Biblio

In recent years, named entity linking (NEL) tools were primarily developed as general approaches, whereas today numerous tools are focusing on specific domains such as e.g. the mapping of persons and organizations only, or the annotation of locations or events in microposts. However, the available benchmark datasets used for the evaluation of NEL tools do not reflect this focalizing trend. We have analyzed the evaluation process applied in the NEL benchmarking framework GERBIL [16] and its benchmark datasets. Based on these insights we extend the GERBIL framework to enable a more fine grained evaluation and in deep analysis of the used benchmark datasets according to different emphases. In this paper, we present the implementation of an adaptive filter for arbitrary entities as well as a system to automatically measure benchmark dataset properties, such as the extent of content-related ambiguity and diversity. The implementation as well as a result visualization are integrated in the publicly available GERBIL framework.

Nowadays, computers are used everywhere to carry out daily routine tasks. The input devices i.e. keyboard or mouse are used to feed input to computers. The surveillance of input devices is much important as monitoring the users logging activity. A keylogger also referred as a keystroke logger, is a software or hardware device which monitors every keystroke typed by a user. Keylogger runs in the background that user cannot identify its presence. It can be used as monitoring software for parents to keep an eye on children activity on computers and for the owner to monitor their employees. A keylogger (which can be either spyware or software) is a kind of surveillance software that has the ability to store every keystroke in a log file. It is very dangerous for those systems which use their system for daily transaction purpose i.e. Online Banking Systems. A keylogger is a tool, made to save all the keystroke generated through the machine which sanctions hackers to steal sensitive information without user's intention. Privileged also relies on the access for both implementation and placement by Kernel keylogger, the entire message transmitted from the keyboard drivers, while the programmer simply relies on kernel level facilities that interrupt. This certainly needs a large power and expertise for real and error-free execution. However, it has been observed that 90% of the current keyloggers are running in userspace so they do not need any permission for execution. Our aim is focused on detecting userspace keylogger. Our intention is to forbid userspace keylogger from stealing confidential data and information. For this purpose, we use a strategy which is clearly based on detection manner techniques for userspace keyloggers, an essential category of malware packages. We intend to achieve this goal by matching I/O of all processes with some simulated activity of the user, and we assert detection in case the two are highly correlated. The rationale behind this is that the more powerful stream of keystrokes, the more I/O operations are required by the keylogger to log the keystrokes into the file.

Industrial Control System (ICS) consists of large number of electronic devices connected to field devices to execute the physical processes. Communication network of ICS supports wide range of packet based applications. A growing issue with network security and its impact on ICS have highlighted some fundamental risks to critical infrastructure. To address network security issues for ICS a clear understanding of security specific defensive countermeasures is required. Reconnaissance of ICS network by deep packet inspection (DPI) consists analysis of the contents of the captured packets in order to get accurate measures of process that uses specific countermeasure to create an aggregated posture. In this paper we focus on novel approach by presenting a technique with captured network traffic. This technique is capable to identify the protocols and extract different features for classification of traffic based on network protocol, header information and payload to understand the whole architecture of complex system. Here we have segregated possible types of attacks on ICS.

Consent is a key measure for privacy protection and needs to be `meaningful' to give people informational power. It is increasingly important that individuals are provided with real choices and are empowered to negotiate for meaningful consent. Meaningful consent is an important area for consideration in IoT systems since privacy is a significant factor impacting on adoption of IoT. Obtaining meaningful consent is becoming increasingly challenging in IoT environments. It is proposed that an ``apparency, pragmatic/semantic transparency model'' adopted for data management could make consent more meaningful, that is, visible, controllable and understandable. The model has illustrated the why and what issues regarding data management for potential meaningful consent [1]. In this paper, we focus on the `how' issue, i.e. how to implement the model in IoT systems. We discuss apparency by focusing on the interactions and data actions in the IoT system; pragmatic transparency by centring on the privacy risks, threats of data actions; and semantic transparency by focusing on the terms and language used by individuals and the experts. We believe that our discussion would elicit more research on the apparency model' in IoT for meaningful consent.

