Biblio

The problem of maintaining the privacy of sensitive healthcare data is crucial yet the significance of research efforts achieved still need robust development in privacy protection techniques for Wireless Multimedia Sensor Networks (WMSNs). This paper aims to investigate different privacy-preserving methods for WMSNs that can be applied in healthcare, to guarantee a privacy-aware transmission of multimedia data between sensors and base stations. The combination of ant colony optimization-based routing and hierarchical structure of the network have been proposed in the AntSensNet WMSN-based routing protocol to offer QoS and power efficient multipath multimedia packet scheduling. In this paper, the AntSensNet routing protocol was extended by utilizing privacy-preserving mechanisms thus achieving anonymity / pseudonymity, unlinkability, and location privacy. The vulnerability of standard AntSensNet routing protocol to privacy threats have raised the need for the following privacy attacks’ countermeasures: (i) injection of fake traffic, which achieved anonymity, privacy of source and base locations, as well as unlinkability; (ii) encrypting and correlating the size of scalar and multimedia data which is transmitted through a WMSN, along with encrypting and correlating the size of ants, to achieve unlinkability and location privacy; (iii) pseudonyms to achieve unlinkability. The impact of these countermeasures is assessed using quantitative performance analysis conducted through simulation to gauge the overhead of the added privacy countermeasures. It can be concluded that the introduced modifications did enhance the privacy but with a penalty of increased delay and multimedia jitter. The health condition of a patient determines the vitals to be monitored which affects the volumes and sources of fake traffic. Consequently, desired privacy level will dictate incurred overhead due to multimedia transmissions and privacy measures.

Wearable devices are emerging as effective modalities for the collection of individuals’ data. While this data can be leveraged for use in several areas ranging from health-care to crime investigation, storing and securely accessing such information while preserving privacy and detecting any tampering attempts are significant challenges. This paper describes a decentralized system that ensures an individual’s privacy, maintains an immutable log of any data access, and provides decentralized access control management. Our proposed framework uses a custom permissioned blockchain protocol to securely log data transactions from wearable devices in the blockchain ledger. We have implemented a proof-of-concept for our framework, and our preliminary evaluation is summarized to demonstrate our proposed framework’s capabilities. We have also discussed various application scenarios of our privacy-preserving model using blockchain and proof-of-authority. Our research aims to detect data tampering attempts in data sharing scenarios using a thorough transaction log model.

The federated learning scheme enhances the privacy preservation through avoiding the private data uploading in cloud-edge computing. However, the attacks against the uploaded model updates still cause private data leakage which demotivates the privacy-sensitive participating edge devices. Facing this issue, we aim to design a privacy-preserving incentive mechanism for the federated cloud-edge learning (PFCEL) system such that 1) the edge devices are motivated to actively contribute to the updated model uploading, 2) a trade-off between the private data leakage and the model accuracy is achieved. We formulate the incentive design problem as a three-layer Stackelberg game, where the server-device interaction is further formulated as a contract design problem. Extensive numerical evaluations demonstrate the effectiveness of our designed mechanism in terms of privacy preservation and system utility.

Cyber-Physical Systems (CPS) underpin global critical infrastructure, including power, water, gas systems and smart grids. CPS, as a technology platform, is unique as a target for Advanced Persistent Threats (APTs), given the potentially high impact of a successful breach. Additionally, CPSs are targets as they produce significant amounts of heterogeneous data from the multitude of devices and networks included in their architecture. It is, therefore, essential to develop efficient privacy-preserving techniques for safeguarding system data from cyber attacks. This paper introduces a comprehensive review of the current privacy-preserving techniques for protecting CPS systems and their data from cyber attacks. Concepts of Privacy preservation and CPSs are discussed, demonstrating CPSs' components and the way these systems could be exploited by either cyber and physical hacking scenarios. Then, classification of privacy preservation according to the way they would be protected, including perturbation, authentication, machine learning (ML), cryptography and blockchain, are explained to illustrate how they would be employed for data privacy preservation. Finally, we show existing challenges, solutions and future research directions of privacy preservation in CPSs.

