Biblio

Preserving medical data is of utmost importance to stake holders. There are not many laws in India about preservation, usability of patient records. When data is transmitted across the globe there are chances of data getting tampered intentionally or accidentally. Tampered data loses its authenticity for diagnostic purpose, research and various other reasons. This paper proposes an authenticity based ECDSA algorithm by signature verification to identify the tampering of medical image files and alerts by the rules of authenticity. The algorithm can be used by researchers, doctors or any other educated person in order to maintain the authenticity of the record. Presently it is applied on medical related image files like DICOM. However, it can support any other medical related image files and still preserve the authenticity.

Authenticating a person's identity has always been a challenge. While attempts are being made by government agencies to address this challenge, the citizens are being exposed to a new age problem of Identity management. The sharing of photocopies of identity cards in order to prove our identity is a common sight. From score-card to Aadhar-card, the details of our identity has reached many unauthorized hands during the years. In India the identity thefts accounts for 77% [1] of the fraud cases, and the threats are trending. Programs like e-Residency by Estonia[2], Bitnation using Ethereum[3] are being devised for an efficient Identity Management. Even the US Home Land Security is funding a research with an objective of “Design information security and privacy concepts on the Blockchain to support identity management capabilities that increase security and productivity while decreasing costs and security risks for the Homeland Security Enterprise (HSE).” [4] This paper will discuss the challenges specific to India around Identity Management, and the possible solution that the Distributed ledger, hashing algorithms and smart contracts can offer. The logic of hashing the personal data, and controlling the distribution of identity using public-private keys with Blockchain technology will be discussed in this paper.

The Internet of Things (IoT) has transformed many application domains with realtime, continuous, automated control and information transmission. The smart grid is one such futuristic application domain in execution, with a large-scale IoT network as its backbone. By leveraging the functionalities and characteristics of IoT, the smart grid infrastructure benefits not only consumers, but also service providers and power generation organizations. The confluence of IoT and smart grid comes with its own set of challenges. The underlying cyberspace of IoT, though facilitates communication (information propagation) among devices of smart grid infrastructure, it undermines the privacy at the same time. In this paper we propose a new measure for quantifying the probability of privacy leakage based on the behaviors of the devices involved in the communication process. We construct a privacy stochastic game model based on the information shared by the device, and the access to the compromised device. The existence of Nash Equilibrium strategy of the game is proved theoretically. We experimentally validate the effectiveness of the privacy stochastic game model.

This paper presents a new micro-architectural vulnerability on the power management units of modern computers which creates an electromagnetic-based side-channel. The key observations that enable us to discover this sidechannel are: 1) in an effort to manage and minimize power consumption, modern microprocessors have a number of possible operating modes (power states) in which various sub-systems of the processor are powered down, 2) for some of the transitions between power states, the processor also changes the operating mode of the voltage regulator module (VRM) that supplies power to the affected sub-system, and 3) the electromagnetic (EM) emanations from the VRM are heavily dependent on its operating mode. As a result, these state-dependent EM emanations create a side-channel which can potentially reveal sensitive information about the current state of the processor and, more importantly, the programs currently being executed. To demonstrate the feasibility of exploiting this vulnerability, we create a covert channel by utilizing the changes in the processor's power states. We show how such a covert channel can be leveraged to exfiltrate sensitive information from a secured and completely isolated (air-gapped) laptop system by placing a compact, inexpensive receiver in proximity to that system. To further show the severity of this attack, we also demonstrate how such a covert channel can be established when the target and the receiver are several meters away from each other, including scenarios where the receiver and the target are separated by a wall. Compared to the state-of-the-art, the proposed covert channel has \textbackslashtextgreater3x higher bit-rate. Finally, to demonstrate that this new vulnerability is not limited to being used as a covert channel, we demonstrate how it can be used for attacks such as keystroke logging.

In Robotics Operating System Process correspondence is the instrument given by the working framework that enables procedures to speak with one another Message passing model enables different procedures to peruse and compose information to the message line without being associated with one another, messages going between Robots. ROS is intended to be an inexactly coupled framework where a procedure is known as a hub and each hub ought to be answerable for one assignment. In the military application robots will go to go about as an officer and going ensure nation. In the referenced idea robot solider will give the message passing idea then the officers will go caution and start assaulting on the foes.

