Biblio

This paper proposes a Time Difference of Arrival (TDoA) based method for the localization of Radio Frequency (RF) emitters working at different carriers, by using wideband spectrum sensors exploiting compressive sampling. The proposed measurement method is based on four or more RF receivers, with known Cartesian positions, performing non uniform sampling on the received signal. By means of simulations, the method has been compared against a localization method adopting RF receivers performing uniform sampling at Nyquist rate. The obtained preliminary results demonstrate that the method is capable of localizing two RF emitters achieving the same results obtained with uniform sampling, with a compression ratio up to CR = 20.

The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior of the preinstalled apps on their devices. Yet, the landscape of preinstalled software in Android has largely remained unexplored, particularly in terms of the security and privacy implications of such customizations. In this paper, we present the first large- scale study of pre-installed software on Android devices from more than 200 vendors. Our work relies on a large dataset of real-world Android firmware acquired worldwide using crowd-sourcing methods. This allows us to answer questions related to the stakeholders involved in the supply chain, from device manufacturers and mobile network operators to third- party organizations like advertising and tracking services, and social network platforms. Our study allows us to also uncover relationships between these actors, which seem to revolve primarily around advertising and data-driven services. Overall, the supply chain around Android's open source model lacks transparency and has facilitated potentially harmful behaviors and backdoored access to sensitive data and services without user consent or awareness. We conclude the paper with recommendations to improve transparency, attribution, and accountability in the Android ecosystem.

The autonomy of intelligent systems and their safety rely on their ability for local decision making based on collected environmental information. This is even more for cyber-physical systems running safety critical activities. While this intelligence is partial and fragmented, and cognitive techniques are of limited maturity, the decision function must produce results whose validity and scope must be weighted in light of the underlying assumptions, unavoidable uncertainty and hypothetical safety limitation. Besides the cognitive techniques dependability, it is about the assurance level of the decision self-making. Beyond the pure decision-making capabilities of the autonomous intelligent system, we need techniques that guarantee the system assurance required for the intended use. Security mechanisms for cognitive systems may be consequently tightly intricated. We propose a trustworthiness module which is part of the system and its resulting safety. In this paper, we briefly review the state of the art regarding the dependability of cognitive techniques, the assurance level definition in this context, and related engineering practices. We elaborate regarding the design of autonomous intelligent systems safety, then we discuss its security design and approaches for the mitigation of safety violations by the cognitive functions.

We investigate if the random feature selection approach proposed in [1] to improve the robustness of forensic detectors to targeted attacks, can be extended to detectors based on deep learning features. In particular, we study the transferability of adversarial examples targeting an original CNN image manipulation detector to other detectors (a fully connected neural network and a linear SVM) that rely on a random subset of the features extracted from the flatten layer of the original network. The results we got by considering three image manipulation detection tasks (resizing, median filtering and adaptive histogram equalization), two original network architectures and three classes of attacks, show that feature randomization helps to hinder attack transferability, even if, in some cases, simply changing the architecture of the detector, or even retraining the detector is enough to prevent the transferability of the attacks.

Electronic voting systems have enhanced efficiency in student elections management in universities, supporting such elections to become less expensive, logistically simple, with higher accuracy levels as compared to manually conducted elections. However, e-voting systems that are confined to campus hall voting inhibits access to eligible voters who are away from campus. This study examined the challenges of lack of wide access and impersonation of voter in the student elections of 2018 in Kabarak University. The main objective of this study was therefore to upgrade the offline electronic voting system through developing a secure online voting system and deploying the system for use in the 2019 student elections at Kabarak University. The resultant system and development process employed demonstrate the applicability of a secure online voting not only in the higher education context, but also in other democracies where infusion of online access and authentication in the voting processes is a requisite.

Indoor localization has been a popular research subject in recent years. Usually, object localization using sound involves devices on the objects, acquiring data from stationary sound sources, or by localizing the objects with external sensors when the object generates sounds. Indoor localization systems using microphones have traditionally also used systems with several microphones, setting the limitations on cost efficiency and required space for the systems. In this paper, the goal is to investigate whether it is possible for a stationary system to localize a silent object in a room, with only one microphone and ambient noise as information carrier. A subtraction method has been combined with a fingerprint technique, to define and distinguish the noise absorption characteristic of the silent object in the frequency domain for different object positions. The absorption characteristics of several positions of the object is taken as comparison references, serving as fingerprints of known positions for an object. With the experiment result, the tentative idea has been verified as feasible, and noise signal based lateral localization of silent objects can be achieved.