In this paper, we propose a scheme that supports statistic query and authorized access control on an Encrypted Electronic Medical Records Databases(EMDB). Different from other schemes, it is based on Differential-Privacy(DP), which can protect the privacy of patients. By deploying an improved Multi-Authority Attribute-Based Encryption(MA-ABE) scheme, all authorities can distribute their search capability to clients under different authorities without additional negotiations. To our best knowledge, there are few studies on statistical queries on encrypted data. In this work, we consider that support differentially-private statistical queries. To improve search efficiency, we leverage the Bloom Filter(BF) to judge whether the keywords queried by users exists. Finally, we use experiments to verify and evaluate the feasibility of our proposed scheme.

Modern vehicles become increasingly digitalized with advanced information technology-based solutions like advanced driving assistance systems and vehicle-to-x communications. These systems are complex and interconnected. Rising complexity and increasing outside exposure has created a steadily rising demand for more cyber-secure systems. Thus, also standardization bodies and regulators issued standards and regulations to prescribe more secure development processes. This security, however, also has to be validated and verified. In order to keep pace with the need for more thorough, quicker and comparable testing, today's generally manual testing processes have to be structured and optimized. Based on existing and emerging standards for cybersecurity engineering, this paper therefore outlines a structured testing process for verifying and validating automotive cybersecurity, for which there is no standardized method so far. Despite presenting a commonly structured framework, the process is flexible in order to allow implementers to utilize their own, accustomed toolsets.

Background: Researchers and practitioners have been using code complexity metrics for decades to predict how developers comprehend a program. While it is plausible and tempting to use code metrics for this purpose, their validity is debated, since they rely on simple code properties and rarely consider particularities of human cognition. Aims: We investigate whether and how code complexity metrics reflect difficulty of program comprehension. Method: We have conducted a functional magnetic resonance imaging (fMRI) study with 19 participants observing program comprehension of short code snippets at varying complexity levels. We dissected four classes of code complexity metrics and their relationship to neuronal, behavioral, and subjective correlates of program comprehension, overall analyzing more than 41 metrics. Results: While our data corroborate that complexity metrics can-to a limited degree-explain programmers' cognition in program comprehension, fMRI allowed us to gain insights into why some code properties are difficult to process. In particular, a code's textual size drives programmers' attention, and vocabulary size burdens programmers' working memory. Conclusion: Our results provide neuro-scientific evidence supporting warnings of prior research questioning the validity of code complexity metrics and pin down factors relevant to program comprehension. Future Work: We outline several follow-up experiments investigating fine-grained effects of code complexity and describe possible refinements to code complexity metrics.

Ever since Machine Learning as a Service emerges as a viable business that utilizes deep learning models to generate lucrative revenue, Intellectual Property Right (IPR) has become a major concern because these deep learning models can easily be replicated, shared, and re-distributed by any unauthorized third parties. To the best of our knowledge, one of the prominent deep learning models - Generative Adversarial Networks (GANs) which has been widely used to create photorealistic image are totally unprotected despite the existence of pioneering IPR protection methodology for Convolutional Neural Networks (CNNs). This paper therefore presents a complete protection framework in both black-box and white-box settings to enforce IPR protection on GANs. Empirically, we show that the proposed method does not compromise the original GANs performance (i.e. image generation, image super-resolution, style transfer), and at the same time, it is able to withstand both removal and ambiguity attacks against embedded watermarks. Codes are available at https://github.com/dingsheng-ong/ipr-gan.

In Cloud Computing, a wide range of virtual platforms are integrated and offer users a flexible pay-as-you-need service. Compared to conventional computing systems, the provision of an acceptable degree of resilience to cloud services is a daunting challenge due to the complexities of the cloud environment and the need for efficient technology that could sustain cloud advantages over other technologies. For a cloud guest resilience service solution, we provide architectural design, installation specifics, and performance outcomes throughout this article. Virtual Machine Manager (VMM) enables execution statistical test of the virtual machine states to be monitored and avoids to reach faulty states.