Internet is the most widely used technology in the current era of information technology and it is embedded in daily life activities. Due to its extensive use in everyday life, it has many applications such as social media (Face book, WhatsApp, messenger etc.,) and other online applications such as online businesses, e-counseling, advertisement on websites, e-banking, e-hunting websites, e-doctor appointment and e-doctor opinion. The above mentioned applications of internet technology makes things very easy and accessible for human being in limited time, however, this technology is vulnerable to various security threats. A vital and severe threat associated with this technology or a particular application is “Phishing attack” which is used by attacker to usurp the network security. Phishing attacks includes fake E-mails, fake websites, fake applications which are used to steal their credentials or usurp their security. In this paper, a detailed overview of various phishing attacks, specifically their background knowledge, and solutions proposed in literature to address these issues using various techniques such as anti-phishing, honey pots and firewalls etc. Moreover, installation of intrusion detection systems (IDS) and intrusion detection and prevention system (IPS) in the networks to allow the authentic traffic in an operational network. In this work, we have conducted end use awareness campaign to educate and train the employs in order to minimize the occurrence probability of these attacks. The result analysis observed for this survey was quite excellent by means of its effectiveness to address the aforementioned issues.

With the increase of the information level of SCADA system in recent years, the attacks against SCADA system are also increasing. Therefore, more and more scholars are beginning to study the safety of SCADA systems. Game theory is a balanced decision involving the main body of all parties. In recent years, domestic and foreign scholars have applied game theory to SCADA systems to achieve active defense. However, their research often focuses on the entire SCADA system, and the game theory is solved for the entire SCADA system, which is not flexible enough, and the calculation cost is also high. In this paper, a dynamic local game model (DLGM) for power SCADA system is proposed. This model first obtains normal data to form a whitelist, then dynamically detects each attack of the attacker's SCADA system, and through white list to determine the node location of the SCADA system attacked by the attacker, then obtains the smallest system attacked by SCADA system, and finally performs a local dynamic game algorithm to find the best defense path. Experiments show that DLGM model can find the best defense path more effectively than other game strategies.

Criminals do money laundry to hide the illegitimate sources of money to show as if their money is of a legitimate source. Money laundry has many stages that money flow has to go through to finally look as if it is of a legitimate source, rule-based systems are implemented across different banks to detect structuring which is one technique of the layering stage which sophisticated criminals can evade by unsatisfying the check rules. In this work, graph database and graph data mining are to be used to overcome this limitation, the proposed technique does this by plotting the whole transactional monetary flow of entities doing money transfers between each other as one large graph database and then detecting clusters of entities interacting with each other, afterwards detection of the most influential node (intended destination) which we consider the destination to which huge amounts of money is intended to flow to (criminal`s account) using PageRank algorithm and eventually detecting all members (Smurfs) of participated in the paths leading to that destination, a technique that would be hard to implement using traditional RDBMS in contrary to Graph DB, our results have proven correct detection of clusters as well as the final destination of the monetary flow (criminal`s account).

Nowadays, there is a flood of data such as naked body photos and child pornography, which is making people bloodless. In addition, people also distribute drugs through unknown dark channels. In particular, most transactions are being made through the Deep Web, the dark path. “Deep Web refers to an encrypted network that is not detected on search engine like Google etc. Users must use Tor to visit sites on the dark web” [4]. In other words, the Dark Web uses Tor's encryption client. Therefore, users can visit multiple sites on the dark Web, but not know the initiator of the site. In this paper, we propose the key idea based on the current status of such crimes and a crime information visual system for Deep Web has been developed. The status of deep web is analyzed and data is visualized using Java. It is expected that the program will help more efficient management and monitoring of crime in unknown web such as deep web, torrent etc.

