Biblio

The globalization of IC manufacturing has increased the likelihood for IP providers to suffer financial and reputational loss from IP piracy. Logic locking prevents IP piracy by corrupting the functionality of an IP unless a correct secret key is inserted. However, existing logic-locking techniques can impose significant area overhead and performance impact (delay and power) on designs. In this work, we propose BISTLock, a logic-locking technique that utilizes built-in self-test (BIST) to isolate functional inputs when the circuit is locked. We also propose a set of security metrics and use the proposed metrics to quantify BISTLock's security strength for an open-source AES core. Our experimental results demonstrate that BISTLock is easy to implement and introduces an average of 0.74% area and no power or delay overhead across the set of benchmarks used for evaluation.

Directional Overcurrent Relays (DOCRs) play an essential role in the power system protection to guarantee the reliability, speed of relay operation and avoiding mal-trip in the primary and backup relays when unintentional fault conditions occur in the system. Moreover, the dual setting protection scheme is more efficient protection schemes for offering fast response protection and providing flexibility in the coordination of relay. In this paper, the Adaptive Modified Firefly Algorithm (AMFA) is used to determine the optimal coordination of dual setting DOCRs in the ring distribution system. The AMFA is completed by choosing the minimum value of pickup current (\textbackslashtextbackslashpmbI\textbackslashtextbackslashpmbP) and time dial setting (TDS). On the other hand, dual setting DOCRs protection scheme also proposed for operating in both forward and reverse directions that consisted of individual time current characteristics (TCC) curve for each direction. The previous method is applied to the ring distribution system network of PT. Pupuk Sriwidjaja by considering the fault on each bus. The result illustration that the AMFA within dual setting protection scheme is significantly reaching the optimized coordination and the relay coordination is certain for all simulation scenarios with the minimum operation. The AMFA has been successfully implemented in MATLAB software programming.

The desired features for the smart grid include dynamic billing capabilities along with consumer privacy protection. Existing aggregation-based privacy frameworks have limitations such as centralized designs prone to single points of failure and/or a high computational overload on the smart meters due to in-network aggregation or complex algorithmic operations. Additionally, these existing schemes do not consider how dynamic billing can be implemented while consumer privacy is preserved. In this paper, a cyber-resilient framework that enables dynamic billing while focusing on consumer privacy preservation is proposed. The distributed design provides a framework for spatio-temporal aggregation and keeps the process lightweight for the smart meters. The comparative analysis of our proposed work with existing work shows a significant improvement in terms of the spatial aggregation overhead, overhead on smart meters and scalability. The paper also discusses the resilience of our framework against privacy attacks.

In this century, the demand for energy is increasing daily, and the need for energy resources has become urgent and inevitable. New ways of generating energy, such as renewable resources that depend on many sources, including the sun and wind energy will contribute to the future of humankind largely and effectively. These renewable sources are facing major challenges that cannot be ignored which also require more researches on appropriate solutions . This has led to the emergence of a new type of network user called prosumer, which causes new challenges such as the intermittent nature of renewable. Smart grids have emerged as a solution to integrate these distributed energy sources. It also provides a mechanism to maintain safety and security for power supply networks. The main idea of smart grids is to facilitate local production and consumption By customers and consumers.Distributed ledger technology (DLT) or Block-chain technology has evolved dramatically since 2008 that coincided with the birth of its first application Bitcoin, which is the first cryptocurrency. This innovation led to sparked in the digital revolution, which provides decentralization, security, and democratization of information storage and transfer systems across numerous sectors/industries. Block-chain can be applied for the sake of the durability and safety of energy systems. In this paper, we will propose a new distributed framework that provides protection based on block-chain technology for energy systems to enhance self-defense capability against those cyber-attacks.

Current Internet Protocol routing provides minimal privacy, which enables multiple exploits. The main issue is that the source and destination addresses of all packets appear in plain text. This enables numerous attacks, including surveillance, man-in-the-middle (MITM), and denial of service (DoS). The talk explains how these attacks work in the current network. Endpoints often believe that use of Network Address Translation (NAT), and Dynamic Host Configuration Protocol (DHCP) can minimize the loss of privacy.We will explain how the regularity of human behavior can be used to overcome these countermeasures. Once packets leave the local autonomous system (AS), they are routed through the network by the Border Gateway Protocol (BGP). The talk will discuss the unreliability of BGP and current attacks on the routing protocol. This will include an introduction to BGP injects and the PEERING testbed for BGP experimentation. One experiment we have performed uses statistical methods (CUSUM and F-test) to detect BGP injection events. We describe work we performed that applies BGP injects to Internet Protocol (IP) address randomization to replace fixed IP addresses in headers with randomized addresses. We explain the similarities and differences of this approach with virtual private networks (VPNs). Analysis of this work shows that BGP reliance on autonomous system (AS) numbers removes privacy from the concept, even though it would disable the current generation of MITM and DoS attacks. We end by presenting a compromise approach that creates software-defined data exchanges (SDX), which mix traffic randomization with VPN concepts. We contrast this approach with the Tor overlay network and provide some performance data.

