Biblio

Networks have evolved very rapidly, which allow secret data transformation speedily through the Internet. However, the security of secret data has posed a serious threat due to openness of these networks. Thus, researchers draw their attention on cryptography field for this reason. Due to the traditional cryptographic techniques which are vulnerable to intruders nowadays. Deoxyribonucleic Acid (DNA) considered as a promising technology for cryptography field due to extraordinary data density and vast parallelism. With the help of the various DNA arithmetic and biological operations are also Blum Blum Shub (BBS) generator, a multi-level of DNA encryption algorithm is proposed here. The algorithm first uses the dynamic key generation to encrypt sensitive information as a first level; second, it uses BBS generator to generate a random DNA sequence; third, the BBS-DNA sequence spliced with a DNA Gen Bank reference to produce a new DNA reference. Then, substitution, permutation, and dynamic key are used to scramble the new DNA reference nucleotides locations. Finally, for further enhanced security, an injective mapping is established to combine encrypted information with encrypted DNA reference using Knight tour movement in Hadamard matrix. The National Institute of Standard and Technology (NIST) tests have been used to test the proposed algorithm. The results of the tests demonstrate that they effectively passed all the randomness tests of NIST which means they can effectively resist attack operations.

Software-defined networking (SDN) continues to grow in popularity because of its programmable and extensible control plane realized through network applications (apps). However, apps introduce significant security challenges that can systemically disrupt network operations, since apps must access or modify data in a shared control plane state. If our understanding of how such data propagate within the control plane is inadequate, apps can co-opt other apps, causing them to poison the control plane’s integrity. 

We present a class of SDN control plane integrity attacks that we call cross-app poisoning (CAP), in which an unprivileged app manipulates the shared control plane state to trick a privileged app into taking actions on its behalf. We demonstrate how role-based access control (RBAC) schemes are insufficient for preventing such attacks because they neither track information flow nor enforce information flow control (IFC). We also present a defense, ProvSDN, that uses data provenance to track information flow and serves as an online reference monitor to prevent CAP attacks. We implement ProvSDN on the ONOS SDN controller and demonstrate that information flow can be tracked with low-latency overheads.

Nowadays, with such a huge amount of information available online, one key challenge is how to retrieve target data efficiently. A recent state-of-art solution, k-means hashing (KMH), codes data via a string of binary code obtained by iterative k-means clustering and binary code optimizing. To deal with high dimensional data, KMH divides the space into low-dimensional subspaces, places a hypercube in each subspace and finds its proper location by the mentioned optimizing process. However, the complexity of the optimization increases rapidly when the dimension of the hypercube increases. To address this issue, we propose an improved hashing method stacked k-means hashing (SKMH). The main idea is to increase the approximation by a coarse-to-fine multi-layer lower-dimensional cubes. With these kinds of lower-dimensional cubes, SKMH can achieve a similar approximation ability via a less optimizing time, compared with KMH method using higher-dimensional cubes. Extensive experiments have been conducted on two public databases, demonstrating the performance of our method by some common metrics in fast nearest neighbor search.

Deception is a technique to mislead human or computer systems by manipulating beliefs and information. Successful deception is characterized by the information-asymmetric, dynamic, and strategic behaviors of the deceiver and the deceivee. This paper proposes a game-theoretic framework to capture these features of deception in which the deceiver sends the strategically manipulated information to the deceivee while the deceivee makes the best-effort decisions based on the information received and his belief. In particular, we consider the case when the deceivee adopts hypothesis testing to make binary decisions and the asymmetric information is modeled using a signaling game where the deceiver is a privately-informed player called sender and the deceivee is an uninformed player called receiver. We characterize perfect Bayesian Nash equilibrium (PBNE) solution of the game and study the deceivability of the game. Our results show that the hypothesis testing game admits pooling and partially-separating-pooling equilibria. In pooling equilibria, the deceivability depends on the true types, while in partially-separating-pooling equilibria, the deceivability depends on the cost of the deceiver. We introduce the receiver operating characteristic curve to visualize the equilibrium behavior of the deceiver and the performance of the decision making, thereby characterizing the deceivability of the hypothesis testing game.