Browsers collects information for better user experience by allowing JavaScript's and other extensions. Advertiser and other trackers take advantage on this useful information to tracked users across the web from remote devices on the purpose of individual unique identifications the so-called browser fingerprinting. Our work explores the diversity and stability of browser fingerprint by modifying the rule-based algorithm. Browser fingerprint rely only from the gathered data through browser, it is hard to tell that this piece of information still the same when upgrades and or downgrades are happening to any browsers and software's without user consent, which is stability and diversity are the most important usage of generating browser fingerprint. We implemented device fingerprint to identify consenting visitors in our website and evaluate individual devices attributes by calculating entropy of each selected attributes. In this research, it is noted that we emphasize only on data collected through a web browser by employing twenty (20) attributes to identify promising high value information to track how device information evolve and consistent in a period of time, likewise, we manually selected device information for evaluation where we apply the modified rules. Finally, this research is conducted and focused on the devices having the closest configuration and device information to test how devices differ from each other after several days of using on the basis of individual user configurations, this will prove in our study that every device is unique.

Password Guessing Attacks, for instance, Brute Force and word reference ambushes on online records are directly wide spread. Guarding the ambushes and giving the accommodating login the genuine customers together is a problematic endeavour. The present structures are lacking to give both the security and solace together. Phishing is a digital assault that targets credulous online clients fooling into uncovering delicate data, for example, username, secret key, standardized savings number or charge card number and so forth. Assailants fool the Internet clients by concealing site page as a dependable or real page to recover individual data. Password Guessing Attacks Resistance Protocol (PGARP) limits the full-scale number of logins attempts from darken remote hosts to as low as a single undertaking for each username, genuine customers all around (e.g., when tries are created utilizing known, occasionally used machines) can make a couple failed login tries before being tried with an ATT. A specific most distant point will be made to oblige the number of failed attempts with the ATT in order to keep the attacks. After the failed login attempt with ATT limit accomplished, an admonition will be sent to the customer concerning the failed login tries have accomplished the best measurement. This admonition will caution the customer and the customer will be urged to change the mystery expression and security question.

Named Data Network's (NDN) data-centric approach makes it a suitable solution in a networking scenario where there are connectivity issues as a result of the dynamism of the network. Coupling of this ability with the blockchain's well-documented immutable trustworthy-distributed ledger feature, the union of blockchain and NDN in an Internet-of-Battlefield-Things (IoBT) setting could prove to be the ideal alliance that would guarantee data exchanged in an IoBT environment is trusted and less susceptible to cyber-attacks and packet losses. Various blockchain technologies, however, require that each node has a ledger that stores information or transactions in a chain of blocks. This poses an issue as nodes in an IoBT setting have varying computing and storage resources. Moreover, most of the nodes in the IoT/IoBT network are plagued with limited resources. As such, there needs to be an approach that ensures that the limited resources of these nodes are efficiently utilized. In this paper, we investigate an approach that merges blockchain and NDN to efficiently utilize the resources of these resource-constrained nodes by only storing relevant information on each node's ledger. Furthermore, we propose a sharding technique called an Interest Group and introduce a novel consensus mechanism called Proof of Common Interest. Performance of the proposed approach is evaluated using numerical results.

This paper is the first to investigate the long-term stability of Surface Acoustic Wave Gyroscopes (SAWG) using an ovenized control system. Monolithic integration of a MEMS heater adjacent to SAW devices on Lithium Niobate over insulator substrate (LNOI) tightly couples frequency-based temperature detection with heating for temperature and frequency stabilization. This first prototype demonstrates the ability to minimize the temperature variations of the SAWG to below ±10 μK and stabilize the SAWG resonance frequency to ±0.2 ppm. This approach thus eliminates the thermal drift in a SAWG and enables the development of a new generation of MEMS-based gyroscopes with long-term stability.