This paper proposes a lightweight digital signing scheme for supporting document signing on mobile devices connected to cloud computing. We employ elliptic curve (ECC) digital signature algorithm (ECDSA) for key pair generation done at mobile device and introduce outsourced proxy (OSP) to decrypt the encrypted file and compute hash value of the files stored in the cloud system. In our model, a mobile client invokes fixed-sized message digests to be signed with a private key stored in the device and produces the digital signature. Then, the signature is returned to the proxy for embedding it onto the original file. To this end, the trust between proxy and mobile devices is guaranteed by PKI technique. Based on the lightweight property of ECC and the modular design of our OSP, our scheme delivers the practical solution that allows mobile users to create their own digital signatures onto documents in a secure and efficient way. We also present the implementation details including system development and experimental evaluation to demonstrate the efficiency of our proposed system.

Recent advancements of spatial audio technologies to enhance human’s emotional and immersive experiences are gathering attention. Many studies are clarifying the neural mechanisms of acoustic spatial perception; however, they are limited to the evaluation of mechanisms using basic sound stimuli. Therefore, it remains challenging to evaluate the experience of actual music contents and to verify the effects of higher-order neurophysiological responses including a sense of immersive and realistic experience. To investigate the effects of spatial audio experience, we verified the psychophysiological responses of immersive spatial audio experience using sound field synthesis (SFS) technology. Specifically, we evaluated alpha power as the central nervous system activity, heart rate/heart rate variability and skin conductance as the autonomic nervous system activity during an acoustic experience of an actual music content by comparing stereo and SFS conditions. As a result, statistically significant differences (p \textbackslashtextless 0.05) were detected in the changes in alpha wave power, high frequency wave power of heart rate variability (HF), and skin conductance level (SCL) among the conditions. The results of the SFS condition showed enhanced the changes in alpha power in the frontal and parietal regions, suggesting enhancement of emotional experience. The results of the SFS condition also suggested that close objects are grouped and perceived on the basis of the spatial proximity of sounds in the presence of multiple sound sources. It is demonstrating that the potential use of SFS technology can enhance emotional and immersive experiences by spatial acoustic expression.

SDN marks a paradigm shift towards an externalized and logically centralized controller, unlike the legacy networks where control and data planes are tightly coupled. The controller has a comprehensive view of the network, offering flexibility to enforce new traffic engineering policies and easing automation. In SDN, a high performance controller is required for efficient traffic management. In this paper, we conduct a performance evaluation of two distributed SDN controllers, namely ONOS and OpenDayLight. Specifically, we use the Mininet emulation environment to emulate different topologies and the D-ITG traffic generator to evaluate aforementioned controllers based on metrics such as delay, jitter and packet loss. The experimental results show that ONOS provides a significantly higher latency, jitter and low packet loss than OpenDayLight in all topologies. We attribute the poor performance of OpenDayLight to its excessive CPU utilization and propose the use of Hyper-threading to improve its performance. This work provides practitioners in the telecoms industry with guidelines towards making informed controller selection decisions

Radio is the most important part of any wireless network. Radio Access Network (RAN) has been virtualized and disaggregated into different functions whose location is best defined by the requirements and economics of the use case. This Virtualized RAN (vRAN) architecture separates network functions from the underlying hardware and so 5G can leverage virtualization of the RAN to implement these functions. The easy expandability and manageability of the vRAN support the expansion of the network capacity and deployment of new features and algorithms for streamlining resource usage. In this paper, we try to address the problem of scheduling 5G vRAN with mid-haul network capacity constraints as a combinatorial optimization problem. We transformed it to a Quadratic Unconstrained Binary Optimization (QUBO) problem by using a newly proposed quantum-based algorithm and compared our implementation with existing classical algorithms. This work has demonstrated the advantage of quantum computers in solving a particular optimization problem in the Telecommunication domain and paves the way for solving critical real-world problems using quantum computers faster and better.