Nowadays, the database security problem is becoming significantly interesting in the data mining field. How can exploit legitimate data and avoid disclosing sensitive information. There have been many approaches in which the outstanding solution among them is privacy preservation in association rule mining to hide sensitive rules. In the recent years, a meta-heuristic algorithm is becoming effective for this goal, the algorithm is applied in the cuckoo optimization algorithm (COA4ARH). In this paper, an improved proposal of the COA4ARH to minimize the side effect of the missing non-sensitive rules will be introduced. The main contribution of this study is a new pre-process stage to determine the minimum number of necessary transactions for the process of initializing an initial habitat, thus restriction of modified operation on the original data. To evaluate the effectiveness of the proposed method, we conducted several experiments on the real datasets. The experimental results show that the improved approach has higher performance in compared to the original algorithm.

A vast literature on secret sharing protocols now exists based on the folk theorem that the wireless channel between communicating parties Alice and Bob cannot be controlled or predicted by a third party in a fine-grain way. We find that the folk theorem unfortunately does not hold. In particular, we show how an adversary, using a customized full-duplex forwarder, can control the channel seen by Alice and Bob in fine granularity without leaving a trace, while predicting with high probability the secrets generated by any channel reciprocity based secret sharing protocol. An implementation of our proposed secret manipulator, called Channel Spoofer, on a software-defined radio platform empirically verifies Channel Spoofer's effectiveness in breaking several representative state-of-the-art secret sharing protocols. To the best of our knowledge, the proposed Channel Spoofer is the first practical attacker against all extant channel reciprocity based secret sharing protocols.

It is challenging in Security information and Platforms of Communication by Visible Light (VLC), solutions are made to manage the right Security problems. Several solutions have been developed and evolved constantly to meet complex and ever-changing business needs in the world. In the business context, people who are responsible for a project or an organization undergo professional and emotional stress. This research project has developed a new model which can help decision makers evaluating these alternative methods in relation to articulating different types of Security problems, formulating Security criteria, and simulating expectations of adopting the chosen method for Platforms of Communication by Visible Light (VLC).

Big data is a buzzword used to describe massive volumes of data that provides opportunities of exploring new insights through data analytics. However, big data is mostly structured but can be semi-structured or unstructured. It is normally so large that it is not only difficult but also slow to process using traditional computing systems. One of the solutions is to format the data as graph data structures and process them on shared memory architecture to use fast and novel policies such as transactional memory. In most graph applications in big data type problems such as bioinformatics, social networks, and cybersecurity, graphs are sparse in nature. Due to this sparsity, we have the opportunity to use Transactional Memory (TM) as the synchronization policy for critical sections to speedup applications. At low conflict probability TM performs better than most synchronization policies due to its inherent non-blocking characteristics. TM can be implemented in Software, Hardware or a combination of both. However, hardware TM implementations are fast but limited by scarce hardware resources while software implementations have high overheads which can degrade performance. In this paper, we develop a low overhead, yet simple, dynamically adaptive (i.e., at runtime) hybrid (i.e., combines hardware and software) TM (DyAd-HyTM) scheme that combines the best features of both Hardware TM (HTM) and Software TM (STM) while adapting to application's requirements. It performs better than coarse-grain lock by up to 8.12x, a low overhead STM by up to 2.68x, a couple of implementations of HTMs (by up to 2.59x), and other HyTMs (by up to 1.55x) for SSCA-2 graph benchmark running on a multicore machine with a large shared memory.