Recently, named data networking (NDN) has been introduced to connect the world of computing devices via naming data instead of their containers. Through this strategic change, NDN brings several new features to network communication, including in-network caching, multipath forwarding, built-in multicast, and data security. Despite these unique features of NDN networking, there exist plenty of opportunities for continuing developments, especially with packet forwarding and caching. In this context, we introduce liteNDN, a novel forwarding and caching strategy for NDN networks. liteNDN comprises a cooperative forwarding strategy through which NDN routers share their knowledge, i.e. data names and interfaces, to optimize their packet forwarding decisions. Subsequently, liteNDN leverages that knowledge to estimate the probability of each downstream path to swiftly retrieve the requested data. Additionally, liteNDN exploits heuristics, such as routing costs and data significance, to make proper decisions about caching normal as well as segmented packets. The proposed approach has been extensively evaluated in terms of the data retrieval latency, network utilization, and the cache hit rate. The results showed that liteNDN, compared to conventional NDN forwarding and caching strategies, achieves much less latency while reducing the unnecessary traffic and caching activities.

In Named Data Networking (NDN) architectures, a content object is located according to the content's identifier and can be retrieved from all nodes that hold a replica of the content. The default forwarding strategy of NDN is to forward an Interest packet along the default path from the requester to the server to find a content object according to its name prefix. However, the best path may not be the default path, since content might also be located nearby. Hence, the default strategy could result in a sub-optimal delivery efficiency. To address this issue we introduce a vicinity-based replica finding scheme. This is based on the observation that content objects might be requested several times. Therefore, replicas can be often cached within a particular neighbourhood and thus it might be efficient to specifically look for them in order to improve the content delivery performance. Within this paper, we evaluate the optimal size of the vicinity within which content should be located (i.e. the distance between the requester and its neighbours that are considered within the content search). We also compare the proposed scheme with the default NDN forwarding strategy with respect to replica finding efficiency and network overhead. Using the proposed scheme, we demonstrate that the replica finding mechanism reduces the delivery time effectively with acceptable overhead costs.

Over the past decade, distributed CSMA, which forms the basis for WiFi, has been deployed ubiquitously to provide seamless and high-speed mobile internet access. However, distributed CSMA might not be ideal for future IoT/M2M applications, where the density of connected devices/sensors/controllers is expected to be orders of magnitude higher than that in present wireless networks. In such high-density networks, the overhead associated with completely distributed MAC protocols will become a bottleneck. Moreover, IoT communications are likely to have strict QoS requirements, for which the `best-effort' scheduling by present WiFi networks may be unsuitable. This calls for a clean-slate redesign of the wireless MAC taking into account the requirements for future IoT/M2M networks. In this paper, we propose a reservation-based (for minimal overhead) wireless MAC designed specifically with IoT/M2M applications in mind.

Expressing Keystroke Dynamics (KD) in form of sound opens new avenues to apply sound analysis techniques on KD. However this mapping is not straight-forward as varied feature space, differences in magnitudes of features and human interpretability of the music bring in complexities. We present a musical interface to KD by mapping keystroke features to music features. Music elements like melody, harmony, rhythm, pitch and tempo are varied with respect to the magnitude of their corresponding keystroke features. A pitch embedding technique makes the music discernible among users. Using the data from 30 users, who typed fixed strings multiple times on a desktop, shows that these auditory signals are distinguishable between users by both standard classifiers (SVM, Random Forests and Naive Bayes) and humans alike.

A significant percentage of cyber security incidents can be prevented by changing human behaviors. The humans in the loop include the system administrators, software developers, end users and the personnel responsible for securing the system. Each of these group of people work in a given context and are affected by both soft factors such as management influences and workload and more tangible factors in the real world such as errors in procedures and scanning devices, faulty code or the usability of the systems they work with.

The paper proposes a novel technique of EEG induced Brain-Computer Interface system for user authentication of personal devices. The scheme enables a human user to lock and unlock any personal device using his/her mind generated password. A two stage security verification is employed in the scheme. In the first stage, a 3 × 3 spatial matrix of flickering circles will appear on the screen of which, rows are blinked randomly and user has to mentally select a row which contains his desired circle.P300 is released when the desired row is blinked. Successful selection of row is followed by the selection of a flickering circle in the desired row. Gazing at a particular flickering circle generates SSVEP brain pattern which is decoded to trace the mentally selected circle. User is able to store mentally uttered number in the selected circle, later the number with it's spatial position will serve as the password for the unlocking phase. Here, the user is equipped with a headphone where numbers starting from zero to nine are spelled randomly. Spelled number matching with the mentally uttered number generates auditory P300 in the subject's brain. The particular choice of mentally uttered number is detected by successful detection of auditory P300. A novel weight update algorithm of Recurrent Neural Network (RNN), based on Extended-Kalman Filter and Particle Filter is used here for classifying the brain pattern. The proposed classifier achieves the best classification accuracy of 95.6%, 86.5% and 83.5% for SSVEP, visual P300 and auditory P300 respectively.