We present TendrilStaller, an eclipse attack targeting at Bitcoin's peer-to-peer network. TendrilStaller enables an adversary to delay block propagation to a victim for 10 minutes. The adversary thus impedes the victim from getting the latest blockchain state. It only takes as few as one Bitcoin full node and two light weight nodes to perform the attack. The light weight nodes perform a subset of the functions of a full Bitcoin node. The attack exploits a recent block propagation protocol introduced in April 2016. The protocol prescribes a Bitcoin node to select 3 neighbors that can send new blocks unsolicited. These neighbors are selected based on their recent performance in providing blocks quickly. The adversary induces the victim to select 3 attack nodes by having attack nodes send valid blocks to the victim more quickly than other neighbors. For this purpose, the adversary deploys a handful of light weight nodes so that the adversary itself receives new blocks faster. The adversary then performs the attack to delay blocks propagated to the victim. We implement the attack on top of current default Bitcoin protocol We deploy the attack nodes in multiple locations around the globe and randomly select victim nodes. Depending on the round-trip time between the adversary and the victim, 50%-85% of the blocks could be delayed to the victim. We further show that the adoption of light weight nodes greatly increases the attack probability by 15% in average. Finally, we propose several countermeasures to mitigate this eclipse attack.

In this article analysis of the effectiveness of the acoustic algorithm of the fingerprint in the conditions of various acoustic disturbances is presented and described. The described algorithm is stable and should identify music even in the presence of acoustic disturbances. This was checked in a series of tests in four different conditions: silence, street noise, noise from the railway station, noise from inside the moving car during rain. In the case of silence, 10 measurements were taken lasting 7 seconds each. For each of the remaining conditions, 21 attempts were made to identify the work. The capture time for each of the 21 trials was 7 seconds. Every 7 attempts were changed noise volume. Subsequently, they were disruptions at a volume lower than the volume of the intercepted song, another 7 with an altitude similar to the intercepted track, and the last with a much higher volume. The effectiveness of the algorithm was calculated for two different times, and general - for the average of two results. Base of "fingerprints" consisted of 20 previously analyzed music pieces belonging to different musical genres.

We present the design and implementation of a trust-on-first-use (TOFU) policy for OpenPGP. When an OpenPGP user verifies a signature, TOFU checks that the signer used the same key as in the past. If not, this is a strong indicator that a key is a forgery and either the message is also a forgery or an active man-in-the-middle attack (MitM) is or was underway. That is, TOFU can proactively detect new attacks if the user had previously verified a message from the signer. And, it can reactively detect an attack if the signer gets a message through. TOFU cannot, however, protect against sustained MitM attacks. Despite this weakness, TOFU's practical security is stronger than the Web of Trust (WoT), OpenPGP's current trust policy, for most users. The problem with the WoT is that it requires too much user support. TOFU is also better than the most popular alternative, an X.509-based PKI, which relies on central servers whose certification processes are often sloppy. In this paper, we outline how TOFU can be integrated into OpenPGP; we address a number of potential attacks against TOFU; and, we show how TOFU can work alongside the WoT. Our implementation demonstrates the practicality of the approach.

Security and usability are two essential aspects of a system, but they usually move in opposite directions. Sometimes, to achieve security, usability has to be compromised, and vice versa. Password-based authentication systems require both security and usability. However, to increase password security, absurd rules are introduced, which often drive users to compromise the usability of their passwords. Users tend to forget complex passwords and use techniques such as writing them down, reusing them, and storing them in vulnerable ways. Enhancing the strength while maintaining the usability of a password has become one of the biggest challenges for users and security experts. In this paper, we define the pronounceability of a password as a means to measure how easy it is to memorize - an aspect we associate with usability. We examine a dataset of more than 7 million passwords to determine whether the usergenerated passwords are secure. Moreover, we convert the usergenerated passwords into phonemes and measure the pronounceability of the phoneme-based representations. We then establish a relationship between the two and suggest how password creation strategies can be adapted to better align with both security and usability.

Offers a unique perspective to gain the skills needed for learning, applying, and developing a wide range of scientific, engineering, and social knowledge that are key to engineering future systems Introduces key concepts from different areas in an efficient manner. The disciplines considered include physical modeling, control, hybrid systems, computational modeling, and game theory Focuses on modeling, and uses simulation rather than analytical methods to provide generality and avoid the need for specialized mathematical skills. Assumes very little mathematical prerequisites, and offers the opportunity to review and sharpen mathematical skills.

