Biblio

Network function virtualization (NFV / VNF) and information-centric networking (ICN) are two trending technologies that have attracted expert's attention. NFV is a technique in which network functions (NF) are decoupling from commodity hardware to run on to create virtual communication services. The virtualized class nodes can bring several advantages such as reduce Operating Expenses (OPEX) and Capital Expenses (CAPEX). On the other hand, ICN is a technique that breaks the host-centric paradigm and shifts the focus to “named information” or content-centric. ICN provides highly efficient content retrieval network architecture where popular contents are cached to minimize duplicate transmissions and allow mobile users to access popular contents from caches of network gateways. This paper investigates the implementation of NFV in ICN. Besides, reviewing and discussing the weaknesses and strengths of each architecture in a critical analysis manner of both network architectures. Eventually, highlighted the current issues and future challenges of both architectures.

Sound plays a key role in human life and therefore sound recognition system has a great future ahead. Sound classification and identification system has many applications such as system for personal security, critical surveillance, etc. The main aim of this paper is to detect and classify the security sound event using the surveillance camera systems with integrated microphone based on the generated spectrograms of the sounds. This will enable to track security events in cases of emergencies. The goal is to propose a security system to accurately detect sound events and make a better security sound event detection system. We propose to use a convolutional neural network (CNN) to design the security sound detection system to detect a security event with minimal sound. We used the spectrogram images to train the CNN. The neural network was trained using different security sounds data which was then used to detect security sound events during testing phase. We used two datasets for our experiment training and testing datasets. Both the datasets contain 3 different sound events (glass break, gun shots and smoke alarms) to train and test the model, respectively. The proposed system yields the good accuracy for the sound event detection even with minimum available sound data. The designed system achieved accuracy was 92% and 90% using CNN on training dataset and testing dataset. We conclude that the proposed sound classification framework which using the spectrogram images of sounds can be used efficiently to develop the sound classification and recognition systems.

Perimeter models, which provide access control for protecting resources on networks, make authorization decisions using the source network of access requests as one of critical factors. However, such models are problematic because once a network is intruded, the attacker gains access to all of its resources. To overcome the above problem, a Zero Trust Network (ZTN) is proposed as a new security model in which access control is performed by authenticating users who request access and then authorizing such requests using various information about users and devices called contexts. To correctly make authorization decisions, this model must take a large amount of various contexts into account. However, in some cases, an access control mechanism cannot collect enough context to make decisions, e.g., when an organization that enforces access control joins the identity federation and uses systems operated by other organizations. This is because the contexts collected using the systems are stored in individual systems and no federation exists for sharing contexts. In this study, we propose the concept of a Zero Trust Federation (ZTF), which applies the concept of ZTN under the identity federation, and a method for sharing context among systems of organizations. Since context is sensitive to user privacy, we also propose a mechanism for sharing contexts under user control. We also verify context sharing by implementing a ZTF prototype.

Cloud storage is a low-cost and convenient storage method, but the nature of cloud storage determines the existence of security risks for data uploaded by users. In order to ensure the security of users' data in third-party cloud platforms, a zero trust security platform for data trusteeship is proposed. The platform introduces the concept of zero trust, which meets the needs of users to upload sensitive data to untrusted third-party cloud platforms by implementing multiple functional modules such as sensitivity analysis service, cipher index service, attribute encryption service.

In recent times, the use of cloud computing has gained popularity all over the world in the context of performing smart computations on big data. The privacy of sensitive data of the client is of utmost important issues. Data leakage or hijackers may theft significant information about the client that ultimately may affect the reputation and prestige of its owner (bank) and client (customers). In general, to save the privacy of our banking data it is preferred to store, process, and transmit the data in the form of encrypted text. But now the main concern leads to secure computation over encrypted text or another possible way to perform computation over clouds makes data more vulnerable to hacking and attacks. Existing classical encryption techniques such as RSA, AES, and others provide secure transaction procedures for data over clouds but these are not fit for secure computation over data in the clouds. In 2009, Gentry comes with a solution for such issues and presents his idea as Homomorphic encryption (HE) that can perform computation over encrypted text without decrypting the data itself. Now a day's privacy-enhancing techniques (PET) are there to explore more potential benefits in security issues and useful in historical cases of privacy failure. Differential privacy, Federated analysis, homomorphic encryption, zero-knowledge proof, and secure multiparty computation are a privacy-enhancing technique that may useful in financial services as these techniques provide a fully-fledged mechanism for financial institutes. With the collaboration of industries, these techniques are may enable new data-sharing agreements for a more secure solution over data. In this paper, the primary concern is to investigate the different standards and properties of homomorphic encryption in digital banking and financial institutions.