Although OpenFlow-based SDN networks make it easier to design and test new protocols, when you think of clean slate architectures, their use is quite limited because the parameterization of its flows resides primarily in TCP/IP protocols. Besides, despite the many benefits that SDN offers, some aspects have not yet been adequately addressed, such as management plane activities, network startup, and options for connecting the data plane to the control plane. Based on these issues and limitations, this work presents a bootstrap protocol for SDN-based networks, which allows, beyond the network topology discovery, automatic configuration of an inband control plane. The protocol is designed to act only on layer two, in an autonomous, distributed and deterministic way, with low overhead and has the intent to be the basement for the implementation of other management plane related activities. A formal specification of the protocol is provided. In addition, an analytical model was created to preview the number of required messages to establish the control plane. According to this model, the proposed protocol presents less overhead than similar de-facto protocols used to topology discovery in SDN networks.

Safety and security of complex critical infrastructures is very important for economic, environmental and social reasons. The interdisciplinary and inter-system dependencies within these infrastructures introduce difficulties in the safety and security design. Late discovery of safety and security design weaknesses can lead to increased costs, additional system complexity, ineffective mitigation measures and delays to the deployment of the systems. Traditionally, safety and security assessments are handled using different methods and tools, although some concepts are very similar, by specialized experts in different disciplines and are performed at different system design life-cycle phases.The methodology proposed in this paper supports a concurrent safety and security Defense in Depth (DiD) assessment at an early design phase and it is designed to handle safety and security at a high level and not focus on specific practical technologies. It is assumed that regardless of the perceived level of security defenses in place, a determined (motivated, capable and/or well-funded) attacker can find a way to penetrate a layer of defense. While traditional security research focuses on removing vulnerabilities and increasing the difficulty to exploit weaknesses, our higher-level approach focuses on how the attacker's reach can be limited and to increase the system's capability for detection, identification, mitigation and tracking. The proposed method can assess basic safety and security DiD design principles like Redundancy, Physical separation, Functional isolation, Facility functions, Diversity, Defense lines/Facility and Computer Security zones, Safety classes/Security Levels, Safety divisions and physical gates/conduits (as defined by the International Atomic Energy Agency (IAEA) and international standards) concurrently and provide early feedback to the system engineer. A prototype tool is developed that can parse the exported project file of the interdisciplinary model. Based on a set of safety and security attributes, the tool is able to assess aspects of the safety and security DiD capabilities of the design. Its results can be used to identify errors, improve the design and cut costs before a formal human expert inspection. The tool is demonstrated on a case study of an early conceptual design of a complex system of a nuclear power plant.

Emotions are a powerful tool in communication and one way that humans show their emotions is through their facial expressions. One of the challenging and powerful tasks in social communications is facial expression recognition, as in non-verbal communication, facial expressions are key. In the field of Artificial Intelligence, Facial Expression Recognition (FER) is an active research area, with several recent studies using Convolutional Neural Networks (CNNs). In this paper, we demonstrate the classification of FER based on static images, using CNNs, without requiring any pre-processing or feature extraction tasks. The paper also illustrates techniques to improve future accuracy in this area by using pre-processing, which includes face detection and illumination correction. Feature extraction is used to extract the most prominent parts of the face, including the jaw, mouth, eyes, nose, and eyebrows. Furthermore, we also discuss the literature review and present our CNN architecture, and the challenges of using max-pooling and dropout, which eventually aided in better performance. We obtained a test accuracy of 61.7% on FER2013 in a seven-classes classification task compared to 75.2% in state-of-the-art classification.