One of the critical threats menacing the Cooperative Spectrum Sensing (CSS) in Cognitive Radio Networks (CRNs) is the Spectrum Sensing Data Falsification (SSDF) reports, which can deceive the decision of Fusion Center (FC) about the Primary User (PU) spectrum accessibility. In CSS, each CR user performs Energy Detection (ED) technique to detect the status of licensed frequency bands of the PU. This paper investigates the performance of different hard-decision fusion schemes (OR-rule, AND-rule, and MAJORITY-rule) in the presence of Always Yes and Always No Malicious User (AYMU and ANMU) over Rayleigh and Gaussian channels. More precisely, comparative study is conducted to evaluate the impact of such malicious users in CSS on the performance of various hard data combining rules in terms of miss detection and false alarm probabilities. Furthermore, computer simulations are carried out to show that the hard-decision fusion scheme with MAJORITY-rule is the best among hard-decision combination under AYMU attacks, OR-rule has the best detection performance under ANMU.

Human-in-the-Loop has been receiving special attention from the data science and machine learning community. It is essential to realize the advantages of human feedback and the pressing need for manual annotation to improve machine learning performance. Recent advancements in natural language processing (NLP) and machine learning have created unique challenges and opportunities for digital humanities research. In particular, there are ample opportunities for NLP and machine learning researchers to analyze data from literary texts and use these complex source texts to broaden our understanding of human sentiment using the human-in-the-loop approach. This paper presents our understanding of how human annotators differ from machine annotators in sentiment analysis tasks and how these differences can contribute to designing systems for the "human in the loop" sentiment analysis in complex, unstructured texts. We further explore the challenges and benefits of the human-machine collaboration for sentiment analysis using a case study in Greek tragedy and address some open questions about collaborative annotation for sentiments in literary texts. We focus primarily on (i) an analysis of the challenges in sentiment analysis tasks for humans and machines, and (ii) whether consistent annotation results are generated from multiple human annotators and multiple machine annotators. For human annotators, we have used a survey-based approach with about 60 college students. We have selected six popular sentiment analysis tools for machine annotators, including VADER, CoreNLP's sentiment annotator, TextBlob, LIME, Glove+LSTM, and RoBERTa. We have conducted a qualitative and quantitative evaluation with the human-in-the-loop approach and confirmed our observations on sentiment tasks using the Greek tragedy case study.

As the scale of integrated circuits continues to expand, electronic design automation (EDA) and intellectual property (IP) reuse play an increasingly important role in the integrated circuit design process. Although many Web-EDA platforms have begun to provide online EDA software to reduce the threshold for the use of EDA tools, IP protection on the Web- EDA platform is an issue. This article uses blockchain technology to design an IP trading system for the Web-EDA platform to achieve mutual trust and transactions between IP owners and users. The structure of the IP trading system is described in detail, and a blockchain wallet for the Web-EDA platform is developed.

Recent advances in resistive synaptic devices have enabled the emergence of brain-inspired smart chips. These chips can execute complex cognitive tasks in digital signal processing precisely and efficiently using an efficient neuromorphic system. The neuromorphic synapses used in such chips, however, are different from the traditional integrated circuit architectures, thereby weakening their resistance to malicious transformation and intellectual property (IP) counterfeiting. Accordingly, in this paper, we propose an effective hybrid encryption methodology for IP core protection in neuromorphic computing systems, in-corporating elliptic curve cryptography and SM4 simultaneously. Experimental results confirm that the proposed method can implement real-time encryption of any number of crossbar arrays in neuromorphic systems accurately, while reducing the time overhead by 14.40%-26.08%.