Network adversaries, such as malicious transit autonomous systems (ASes), have been shown to be capable of partitioning the Bitcoin's peer-to-peer network via routing-level attacks; e.g., a network adversary exploits a BGP vulnerability and performs a prefix hijacking attack (viz. Apostolaki et al. [3]). Due to the nature of BGP operation, such a hijacking is globally observable and thus enables immediate detection of the attack and the identification of the perpetrator. In this paper, we present a stealthier attack, which we call the EREBUS attack, that partitions the Bitcoin network without any routing manipulations, which makes the attack undetectable to control-plane and even to data-plane detectors. The novel aspect of EREBUS is that it makes the adversary AS a natural man-in-the-middle network of all the peer connections of one or more targeted Bitcoin nodes by patiently influencing the targeted nodes' peering decision. We show that affecting the peering decision of a Bitcoin node, which is believed to be infeasible after a series of bug patches against the earlier Eclipse attack [29], is possible for the network adversary that can use abundant network address resources (e.g., spoofing millions of IP addresses in many other ASes) reliably for an extended period of time at a negligible cost. The EREBUS attack is readily available for large ASes, such as Tier-1 and large Tier-2 ASes, against the vast majority of 10K public Bitcoin nodes with only about 520 bit/s of attack traffic rate per targeted Bitcoin node and a modest (e.g., 5-6 weeks) attack execution period. The EREBUS attack can be mounted by nation-state adversaries who would be willing to execute sophisticated attack strategies patiently to compromise cryptocurrencies (e.g., control the consensus, take down a cryptocurrency, censor transactions). As the attack exploits the topological advantage of being a network adversary but not the specific vulnerabilities of Bitcoin core, no quick patches seem to be available. We discuss that some naive solutions (e.g., whitelisting, rate-limiting) are ineffective and third-party proxy solutions may worsen the Bitcoin's centralization problem. We provide some suggested modifications to the Bitcoin core and show that they effectively make the EREBUS attack significantly harder; yet, their non-trivial changes to the Bitcoin's network operation (e.g., peering dynamics, propagation delays) should be examined thoroughly before their wide deployment.

Blackhole (BH) attacks are one of the most serious threats in mobile ad-hoc networks. A BH is a security attack in which a malicious node absorbs data packets and sends fake routing information to neighboring nodes. BH attacks are widely studied. However, existing defense methods wrongfully assume that BH attacks cannot overcome the most common defense approaches. A new wave of BH attacks is known as smart BH attacks. In this study, we used a highly aggressive type of BH attack that can predict sequence numbers to overcome traditional detection methods that set a threshold to sequence numbers. To protect the network from this type of BH attack, we propose a detection-and-prevention method that uses local information shared with neighboring nodes. Our experiments show that the proposed method successfully detects and contains even smart BH threats. Consequently, the attack success rate decreases.

The environment of wireless sensor networks (WSNs) makes the communication not only have the broadcast nature of wireless transmission, but also be limited to the low power and communication capability of sensor equipment. Both of them make it hard to ensure the confidentiality of communication. In this paper, we propose a cluster-based cooperative jamming scheme based on physical layer security for WSNs. The mathematical principle of the scheme is based on the design principle of code division multiple access. By using the orthogonality of orthogonal vectors, the legitimate receiver can effectively eliminate the noise, which is generated by the cooperative jamming nodes to disturb the eavesdropper. This scheme enables the legitimate receiver to ensure a strong communication confidentiality even if there is no location or channel advantage comparing with eavesdroppers. Through extensive simulations, the security performance of the proposed scheme is investigated in terms of secrecy rate.

