a negligible runtime overhead.

Fog Computing paradigm extends the cloud computing to the edge of the network to resolve the problem of latency but this introduces new security and privacy issues. So, it is necessary that a user must be authenticated before initiating data exchange in order to preserve the integrity. Secondly, in fog computing, fog node must also be authorized for ensuring the proper behaviour of fog node and validate that the fog node is not corrupted. Hence, we proposed a mutual authentication scheme which verifies both the fog node and the end user before the transfer of data. Traditional authentication protocol uses digital certificate and digital signature which faces the problem of scalability and more complexity respectively. So, in the proposed architecture, the problem of scalability and complexity is reduced to a greater extent compared to traditional authentication techniques. The proposed scheme also ensures multi-factor authentication of the user before sending the data and it is way too efficient.

Automated techniques for rigorous floating-point round-off error analysis are a prerequisite to placing important activities in HPC such as precision allocation, verification, and code optimization on a formal footing. Yet existing techniques cannot provide tight bounds for expressions beyond a few dozen operators-barely enough for HPC. In this work, we offer an approach embedded in a new tool called SATIHE that scales error analysis by four orders of magnitude compared to today's best-of-class tools. We explain how three key ideas underlying SATIHE helps it attain such scale: path strength reduction, bound optimization, and abstraction. SATIHE provides tight bounds and rigorous guarantees on significantly larger expressions with well over a hundred thousand operators, covering important examples including FFT, matrix multiplication, and PDE stencils.

Social engineering attacks are well known attacks in the cyberspace and relatively easy to try and implement because no technical knowledge is required. In various online environments such as business domains where customers talk through a chat service with employees or in social networks potential hackers can try to manipulate other people by employing social attacks against them to gain information that will benefit them in future attacks. Thus, we have used a number of natural language processing steps and a machine learning algorithm to identify potential attacks. The proposed method has been tested on a semi-synthetic dataset and it is shown to be both practical and effective.

Trust along digitalized supply chains is challenged by the aspect that monitoring equipment may not be trustworthy or unreliable as respective measurements originate from potentially untrusted parties. To allow for dynamic relationships along supply chains, we propose a blockchain-backed supply chain monitoring architecture relying on trusted hardware. Our design provides a notion of secure end-to-end sensing of interactions even when originating from untrusted surroundings. Due to attested checkpointing, we can identify misinformation early on and reliably pinpoint the origin. A blockchain enables long-term verifiability for all (now trustworthy) IoT data within our system even if issues are detected only after the fact. Our feasibility study and cost analysis further show that our design is indeed deployable in and applicable to today’s supply chain settings.

Open wireless channels make a wireless ad hoc network vulnerable to various security attacks, so it is crucial to design a routing protocol that can defend against the attacks of malicious nodes. In this paper, we first measure the trust value calculated by the node behavior in a period to judge whether the node is trusted, and then combine other QoS requirements as the routing metrics to design a secure routing approach. Moreover, we propose a deep learning-based model to learn the routing environment repeatedly from the data sets of packet flow and corresponding optimal paths. Then, when a new packet flow is input, the model can output a link set that satisfies the node's QoS and trust requirements directly, and therefore the optimal path of the packet flow can be obtained. The extensive simulation results show that compared with the traditional optimization-based method, our proposed deep learning-based approach cannot only guarantee more than 90% accuracy, but also significantly improves the computation time.

Vehicular Ad-Hoc Networks (VANET) are liable to the Black, Worm and Gray Hole attacks because of the broadcast nature of the wireless medium and a lack of authority standards. Black Hole attack covers the situation when a malicious node uses its routing protocol in order to publicize itself for having the shortest route to the destination node. This aggressive node publicizes its availability of fresh routes regardless of checking its routing table. The consequences of these attacks could lead not only to the broken infrastructure, but could cause hammering people's lives. This paper aims to investigate and compare methods for preventing such types of attacks in a VANET.