The recommender system is an important application in big data analytics because accurate recommendation items or high-valued suggestions can bring high profit to both commercial companies and customers. To make precise recommendations, a recommender system often needs large and fine-grained data for training. In the current big data era, data often exist in the form of isolated islands, and it is difficult to integrate the data scattered due to privacy security concerns. Moreover, privacy laws and regulations make it harder to share data. Therefore, designing a privacy-preserving recommender system is of paramount importance. Existing privacy-preserving recommender system models mainly adapt cryptography approaches to achieve privacy preservation. However, cryptography approaches have heavy overhead when performing encryption and decryption operations and they lack a good level of flexibility. In this paper, we propose a Locality Sensitive Hashing (LSH) based approach for federated recommender system. Our proposed efficient and scalable federated recommender system can make full use of multiple source data from different data owners while guaranteeing preservation of privacy of contributing parties. Extensive experiments on real-world benchmark datasets show that our approach can achieve both high time efficiency and accuracy under small privacy budgets.

Recommender system helps people in decision making by asking their preferences about various items and recommends other items that have not been rated yet and are similar to their taste. A traditional recommendation system aims at generating a set of recommendations based on inter-user similarity that will satisfy the target user. Positive preferences as well as negative preferences of the users are taken into account so as to find strongly related users. Weighted entropy is usedz as a similarity measure to determine the similar taste users. The target user is asked to fill in the ratings so as to identify the closely related users from the knowledge base and top N recommendations are produced accordingly. Results show a considerable amount of improvement in accuracy after using weighted entropy and opposite preferences as a similarity measure.

The industrial Internet has built a new industrial manufacturing and service system with all elements, all industrial chains and all value chains connected through the interconnection of people, machines and things. It breaks the relatively closed and credible production environment of traditional industry. But at the same time, the full interconnection of cross-device, cross-system, and cross-region in the industrial Internet also brings a certain network trust crisis. The method proposed in this paper breaking the relatively closed manufacturing environment of traditional industries, extends the network connection object from human to machine equipment, industrial products and industrial services. It provides a safe and credible environment for the development of industrial Internet, and a trust guarantee for the across enterprises entities and data sharing.

As an essential part to intelligently fine-grained scheduling, planning and maintenance in smart grid and energy internet, short-term load forecasting makes great progress recently owing to the big data collected from smart meters and the leap forward in machine learning technologies. However, the centralized computing topology of classical electric information system, where individual electricity consumption data are frequently transmitted to the cloud center for load forecasting, tends to violate electric consumers' privacy as well as to increase the pressure on network bandwidth. To tackle the tricky issues, we propose a privacy-preserving framework based on the edge-fog-cloud continuum for smart grid. Specifically, 1) we gravitate the training of load forecasting models and forecasting workloads to distributed smart meters so that consumers' raw data are handled locally, and only the forecasting outputs that have been protected are reported to the cloud center via fog nodes; 2) we protect the local forecasting models that imply electricity features from model extraction attacks by model randomization; 3) we exploit a shuffle scheme among smart meters to protect the data ownership privacy, and utilize a re-encryption scheme to guarantee the forecasting data privacy. Finally, through comprehensive simulation and analysis, we validate our proposed privacy-preserving framework in terms of privacy protection, and computation and communication efficiency.

With the emergence of smart automotive devices, the data communication between these devices gains increasing importance. SOME/IP is a light-weight protocol to facilitate inter- process/device communication, which supports both procedural calls and event notifications. Because of its simplicity and capability, SOME/IP is getting adopted by more and more automotive devices. Subsequently, the security of SOME/IP applications becomes crucial. However, previous security testing techniques cannot fit the scenario of vulnerability detection SOME/IP applications due to miscellaneous challenges such as the difficulty of server-side testing programs in parallel, etc. By addressing these challenges, we propose Ori - a greybox fuzzer for SOME/IP applications, which features two key innovations: the attach fuzzing mode and structural mutation. The attach fuzzing mode enables Ori to test server programs efficiently, and the structural mutation allows Ori to generate valid SOME/IP packets to reach deep paths of the target program effectively. Our evaluation shows that Ori can detect vulnerabilities in SOME/IP applications effectively and efficiently.

In this paper Intelligent Electronic Devices (IED) that use ethernet for communicating with substation devices on the grid where modelled in OPNET. There is a need to test the communication protocol performance over the network. A model for the substation communication network was implemented in OPNET. This was done for ESKOM, which is the electrical power generation and distribution authority in South Africa. The substation communication model consists of 10 ethernet nodes which simulate protection Intelligent Electronic Devices (IEDs), 13 ethernet switches, a server which simulates the substation Remote Terminal Unit (RTU) and the DNP3 Protocol over TCP/IP simulated on the model. DNP3 is a protocol that can be used in a power utility computer network to provide communication service for the grid components. It was selected as the communication protocol because it is widely used in the energy sector in South Africa. The network load and packet delay parameters were sampled when 10%, 50%, 90% and 100% of devices are online. Analysis of the results showed that with an increase in number of nodes there was an increase in packet delay as well as the network load. The load on the network should be taken into consideration when designing a substation communication network that requires a quick response such as a smart gird.