Due to the large volumes of data that need to be processed, efficient memory access and data transmission are crucial for high-performance implementations of convolutional neural networks (CNNs). Approximate memory is a promising technique to achieve efficient memory access and data transmission in CNN hardware implementations. To assess the feasibility of applying approximate memory techniques, we propose a framework for the data resilience evaluation (DRE) of CNNs and verify its effectiveness on a suite of prevalent CNNs. Simulation results show that a high degree of data resilience exists in these networks. By scaling the bit-width of the first five dominant data subsets, the data volume can be reduced by 80.38% on average with a 2.69% loss in relative prediction accuracy. For approximate memory with random errors, all the synaptic weights can be stored in the approximate part when the error rate is less than 10–4, while 3 MSBs must be protected if the error rate is fixed at 10–3. These results indicate a great potential for exploiting approximate memory techniques in CNN hardware design.

Concise is a Forwarding information base (FIB) design that uses very little memory to support fast query of a large number of dynamic network names or flow IDs. Concise makes use of minimal perfect hashing and the SDN framework to design and implement the data structure, protocols, and system. Experimental results show that Concise uses significantly smaller memory to achieve faster query speed compared to existing FIB solutions and it can be updated very efficiently.

Motivated by the need to automatically generate behavior-based security challenges to improve user authentication for web services, we consider the problem of large-scale construction of realistic-looking names to serve as aliases for real individuals. We aim to use these names to construct security challenges, where users are asked to identify their real contacts among a presented pool of names. We seek these look-alike names to preserve name characteristics like gender, ethnicity, and popularity, while being unlinkable back to the source individual, thereby making the real contacts not easily guessable by attackers. To achive this, we introduce the technique of distributed name embeddings, representing names in a high-dimensional space such that distance between name components reflects the degree of cultural similarity between these strings. We present different approaches to construct name embeddings from contact lists observed at a large web-mail provider, and evaluate their cultural coherence. We demonstrate that name embeddings strongly encode gender and ethnicity, as well as name popularity. We applied this algorithm to generate imitation names in email contact list challenge. Our controlled user study verified that the proposed technique reduced the attacker's success rate to 26.08%, indistinguishable from random guessing, compared to a success rate of 62.16% from previous name generation algorithms. Finally, we use these embeddings to produce an open synthetic name resource of 1 million names for security applications, constructed to respect both cultural coherence and U.S. census name frequencies.

In smart city construction, wireless sensor networks (WSNs) are normally deployed to collect and transmit real-time data. The nodes of the WSN are embedded facility that integrated sensors and data processing modules. For security and privacy concerns, cryptography methods are required for data protection. However, the Rivest-Shamir-Adleman (RSA) cryptosystem, known as the the most popular and deployed public key algorithm, is still hardly implemented on embedded devices because of the intense computation required from its inherent arithmetic operations. Even though, different methods have being proposed for more efficient RSA implementations such as utilizing the Chinese remainder theorem, various modular exponentiation methods, and optimized modular arithmetic methods. In this paper, we propose an efficient multiplication for long integers on the sensor nodes equipped with 16-bit microcontrollers. Combined with this efficient multiplication, we obtain a faster Montgomery multiplication. The combined optimized Montgomery multiplication, the Chinese remainder theorem, and the m-ary exponentiation method allowed for execution times of less than 44.6 × 106 clock cycles for RSA decryption, a new speed record for the RSA implementation on MSP430 microcontrollers.

Information-Centric Networking (ICN) 1 is a significant networking paradigm for the Internet of Things, which is an information-centric network in essence. The ICN paradigm owns inherently some security features, but also brings several new vulnerabilities. The most significant one among them is Interest flooding, which is a new type of Denial of Service (DoS) attack, and has even more serious effects to the whole network in the ICN paradigm than in the traditional IP paradigm. In this paper, we suggest a new mechanism to mitigate Interest flooding attack. The detection of Interest flooding and the corresponding mitigation measures are implemented on the edge routers, which are directly connected with the attackers. By using statistics of Interest satisfaction rate on the incoming interface of some edge routers, malicious name-prefixes or interfaces can be discovered, and then dropped or slowed down accordingly. With the help of the network information, the detected malicious name-prefixes and interfaces can also be distributed to the whole network quickly, and the attack can be mitigated quickly. The simulation results show that the suggested mechanism can reduce the influence of the Interest flooding quickly, and the network performance can recover automatically to the normal state without hurting the legitimate users.