This work seeks to advance the state of the art in HPC I/O performance analysis and interpretation. In particular, we demonstrate effective techniques to: (1) model output performance in the presence of I/O interference from production loads; (2) build features from write patterns and key parameters of the system architecture and configurations; (3) employ suitable machine learning algorithms to improve model accuracy. We train models with five popular regression algorithms and conduct experiments on two distinct production HPC platforms. We find that the lasso and random forest models predict output performance with high accuracy on both of the target systems. We also explore use of the models to guide adaptation in I/O middleware systems, and show potential for improvements of at least 15% from model-guided adaptation on 70% of samples, and improvements up to 10 x on some samples for both of the target systems.

Sharding can significantly improve the blockchain scalability, by dividing nodes into small groups called shards that can handle transactions in parallel. However, all existing sharding systems adopt complete sharding, i.e., shards are isolated. It raises additional overhead to guarantee the atomicity and consistency of cross-shard transactions and seriously degrades the sharding performance. In this paper, we present Pyramid, the first layered sharding blockchain system, in which some shards can store the full records of multiple shards thus the cross-shard transactions can be processed and validated in these shards internally. When committing cross-shard transactions, to achieve consistency among the related shards, a layered sharding consensus based on the collaboration among several shards is presented. Compared with complete sharding in which each cross-shard transaction is split into multiple sub-transactions and cost multiple consensus rounds to commit, the layered sharding consensus can commit cross-shard transactions in one round. Furthermore, the security, scalability, and performance of layered sharding with different sharding structures are theoretically analyzed. Finally, we implement a prototype for Pyramid and its evaluation results illustrate that compared with the state-of-the-art complete sharding systems, Pyramid can improve the transaction throughput by 2.95 times in a system with 17 shards and 3500 nodes.

With the rise of the cloud computing and services, the network environments tend to be more complex and enormous. Security control becomes more and more hard due to the frequent and various access and requests. There are a few techniques to solve the problem which developed separately in the recent years. Network Micro-Segmentation provides the system the ability to keep different parts separated. Zero Trust Model ensures the network is access to trusted users and business by applying the policy that verify and authenticate everything. With the combination of Segmentation and Zero Trust Model, a system will obtain the ability to control the access to organizations' or industrial valuable assets. To implement the cooperation, the paper designs a strategy named light verification to help the process to be painless for the cost of inspection. The strategy was found to be effective from the perspective of the technical management, security and usability.

Under the background of increasingly severe security situation, the new working mode of power mobile internet business anytime and anywhere has greatly increased the complexity of network interaction. At the same time, various means of breaking through the boundary protection and moving laterally are emerging in an endless stream. The existing boundary-based mobility The security protection architecture is difficult to effectively respond to the current complex and diverse network attacks and threats, and faces actual combat challenges. This article first analyzes the security risks faced by the existing power mobile Internet services, and conducts a collaborative analysis of the key points of zero-trust based security protection from multiple perspectives such as users, terminals, and applications; on this basis, from identity security authentication, continuous trust evaluation, and fine-grained access The dimension of control, fine-grained access control based on identity trust, and the design of a zero-trust-based power mobile interconnection business security protection framework to provide theoretical guidance for power mobile business security protection.