Smart Meters (SM) are IoT end devices used to collect user utility consumption with limited processing power on the edge of the smart grid (SG). While SMs have great applications in providing data analysis to the utility provider and consumers, private user information can be inferred from SMs readings. For preserving user privacy, a number of methods were developed that use perturbation by adding noise to alter user load and hide consumer data. Most methods limit the amount of perturbation noise using differential privacy to preserve the benefits of data analysis. However, additive noise perturbation may have an undesirable effect on billing. Additionally, users may desire to select complete privacy without giving consent to having their data analyzed. We present a virtual battery model that uses perturbation with additive noise obtained from a virtual chargeable battery. The level of noise can be set to make user data differentially private preserving statistics or break differential privacy discarding the benefits of data analysis for more privacy. Our model uses fog aggregation with authentication and encryption that employs lightweight cryptographic primitives. We use Diffie-Hellman key exchange for symmetrical encryption of transferred data and a two-way challenge-response method for authentication.

Distributed denial of service (DDoS) attacks can bring tremendous damage to online services and ISPs. Existing adopted mitigation methods either require the victim to have a sufficient number of resources for traffic filtering or to pay a third party cloud service to filter the traffic. In our previous work we proposed CoFence, a collaborative network that allows member domains to help each other in terms of DDoS traffic handling. In that network, victim servers facing a DDoS attack can redirect excessive connection requests to other helping servers in different domains for filtering. Only filtered traffic will continue to interact with the victim server. However, sending traffic to third party servers brings up the issue of privacy: specifically leaked client source IP addresses. In this work we propose a privacy protection mechanism for defense so that the helping servers will not be able to see the IP address of the client traffic while it has minimum impact to the data filtering function. We implemented the design through a test bed to demonstrated the feasibility of the proposed design.

Smart meters (SMs) play a pivotal rule in the smart grid by being able to report the electricity usage of consumers to the utility provider (UP) almost in real-time. However, this could leak sensitive information about the consumers to the UP or a third-party. Recent works have leveraged the availability of energy storage devices, e.g., a rechargeable battery (RB), in order to provide privacy to the consumers with minimal additional energy cost. In this paper, a privacy-cost management unit (PCMU) is proposed based on a model-free deep reinforcement learning algorithm, called deep double Q-learning (DDQL). Empirical results evaluated on actual SMs data are presented to compare DDQL with the state-of-the-art, i.e., classical Q-learning (CQL). Additionally, the performance of the method is investigated for two concrete cases where attackers aim to infer the actual demand load and the occupancy status of dwellings. Finally, an abstract information-theoretic characterization is provided.

Load profiling is to cluster power consumption data to generate load patterns showing typical behaviors of consumers, and thus it has enormous potential applications in smart grid. However, short-interval readings would generate massive smart meter data. Although cloud computing provides an excellent choice to analyze such big data, it also brings significant privacy concerns since the cloud is not fully trustworthy. In this paper, based on a modified vector homomorphic encryption (VHE), we propose a privacy-preserving and outsourced k-means clustering scheme (PPOk M) for secure load profiling over encrypted meter data. In particular, we design a similarity-measuring method that effectively and non-interactively performs encrypted distance metrics. Besides, we present an integrity verification technique to detect the sloppy cloud server, which intends to stop iterations early to save computational cost. In addition, extensive experiments and analysis show that PPOk M achieves high accuracy and performance while preserving convergence and privacy.

As a new paradigm for the monitoring and troubleshooting of backbone networks, the multilayer in-band network telemetry (ML-INT) with deep learning (DL) based data analytics (DA) has recently been proven to be effective on realtime visualization and fine-grained monitoring. However, the existing studies on ML-INT&DA systems have overlooked the privacy and security issues, i.e., a malicious party can apply tapping in the data reporting channels between the data and control planes to illegally obtain plaintext ML-INT data in them. In this paper, we discuss a privacy-preserving DL-based ML-INT&DA system for realizing AI-assisted network automation in backbone networks in the form of IP-over-Optical. We first show a lightweight encryption scheme based on integer vector homomorphic encryption (IVHE), which is used to encrypt plaintext ML-INT data. Then, we architect a DL model for anomaly detection, which can directly analyze the ciphertext ML-INT data. Finally, we present the implementation and experimental demonstrations of the proposed system. The privacy-preserving DL-based ML-INT&DA system is realized in a real IP over elastic optical network (IP-over-EON) testbed, and the experimental results verify the feasibility and effectiveness of our proposal.