To ensure a secure Cloud-based Electronic Health Record (EHR) system, we need to encrypt data and impose field-level access control to prevent malicious usage. Since the attributes of the Users will change with time, the encryption policies adopted may also vary. For large EHR systems, it is often necessary to search through the encrypted data in realtime and perform client-side computations without decrypting all patient records. This paper describes our novel cloud-based EHR system that uses Attribute Based Encryption (ABE) combined with Semantic Web technologies to facilitate differential access to an EHR, thereby ensuring only Users with valid attributes can access a particular field of the EHR. The system also includes searchable encryption using keyword index and search trapdoor, which allows querying EHR fields without decrypting the entire patient record. The attribute revocation feature is efficiently managed in our EHR by delegating the revision of the secret key and ciphertext to the Cloud Service Provider (CSP). Our methodology incorporates advanced security features that eliminate malicious use of EHR data and contributes significantly towards ensuring secure digital health systems on the Cloud.

Signature-based malware detection is not always effective at detecting polymorphic variants of known malware. Malware signatures are devised to counter known threats, which also limits efficacy against new forms of malware. However, existing signatures do present the ability to classify malware based upon known malicious behavior which occurs on a victim computer. In this paper we present a method of classifying malware by family type through behavioral analysis, where the frequency of system function calls is used to fingerprint the actions of specific malware families. This in turn allows us to demonstrate a machine learning classifier which is capable of distinguishing malware by family affiliation with high accuracy.

Malware threat classification involves understanding the behavior of the malicious software and how it affects a victim host system. Classifying threats allows for measured response appropriate to the risk involved. Malware incident response depends on many automated tools for the classification of threat to help identify the appropriate reaction to a threat alert. Cuckoo Sandbox is one such tool which can be used for automated analysis of malware and one method of threat classification provided is a threat score. A security analyst might submit a suspicious file to Cuckoo for analysis to determine whether or not the file contains malware or performs potentially malicious behavior on a system. Cuckoo is capable of producing a report of this behavior and ranks the severity of the observed actions as a score from one to ten, with ten being the most severe. As such, a malware sample classified as an 8 would likely take priority over a sample classified as a 3. Unfortunately, this scoring classification can be misleading due to the underlying methodology of severity classification. In this paper we demonstrate why the current methodology of threat scoring is flawed and therefore we believe it can be improved with greater emphasis on analyzing the behavior of the malware. This allows for a threat classification rating which scales with the risk involved in the malware behavior.

The most common defenses against malware threats involves the use of signatures derived from instances of known malware. However, the constant evolution of the malware threat landscape necessitates defense against unknown malware, making a signature catalog of known threats insufficient to prevent zero-day vulnerabilities from being exploited. Recent research has applied machine learning approaches to identify malware through artifacts of malicious activity as observed through dynamic behavioral analysis. We have seen that these approaches mimic common malware defenses by simply offering a method of detecting known malware. We contribute a new method of identifying software as malicious or benign through analysis of the frequency of Windows API system function calls. We show that this is a powerful technique for malware detection because it generates learning models which understand the difference between malicious and benign software, rather than producing a malware signature classifier. We contribute a method of systematically comparing machine learning models against different datasets to determine their efficacy in accurately distinguishing the difference between malicious and benign software.

Law enforcement agencies regularly take down botnets as the ultimate defense against global malware operations. By arresting malware authors, and simultaneously infiltrating or shutting down a botnet's network infrastructures (such as C2 servers), defenders stop global threats and mitigate pending infections. In this paper, we propose malware tarpits, an orthogonal defense that does not require seizing botnet infrastructures, and at the same time can also be used to slow down malware spreading and infiltrate its monetization techniques. A tarpit is a network service that causes a client to stay busy with a network operation. Our work aims to automatically identify network operations used by malware that will block the malware either forever or for a significant amount of time. We describe how to non-intrusively exploit such tarpit vulnerabilities in malware to slow down or, ideally, even stop malware. Using dynamic malware analysis, we monitor how malware interacts with the POSIX and Winsock socket APIs. From this, we infer network operations that would have blocked when provided certain network inputs. We augment this vulnerability search with an automated generation of tarpits that exploit the identified vulnerabilities. We apply our prototype MALPITY on six popular malware families and discover 12 previously-unknown tarpit vulnerabilities, revealing that all families are susceptible to our defense. We demonstrate how to, e.g., halt Pushdo's DGA-based C2 communication, hinder SalityP2P peers from receiving commands or updates, and stop Bashlite's spreading engine.

