Biblio

We address secure resource allocation for the energy harvesting (EH) based 5G cooperative cognitive radio networks (CRNs). To guarantee that the size-limited secondary users (SUs) can simultaneously send the primary user's and their own information, we assume that SUs are equipped with orthogonally dual-polarized antennas (ODPAs). In particular, we propose, develop, and analyze an efficient resource allocation scheme under a practical non-linear EH model, which can capture the nonlinear characteristics of the end-to-end wireless power transfer (WPT) for radio frequency (RF) based EH circuits. Our obtained numerical results validate that a substantial performance gain can be obtained by employing the non-linear EH model.

In this paper, a dynamic cybersecurity protection method based on software-defined networking (SDN) is proposed, according to the protection requirement analysis for industrial control systems (ICSs). This method can execute security response measures by SDN, such as isolation, redirection etc., based on the real-time intrusion detection results, forming a detecting-responding closed-loop security control. In addition, moving target defense (MTD) concept is introduced to the protection for ICSs, where topology transformation and IP/port hopping are realized by SDN, which can confuse and deceive the attackers and prevent attacks at the beginning, protection ICSs in an active manner. The simulation results verify the feasibility of the proposed method.

With the continuing evolution of sophisticated APT attacks, provenance tracking is becoming an important technique for efficient attack investigation in enterprise networks. Most of existing provenance techniques are operating on system event auditing that discloses dependence relationships by scrutinizing syscall traces. Unfortunately, such auditing-based provenance is not able to track the causality of another important dimension in provenance, the shared libraries. Different from other data-only system entities like files and sockets, dynamic libraries are linked at runtime and may get executed, which poses new challenges in provenance tracking. For example, library provenance cannot be tracked by syscalls and mapping; whether a library function is called and how it is called within an execution context is invisible at syscall level; linking a library does not promise their execution at runtime. Addressing these challenges is critical to tracking sophisticated attacks leveraging libraries. In this paper, to facilitate fine-grained investigation inside the execution of library binaries, we develop Lprov, a novel provenance tracking system which combines library tracing and syscall tracing. Upon a syscall, Lprov identifies the library calls together with the stack which induces it so that the library execution provenance can be accurately revealed. Our evaluation shows that Lprov can precisely identify attack provenance involving libraries, including malicious library attack and library vulnerability exploitation, while syscall-based provenance tools fail to identify. It only incurs 7.0% (in geometric mean) runtime overhead and consumes 3 times less storage space of a state-of-the-art provenance tool.

We address secure resource allocation for an OFDMA cooperative cognitive radio network (CRN) with energy harvesting (EH) capability. In the network, one primary user (PU) cooperates with several untrusted secondary users (SUs) with one SU transmitter and several SU receivers, where the SU transmitter and all SU receivers may overhear the PU transmitter's information while all SU receivers may eavesdrop on each other's signals. We consider the scenario when SUs are wireless devices with small physical sizes; therefore to improve system performance we suppose that SUs are equipped with co-located orthogonally dual-polarized antennas (ODPAs). With ODPAs, on one hand, the SU transmitter can first harvest energy from radio frequency (RF) signals emitted by the PU transmitter, and then utilize the harvested energy to simultaneously serve the PU and all SU receivers. On the other hand, by exploiting polarization-based signal processing techniques, both the PU's and SUs' physical-layer security can be enhanced. In particular, to ensure the PU's communication security, the PU receiver also sends jamming signals to degrade the reception performance of SUs, and meanwhile the jamming signals can also become new sources of energy powering the SU transmitter. For the considered scenario, we investigate the joint allocation of subcarriers, powers, and power splitting ratios to maximize the total secrecy rate of all SUs while ensuring the PU's minimum secrecy rate requirement. Finally, we evaluate the performance of our resource allocation scheme through numerical analyses.

In the big data cloud computing environment, data security issues have become a focus of attention. This paper delivers an overview of conceptions, characteristics and advanced technologies for big data cloud computing. Security issues of data quality and privacy control are elaborated pertaining to data access, data isolation, data integrity, data destruction, data transmission and data sharing. Eventually, a virtualization architecture and related strategies are proposed to against threats and enhance the data security in big data cloud environment.