Increasing incidents of cyber attacks and evolution of quantum computing poses challenges to secure existing information and communication technologies infrastructure. In recent years, quantum key distribution (QKD) is being extensively researched, and is widely accepted as a promising technology to realize secure networks. Optical fiber networks carry a huge amount of information, and are widely deployed around the world in the backbone terrestrial, submarine, metro, and access networks. Thus, instead of using separate dark fibers for quantum communication, integration of QKD with the existing classical optical networks has been proposed as a cost-efficient solution, however, this integration introduces new research challenges. In this paper, we do a comprehensive survey of the state-of-the-art QKD secured optical networks, which is going to shape communication networks in the coming decades. We elucidate the methods and protocols used in QKD secured optical networks, and describe the process of key establishment. Various methods proposed in the literature to address the networking challenges in QKD secured optical networks, specifically, routing, wavelength and time-slot allocation (RWTA), resiliency, trusted repeater node (TRN) placement, QKD for multicast service, and quantum key recycling are described and compared in detail. This survey begins with the introduction to QKD and its advantages over conventional encryption methods. Thereafter, an overview of QKD is given including quantum bits, basic QKD system, QKD schemes and protocol families along with the detailed description of QKD process based on the Bennett and Brassard-84 (BB84) protocol as it is the most widely used QKD protocol in the literature. QKD system are also prone to some specific types of attacks, hence, we describe the types of quantum hacking attacks on the QKD system along with the methods used to prevent them. Subsequently, the process of point-to-point mechanism of QKD over an optical fiber link is described in detail using the BB84 protocol. Different architectures of QKD secured optical networks are described next. Finally, major findings from this comprehensive survey are summarized with highlighting open issues and challenges in QKD secured optical networks.

Smart grids can be exposed to relay attacks (or wormhole attacks) resulting from weaknesses in cryptographic operations such as authentication and key derivation associated with process automation protocols. Relay attacks refer to attacks in which authentication is evaded without needing to attack the smart grid itself. By using a universal composability model that provides a strong security notion for designing cryptographic operations, we formulate the necessary relay resilience settings for strengthening authentication and key derivation and enhancing relay security in process automation protocols in this paper. We introduce R-Chain, a universally composable relay resilience framework that prevents bypass of cryptographic operations. Our framework provides an ideal chaining functionality that integrates all cryptographic operations such that all outputs from a preceding operation are used as input to the subsequent operation to support relay resilience. We apply R-Chain to provide relay resilience in a practical smart grid process automation protocol, namely WirelessHART.

Internet of Things (IoT) networks are often attacked to compromise the security and privacy of application data and disrupt the services offered by them. The attacks are being launched at different layers of IoT protocol stack by exploiting their inherent weaknesses. Forensic investigations need substantial artifacts and datasets to support the decisions taken during analysis and while attributing the attack to the adversary. Network provenance plays a crucial role in establishing the relationships between network entities. Hence IoT networks can be made forensic ready so that network provenance may be collected to help in constructing these artifacts. The paper proposes Ready-IoT, a novel forensic readiness model for IoT environment to collect provenance from the network which comprises of both network parameters and traffic. A link layer dataset, Link-IoT Dataset is also generated by querying provenance graphs. Finally, Link-IoT dataset is compared with other IoT datasets to draw a line of difference and applicability to IoT environments. We believe that the proposed features have the potential to detect the attacks performed on the IoT network.