With the improvement of people's living standards, more and more network users access the network, including a large number of infrastructure, these devices constitute the Internet of things(IoT). With the rapid expansion of devices in the IoT, the data transmission between the IoT has become more complex, and the security issues are facing greater challenges. SDN as a mature network architecture, its security has been affirmed by the industry, it separates the data layer from the control layer, thus greatly improving the security of the network. In this paper, we apply the SDN to the IoT, and propose a IoT network architecture based on SDN. In this architecture, we not only make use of the security features of SDN, but also deploy different security modules in each layer of SDN to integrate, analyze and plan various data through the IoT, which undoubtedly improves the security performance of the network. In the end, we give a comprehensive introduction to the system and verify its performance.

Existing logic-locking attacks are known to successfully decrypt functionally correct key of a locked combinational circuit. It is possible to extend these attacks to real-world Silicon-based Intellectual Properties (IPs, which are sequential circuits) through scan-chains by selectively initializing the combinational logic and analyzing the responses. In this paper, we propose SeqL, which achieves functional isolation and locks selective flip-flop functional-input/scan-output pairs, thus rendering the decrypted key functionally incorrect. We conduct a formal study of the scan-locking problem and demonstrate automating our proposed defense on any given IP. We show that SeqL hides functionally correct keys from the attacker, thereby increasing the likelihood of the decrypted key being functionally incorrect. When tested on pipelined combinational benchmarks (ISCAS, MCNC), sequential benchmarks (ITC) and a fully-fledged RISC-V CPU, SeqL gave 100% resilience to a broad range of state-of-the-art attacks including SAT [1], Double-DIP [2], HackTest [3], SMT [4], FALL [5], Shift-and-Leak [6] and Multi-cycle attacks [7].

Mobile Edge Computing may become a prevalent platform to support applications where mobile devices have limited compute, storage, energy and/or data privacy concerns. In this paper, we study the efficient provisioning and management of compute resources in the Edge-to-Cloud continuum for different types of real-time applications with timeliness requirements depending on application-level update rates and communication/compute delays. We begin by introducing a highly stylized network model allowing us to study the salient features of this problem including its sensitivity to compute vs. communication costs, application requirements, and traffic load variability. We then propose an online decentralized service placement algorithm, based on estimating network delays and adapting application update rates, which achieves high service availability. Our results exhibit how placement can be optimized and how a load-balancing strategy can achieve near-optimal service availability in large networks.

The Internet of Things (IoT) integrates the Internet and electronic devices belonging to different domains, such as smart home automation, industrial processes, military applications, health, and environmental monitoring. Usually, IoT devices have limited resources and Low Power and Lossy Networks (LLNs) are being used to interconnect such devices. Routing Protocol for Low-Power and Lossy Networks (RPL) is one of the preferred routing protocols for this type of network, since it was specially developed for LLNs, also known as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN). In this paper the most well-known routing attacks against 6LoWPAN networks were studied and implemented through simulation, conducting a behavioral analysis of network components (resources, topology, and data traffic) under attack condition. In order to achieve a better understanding on how attacks in 6LoWPAN work, we first conducted a study on 6LoWPAN networks and RPL protocol functioning. Furthermore, we also studied a series of well-known routing attacks against this type of Wireless Sensor Networks and these attacks were then simulated using Cooja simulator provided by Contiki operating system. The results obtained after the simulations are discussed along with other previous researches. This analysis may be of real interest when it comes to identify indicators of compromise for each type of attack and appropriate countermeasures for prevention and detection of these attacks.

Trust among humans affects the way we interact with each other. In autonomous systems, this trust is often predefined and hard-coded before the systems are deployed. However, when systems encounter unfolding situations, requiring them to interact with others, a notion of trust will be inevitable. In this paper, we discuss trust as a fundamental measure to enable an autonomous system to decide whether or not to interact with another system, whether biological or artificial. These decisions become increasingly important when continuously integrating with others during runtime.