In the current world, day by day the data growth and the investigation about that information increased due to the pervasiveness of computing devices, but people are reluctant to share their information on online portals or surveys fearing safety because sensitive information such as credit card information, medical conditions and other personal information in the wrong hands can mean danger to the society. These days privacy preserving has become a setback for storing data in data repository so for that reason data in the repository should be made undistinguishable, data is encrypted while storing and later decrypted when needed for analysis purpose in data mining. While storing the raw data of the individuals it is important to remove person-identifiable information such as name, employee id. However, the other attributes pertaining to the person should be encrypted so the methodologies used to implement. These methodologies can make data in the repository secure and PPDM task can made easier.

Recent IoT services are being used in various fields such as smart homes, smart factories, smart cars and industrial systems. These various IoT services are implemented through hyper-connected IoT devices, and accordingly, security requirements of these devices are being highlighted. In order to satisfy the security requirements of IoT devices, various studies have been conducted such as HSM, Security SoC, and TrustZone. In particular, ARM proposed Platform Security Architecture (PSA), which is a security architecture that provide execution isolation to safely manage and protect the computing resources of low- end IoT devices. PSA can ensure confidentiality and integrity of IoT devices based on its structural features, but conversely, it has the problem of increasing development difficulty in using the security functions of PSA. To solve this problem, this paper analyzes the security requirements of an IoT platform and proposes secure platform based on PSA. To evaluate the proposed secure platform, a PoC implementation is provided based on hardware prototype consisting of FPGA. Our experiments with the PoC implementation verify that the proposed secure platform offers not only high security but also convenience of application development for IoT devices.

Summary & Conclusions: The work described addresses assurance of a planning and execution software system being added to an in-orbit CubeSat to demonstrate autonomous control of that spacecraft. Our focus was on how to develop assurance of the correct operation of the added software in its operational context, our approach to which was to use an assurance case to guide and organize the information involved. The relatively manageable magnitude of the CubeSat and its autonomy demonstration experiment made it plausible to try out our assurance approach in a relatively short timeframe. Additionally, the time was ripe to inject useful assurance results into the ongoing development and testing of the autonomy demonstration. In conducting this, we sought to answer several questions about our assurance approach. The questions, and the conclusions we reached, are as follows: 1. Question: Would our approach to assurance apply to the introduction of a planning and execution software into an existing system? Conclusion: Yes. The use of an assurance case helped focus our attention on the more challenging aspects, notably the interactions between the added software and the existing software system into which it was being introduced. This guided us to choose a hazard analysis method specifically for software interactions. In addition, we were able to automate generation of assurance case elements from the hazard analysis' tabular representation. 2. Question: Would our methods prove understandable to the software engineers tasked with integrating the software into the CubeSat's existing system? Conclusion: Somewhat. In interim discussions with the software engineers we found the assurance case style, of decomposing an argument into smaller pieces, to be useful and understandable to organize discussion. Ultimately however we did not persuade them to adopt assurance cases as the means to present review information. We attribute this to reluctance to deviate from JPL's tried and true style of holding reviews. For the CubeSat project as a whole, hosting an autonomy demonstration was already a novelty. Combining this with presentation of review information via an assurance case, with which our reviewers would be unaccustomed, would have exacerbated the unfamiliarity. 3. Question: Would conducting our methods prove to be compatible with the (limited) time available of the software engineers? Conclusion: Yes. We used a series of six brief meetings (approximately one hour each) with the development team to first identify the interactions as the area on which to focus, and to then perform the hazard analysis on those interactions. We used the meetings to confirm, or correct as necessary, our understanding of the software system and the spacecraft context. Between meetings we studied the existing software documentation, did preliminary analyses by ourselves, and documented the results in a concise form suitable for discussion with the team. 4. Question: Would our methods yield useful results to the software engineers? Conclusion: Yes. The hazard analysis systematically confirmed existing hazards' mitigations, and drew attention to a mitigation whose implementation needed particular care. In some cases, the analysis identified potential hazards - and what to do about them - should some of the more sophisticated capabilities of the planning and execution software be used. These capabilities, not exercised in the initial experiments on the CubeSat, may be used in future experiments. We remain involved with the developers as they prepare for these future experiments, so our analysis results will be of benefit as these proceed.