With the advent of the era of big data, information technology has been rapidly developed and the application of computers has been popularized. However, network technology is a double-edged sword. While providing convenience, it also faces many problems, among which there are many hidden dangers of network information security. Based on this, based on the era background of big data, the network information security analysis, explore the main network security problems, and elaborate computer information network security matters needing attention, to strengthen the network security management, and put forward countermeasures, so as to improve the level of network security.

In a collaboration with the Georgia Peanut Commission’s Education Center and museum in Georgia, USA, we developed an augmented reality app to guide visitors through the museum and offer immersive educational information about the artifacts, exhibits, and artwork displayed therein. Notably, our augmented reality system applies the First Order Motion Model for Image Animation to several portraits of individuals influential to the Georgia peanut industry to provide immersive animated narration and monologue regarding their contributions to the peanut industry. [4]

Cyber resilience has become a strategic point of information security in recent years. In the face of complex attack means and severe internal and external threats, it is difficult to achieve 100% protection against information systems. It is necessary to enhance the continuous service of information systems based on network resiliency and take appropriate compensation measures in case of protection failure, to ensure that the mission can still be achieved under attack. This paper combs the definition, cycle, and state of cyber resilience, and interprets the cyber resiliency engineering framework, to better understand cyber resilience. In addition, we also discuss the evolution of security architecture and analyze the impact of cyber resiliency on security architecture. Finally, the strategies and schemes of enhancing cyber resilience represented by zero trust and endogenous security are discussed.

Since the personal data protection law is on the way of many countries, how to use data mining method to secure sensitive information has become a challenge for enterprises. To make sure every employee follows company's data protection strategy, it may take lots of time and cost to seek and scan thousands of folders and files in user equipment, ensuring that the file contents meet IT security policies. Hence, this paper proposed a lightweight, pattern-based detection system, PIDS, which is expecting to enable an affordable data leakage prevention with essential cost and high efficiency in small business enterprise. For verification and evaluation, PIDS has been deployed on more than 100,000 PCs of collaboration enterprises, and the feedback shows that the system is able to approach its original design functionality for finding violated or sensitive contents efficiently.

In quantum cryptography research area, quantum digital signature is an important research field. To provide a better privacy for users in constructing quantum digital signature, the stronger anonymity of quantum digital signatures is required. Quantum ring signature scheme focuses on anonymity in certain scenarios. Using quantum ring signature scheme, the quantum message signer hides his identity into a group. At the same time, there is no need for any centralized organization when the user uses the quantum ring signature scheme. The group used to hide the signer identity can be immediately selected by the signer himself, and no collaboration between users.Since the quantum finite automaton signature scheme is very efficient quantum digital signature scheme, based on it, we propose a new quantum ring signature scheme. We also showed that the new scheme we proposed is of feasibility, correctness, anonymity, and unforgeability. And furthermore, the new scheme can be implemented only by logical operations, so it is easy to implement.

Digitalisation of domains such as medical and railway utilising cloud and networking technologies such as 5G and forthcoming 6G systems presents additional security challenges. The establishment of the identity, integrity and provenance of devices, services and other functional components removed a number of attack vectors and addresses a number of so called zero-trust security requirements. The addition of trusted hardware, such as TPM, and related remote attestation integrated with the networking and cloud infrastructure will be necessary requirement.

The popular federated edge learning (FEEL) framework allows privacy-preserving collaborative model training via frequent learning-updates exchange between edge devices and server. Due to the constrained bandwidth, only a subset of devices can upload their updates at each communication round. This has led to an active research area in FEEL studying the optimal device scheduling policy for minimizing communication time. However, owing to the difficulty in quantifying the exact communication time, prior work in this area can only tackle the problem partially by considering either the communication rounds or per-round latency, while the total communication time is determined by both metrics. To close this gap, we make the first attempt in this paper to formulate and solve the communication time minimization problem. We first derive a tight bound to approximate the communication time through cross-disciplinary effort involving both learning theory for convergence analysis and communication theory for per-round latency analysis. Building on the analytical result, an optimized probabilistic scheduling policy is derived in closed-form by solving the approximate communication time minimization problem. It is found that the optimized policy gradually turns its priority from suppressing the remaining communication rounds to reducing per-round latency as the training process evolves. The effectiveness of the proposed scheme is demonstrated via a use case on collaborative 3D objective detection in autonomous driving.