Smart grid consists of multiple different entities related to various energy management systems which share fine-grained energy measurements among themselves in an optimal and reliable manner. Such delivery is achieved through intelligent transmission and distribution networks composed of various stakeholders like Phasor Measurement Units (PMUs), Master and Remote Terminal Units (MTU and RTU), Storage Centers and users in power utility departments subject to volatile changes in requirements. Hence, secure accessibility of data becomes vital in the context of efficient functioning of the smart grid. In this paper, we propose a practical attribute-based encryption scheme for securing data sharing and data access in Smart Grid architectures with the added advantage of obfuscating the access policy. This is aimed at preserving data privacy in the context of competing smart grid operators. We build our scheme on Linear Secret Sharing (LSS) Schemes for supporting any monotone access structures and thus enhancing the expressiveness of access policies. Lastly, we analyze the security, access policy privacy and collusion resistance properties of our cryptosystem and provide an efficiency comparison as well as experimental analysis using the Charm-Crypto framework to validate the proficiency of our proposed solution.

A significant challenge in modern computer security is the growing skill gap as intruder capabilities increase, making it necessary to begin automating elements of penetration testing so analysts can contend with the growing number of cyber threats. In this paper, we attempt to assist human analysts by automating a single host penetration attack. To do so, a smart agent performs different attack sequences to find vulnerabilities in a target system. As it does so, it accumulates knowledge, learns new attack sequences and improves its own internal penetration testing logic. As a result, this agent (AgentPen for simplicity) is able to successfully penetrate hosts it has never interacted with before. A computer security administrator using this tool would receive a comprehensive, automated sequence of actions leading to a security breach, highlighting potential vulnerabilities, and reducing the amount of menial tasks a typical penetration tester would need to execute. To achieve autonomy, we apply an unsupervised machine learning algorithm, Q-learning, with an approximator that incorporates a deep neural network architecture. The security audit itself is modelled as a Markov Decision Process in order to test a number of decision-making strategies and compare their convergence to optimality. A series of experimental results is presented to show how this approach can be effectively used to automate penetration testing using a scalable, i.e. not exhaustive, and adaptive approach.

Mobile Device Security is an important factor as all the user's sensitive information is stored on the mobile device. The problem of mobile devices getting lost or stolen has only been increasing. There are various systems which provide Online Mobile Device Security which require internet to perform their required functions. Our proposed system SMS Based Offline Mobile Device Security System provides mobile device users with a wide range of security features that help protect the mobile device from theft and also acts as an assistant that helps the users in any problems they may face in their day-to-day lives. The project aims to develop a mobile security system that will allow the user to manipulate his mobile device from any other device through SMS which can be used to get contact information from the user's mobile device remotely, help find the phone by maximizing the volume and playing a tone, trace the current location of the mobile device, get the IMEI No of the device, lock the device, send a message that will be converted to speech and played on the user's mobile device, call forwarding, message forwarding and various other features. It also has an additional security feature that will detect a sim card change and send the new SIM card mobile no to the recovery mobile numbers specified during initial setup automatically. Hence, the user will be able to manipulate his phone even after the SIM card has been changed. Therefore, the SMS-Based Offline Mobile Device Security System provides much more security for the mobile device than the existing online device security methods.

the purpose of this paper is investigation of existing approaches to formation of electronic digital signatures, as well as the possibility of software developing for electronic signature generation at electronic document circulation of institution. The article considers and analyzes the existing algorithms for generating and processing electronic signatures. Authors propose the model for documented information exchanging in institution, including cryptographic module and secure key storage, blockchain storage of electronic signatures, central web-server and web-interface. Examples of the developed software are demonstrated, and recommendations are given for its implementation, integration and using in different institutions.