In recent times, attackers are continuously developing advanced techniques for evading security, stealing personal financial data, Intellectual Property (IP) and sensitive information. These attacks often employ multiple attack vectors for gaining initial access to the systems. Analysts are often challenged to identify malware objective, initial attack vectors, attack propagation, evading techniques, protective mechanisms and unseen techniques. Most of these attacks are frequently referred to as Multi stage attacks and pose a grave threat to organizations, individuals and the government. Early multistage attack detection is a crucial measure to counter malware and deactivate it. Most traditional security solutions use signature-based detection, which frequently fails to thwart zero-day attacks. Manual analysis of these samples requires enormous effort for effectively counter exponential growth of malware samples. In this paper, we present a novel approach leveraging Machine Learning and MITRE Adversary Tactic Technique and Common knowledge (ATT&CK) framework for early multistage attack detection in real time. Firstly, we have developed a run-time engine that receives notification while malicious executable is downloaded via browser or a launch of a new process in the system. Upon notification, the engine extracts the features from static executable for learning if the executable is malicious. Secondly, we use the MITRE ATT&CK framework, evolved based on the real-world observations of the cyber attacks, that best describes the multistage attack with respect to the adversary Tactics, Techniques and Procedure (TTP) for detecting the malicious executable as well as predict the stages that the malware executes during the attack. Lastly, we propose a real-time system that combines both these techniques for early multistage attack detection. The proposed model has been tested on 6000 unpacked malware samples and it achieves 98 % accuracy. The other major contribution in this paper is identifying the Windows API calls for each of the adversary techniques based on the MITRE ATT&CK.

Cloud computing has changed the paradigm of using computing resources. It has shifted from traditional storage and computing to Internet based computing leveraging economy of scale, cost saving, elimination of data redundancy, scalability, availability and regulatory compliance. With these, cloud also brings plenty of security issues. As security is not a one-time solution, there have been efforts to investigate and provide countermeasures. In the wake of emerging quantum computers, the aim of post-quantum cryptography is to develop cryptography schemes that are secure against both classical computers and quantum computers. Since cloud is widely used across the globe for outsourcing data, it is essential to strive at providing betterment of security schemes from time to time. This paper reviews recent development, methods of cloud data security in post-quantum perspectives. It provides useful insights pertaining to the security schemes used to safeguard data dynamics associated with cloud computing. The findings of this paper gives directions for further research in pursuit of more secure cloud data storage and retrieval.

Containerization technology becomes one of alternatives in virtualization. Docker requires docker daemon to build, distribute and run the container and this makes the docker vulnerable to an attack surface called Docker daemon Attack Surface - an attack against docker daemon taking over the access (root). Using rootless mode is one way to prevent the attack. Therefore, this research demonstrates the attack prevention by making and running the docker container in the rootless mode. The success of the attack can be proven when the user is able to access the file /etc/shadow that is supposed to be only accessible for the rooted users. Findings of this research demonstrated that the file is inaccessible when the docker is run using the rootless mode. CPU usage is measured when the attack is being simulated using the docker run through root privileges and rootless mode, to identify whether the use of rootless mode in the docker adds the load of CPU usage and to what extent its increased. Results showed that the CPU use was 39% when using the docker with the rootless mode. Meanwhile, using the docker with the right of the root access was only 0%. The increase of 39% is commensurate with the benefit that can prevent the docker daemon attack surface.

Industry 4.0 is now much more than just a buzzword. However, with the advancement of automation through digitization and softwarization of dedicated hardware, applications are also becoming more susceptible to random hardware errors in the calculation. This cyber-physical demonstrator uses a robotic application to show the effects that even single bit flips can have in the real world due to hardware errors. Using the graphical user interface including the human machine interface, the audience can generate hardware errors in the form of bit flips and see their effects live on the robot. In this paper we will be showing a new technology, the SIListra Safety Transformer (SST), that makes it possible to detect those kind of random hardware errors, which can subsequently make safety-critical applications more reliable.