We describe the design of SelfReflector an internet-connected mirror that uses online facial recognition to estimate your age and play music from when it thinks you were 14 years old. The mirror was created for a specific shop (SPeX PisTOls optical boutique), within a research through design project centered on the high street as a space of vital social, economic and environmental exchange that offers a myriad of psychosocial support for people beyond a place to purchase goods. We present in detail how the design emerged as our research interests developed related to IoT and how people use the high street to experiment with, and support sense of self. We discuss SelfReflector in relation to challenges for IoT, facial recognition and surveillance technologies, mirrorness and the values of a craft approach to designing technology centering on the nature of the bespoke and 'one-off'.

Devices in the internet of things (IoT) are frequently (i) resource-constrained, and (ii) deployed in unmonitored, physically unsecured environments. Securing these devices requires tractable cryptographic protocols, as well as cost effective tamper resistance solutions. We propose and evaluate cryptographic protocols that leverage physical unclonable functions (PUFs): circuits whose input to output mapping depends on the unique characteristics of the physical hardware on which it is executed. PUF-based protocols have the benefit of minimizing private key exposure, as well as providing cost-effective tamper resistance. We present and experimentally evaluate an elliptic curve based variant of a theoretical PUF-based authentication protocol proposed previously in the literature. Our work improves over an existing proof-of-concept implementation, which relied on the discrete logarithm problem as proposed in the original work. In contrast, our construction uses elliptic curve cryptography, which substantially reduces the computational and storage burden on the device. We describe PUF-based algorithms for device enrollment, authentication, decryption, and digital signature generation. The performance of each construction is experimentally evaluated on a resource-constrained device to demonstrate tractability in the IoT domain. We demonstrate that our implementation achieves practical performance results, while also providing realistic security. Our work demonstrates that PUF-based protocols may be practically and securely deployed on low-cost resource-constrained IoT devices.

Cloud platforms can leverage Trusted Platform Modules to help provide assurance to clients that cloud-based Web services are trustworthy and behave as expected. We discuss a variety of approaches to providing this assurance, and we implement one approach based on the concept of a trustworthy certificate authority. TaoCA, our prototype implementation, links cryptographic attestations from a cloud platform, including a Trusted Platform Module, with existing TLS-based authentication mechanisms. TaoCA is designed to enable certificate authorities, browser vendors, system administrators, and end users to define and enforce a range of trust policies for web services. Evaluation of the prototype implementation demonstrates the feasibility of the design, illustrates performance tradeoffs, and serves as an end-to-end, proof-of-concept evaluation of underlying trustworthy computing abstractions. The proposed approach can be deployed incrementally and provides new benefits while retaining compatibility with the existing public key infrastructure used for TLS. 

For systems composed of many rapidly-deployed microservices that cross networks and span trust domains, strong authentication between microservices is a prerequisite for overall system trustworthiness. We examine standard authentication mechanisms in this context, and we introduce new comprehensive, automated, and fine-grained mutual authentication mechanisms that rely on attestation, with particular attention to provisioning and managing secrets. Prototype implementations and benchmark results indicate that mutual attestation introduces only modest overheads and can be made to meet or exceed the performance of common but weaker authentication mechanisms in many scenarios.

Bluetooth reliant devices are increasingly proliferating into various industry and consumer sectors as part of a burgeoning wearable market that adds convenience and awareness to everyday life. Relying primarily on a constantly changing hop pattern to reduce data sniffing during transmission, wearable devices routinely disconnect and reconnect with their base station (typically a cell phone), causing a connection repair each time. These connection repairs allow an adversary to determine what local wearable devices are communicating to what base stations. In addition, data transmitted to a base station as part of a wearable app may be forwarded onward to an awaiting web API even if the base station is in an insecure environment (e.g. a public Wi-Fi). In this paper, we introduce an approach to increase the security and privacy associated with using wearable devices by imposing transmission changes given situational awareness of the base station. These changes are asserted via policy rules based on the sensor information from the wearable devices collected and aggregated by the base system. The rules are housed in an application on the base station that adapts the base station to a state in which it prevents data from being transmitted by the wearable devices without disconnecting the devices. The policies can be updated manually or through an over the air update as determined by the user.

The following topics are dealt with: formal verification; formal specification; cyber-physical systems; program verification; mobile robots; control engineering computing; temporal logic; security of data; Internet of Things; traffic engineering computing.