Data storage in Distributed Storage Systems (DSS) is a multidimensional optimization problem. Using network coding, one wants to provide reliability, scalability, security, reduced storage overhead, reduced bandwidth for repair and minimal disk I/O in such systems. Advances in the construction of optimal Fractional Repetition (FR) codes, a smart replication of encoded packets on n nodes which also provides optimized disk I/O and where a node failure can be repaired by contacting some specific set of nodes in the system, is in high demand. An attempt towards the construction of universally good FR codes using three different approaches is addressed in this work. In this paper, we present that the code constructed using the partial regular graph for heterogeneous DSS, where the number of packets on each node is different, is universally good. Further, we also encounter the list of parameters for which the ring construction and the T-construction results in universally good codes. In addition, we evaluate the FR code constructions meeting the minimum distance bound.

Nearest neighbor search, a classic way of identifying similar data, can be applied to various areas, including database, machine learning, natural language processing, software engineering, etc. Secure nearest neighbor search aims to find nearest neighbors to a given query point over encrypted data without accessing data in plaintext. It provides privacy protection to datasets when nearest neighbor queries need to be operated by an untrusted party (e.g., a public server). While different solutions have been proposed to support nearest neighbor queries on encrypted data, these existing solutions still encounter critical drawbacks either in efficiency or privacy. In light of the limitations in the current literature, we propose a novel approximate nearest neighbor search solution, referred to as Sparser, by leveraging a combination of space-filling curves, perturbation, and Order-Preserving Encryption. The advantages of Sparser are twofold, strengthening privacy and improving efficiency. Specifically, Sparser pre-processes plaintext data with space-filling curves and perturbation, such that data is sparse, which mitigates leakage abuse attacks and renders stronger privacy. In addition to privacy enhancement, Sparser can efficiently find approximate nearest neighbors over encrypted data with logarithmic time. Through extensive experiments over real-world datasets, we demonstrate that Sparser can achieve strong privacy protection under leakage abuse attacks and minimize search time.

In the past decade, cyber-attack events on the power grid have proven to be sophisticated and advanced. These attacks led to severe consequences on the grid operation, such as equipment damage or power outages. Hence, it is more critical than ever to develop tools for security assessment and detection of anomalies in the cyber-physical grid. For an extensive power grid, it is complex to analyze the causes of frequency deviations. Besides, if the system is compromised, attackers can leverage on the frequency deviation to bypass existing protection measures of the grid. This paper aims to develop a novel specification-based method to detect False Data Injection Attacks (FDIAs) in the multi-area system. Firstly, we describe the implementation of a three-area system model. Next, we assess the risk and devise several intrusion scenarios. Specifically, we inject false data into the frequency measurement and Automatic Generation Control (AGC) signals. We then develop a rule-based method to detect anomalies at the system-level. Our simulation results proves that the proposed algorithm can detect FDIAs in the system.

For classical fault analysis, a transient fault is required to be injected during runtime, e.g., only at a specific round. Instead, Persistent Fault Analysis (PFA) introduces a powerful class of fault attacks that allows for a fault to be present throughout the whole execution. One limitation of original PFA as introduced by Zhang et al. at CHES'18 is that the adversary needs know (or brute-force) the faulty values prior to the analysis. While this was addressed at a follow-up work at CHES'20, the solution is only applicable to a single faulty value. Instead, we use the potency of Statistical Fault Analysis (SFA) in the persistent fault setting, presenting Statistical Persistent Fault Analysis (SPFA) as a more general approach of PFA. As a result, any or even a multitude of unknown faults that cause an exploitable bias in the targeted round can be used to recover the cipher's secret key. Indeed, the undesired faults in the other rounds that occur due the persistent nature of the attack converge to a uniform distribution as required by SFA. We verify the effectiveness of our attack against LED and AES.