In theory, remote attestation is a powerful primitive for building distributed systems atop untrusting peers. Unfortunately, the canonical attestation framework defined by the Trusted Computing Group is insufficient to express rich contextual relationships between client-side software components. Thus, attestors and verifiers must rely on ad-hoc mechanisms to handle real-world attestation challenges like attestors that load executables in nondeterministic orders, or verifiers that require attestors to track dynamic information flows between attestor-side components. In this paper, we survey these practical attestation challenges. We then describe a new attestation framework, named Cobweb, which handles these challenges. The key insight is that real-world attestation is a graph problem. An attestation message is a graph in which each vertex is a software component, and has one or more labels, e.g., the hash value of the component, or the raw file data, or a signature over that data. Each edge in an attestation graph is a contextual relationship, like the passage of time, or a parent/child fork() relationship, or a sender/receiver IPC relationship. Cobweb's verifier-side policies are graph predicates which analyze contextual relationships. Experiments with real, complex software stacks demonstrate that Cobweb's abstractions are generic and can support a variety of real-world policies.

Most searchable attribute-based encryption schemes only support the search for single-keyword without attribute revocation, the data user cannot quickly detect the validity of the ciphertext returned by the cloud service provider. Therefore, this paper proposes an authorization of searchable CP-ABE scheme with attribute revocation and applies the scheme to the cloud computing environment. The data user to send the authorization information to the authorization server for authorization, assists the data user to effectively detect the ciphertext information returned by the cloud service provider while supporting the revocation of the user attribute in a fine-grained access control structure without updating the key during revocation stage. In the random oracle model based on the calculation of Diffie-Hellman problem, it is proved that the scheme can satisfy the indistinguishability of ciphertext and search trapdoor. Finally, the performance analysis shows that the scheme has higher computational efficiency.

As one of the most commonly used protocols in VPN technology, IPsec has many advantages. However, certain difficulties are posed to the audit work by the protection of in-formation. In this paper, we propose an audit method via man-in-the-middle mechanism, and design a prototype system with DPDK technology. Experiments are implemented in an IPv4 network environment, using default configuration of IPsec VPN configured with known PSK, on operating systems such as windows 7, windows 10, Android and iOS. Experimental results show that the prototype system can obtain the effect of content auditing well without affecting the normal communication between IPsec VPN users.

This paper introduces the notion of one-way communication schemes with partial noisy feedback. To support this communication, the schemes suppose that Alice and Bob wish to communicate: Alice sends a sequence of alphabets over a channel to Bob, while Alice receives feedback bits from Bob for δ fraction of the transmissions. An adversary is allowed to tamper up to a constant fraction of these transmissions for both forward rounds and feedback rounds separately. This paper intends to determine the Maximum Error Rate (MER), as a function of δ (0 ≤ δ ≤ 1), under the MER rate, so that Alice can successfully communicate the messages to Bob via some protocols with δ fraction of noisy feedback. To provide a reasonable solution for the above problem, we need to explore a new kind of coding scheme for the interactive communication. In this paper, we use the notion of “non-malleable codes” (NMC) which relaxes the notions of error-correction and error-detection to some extent in communication. Informally, a code is non-malleable if the message contained in a modified codeword is either the original message or a completely unrelated value. This property largely enforces the way to detect the transmission errors. Based on the above knowledge, we provide an alphabet-based encoding scheme, including a pair of (Enc, Dec). Suppose the message needing to be transmitted is m; if m is corrupted unintentionally, then the encoding scheme Dec(Enc(m)) outputs a symbol `⊥' to denote that some potential corruptions happened during transmission. In this work, based on the previous results, we show that for any δ ∈ (0; 1), there exists a deterministic communication scheme with noiseless full feedback(δ = 1), such that the maximal tolerable error fraction γ (on Alice's transmissions) can be up to 1/2, theoretically. Moreover, we show that for any δ ∈ (0; 1), there exists a communication scheme with noisy feedback, denoting the forward and backward rounds noised with error fractions of γ0and γ1respectively, such that the maximal tolerable error fraction γ0(on forward rounds) can be up to 1/2, as well as the γ1(on feedback rounds) up to 1.