The perpetual cat-and-mouse game between attackers and software defenders has highlighted the need for strong and robust security. With performance as a key concern, most modern defenses focus on control-flow integrity (CFI), a program property that requires runtime execution of a program to adhere to a statically determined control-flow graph (CFG). Despite its success in preventing traditional return-oriented programming (ROP), CFI is known to be ineffective against modern attacks that adhere to a statically recovered CFG (e.g., COOP). This paper introduces stack-pointer integrity (SPI) as a means to supplement CFI and other modern defense techniques. Due to its ability to influence indirect control targets, stack pointer is a key artifact in attacks. We define SPI as a property comprising of two key sub-properties - Stack Localization and Stack Conservation - and implement a LLVM-based compiler prototype codenamed SPIglass that enforces SPI. We demonstrate a low implementation overhead and incremental deployability, two of the most desirable features for practical deployment. Our performance experiments show that the overhead of our defense is low in practice. We opensource SPIglass for the benefit of the community.

The growing volume of data and its increasing complexity require even more efficient and faster information retrieval techniques. Approximate nearest neighbor search algorithms based on hashing were proposed to query high-dimensional datasets due to its high retrieval speed and low storage cost. Recent studies promote the use of Convolutional Neural Network (CNN) with hashing techniques to improve the search accuracy. However, there are challenges to solve in order to find a practical and efficient solution to index CNN features, such as the need for a heavy training process to achieve accurate query results and the critical dependency on data-parameters. In this work we execute exhaustive experiments in order to compare recent methods that are able to produces a better representation of the data space with a less computational cost for a better accuracy by computing the best data-parameter values for optimal sub-space projection exploring the correlations among CNN feature attributes using fractal theory. We give an overview of these different techniques and present our comparative experiments for data representation and retrieval performance.

In this paper, we investigate the Bayesian filtering problem for discrete nonlinear dynamical systems which contain random parameters. An augmented cubature Kalman filter (CKF) is developed to deal with the random parameters, where the state vector is enlarged by incorporating the random parameters. The corresponding number of cubature points is increased, so the augmented CKF method requires more computational complexity. However, the estimation accuracy is improved in comparison with that of the classical CKF method which uses the nominal values of the random parameters. An application to the mobile source localization with time difference of arrival (TDOA) measurements and random sensor positions is provided where the simulation results illustrate that the augmented CKF method leads to a superior performance in comparison with the classical CKF method.

This paper considers the security problem of outsourcing storage from user devices to the cloud. A secure searchable encryption scheme is presented to enable searching of encrypted user data in the cloud. The scheme simultaneously supports fuzzy keyword searching and matched results ranking, which are two important factors in facilitating practical searchable encryption. A chaotic fuzzy transformation method is proposed to support secure fuzzy keyword indexing, storage and query. A secure posting list is also created to rank the matched results while maintaining the privacy and confidentiality of the user data, and saving the resources of the user mobile devices. Comprehensive tests have been performed and the experimental results show that the proposed scheme is efficient and suitable for a secure searchable cloud storage system.

