Biblio

Sky surveys represent a fundamental data source in astronomy. Today, these surveys are moving into a petascale regime produced by modern telescopes. Due to the exponential growth of astronomical data, there is a pressing need to provide efficient astronomical query processing. Our goal is to bridge the gap between existing distributed systems and high-level languages for astronomers. In this paper, we present efficient techniques for query processing of astronomical data using ASTROIDE. Our framework helps astronomers to take advantage of the richness of the astronomical data. The proposed model supports complex astronomical operators expressed using ADQL (Astronomical Data Query Language), an extension of SQL commonly used by astronomers. ASTROIDE proposes spatial indexing and partitioning techniques to better filter the data access. It also implements a query optimizer that injects spatial-aware optimization rules and strategies. Experimental evaluation based on real datasets demonstrates that the present framework is scalable and efficient.

Elliptic Curve Cryptography (ECC) provides high security levels with shorter keys than other public-key cryptosystems such as RSA. Usually modular inversion operation is a choke point in realizing the public-key cryptosystem. Based on the Extended Euclidean Algorithm, this work proposes an efficient FPGA implementation of ECC modular inversion over F256. According to this proposed algorithm, one modular inversion requires 320 clock cycles with a maximum clock frequency of 144.011MHz on a Xilinx Virtex-7 FPGA device which gives a computation time of 2.22μs. On the other words, our scenario can perform 450 thousand times division operations in one second approximately. Compared to other available literature, our scheme presented in this paper provides a high performance FPGA implementation of 256-bit modular inversion over F256. This makes the elliptic curve cryptography have important practical value in hardware implementation.

This paper presents a novel research model of identity and the use of this model to answer some interesting research questions. Information travels in the cyber world, not only bringing us convenience and prosperity but also jeopardy. Protecting this information has been a commonly discussed issue in recent years. One type of this information is Personally Identifiable Information (PII), often used to perform personal authentication. People often give PIIs to organizations, e.g., when applying for a new job or filling out a new application on a website. While the use of such PII might be necessary for authentication, giving PII increases the risk of its exposure to criminals. We introduce two innovative approaches based on our model of identity to help evaluate and find an optimal set of PIIs that satisfy authentication purposes but minimize risk of exposure. Our model paves the way for more informed selection of PIIs by organizations that collect them as well as by users who offer PIIs to these organizations.

Recent cyber attacks on the power grid have been of increasing complexity and sophistication. In order to understand the impact of cyber-attacks on the power system resiliency, it is important to consider an holistic cyber-physical system specially with increasing industrial automation. In this work, device level resilience properties of the various controllers and their impact on the microgrid resiliency is studied. In addition, a cyber-physical resiliency metric considering vulnerabilities, system model, and device level properties is proposed. A use case is presented inspired by the recent Ukraine cyber-attack. A use case has been presented to demonstrate application of the developed cyber-physical resiliency metric to enhance situational awareness of the operator, and enable better control actions to improve resiliency.

The face recognition methods based on convolutional neural network have achieved great success. The existing model usually used the residual network as the core architecture. The residual network is good at reusing features, but it is difficult to explore new features. And the densely connected network can be used to explore new features. We proposed a face recognition model named Dense Face to explore the performance of densely connected network in face recognition. The model is based on densely connected convolutional neural network and composed of Dense Block layers, transition layers and classification layer. The model was trained with the joint supervision of center loss and softmax loss through feature normalization and enabled the convolutional neural network to learn more discriminative features. The Dense Face model was trained using the public available CASIA-WebFace dataset and was tested on the LFW and the CAS-PEAL-Rl datasets. Experimental results showed that the densely connected convolutional neural network has achieved higher face verification accuracy and has better robustness than other model such as VGG Face and ResNet model.

Automatic recognition of facial expression images is a challenge for computer due to variation of expression, background, position and label noise. The paper propose a new method for static facial expression recognition. Main process is to perform experiments by FER-2013 dataset, the primary mission is using our CNN model to classify a set of static images into 7 basic emotions and then achieve effective classification automatically. The two preprocessing of the faces picture have enhanced the effect of the picture for recognition. First, FER datasets are preprocessed with standard histogram eqialization. Then we employ ImageDataGenerator to deviate and rotate the facial image to enhance model robustness. Finally, the result of softmax activation function (also known as multinomial logistic regression) is stacked by SVM. The result of softmax activation function + SVM is better than softmax activation function. The accuracy of facial expression recognition achieve 68.79% on the test set.

The paper reviews the issue of secure routing in unmanned vehicle ad-hoc networks. Application of the Blockchain technology for routing and authentication information storage and distribution is proposed. A blockchain with the floating genesis block is introduced to solve problems associated with blockchain size growth in the systems using transactions with limited lifetime.