Natural disasters and cyber intrusions threaten the normal operation of the critical electric grid infrastructure. There is still no widely accepted methodology to quantify the resilience in power systems. In this work, power system resiliency refers to the ability of the system to keep provide energy to the critical load even with adverse events. A significant amount of work has been done to quantify the resilience for distribution systems. Even though critical loads are located in distribution system, transmission system play a critical role in supplying energy to distribution feeder in addition to the Distributed Energy Resources (DERs). This work focuses on developing a framework to quantify the resiliency of cyber-physical transmission systems. Quantifying the resiliency of the transmission network, is important to determine and devise suitable control mechanisms to minimize the effects of undesirable events in the power grid. The proposed metric is based on both system infrastructure and with changing operating conditions. A graphical analysis along with measure of critical parameters of the network is performed to quantify the redundancy and vulnerabilities in the physical network of the system. A similar approach is used to quantify the cyber-resiliency. The results indicate the capability of the proposed framework to quantify cyber-physical resilience of the transmission systems.

Distributed training is a novel approach to accelerating training of Deep Neural Networks (DNN), but common training libraries fall short of addressing the distributed nature of heterogeneous processors or interruption by other workloads on the shared processing nodes. This paper describes distributed training of DNN on computational storage devices (CSD), which are NAND flash-based, high-capacity data storage with internal processing engines. A CSD-based distributed architecture incorporates the advantages of federated learning in terms of performance scalability, resiliency, and data privacy by eliminating the unnecessary data movement between the storage device and the host processor. The paper also describes Stannis, a DNN training framework that improves on the shortcomings of existing distributed training frameworks by dynamically tuning the training hyperparameters in heterogeneous systems to maintain the maximum overall processing speed in term of processed images per second and energy efficiency. Experimental results on image classification training benchmarks show up to 3.1x improvement in performance and 2.45x reduction in energy consumption when using Stannis plus CSD compare to the generic systems.

As a general interface for chip system testing and on-chip debugging, JTAG is facing serious security threats. By analyzing the typical JTAG attack model and security protection measures, this paper designs a secure JTAG debugging model based on Schnorr identity authentication protocol, and takes RISCV as an example to build a set of SoC prototype system to complete functional verification. Experiments show that this secure JTAG debugging model has high security, flexible implementation, and good portability. It can meet the JTAG security protection requirements in various application scenarios. The maximum clock frequency can reach 833MHZ, while the hardware overhead is only 47.93KGate.

Shared register emulations on top of message-passing systems provide an illusion of a simpler shared memory system which can make the task of a system designer easier. Numerous shared register applications have a considerably high read-to-write ratio. Thus, having algorithms that make reads more efficient than writes is a fair trade-off.Typically, such algorithms for reads and writes are asymmetric and sacrifice the stringent consistency condition atomicity, as it is impossible to have fast reads for multi-writer atomicity. Safety is a consistency condition that has has gathered interest from both the systems and theory community as it is weaker than atomicity yet provides strong enough guarantees like "strong consistency" or read-my-write consistency. One requirement that is assumed by many researchers is that of the reliable broadcast (RB) primitive, which ensures the "all or none" property during a broadcast. One drawback is that such a primitive takes 1.5 rounds to complete and requires server-to-server communication.This paper implements an efficient multi-writer multi-reader safe register without using a reliable broadcast primitive. Moreover, we provide fast reads or one-shot reads – our read operations can be completed in one round of client-to-server communication. Of course, this comes with the price of requiring more servers when compared to prior solutions assuming reliable broadcast. However, we show that this increased number of servers is indeed necessary as we prove a tight bound on the number of servers required to implement Byzantine-fault tolerant safe registers in a system without reliable broadcast.We extend our results to data stored using erasure coding as well. We present an emulation of single-writer multi-reader safe register based on MDS codes. The usage of MDS codes reduces storage and communication costs. On the negative side, we also show that to use MDS codes and at the same time achieve one-shot reads, we need even more servers.

This article describes the principles of construction, training and use of neural networks. The features of the neural network approach are indicated, as well as the range of tasks for which it is most preferable. Algorithms of functioning, software implementation and results of work of an artificial neural network are presented.

One of the main goals of studying pattern matching techniques is their significant role in real-world applications, such as the intrusion detection systems branch. The purpose of the network attack detection systems NIDS is to protect the infocommunication network from unauthorized access. This article provides an analysis of the exact match and fuzzy matching methods, and discusses a new implementation of the classic Aho-Korasik pattern matching algorithm at the hardware level. The proposed approach to the implementation of the Aho-Korasik algorithm can make it possible to ensure the efficient use of resources, such as memory and energy.