Real-time crowdsourced maps, such as Waze provide timely updates on traffic, congestion, accidents, and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based Sybil devices that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. To defend against Sybil devices, we propose a new approach based on co-location edges, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large proximity graphs that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and how they can be used to dramatically reduce the impact of the attacks. We have informed Waze/Google team of our research findings. Currently, we are in active collaboration with Waze team to improve the security and privacy of their system.

Online services are increasingly dependent on user participation. Whether it's online social networks or crowdsourcing services, understanding user behavior is important yet challenging. In this paper, we build an unsupervised system to capture dominating user behaviors from clickstream data (traces of users' click events), and visualize the detected behaviors in an intuitive manner. Our system identifies "clusters" of similar users by partitioning a similarity graph (nodes are users; edges are weighted by clickstream similarity). The partitioning process leverages iterative feature pruning to capture the natural hierarchy within user clusters and produce intuitive features for visualizing and understanding captured user behaviors. For evaluation, we present case studies on two large-scale clickstream traces (142 million events) from real social networks. Our system effectively identifies previously unknown behaviors, e.g., dormant users, hostile chatters. Also, our user study shows people can easily interpret identified behaviors using our visualization tool.

We provide the first solution to an important question, "how a physical-layer RFID authentication method can defend against signal replay attacks". It was believed that if the attacker has a device that can replay the exact same reply signal of a legitimate tag, any physical-layer authentication method will fail. This paper presents Hu-Fu, the first physical layer RFID authentication protocol that is resilient to the major attacks including tag counterfeiting, signal replay, signal compensation, and brute-force feature reply. Hu-Fu is built on two fundamental ideas, namely inductive coupling of two tags and signal randomization. Hu-Fu does not require any hardware or protocol modification on COTS passive tags and can be implemented with COTS devices. We implement a prototype of Hu-Fu and demonstrate that it is accurate and robust to device diversity and environmental changes.

On battery-free IoT devices such as passive RFID tags, it is extremely difficult, if not impossible, to run cryptographic algorithms. Hence physical-layer identification methods are proposed to validate the authenticity of passive tags. However no existing physical-layer authentication method of RFID tags that can defend against the signal replay attack. This paper presents Hu-Fu, a new direction and the first solution of physical layer authentication that is resilient to the signal replay attack, based on the fact of inductive coupling of two adjacent tags. We present the theoretical model and system workflow. Experiments based on our implementation using commodity devices show that Hu-Fu is effective for physical-layer authentication.

In the Ubiquitous Electric Internet of Things (UEIoT), the terminals are very easy to be accessed and attacked by attackers due to the lack of effective monitoring and safe isolation methods. Therefore, in the implementation of UEIoT, the security protection of terminals is particularly important. Therefore, this paper proposes a dual-system design scheme for terminal active immunity based on trusted computing. In this scheme, the terminal node in UEIoT is composed of two parts: computing part and trusted protection part. The computing component and the trusted protection component are logically independent of each other, forming a trusted computing active immune dual-system structure with both computing and protection functions. The Trusted Network Connection extends the trusted state of the terminal to the network, thus providing a solution for terminal secure access in the UEIoT.

The industrial Internet of Things (IIoT) can facilitate industrial upgrading, intelligent manufacturing, and lean production. Industrial control system (ICS) is a vital support mechanism for many key infrastructures in the IIoT. However, natural defects in the ICS network security mechanism and the susceptibility of the programmable logic controller (PLC) program to malicious attack pose a threat to the safety of national infrastructure equipment. To improve the security of the underlying equipment in ICS, a model checking method based on timed automata is proposed in this work, which can effectively model the control process and accurately simulate the system state when incorporating time factors. Formal analysis of the ICS and PLC is then conducted to formulate malware detection rules which can constrain the normal behavior of the system. The model checking tool UPPAAL is then used to verify the properties by detecting whether there is an exception in the system and determine the behavior of malware through counter-examples. The chemical reaction control system in Tennessee-Eastman process is taken as an example to carry out modeling, characterization, and verification, and can effectively detect multiple patterns of malware and propose relevant security policy recommendations.