We present a formal OpenFlow-based network programming language (OF) including various flow rules, which can not only describe the behaviors of an individual switch, but also support to model a network of switches connected in the point-to-point topology. Besides, a topology-oriented operational semantics of the proposed language is explored to specify how the packet is processed and delivered in the OpenFlow-based networks. Based on the formal framework, we also propose an approach to detect potential security threats caused by the conflict of dynamic flow rules imposed by dynamic OpenFlow applications.

The imbalance relationship between FPGA hardware/software providers and FPGA users challenges the assurance of secure design on FPGAs. Existing efforts on FPGA security primarily focus on reverse engineering the downloaded FPGA configuration, retrieving the authentication code or crypto key stored on the embedded memory in FPGAs, and countermeasures for the security threats above. In this work, we investigate new security threats from malicious FPGA tools, and identify stealthy attacks that could occur during FPGA deployment. To address those attacks, we exploit the principles of moving target defense (MTD) and propose a FPGA-oriented MTD (FOMTD) method. Our method is composed of three defense lines, which are formed by an improved user constraint file, random selection of design replicas, and runtime submodule assembling, respectively. The FPGA emulation results show that the proposed FOMTD method reduces the hardware Trojan hit rate by 60% over the baseline, at the cost of 10.76% more power consumption.

Financial fraud is commonly represented by the use of illegal practices where they can intervene from senior managers until payroll employees, becoming a crime punishable by law. There are many techniques developed to analyze, detect and prevent this behavior, being the most important the fraud triangle theory associated with the classic financial audit model. In order to perform this research, a survey of the related works in the existing literature was carried out, with the purpose of establishing our own framework. In this context, this paper presents FraudFind, a conceptual framework that allows to identify and outline a group of people inside an banking organization who commit fraud, supported by the fraud triangle theory. FraudFind works in the approach of continuous audit that will be in charge of collecting information of agents installed in user's equipment. It is based on semantic techniques applied through the collection of phrases typed by the users under study for later being transferred to a repository for later analysis. This proposal encourages to contribute with the field of cybersecurity, in the reduction of cases of financial fraud.

This paper is concerned with a compositional approach for constructing finite Markov decision processes of interconnected discrete-time stochastic control systems. The proposed approach leverages the interconnection topology and a notion of so-called stochastic storage functions describing joint dissipativity-type properties of subsystems and their abstractions. In the first part of the paper, we derive dissipativity-type compositional conditions for quantifying the error between the interconnection of stochastic control subsystems and that of their abstractions. In the second part of the paper, we propose an approach to construct finite Markov decision processes together with their corresponding stochastic storage functions for classes of discrete-time control systems satisfying some incremental passivablity property. Under this property, one can construct finite Markov decision processes by a suitable discretization of the input and state sets. Moreover, we show that for linear stochastic control systems, the aforementioned property can be readily checked by some matrix inequality. We apply our proposed results to the temperature regulation in a circular building by constructing compositionally a finite Markov decision process of a network containing 200 rooms in which the compositionality condition does not require any constraint on the number or gains of the subsystems. We employ the constructed finite Markov decision process as a substitute to synthesize policies regulating the temperature in each room for a bounded time horizon. We also illustrate the effectiveness of our results on an example of fully connected network.

In fault diagnosis of industrial process, there are usually more than one variable that are faulty. When multiple faults occur, the generalized reconstruction-based contribution can be helpful while traditional RBC may make mistakes. Due to the correlation between the variables, these faults usually propagate to other normal variables, which is called smearing effect. Thus, it is helpful to consider the pervious fault diagnosis results. In this paper, a data-driven fault diagnosis method which is based on generalized RBC and bayesian decision is presented. This method combines multi-dimensional RBC and bayesian decision. The proposed method improves the diagnosis capability of multiple and minor faults with greater noise. A numerical simulation example is given to show the effectiveness and superiority of the proposed method.

Real-time crowdsourced maps, such as Waze provide timely updates on traffic, congestion, accidents, and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based Sybil devices that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. To defend against Sybil devices, we propose a new approach based on co-location edges, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large proximity graphs that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and how they can be used to dramatically reduce the impact of the attacks. We have informed Waze/Google team of our research findings. Currently, we are in active collaboration with Waze team to improve the security and privacy of their system.