This article describes a new way to generate and distribute secret encryption keys, in which the processes of generating a public key and formicating a secret encryption key are performed in algebra with a parameter, the secrecy of which provides increased durability of the key.

Underwater Acoustic Sensor Networks (UASNs) are often deployed in hostile environments, and they face many security threats. Moreover, due to the harsh characteristics of the underwater environment, UASNs are vulnerable to malicious attacks. One of the most dangerous security threats is the eavesdropping attack, where an adversary silently collects the information exchanged between the sensor nodes. Although careful assignment of transmission power levels and optimization of data flow paths help alleviate the extent of eavesdropping attacks, the network lifetime can be negatively affected since routing could be established using sub-optimal paths in terms of energy efficiency. In this work, two optimization models are proposed where the first model minimizes the potential eavesdropping risks in the network while the second model maximizes the network lifetime under a certain level of an eavesdropping risk. The results show that network lifetimes obtained when the eavesdropping risks are minimized significantly shorter than the network lifetimes obtained without considering any eavesdropping risks. Furthermore, as the countermeasures against the eavesdropping risks are relaxed, UASN lifetime is shown to be prolonged, significantly.

In this article, authors present the results of testing the modified HTB traffic control algorithm in an experimental setup. The algorithm is implemented as a Linux kernel module. An analysis of the experimental results revealed the effect of uneven packet loss in priority classes. In the second part of the article, the authors propose a solution to this problem by applying a distribution scheme for the excess of tokens, according to which excess class tokens are given to the leaf with the highest priority. The new modification of the algorithm was simulated in the AnyLogic environment. The results of an experimental study demonstrated that dividing the excess tokens of the parent class between daughter classes is less effective in terms of network performance than allocating the excess tokens to a high-priority class during the competition for tokens between classes. In general, a modification of the HTB algorithm that implements the proposed token surplus distribution scheme yields more consistent delay times for the high-priority class.

Anomaly detection is critically important for intelligent surveillance systems to detect in a timely manner any malicious activities. Many video anomaly detection approaches using deep learning methods focus on a single camera video stream with a fixed scenario. These deep learning methods use large-scale training data with large complexity. As a solution, in this paper, we show how to use pre-trained convolutional neural net models to perform feature extraction and context mining, and then use denoising autoencoder with relatively low model complexity to provide efficient and accurate surveillance anomaly detection, which can be useful for the resource-constrained devices such as edge devices of the Internet of Things (IoT). Our anomaly detection model makes decisions based on the high-level features derived from the selected embedded computer vision models such as object classification and object detection. Additionally, we derive contextual properties from the high-level features to further improve the performance of our video anomaly detection method. We use two UCSD datasets to demonstrate that our approach with relatively low model complexity can achieve comparable performance compared to the state-of-the-art approaches.

The burgeoning success of deep learning has raised the security and privacy concerns as more and more tasks are accompanied with sensitive data. Adversarial attacks in deep learning have emerged as one of the dominating security threats to a range of mission-critical deep learning systems and applications. This paper takes a holistic view to characterize the adversarial examples in deep learning by studying their adverse effect and presents an attack-independent countermeasure with three original contributions. First, we provide a general formulation of adversarial examples and elaborate on the basic principle for adversarial attack algorithm design. Then, we evaluate 15 adversarial attacks with a variety of evaluation metrics to study their adverse effects and costs. We further conduct three case studies to analyze the effectiveness of adversarial examples and to demonstrate their divergence across attack instances. We take advantage of the instance-level divergence of adversarial examples and propose strategic input transformation teaming defense. The proposed defense methodology is attack-independent and capable of auto-repairing and auto-verifying the prediction decision made on the adversarial input. We show that the strategic input transformation teaming defense can achieve high defense success rates and are more robust with high attack prevention success rates and low benign false-positive rates, compared to existing representative defense methods.