Universal style transfer methods typically leverage rich representations from deep Convolutional Neural Network (CNN) models (e.g., VGG-19) pre-trained on large collections of images. Despite the effectiveness, its application is heavily constrained by the large model size to handle ultra-resolution images given limited memory. In this work, we present a new knowledge distillation method (named Collaborative Distillation) for encoder-decoder based neural style transfer to reduce the convolutional filters. The main idea is underpinned by a finding that the encoder-decoder pairs construct an exclusive collaborative relationship, which is regarded as a new kind of knowledge for style transfer models. Moreover, to overcome the feature size mismatch when applying collaborative distillation, a linear embedding loss is introduced to drive the student network to learn a linear embedding of the teacher's features. Extensive experiments show the effectiveness of our method when applied to different universal style transfer approaches (WCT and AdaIN), even if the model size is reduced by 15.5 times. Especially, on WCT with the compressed models, we achieve ultra-resolution (over 40 megapixels) universal style transfer on a 12GB GPU for the first time. Further experiments on optimization-based stylization scheme show the generality of our algorithm on different stylization paradigms. Our code and trained models are available at https://github.com/mingsun-tse/collaborative-distillation.

Microarchitectural Side-Channel Attacks (SCAs) have emerged recently to compromise the security of computer systems by exploiting the existing processors' hardware vulnerabilities. In order to detect such attacks, prior studies have proposed the deployment of low-level features captured from built-in Hardware Performance Counter (HPC) registers in modern microprocessors to implement accurate Machine Learning (ML)-based SCAs detectors. Though effective, such attack detection techniques have mainly focused on binary classification models offering limited insights on identifying the type of attacks. In addition, while existing SCAs detectors required prior knowledge of attacks applications to detect the pattern of side-channel attacks using a variety of microarchitectural features, detecting unknown (zero-day) SCAs at run-time using the available HPCs remains a major challenge. In response, in this work we first identify the most important HPC features for SCA detection using an effective feature reduction method. Next, we propose Phased-Guard, a two-level machine learning-based framework to accurately detect and classify both known and unknown attacks at run-time using the most prominent low-level features. In the first level (SCA Detection), Phased-Guard using a binary classification model detects the existence of SCAs on the target system by determining the critical scenarios including system under attack and system under no attack. In the second level (SCA Identification) to further enhance the security against side-channel attacks, Phased-Guard deploys a multiclass classification model to identify the type of SCA applications. The experimental results indicate that Phased-Guard by monitoring only the victim applications' microarchitectural HPCs data, achieves up to 98 % attack detection accuracy and 99.5% SCA identification accuracy significantly outperforming the state-of-the-art solutions by up to 82 % in zero-day attack detection at the cost of only 4% performance overhead for monitoring.

When using digital signatures, we need to deal with the problem of fairness of information exchange. To solve this problem, Chen, etc. introduced a new conception which is named concurrent signatures in Eurocrypt'04. Using concurrent signatures scheme, two entities in the scheme can generate two ambiguous signatures until one of the entities releases additional information which is called keystone. After the keystone is released, the two ambiguous signatures will be bound to their real signers at the same time. In order to provide a method to solve the fairness problem of quantum digital signatures, we propose a new quantum concurrent signature scheme. The scheme we proposed does not use a trusted third party in a quantum computing environment, and has such advantages as no need to conduct complex quantum operations and easy to implement by a quantum circuit. Quantum concurrent signature improves the theory of quantum cryptography, and it also provides broad prospects for the specific applications of quantum cryptography.

Remote data integrity checking is of crucial importance in cloud storage. It can make the clients verify whether their outsourced data is kept intact without downloading the whole data. In some application scenarios, the clients have to store their data on multicloud servers. At the same time, the integrity checking protocol must be efficient in order to save the verifier's cost. From the two points, we propose a novel remote data integrity checking model: ID-DPDP (identity-based distributed provable data possession) in multicloud storage. The formal system model and security model are given. Based on the bilinear pairings, a concrete ID-DPDP protocol is designed. The proposed ID-DPDP protocol is provably secure under the hardness assumption of the standard CDH (computational Diffie-Hellman) problem. In addition to the structural advantage of elimination of certificate management, our ID-DPDP protocol is also efficient and flexible. Based on the client's authorization, the proposed ID-DPDP protocol can realize private verification, delegated verification, and public verification.