The occurrence of security vulnerabilities in kernel, especially for macOS/iOS kernel XNU, has increased rapidly in recent years. Naturally, concerns were raised due to the high risks they would lead to, which in general are much more serious than common application vulnerabilities. However, discovering XNU kernel vulnerabilities is always very challenging, and the main approach in practice is still manual analysis, which obviously is not a scalable method. In this paper, we perform an in-depth empirical study on the 406 published XNU kernel vulnerabilities to identify distinguishing characteristics of them and then leverage the features to guide our vulnerability detection, i.e., locating suspicious functions. To further improve the efficiency of vulnerability detection, we present KInspector, a new and lightweight framework to detect XNU kernel vulnerabilities by leveraging feedback-based fuzzing techniques. We thoroughly evaluate our approach on XNU with various versions, and the results turn out to be quite promising: 21 N/0-day vulnerabilities have been discovered in our experiments.

High-temperature magnetic properties of the anisotropic bulk SmCo7/Fe(Co) nanocomposite magnets prepared by multistep deformation have been investigated and compared with the corresponding isotropic nanocomposites. The anisotropic SmCo7/Fe(Co) nanocomposites with a Fe(Co) fraction of 28% exhibit much higher energy products than the corresponding isotropic nanocomposites at both room and high temperatures. These magnets show a small remanence (α = -0.022%/K) and a coercivity (β = -0.25%/K) temperature coefficient which can be comparable to those of the conventional SmCo5 and Sm2Co17 high-temperature magnets. The magnetic properties of these nanocomposites at high temperatures are sensitive to the weight fractions of the Fe(Co) phase. This paper demonstrates that the anisotropic bulk SmCo7/Fe(Co) nanocomposites have better high-temperature magnetic properties than the corresponding isotropic ones.

As more businesses and consumers move their information storage to the cloud, the need to protect sensitive data is higher than ever. Using encryption, data access can be restricted to only authorized users. However, with standard encryption schemes, modifying an encrypted file in the cloud requires a complete file download, decryption, modification, and upload. This is cumbersome and time-consuming. Recently, the concept of homomorphic computing has been proposed as a solution to this problem. Using homomorphic computation, operations may be performed directly on encrypted files without decryption, hence avoiding exposure of any sensitive user information in the cloud. This also conserves bandwidth and reduces processing time. In this paper, we present a homomorphic computation scheme that utilizes the affine cipher applied to the ASCII representation of data. To the best of the authors» knowledge, this is the first use of affine ciphers in homomorphic computing. Our scheme supports both string operations (encrypted string search and concatenation), as well as arithmetic operations (encrypted integer addition and subtraction). A design goal of our proposed homomorphism is that string data and integer data are treated identically, in order to enhance security.

Reversible logic is a building block for adiabatic and quantum computing in addition to other applications. Since common functions are non-reversible, one needs to embed them into proper-size reversible functions by adding ancillary inputs and garbage outputs. We explore the Intellectual Property (IP) piracy of reversible circuits. The number of embeddings of regular functions in a reversible function and the percent of leaked ancillary inputs measure the difficulty of recovering the embedded function. To illustrate the key concepts, we study reversible logic circuits designed using reversible logic synthesis tools based on Binary Decision Diagrams and Quantum Multi-valued Decision Diagrams.

Decentralized attribute-based encryption (ABE) is an efficient and flexible multi-authority attribute-based encryption system, since it does not requires the central authority and does not need to cooperate among the authorities for creating public parameters. Unfortunately, recent works show that the reality of the privacy preserving and security in almost well-known decentralized key policy ABE (KP-ABE) schemes are doubtful. How to construct a decentralized KP-ABE with the privacy-preserving and user collusion avoidance is still a challenging problem. Most recently, Y. Rahulamathavam et al. proposed a decentralized KP ABE scheme to try avoiding user collusion and preserving the user's privacy. However, we exploit the vulnerability of their scheme in this paper at first and present a collusion attack on their decentralized KP-ABE scheme. The attack shows the user collusion cannot be avoided. Subsequently, a new privacy-preserving decentralized KP-ABE is proposed. The proposed scheme avoids the linear attacks at present and achieves the user collusion avoidance. We also show that the security of the proposed scheme is reduced to decisional bilinear Diffie-Hellman assumption. Finally, numerical experiments demonstrate the efficiency and validity of the proposed scheme.

In this paper, according to the electricity business process including collecting and transmitting power information and sending control instructions, a coupling model of control-communication flow is built which is composed of three main matrices: control-communication, communication-communication, communication-control incidence matrices. Furthermore, the effective path change between two communication nodes is analyzed and a calculation method of connectivity probability for information network is proposed when considering a breakdown in communication links. Then, based on Bayesian conditional probability theory, the effect of the communication interruption on the energy Internet is analyzed and the metric matrix of controllability is given under communication congestion. Several cases are given in the final of paper to verify the effectiveness of the proposed method for calculating controllability matrix by considering different link interruption scenarios. This probability index can be regarded as a quantitative measure of the controllability of the power service based on the communication transmission instructions, which can be used in the power business decision-making in order to improve the control reliability of the energy Internet.