The necessity for peer-to-peer (p2p) communications is obvious; current centralized solutions are capturing and storing too much information from the individual people communicating with each other. Privacy concerns with a centralized solution in possession of all the users data are a difficult matter. HELIOS platform introduces a new social-media platform that is not in control of any central operator, but brings the power of possession of the data back to the users. It does not have centralized servers that store and handle receiving/sending of the messages. Instead, it relies on the current open-source solutions available in the p2p communities to propagate the messages to the wanted recipients of the data and/or messages. The p2p communications also introduce new problems in terms of privacy and tracking of the user, as the nodes part of a p2p network can see what data the other nodes provide and ask for. How the sharing of data in a p2p network can be achieved securely, taking into account the user's privacy is a question that has not been fully answered so far. We do not claim we answer this question fully in this paper either, but we propose a set of protocols to help answer one specific problem. Especially, this paper proposes how to privately share data (end-point address or other) of the user between other users, provided that they have previously connected with each other securely, either offline or online.

With the increasing popularity and adoption of IoT technology, fog computing has been used as an advancement to cloud computing. Although trust management issues in cloud have been addressed, there are still very few studies in a fog area. Trust is needed for collaborating among fog nodes and trust can further improve the reliability by assisting in selecting the fog nodes to collaborate. To address this issue, we present a provenance based trust mechanism that traces the behavior of the process among fog nodes. Our approach adopts the completion rate and failure rate as the process provenance in trust scores of computing workload, especially obvious measures of trustworthiness. Simulation results demonstrate that the proposed system can effectively be used for collaboration in a fog environment.

This study presents an open standards-based information system supporting democratisation and consumer empowerment through flexibility activation. This study describes a functional technical reference infrastructure: a secure, standard-based and viable communication backbone for flexibility activation. The infrastructure allows connection, registering, activation and reporting for different types of granular consumer flexibility. The flexibility sources can be directly controllable set points of chargers and stationary batteries, as well as controllable loads. The proposed communication system sees all these flexibility provisions as distributed energy resources in a wider sense, and the architecture allows consumer-level integration of different energy systems. This makes new flexibility sources fully available to the balancing responsible entities in a viable and realistically implementable manner. The proposed reference architecture, as implemented in the FLEXCoop project, relies on established open standards as it is based on the Open Automated Demand Response (OpenADR) and OAuth2/OpenID standards and the corresponding IEC 62746-10 standard, and it covers interfacing towards other relevant standards. The security and access implications are addressed by the OpenID security layer built on top of the OAuth2 and integrated with the OpenADR standard. To address the data protection and privacy aspects, the architecture is designed on the least knowledge principle.

Existing logic-locking attacks are known to successfully decrypt functionally correct key of a locked combinational circuit. It is possible to extend these attacks to real-world Silicon-based Intellectual Properties (IPs, which are sequential circuits) through scan-chains by selectively initializing the combinational logic and analyzing the responses. In this paper, we propose SeqL, which achieves functional isolation and locks selective flip-flop functional-input/scan-output pairs, thus rendering the decrypted key functionally incorrect. We conduct a formal study of the scan-locking problem and demonstrate automating our proposed defense on any given IP. We show that SeqL hides functionally correct keys from the attacker, thereby increasing the likelihood of the decrypted key being functionally incorrect. When tested on pipelined combinational benchmarks (ISCAS, MCNC), sequential benchmarks (ITC) and a fully-fledged RISC-V CPU, SeqL gave 100% resilience to a broad range of state-of-the-art attacks including SAT [1], Double-DIP [2], HackTest [3], SMT [4], FALL [5], Shift-and-Leak [6] and Multi-cycle attacks [7].

Trust among humans affects the way we interact with each other. In autonomous systems, this trust is often predefined and hard-coded before the systems are deployed. However, when systems encounter unfolding situations, requiring them to interact with others, a notion of trust will be inevitable. In this paper, we discuss trust as a fundamental measure to enable an autonomous system to decide whether or not to interact with another system, whether biological or artificial. These decisions become increasingly important when continuously integrating with others during runtime.