Both the Internet of Things (IoT) and Information Centric Networking (ICN) have gathered a lot of attention from both research and industry in recent years. While ICN has proved to be beneficial in many situations, it is not widely deployed outside research projects, also not addressing needs of IoT application programming interfaces (APIs). On the other hand, today's IoT solutions are built on top of the host-centric communication model associated with the usage of the Internet Protocol (IP). This paper contributes a discussion on the need of an integration of a specific form of IoT APIs, namely WebSocket based streaming APIs, into an ICN. Furthermore, different access models are discussed and requirements are derived from real world APIs. Finally, the design of an ICN-style extension is presented using one of the examined APIs.

The transmission and storage process for the power data in an intelligent grid has problems such as a single point of failure in the central node, low data credibility, and malicious manipulation or data theft. The characteristics of decentralization and tamper-proofing of blockchain and its distributed storage architecture can effectively solve malicious manipulation and the single point of failure. However, there are few safe and reliable data transmission methods for the significant number and various identities of users and the complex node types in the power blockchain. Thus, this paper proposes a collaborative control scheme between on-chain and off-chain power data based on the distributed oracle technology. By building a trusted on-chain transmission mechanism based on distributed oracles, the scheme solves the credibility problem of massive data transmission and interactive power data between smart contracts and off-chain physical devices safely and effectively. Analysis and discussion show that the proposed scheme can realize the collaborative control between on-chain and off-chain data efficiently, safely, and reliably.

Trust is an important emerging area of study in human-robot cooperation. Many studies have begun to look at the issue of robot (agent) capability as a predictor of human trust in the robot. However, the assumption that agent capability is the sole predictor of human trust could underestimate the complexity of the problem. This study aims to investigate the effects of agent-strategy and agent-capability in a visual search task. Fourteen subjects were recruited to partake in a web-based grid search task. They were each paired with a series of autonomous agents to search an on-screen grid to find a number of outlier objects as quickly as possible. Both the human and agent searched the grid concurrently and the human was able to see the movement of the agent. Each trial, a different autonomous agent with its assigned capability, used one of three search strategies to assist their human counterpart. After each trial, the autonomous agent reported the number of outliers it found, and the human subject was asked to determine the total number of outliers in the area. Some autonomous agents reported only a fraction of the outliers they encountered, thus coding a varying level of agent capability. Human subjects then evaluated statements related to the behavior, reliability, and trust of the agent. The results showed increased measures of trust and reliability with increasing capability. Additionally, the most legible search strategies received the highest average ratings in a measure of familiarity. Remarkably, given no prior information about capabilities or strategies that they would see, subjects were able to determine consistent trustworthiness of the agent. Furthermore, both capability and strategy of the agent had statistically significant effects on the human’s trust in the agent.

The fusion of peer-to-peer (P2P) fog network and the traditional three-tier fog computing architecture allows fog devices to conjointly pool their resources together for improved service provisioning and better bandwidth utilization. However, any unauthorized access to the fog network may have calamitous consequences. In this paper, a new lightweight two-party authenticated and key agreement (AKA) protocol is proposed for fog-to-fog collaboration. The security analysis of the protocol reveals that it is resilient to possible attacks. Moreover, the validation of the protocol conducted using the broadly-accepted Automated Verification of internet Security Protocols and Applications (AVISPA) shows that it is safe for practical deployment. The performance evaluation in terms of computation and communication overheads demonstrates its transcendence over the state-of-the-art protocols.