This paper introduces the notion of one-way communication schemes with partial noisy feedback. To support this communication, the schemes suppose that Alice and Bob wish to communicate: Alice sends a sequence of alphabets over a channel to Bob, while Alice receives feedback bits from Bob for δ fraction of the transmissions. An adversary is allowed to tamper up to a constant fraction of these transmissions for both forward rounds and feedback rounds separately. This paper intends to determine the Maximum Error Rate (MER), as a function of δ (0 ≤ δ ≤ 1), under the MER rate, so that Alice can successfully communicate the messages to Bob via some protocols with δ fraction of noisy feedback. To provide a reasonable solution for the above problem, we need to explore a new kind of coding scheme for the interactive communication. In this paper, we use the notion of “non-malleable codes” (NMC) which relaxes the notions of error-correction and error-detection to some extent in communication. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message or a completely unrelated value. This property largely enforces the way to detect the transmission errors. Based on the above knowledge, we provide an alphabet-based encoding scheme, including a pair of (Enc, Dec). Suppose the message needing to be transmitted is m; if m is corrupted unintentionally, then the encoding scheme Dec(Enc(m)) outputs a symbol `⊥' to denote that some potential corruptions happened during transmission. In this work, based on the previous results, we show that for any δ ∈ (0; 1), there exists a deterministic communication scheme with noiseless full feedback(δ = 1), such that the maximal tolerable error fraction γ (on Alice's transmissions) can be up to 1/2, theoretically. Moreover, we show that for any δ ∈ (0; 1), there exists a communication scheme with noisy feedback, denoting the forward and backward rounds noised with error fractions of γ0and γ1respectively, such that the maximal tolerable error fraction γ0(on forward rounds) can be up to 1/2, as well as the γ1(on feedback rounds) up to 1.

Cloud computing emerged in the last years to handle systems with large-scale services sharing between vast numbers of users. It provides enormous storage for data and computing power to users over the Internet. There are many issues with the high growth of data. Data security is one of the most important issues in cloud computing. There are many algorithms and implementation for data security. These algorithms provided various encryption methods. In this work, We present a comprehensive study between Symmetric key and Asymmetric key encryption algorithms that enhanced data security in cloud computing system. We discuss AES, DES, 3DES and Blowfish for symmetric encryption algorithms, and RSA, DSA, Diffie-Hellman and Elliptic Curve, for asymmetric encryption algorithms.

Hashing has been a widely-adopted technique for nearest neighbor search in large-scale image retrieval tasks. Recent research has shown that leveraging supervised information can lead to high quality hashing. However, the cost of annotating data is often an obstacle when applying supervised hashing to a new domain. Moreover, the results can suffer from the robustness problem as the data at training and test stage may come from different distributions. This paper studies the exploration of generating synthetic data through semi-supervised generative adversarial networks (GANs), which leverages largely unlabeled and limited labeled training data to produce highly compelling data with intrinsic invariance and global coherence, for better understanding statistical structures of natural data. We demonstrate that the above two limitations can be well mitigated by applying the synthetic data for hashing. Specifically, a novel deep semantic hashing with GANs (DSH-GANs) is presented, which mainly consists of four components: a deep convolution neural networks (CNN) for learning image representations, an adversary stream to distinguish synthetic images from real ones, a hash stream for encoding image representations to hash codes and a classification stream. The whole architecture is trained end-to-end by jointly optimizing three losses, i.e., adversarial loss to correct label of synthetic or real for each sample, triplet ranking loss to preserve the relative similarity ordering in the input real-synthetic triplets and classification loss to classify each sample accurately. Extensive experiments conducted on both CIFAR-10 and NUS-WIDE image benchmarks validate the capability of exploiting synthetic images for hashing. Our framework also achieves superior results when compared to state-of-the-art deep hash models.

Reliable and scalable storage systems are key to cloud-based applications. In cloud storage, users store their data on remote servers rather than their local computers. Secure storage is used to ensure the safety of data in clouds. As more and more users rely on third-party cloud vendors to store their data, concerns have arisen among users and cloud providers. Encryption-based approaches are commonly used in secure storage systems. Data are encrypted and stored on persistent storage like disks and flash memories. When data are needed by the users, they are decrypted and accessed by the users. This way of managing data hurts the scalability and throughput of cloud systems. In the meantime, cloud systems have to perform fault-tolerance strategies on data, which also brings performance deduction. The combination of these issues cause a high price for data security in cloud systems. Aware of such issues. we propose methods to reduce the overhead of secure storage while guaranteeing the safeness of data.