Service workers boost the user experience of modern web applications by taking advantage of the Cache API to improve responsiveness and support offline usage. In this paper, we present the first security analysis of the threats posed by this programming practice, identifying an attack with major security implications. In particular, we show how a traditional XSS attack can abuse the Cache API to escalate into a personin-the-middle attack against cached content, thus compromising its confidentiality and integrity. Remarkably, this attack enables new threats which are beyond the scope of traditional XSS. After defining the attack, we study its prevalence in the wild, finding that the large majority of the sites which register service workers using the Cache API are vulnerable as long as a single webpage in the same origin of the service worker is affected by an XSS. Finally, we propose a browser-side countermeasure against this attack, and we analyze its effectiveness and practicality in terms of security benefits and backward compatibility with existing web applications.

Service workers boost the user experience of modern web applications by taking advantage of the Cache API to improve responsiveness and support offline usage. In this paper, we present the first security analysis of the threats posed by this programming practice, identifying an attack with major security implications. In particular, we show how a traditional XSS attack can abuse the Cache API to escalate into a personin-the-middle attack against cached content, thus compromising its confidentiality and integrity. Remarkably, this attack enables new threats which are beyond the scope of traditional XSS. After defining the attack, we study its prevalence in the wild, finding that the large majority of the sites which register service workers using the Cache API are vulnerable as long as a single webpage in the same origin of the service worker is affected by an XSS. Finally, we propose a browser-side countermeasure against this attack, and we analyze its effectiveness and practicality in terms of security benefits and backward compatibility with existing web applications.

The popularity of P2P (Peer-To-Peer) systems is increased tremendously due to massive increase in the Internet based applications. Initially, P2P systems were mainly designed for wired networks but today people are using more wireless networks and therefore these systems are gaining popularity. There are many wireless networks available today and WMNs (Wireless Mess Networks) are gaining popularity due to hybrid structure. People are using structured P2P systems-based applications within perimeter of a WMN. Structured P2P WMNs will assist the community to fetch the relevant information to accomplish their activities. There are inherent challenges in the structured P2P network and increased in wireless environment like WMNs. Structured P2P systems suffer from many challenges like lack of content availability, malicious content distribution, poor search scalability, free riding behaviour, white washing, lack of a robust trust model etc. Whereas, WMNs have limitations like mobility management, bandwidth constraint, limited battery power of user's devices, security, maintenance etc. in remote/ forward areas. We exploit the better possibility of content availability and search scalability in this paper. We propose replication schemes based on the popularity of content for structured P2P system applications in community based WMNs. The analysis of the performance shows that proposed scheme performs better than the existing replication scheme in different conditions.

Magnetic shielding is an important part in atomic clock’s physical system. The demagnetization of the assembled magnetic shielding system plays an important role in improving atomic clock’s performance. In terms of the drawbacks in traditional attenuated alternating-current demagnetizing method, this paper proposes a novel method — automatically attenuated alternating-current demagnetizing method. Which is implemented by controlling the demagnetization current waveform thorough the signal source’s modulation, so that these parameters such as demagnetizing current frequency, amplitude, transformation mode and demagnetizing period are precisely adjustable. At the same time, this demagnetization proceeds automatically, operates easily, and works steadily. We have the pulsed optically pumped (POP) rubidium atomic clock’s magnetic shielding system for the demagnetization experiment, the magnetic field value reached 1nT/7cm. Experiments show that novel method can effectively realize the demagnetization of the magnetic shielding system, and well meets the atomic clock’s working requirements.

With the development of cloud computing technology, cloud services have been used by more and more traditional applications and products because of their unique advantages such as virtualization, high scalability and universality. In the cloud computing environment, computer networks often encounter security problems such as external attacks, hidden dangers in the network and hidden dangers in information sharing. The network security level protection system is the basic system of national network security work, which is the fundamental guarantee for promoting the healthy development of informatization and safeguarding national security, social order and public interests. This paper studies cloud computing security from the perspective of level protection, combining with the characteristics of cloud computing security. This scheme is not only an extension of information system level protection, but also a study of cloud computing security, aiming at cloud computing security control from the perspective of level protection.