Recent foundational work on leakage-abuse attacks on encrypted databases has broadened our understanding of what an adversary can accomplish with a standard leakage profile. Nevertheless, all known value reconstruction attacks succeed under strong assumptions that may not hold in the real world. The most prevalent assumption is that queries are issued uniformly at random by the client. We present the first value reconstruction attacks that succeed without any knowledge about the query or data distribution. Our approach uses the search-pattern leakage, which exists in all known structured encryption schemes but has not been fully exploited so far. At the core of our method lies a support size estimator, a technique that utilizes the repetition of search tokens with the same response to estimate distances between encrypted values without any assumptions about the underlying distribution. We develop distribution-agnostic reconstruction attacks for both range queries and k-nearest-neighbor (k-NN) queries based on information extracted from the search-pattern leakage. Our new range attack follows a different algorithmic approach than state-of-the-art attacks, which are fine-tuned to succeed under the uniformly distributed queries. Instead, we reconstruct plaintext values under a variety of skewed query distributions and even outperform the accuracy of previous approaches under the uniform query distribution. Our new k-NN attack succeeds with far fewer samples than previous attacks and scales to much larger values of k. We demonstrate the effectiveness of our attacks by experimentally testing them on a wide range of query distributions and database densities, both unknown to the adversary.

Demand response (DR) is one of the most economical methods for peak demand reduction, renewable energy integration and ancillary service support. Residential electrical energy consumption takes approximately 33% of the total electricity usage and hence has great potentials in DR applications. However, residential DR encounters various challenges such as small individual magnitude, stochastic consuming patterns and privacy issues. In this study, we propose a stochastic optimal mechanism to tackle these issues and try to reveal the benefits from residential DR implementation. Stochastic residential load (SRL) models, a generation cost prediction (GCP) model and a stochastic optimal load aggregation (SOLA) model are developed. A set of uniformly distributed scalers is introduced into the SOLA model to efficiently avoid the peak demand rebound problem in DR applications. The SOLA model is further transformed into a deterministic LP model. Time-of-Use (TOU) tariff is adopted as the price structure because of its similarity and popularity. Case studies show that the proposed mechanism can significantly reduce the peak-to-average power ratio (PAPR) of the load profile as well as the electrical energy cost. Furthermore, the impacts of consumers' participation levels in the DR program are investigated. Simulation results show that the 50% participation level appears as the best case in terms system stability. With the participation level of 80%, consumers' electrical energy cost is minimized. The proposed mechanism can be used by a residential load aggregator (LA) or a utility to plan a DR program, predict its impacts, and aggregate residential loads to minimize the electrical energy cost.

In recent times, data excessiveness has become a major problem in the field of education, news, blogs, social media, etc. Due to an increase in such a vast amount of text data, it became challenging for a human to extract only the valuable amount of data in a concise form. In other words, summarizing the text, enables human to retrieves the relevant and useful texts, Text summarizing is extracting the data from the document and generating the short or concise text of the document. One of the major approaches that are used widely is Automatic Text summarizer. Automatic text summarizer analyzes the large textual data and summarizes it into the short summaries containing valuable information of the data. Automatic text summarizer further divided into two types 1) Extractive text summarizer, 2) Abstractive Text summarizer. In this article, the extractive text summarizer approach is being looked for. Extractive text summarization is the approach in which model generates the concise summary of the text by picking up the most relevant sentences from the text document. This paper focuses on retrieving the valuable amount of data using the Elmo embedding in Extractive text summarization. Elmo embedding is a contextual embedding that had been used previously by many researchers in abstractive text summarization techniques, but this paper focus on using it in extractive text summarizer.

The precise integrative control between the stereoscopic image and the tactile feedback is very essential in augmented reality[1]-[4]. In order to study this question, this paper will introduce a stereoscopic-imaging and tactile integrative augmented-reality system, and a stereoscopic-imaging and tactile integrative algorithm. The system includes a stereoscopic-imaging part and a string-based tactile part. The integrative algorithm is used to precisely control the interaction between the two parts. The results for testing the system and the algorithm demonstrate the system to be perfect through 5 testers' operation and will be presented in the last part of the paper.

To avoid the spam message, malicious and cyber bullies activities which are mostly done by the fake profile. These activities challenge the privacy policies of the social network communities. These fake profiles are responsible for spread false information on social communities. To identify the fake profile, duplicate, spam and bots account there is much research work done in this area. By using a machine-learning algorithm, most of the fake accounts detected successfully. This paper represents the review of Fake Profile Detection on Social Site by Using Machine Learning.