Being an era of fast internet-based application environment, large volumes of relational data are being outsourced for business purposes. Therefore, ownership and digital rights protection has become one of the greatest challenges and among the most critical issues. This paper presents a novel fingerprinting technique to protect ownership rights of non-numeric digital data on basis of pattern generation and row association schemes. Firstly, fingerprint sequence is formulated by using secret key and buyer's Unique ID. With the chunks of these sequences and by applying the Fibonacci series, we select some rows. The selected rows are candidates of fingerprinting. The primary key of selected row is protected using RSA encryption; after which a pattern is designed by randomly choosing the values of different attributes of datasets. The encryption of primary key leads to develop an association between original and fake pattern; creating an ease in fingerprint detection. Fingerprint detection algorithm first finds the fake rows and then extracts the fingerprint sequence from the fake attributes, hence identifying the traitor. Some most important features of the proposed approach is to overcome major weaknesses such as error tolerance, integrity and accuracy in previously proposed fingerprinting techniques. The results show that technique is efficient and robust against several malicious attacks.

Encryption ransomware is a malicious software that stealthily encrypts user files and demands a ransom to provide access to these files. Several prior studies have developed systems to detect ransomware by monitoring the activities that typically occur during a ransomware attack. Unfortunately, by the time the ransomware is detected, some files already undergo encryption and the user is still required to pay a ransom to access those files. Furthermore, ransomware variants can obtain kernel privilege, which allows them to terminate software-based defense systems, such as anti-virus. While periodic backups have been explored as a means to mitigate ransomware, such backups incur storage overheads and are still vulnerable as ransomware can obtain kernel privilege to stop or destroy backups. Ideally, we would like to defend against ransomware without relying on software-based solutions and without incurring the storage overheads of backups. To that end, this paper proposes FlashGuard, a ransomware tolerant Solid State Drive (SSD) which has a firmware-level recovery system that allows quick and effective recovery from encryption ransomware without relying on explicit backups. FlashGuard leverages the observation that the existing SSD already performs out-of-place writes in order to mitigate the long erase latency of flash memories. Therefore, when a page is updated or deleted, the older copy of that page is anyway present in the SSD. FlashGuard slightly modifies the garbage collection mechanism of the SSD to retain the copies of the data encrypted by ransomware and ensure effective data recovery. Our experiments with 1,447 manually labeled ransomware samples show that FlashGuard can efficiently restore files encrypted by ransomware. In addition, we demonstrate that FlashGuard has a negligible impact on the performance and lifetime of the SSD.

Research on advertisement has mainly focused on how to accurately predict the click-through rate (CTR). Much less is known about fraud detection and malicious behavior defense. Previous studies usually use statistics, design threshold and manually make strategies, which cannot find potential fraud behavior effectively and suffer from new attacks. In this paper, we make the first step to understand the type of malicious activities on large-scale online advertising platforms. By analyzing each feature comprehensively, we propose a novel coding approach to transform nominal attributes into numeric while maintaining the most effective information of the original data for fraud detection. Next, we code important features such as IP and cookie in our dataset and train machine learning methods to detect fraud traffic automatically. Experimental results on real datasets demonstrate that the proposed fraud detection method performs well considering both the accuracy and efficiency. Finally, we conclude how to design a defense system by considering which methods could be used for the anti-spam gaming in the future.

Security evaluation of diverse SDN frameworks is of significant importance to design resilient systems and deal with attacks. Focused on SDN scenarios, a game-theoretic model is proposed to analyze their security performance in existing SDN architectures. The model can describe specific traits in different structures, represent several types of information of players (attacker and defender) and quantitatively calculate systems' reliability. Simulation results illustrate dynamic SDN structures have distinct security improvement over static ones. Besides, effective dynamic scheduling mechanisms adopted in dynamic systems can enhance their security further.