As multi-robot systems (MRS) are widely used in various tasks such as natural disaster response and social security, people enthusiastically expect an MRS to be ubiquitous that a general user without heavy training can easily operate. However, humans have various preferences on balancing between task performance and safety, imposing different requirements onto MRS control. Failing to comply with preferences makes people feel difficult in operation and decreases human willingness of using an MRS. Therefore, to improve social acceptance as well as performance, there is an urgent need to adjust MRS behaviors according to human preferences before triggering human corrections, which increases cognitive load. In this paper, a novel Meta Preference Learning (MPL) method was developed to enable an MRS to fast adapt to user preferences. MPL based on meta learning mechanism can quickly assess human preferences from limited instructions; then, a neural network based preference model adjusts MRS behaviors for preference adaption. To validate method effectiveness, a task scenario "An MRS searches victims in an earthquake disaster site" was designed; 20 human users were involved to identify preferences as "aggressive", "medium", "reserved"; based on user guidance and domain knowledge, about 20,000 preferences were simulated to cover different operations related to "task quality", "task progress", "robot safety". The effectiveness of MPL in preference adaption was validated by the reduced duration and frequency of human interventions.

Web Scraping is the technique of extracting desired data in an automated way by scanning the internal links and content of a website, this activity usually performed by systematically programmed bots. This paper explains our proposed solution to protect the blog content from theft and from being copied to other destinations by mitigating the scraping bots. To achieve our purpose we applied two steps in two levels, the first one, on the main blog page level, mitigated the work of crawler bots by adding extra empty articles anchors among real articles, and the next step, on the article page level, we add a random number of empty and hidden spans with randomly generated text among the article's body. To assess this solution we apply it to a local project developed using PHP language in Laravel framework, and put four criteria that measure the effectiveness. The results show that the changes in the file size before and after the application do not affect it, also, the processing time increased by few milliseconds which still in the acceptable range. And by using the HTML-similarity tool we get very good results that show the symmetric over style, with a few bit changes over the structure. Finally, to assess the effects on the bots, scraper bot reused and get the expected results from the programmed middleware. These results show that the solution is feasible to be adopted and use to protect blogs content.

Surveillance systems involve a camera module (at a fixed location) connected/streaming video via Internet Protocol to a (video) server. In our IMPRINT consortium project, by mounting miniaturised camera module/s on mobile quadruped-lizard like robots, we developed a stealth surveillance system, which could be very useful as a monitoring system in hostage situations. In this paper, we report about the communication system that enables secure transmission of: Live-video from robots to a server, GPS-coordinates of robots to the server and Navigation-commands from server to robots. Since the end application is for stealth surveillance, often can involve sensitive data, data security is a crucial concern, especially when data is transmitted through the internet. We use the RC4 algorithm for video transmission; while the AES algorithm is used for GPS data and other commands’ data transmission. Advantages of the developed system is easy to use for its web interface which is provided on the control station. This communication system, because of its internet-based communication, it is compatible with any operating system environment. The lightweight program runs on the control station (on the server side) and robot body that leads to less memory consumption and faster processing. An important requirement in such hostage surveillance systems is fast data processing and data-transmission rate. We have implemented this communication systems with a single-board computer having GPU that performs better in terms of speed of transmission and processing of data.

Zero Trust security model permits to secure cloud native applications while encrypting all network communication, authenticating, and authorizing every request. The service mesh can enable Zero Trust using a side-car proxy without changes to the application code. To the best of our knowledge, no previous work has provided a performance analysis of Zero Trust in a multi-cloud environment. This paper proposes a multi-cloud framework and a testing workflow to analyse performance of the data plane under load and the impact on the control plane, when Zero Trust is enabled. The results of preliminary tests show that Istio has reduced latency variability in responding to sequential HTTP requests. Results also reveal that the overall CPU and memory usage can increase based on service mesh configuration and the cloud environment.

The notion of Zero Trust Architecture (ZTA) has been introduced as a fine-grained defense approach. It assumes that no entities outside and inside the protected system can be trusted and therefore requires articulated and high-coverage deployment of security controls. However, ZTA is a complex notion which does not have a single design solution; rather it consists of numerous interconnected concepts and processes that need to be assessed prior to deciding on a solution. In this paper, we outline a ZTA design methodology based on cyber risks and the identification of known high security risks. We then discuss challenges related to the design and deployment of ZTA and related solutions. We also discuss the role that service technology can play in ZTA.