Email based Uniform Resource Locator (URL) distribution is one of the popular ways for starting phishing attacks. Conventional anti-phishing solutions rely on security facilities and investigate all incoming emails. This makes the security facilities get overloaded and cause consequences of upgrades or new deployments even with no better options. This paper presents a novel detour strategy for the traffic of visiting potential phishing URLs based on dynamic Domain Name System (DNS) Response Policy Zone (RPZ) in order to mitigate the overloads on security facilities. In the strategy, the URLs included in the incoming emails will be extracted and the corresponding Fully Qualified Domain Name (FQDN) will be registered in the RPZ of the local DNS cache server with mapping the IP address of a special Hypertext Transfer Protocol (HTTP) proxy. The contribution of the approach is to avoid heavy investigations on all incoming emails and mitigate the overloads on security facilities by directing the traffic to phishing URLs to the special HTTP proxy connected with a set of security facilities conducting various inspections. The evaluation results on the prototype system showed that the URL extraction and FQDN registration were finished before the emails had been delivered and accesses to the URLs were successfully directed to the special HTTP proxy. The results of overhead measurements also confirmed that the proposed strategy only affected the internal email server with 11% of performance decrease on the prototype system.

The extensive use of the internet and web-based applications spot the multiserver authentication as a significant component. The users can get their services after authenticating with the service provider by using similar registration records. Various protocol schemes are developed for multiserver authentication, but the existing schemes are not secure and often lead towards various vulnerabilities and different security issues. Recently, Zhao et al. put forward a proposal for smart card and user's password-based authentication protocol for the multiserver environment and showed that their proposed protocol is efficient and secure against various security attacks. This paper points out that Zhao et al.'s authentication scheme is susceptive to traceability as well as anonymity attacks. Thus, it is not feasible for the multiserver environment. Furthermore, in their scheme, it is observed that a user while authenticating does not send any information with any mention of specific server identity. Therefore, this paper proposes an enhanced, efficient and secure user authentication scheme for use in any multiserver environment. The formal security analysis and verification of the protocol is performed using state-of-the-art tool “ProVerif” yielding that the proposed scheme provides higher levels of security.

As an important type of cloud data, digital provenance is arousing increasing attention on improving system performance. Currently, provenance has been employed to provide cues regarding access control and to estimate data quality. However, provenance itself might also be sensitive information. Therefore, provenance might be encrypted and stored in the Cloud. In this paper, we provide a mechanism to classify cloud documents by searching specific keywords from their encrypted provenance, and we prove our scheme achieves semantic security. In term of application of the proposed techniques, considering that files are classified to store separately in the cloud, in order to facilitate the regulation and security protection for the files, the classification policies can use provenance as conditions to determine the category of a document. Such as the easiest sample policy goes like: the documents have been reviewed twice can be classified as “public accessible”, which can be accessed by the public.

An exceptional feature of the development of modern operating systems based on the Linux kernel is their leading use in cloud technologies, mobile devices and the Internet of things, which is accompanied by the emergence of more and more security threats at the kernel level. In order to improve the security of existing and future Linux distributions, it is necessary to analyze the existing approaches and tools for automated vulnerability detection and to conduct experimental security testing of some current versions of the kernel. The research is based on fuzzing - a software testing technique, which consists in the automated detection of implementation errors by sending deliberately incorrect data to the input of the fuzzer and analyzing the program's response at its output. Using the Syzkaller software tool, which implements a code coverage approach, vulnerabilities of the Linux kernel level were identified in stable versions used in modern distributions. The direction of this research is relevant and requires further development in order to detect zero-day vulnerabilities in new versions of the kernel, which is an important and necessary link in increasing the security of the Linux operating system family.

A physical protection system (PPS) integrates people, procedures, and equipment for the protection of assets or facilities against theft, sabotage, or other malevolent intruder attacks. In this paper we focus on the architecture modeling of PPS to support the communication among stakeholders, analysis and guiding the systems development activities. A common practice for modeling architecture is by using an architecture framework that defines a coherent set of viewpoints. Existing systems engineering modeling approaches appear to be too general and fail to address the domain-specific aspects of PPSs. On the other hand, no dedicated architecture framework approach has been provided yet to address the specific concerns of PPS. In this paper, we present an architecture framework for PPS (PPSAF) that has been developed in a real industrial context focusing on the development of multiple PPSs. The architecture framework consists of six coherent set of viewpoints including facility viewpoint, threats and vulnerabilities viewpoint, deterrence viewpoint, detection viewpoint, delay viewpoint, and response viewpoint. We illustrate the application of the architecture framework for the design of a PPS architecture of a building.