Operating data analysis means to analyze the operating system logs, user operation logs, various types of alarms and security relevant configurations, etc. The purpose is to find whether there is an attack event, suspicious behaviors or improper configurations. It is an important part of risk assessment for enterprise intranet. However, due to the lack of information security knowledge or relevant experience, many people do not know how to properly implement it. In this article, we provided guidance on conducting operating data analysis and how to determine the security risk with the analysis results.

Wireless sensor network (WSN) is a wireless self-organizing multi-hop network that can sense and collect the information of the monitored environment through a certain number of sensor nodes which deployed in a certain area and transmit the collected information to the client. Due to the limited power and data capacity stored by the micro sensor, it is weak in communication with other nodes, data storage and calculation, and is very vulnerable to attack and harm to the entire network. The Sybil attack is a classic example. Sybil attack refers to the attack in which malicious nodes forge multiple node identities to participate in network operation. Malicious attackers can forge multiple node identities to participate in data forwarding. So that the data obtained by the end user without any use value. In this paper, we propose a three-tier detection scheme for the Sybil node in the severe environment. Every sensor node will determine whether they are Sybil nodes through the first-level and second-level high-energy node detection. Finally, the base station determines whether the Sybil node detected by the first two stages is true Sybil node. The simulation results show that our proposed scheme significantly improves network lifetime, and effectively improves the accuracy of Sybil node detection.

Object identification in the room environment is a key technique in many advanced engineering applications such as the unidentified object recognition in security surveillance, human identification and barrier recognition for AI robots. The identification technique based on the sound field perturbation analysis is capable of giving immersive identification which avoids the occlusion problem in the traditional vision-based method. In this paper, a new insight into the relation between the object and the variation of the sound field is presented. The sound field difference before and after the object locates in the environment is analyzed using the spectral subtraction based on the room impulse response. The spectral subtraction shows that the energy loss caused by the sound absorption is the essential factor which perturbs the sound field. By using the energy loss with high uniqueness as the extracted feature, an object identification technique is constructed under the classical supervised pattern recognition framework. The experiment in a real room validates that the system has high identification accuracy. In addition, based on the feature property of position insensitivity, this technique can achieve high identifying accuracy with a quite small training data set, which demonstrates that the technique has potential to be used in real engineering applications.

Mechanical faults of Gas Insulated Switchgear (GIS) often occurred, which may cause serious losses. Detecting vibration signal was effective for condition monitoring and fault diagnosis of GIS. The vibration characteristic of GIS in service was detected and researched based on a developed testing system in this paper, and feature fingerprint extraction method was proposed to evaluate vibration characteristics and diagnose mechanical defects. Through analyzing the spectrum of the vibration signal, we could see that vibration frequency of operating GIS was about 100Hz under normal condition. By means of the wavelet transformation, the vibration fingerprint was extracted for the diagnosis of mechanical vibration. The mechanical vibration characteristic of GIS including circuit breaker and arrester in service was detected, we could see that the frequency distribution of abnormal vibration signal was wider, it contained a lot of high harmonic components besides the 100Hz component, and the vibration acoustic fingerprint was totally different from the normal ones, that is, by comparing the frequency spectra and vibration fingerprint, the mechanical faults of GIS could be found effectively.

This paper gives a concept of wireless sensor network and describe the encoding algorithm and decoding algorithm along with the implementation of LDPC code and Rateless code. Compare the performances of those two code in WSN environment by making simulation in a Rayleigh channel in matlab and derive results and conclusions from the simulation.

The botnet is a serious network security threat that can cause servers crash, so how to detect the behavior of Botnet has already become an important part of the research of network security. DNS(Domain Name System) request is the first step for most of the mainframe computers controlled by Botnet to communicate with the C&C(command; control) server. The detection of DNS request domain names is an important way for mainframe computers controlled by Botnet. However, the detection method based on fixed rules is hard to take effect for botnet based on DGA(Domain Generation Algorithm) because malicious domain names keep evolving and derive many different generation methods. Contrasted with the traditional methods, the method based on machine learning is a better way to detect it by learning and modeling the DGA. This paper presents a method based on the Naive Bayes model, the XGBoost model, the SVM(Support Vector Machine) model, and the MLP(Multi-Layer Perceptron) model, and tests it with real data sets collected from DGA, Alexa, and Secrepo. The experimental results show the precision score, the recall score, and the F1 score for each model.