In this work, we investigate the MARC (Multiple Access Relay Channel) setup, in which two Markov sources communicate to a single destination, aided by one relay, based on Joint Source Channel Network (JSCN) LDPC codes. In addition, the two source nodes compress the information sequences with an LDPC source code. The compressed symbols are directly transmitted to both a relay and a destination nodes in two transportation phases. Indeed, the relay performs the concatenation of the received compressed sequences to obtain a recovered sequence, which is encoded with an LDPC channel code, before being forwarded to the destination. At the receiver, we propose an iterative joint decoding algorithm that exploits the correlation between the two sources-relay data and takes into account the errors occurring in the sources-relay links to estimate the source data. We show based on simulation results that the JSCN coding and decoding scheme into a MARC setup achieves a good performance with a gain of about 5 dB compared to a conventional LDPC code.

Edge computing for mobile devices in vehicular ad hoc networks (VANETs) has to address rogue edge attacks, in which a rogue edge node claims to be the serving edge in the vehicle to steal user secrets and help launch other attacks such as man-in-the-middle attacks. Rogue edge detection in VANETs is more challenging than the spoofing detection in indoor wireless networks due to the high mobility of onboard units (OBUs) and the large-scale network infrastructure with roadside units (RSUs). In this paper, we propose a physical (PHY)- layer rogue edge detection scheme for VANETs according to the shared ambient radio signals observed during the same moving trace of the mobile device and the serving edge in the same vehicle. In this scheme, the edge node under test has to send the physical properties of the ambient radio signals, including the received signal strength indicator (RSSI) of the ambient signals with the corresponding source media access control (MAC) address during a given time slot. The mobile device can choose to compare the received ambient signal properties and its own record or apply the RSSI of the received signals to detect rogue edge attacks, and determines test threshold in the detection. We adopt a reinforcement learning technique to enable the mobile device to achieve the optimal detection policy in the dynamic VANET without being aware of the VANET model and the attack model. Simulation results show that the Q-learning based detection scheme can significantly reduce the detection error rate and increase the utility compared with existing schemes.

Moving target defense(MTD) is a typical proactive cyber defense technology, which not only increases the difficulty of the attacker, but also reduces the damage caused by successful attacks. A number of studies have assessed the defensive effectiveness of MTD, but only focus on increasing the difficulty of attacks. No studies have been conducted to assess the impact of successful attacks on the network. In this paper, we propose a probability model that evaluates the impact of MTD against subsequent stages of complete attack process. The model quantify the probability distribution of the number of compromised hosts. The results of simulation show that MTD can reduce the number of compromised hosts, and attackers cannot control all hosts.

Recently, mobile ad-hoc networks (MANET) have been widely used in several scenarios. Due to its generally high demands on clock synchronization accuracy, the conventional synchronization algorithms cannot be applied in many high-speed MANET applications. Hence, in this paper, a clock synchronization algorithm based on motion information such as the speed of nodes is proposed to eliminate the error of round-trip-time correction. Meanwhile, a simplified version of our algorithm is put forward to cope with some resource-constrained scenes. Our algorithm can perform well in most situations and effectively improve the clock synchronization accuracy with reasonable communication overhead, especially in high-speed scenes. Simulation results confirm the superior accuracy performance achieved by our algorithm.

The Named Data Networking (NDN) architecture provides simple solutions to the communication needs of Internet of Things (IoT) in terms of ease-of-use, security, and content delivery. To utilize the desirable properties of NDN architecture in IoT scenarios, we are working to provide an integrated framework, dubbed NDNoT, to support IoT over NDN. NDNoT provides solutions to auto configuration, service discovery, data-centric security, content delivery, and other needs of IoT application developers. Utilizing NDN naming conventions, NDNoT aims to create an open environment where IoT applications and different services can easily cooperate and work together. This poster introduces the basic components of our framework and explains how these components function together.

Network situation value is an important index to measure network security. Establishing an effective network situation prediction model can prevent the occurrence of network security incidents, and plays an important role in network security protection. Through the understanding and analysis of the network security situation, we can see that there are many factors affecting the network security situation, and the relationship between these factors is complex., it is difficult to establish more accurate mathematical expressions to describe the network situation. Therefore, this paper uses the grey neural network as the prediction model, but because the convergence speed of the grey neural network is very fast, the network is easy to fall into local optimum, and the parameters can not be further modified, so the Multi-Swarm Chaotic Particle Optimization (MSCPO)is used to optimize the key parameters of the grey neural network. By establishing the nonlinear mapping relationship between the influencing factors and the network security situation, the network situation can be predicted and protected.