Misuse of caller ID spoofing combined with social engineering has the potential as a means to commit other crimes, such as fraud, theft, leaking sensitive information, spreading hoaxes, etc. The appropriate forensic technique must be carried out to support the verification and collection of evidence related to these crimes. In this research, a digital forensic analysis was carried out on the BlueStacks emulator, Redmi 5A smartphone, and SIM card which is a device belonging to the victim and attacker to carry out caller ID spoofing attacks. The forensic analysis uses the NIST SP 800-101 R1 guide and forensic tools FTK imager, Oxygen Forensic Detective, and Paraben’s E3. This research aims to determine the artifacts resulting from caller ID spoofing attacks to assist in mapping and finding digital evidence. The result of this research is a list of digital evidence findings in the form of a history of outgoing calls, incoming calls, caller ID from the source of the call, caller ID from the destination of the call, the time the call started, the time the call ended, the duration of the call, IMSI, ICCID, ADN, and TMSI.

By 2025, it is estimated that installed data storage in the U.S. will be 2.2 Zettabytes, generating about 50 million units of end-of-life hard-disk drives (HDDs) per year. The circular economy (CE) tackles waste issues by maximizing value retention in the economy, for instance, through reuse and recycling. However, the reuse of hard disk drives is hindered by the lack of trust organizations have toward other means of data removal than physically destroying HDDs. Here, an agent-based approach explores how organizations' decisions to adopt other data removal means affect HDDs' circularity. The model applies the theory of planned behavior to model the decisions of HDDs end-users. Results demonstrate that the attitude (which is affected by trust) of end-users toward data-wiping technologies acts as a barrier to reuse. Moreover, social pressure can play a significant role as organizations that adopt CE behaviors can set an example for others.

The inherent nature of unattended sensors makes these devices most vulnerable to detection, exploitation, and denial in contested environments. Physical access is often cited as the easiest way to compromise any device or network. A new mechanism for mitigating these types of attacks developed under the Assistant Secretary of Defense for Research and Engineering, ASD(R&E) project, “Smoke Screen in Cyberspace”, was previously demonstrated in a live, over-the-air experiment. Smoke Screen encrypts, slices up, and disburses redundant fragments of files throughout the network. This paper describes enhancements to the disbursement of the file fragments routing improving the efficiency and time to completion of fragment distribution by defining the exact route, fragments should take to the destination. This is the first step in defining a custom protocol for the discovery of participating nodes and the efficient distribution of fragments in a mobile network. Future work will focus on the movement of fragments to avoid traffic analysis and avoid the collection of the entire fragment set that would enable an adversary to reconstruct the original piece of data.

Modern automotive Cyber-Physical Systems (CPS) are increasingly adopting wireless communications for Intra-Vehicular, Vehicle-to-Vehicle (V2V), and Vehicle-to-Infrastructure (V2I) protocols as a promising solution for challenges such as the wire harnessing problem, collision detection, and collision avoidance, traffic control, and environmental hazards. Regrettably, this new trend results in new security challenges that can put the safety and privacy of the automotive CPS and passengers at great risk. In addition, automotive wireless communication security is constrained by strict energy and performance limitations of electronic controller units and sensors. As a result, the key generation and management for secure automotive CPS wireless communication is an open research challenge. This article aims to help solve these security challenges by presenting a practical key generation technique based on the reciprocity and high spatial and temporal variation properties of the automotive wireless communication channel. Accompanying this technique is also a key length optimization algorithm to improve performance (in terms of time and energy) for safety-related applications constrained by small communication windows. To validate the practicality and effectiveness of our approach, we have conducted simulations alongside real-world experiments with vehicles and RC cars. Last, we demonstrate through simulations that we can generate keys with high security strength (keys with 67% min-entropy) with 20× reduction in code size overhead in comparison to the state-of-the-art security techniques.

In this era of information explosion, conflicts are often encountered when information is provided by multiple sources. Traditional truth discovery task aims to identify the truth the most trustworthy information, from conflicting sources in different scenarios. In this kind of tasks, truth is regarded as a fixed value or a set of fixed values. However, in a number of real-world cases, objective truth existence cannot be ensured and we can only identify single or multiple reliable facts from opinions. Different from traditional truth discovery task, we address this uncertainty and introduce the concept of trustworthy opinion of an entity, treat it as a random variable, and use its distribution to describe consistency or controversy, which is particularly difficult for data which can be numerically measured, i.e. quantitative information. In this study, we focus on the quantitative opinion, propose an uncertainty-aware approach called Kernel Density Estimation from Multiple Sources (KDEm) to estimate its probability distribution, and summarize trustworthy information based on this distribution. Experiments indicate that KDEm not only has outstanding performance on the classical numeric truth discovery task, but also shows good performance on multi-modality detection and anomaly detection in the uncertain-opinion setting.