Biblio

According to recent reports, the most common insider threats to systems are unauthorized access to or use of corporate information and exposure of sensitive data. While anomaly detection techniques have proved to be effective in the detection of early signs of data theft, these techniques are not able to detect sophisticated data misuse scenarios in which malicious insiders seek to aggregate knowledge by executing and combining the results of several queries. We thus need techniques that are able to track users' actions across time to detect correlated ones that collectively flag anomalies. In this paper, we propose such techniques for the detection of anomalous accesses to relational databases. Our approach is to monitor users' queries, sequences of queries and sessions of database connection to detect queries that retrieve amounts of data larger than the normal. Our evaluation of the proposed techniques indicates that they are very effective in the detection of anomalies.

Currently the task of automated security monitoring and responding to security incidents is highly relevant. The authors propose an approach to determine weaknesses of the analyzed system on the basis of its known vulnerabilities for further specification of security threats. It is relevant for the stage of determining the necessary and sufficient set of security countermeasures for specific information systems. The required set of security response tools and means depends on the determined threats. The possibility of practical implementation of the approach follows from the connectivity between open databases of vulnerabilities, weaknesses, and attacks. The authors applied various classification methods for vulnerabilities considering values of their properties. The paper describes source data used for classification, their preprocessing stage, and the classification results. The obtained results and the methods for their enhancement are discussed.

pubcrawl, Network on Chip Security, Scalability, resiliency, resilience, metrics, Tasks on NoC (Network-on-Chip) are less efficient because of long-distance data synchronization. An inefficient task schedule strategy can lead to a large number of remote data accessing that ruins the speedup of parallel execution of multiple tasks. Thus, we propose an energy efficient task schedule to reduce task traffic with a diffusional pattern. The task mapping algorithm can optimize traffic distribution by limit tasks into a small area to reduce NoC activities. Comparing to application-layer optimization, our task mapping can obtain 20% energy saving and 15% latency reduction on average.

Publically available relational data without security protection may cause data protection issues. Watermarking facilitates solution for remote sharing of relational database by ensuring data integrity and security. In this research, a reversible watermarking for numerical relational database by using evolutionary technique has been proposed that ensure the integrity of underlying data and robustness of watermark. Moreover, mRMR based feature subset selection technique has been used to select attributes for implementation of watermark instead of watermarking whole database. Binary Bat algorithm has been used as constraints optimization technique for watermark creation. Experimental results have shown the effectiveness of the proposed technique against data tempering attacks. In case of alteration attacks, almost 70% data has been recovered, 50% in deletion attacks and 100% data is retrieved after insertion attacks. The watermarking based on evolutionary technique (WET) i.e., mRMR based Binary Bat Algorithm ensures the data accuracy and it is resilient against malicious attacks.

Elliptic curve cryptography (ECC) is an approach to public-key cryptography used for data protection to be unintelligible to any unauthorized device or entity. The encryption/decryption algorithm is publicly known and its security relies on the discrete logarithm problem. ECC is ideal for weak devices with small resources such as phones, smart cards, embedded systems and wireless sensor networks (WSN), largely deployed in different applications. The advantage of ECC is the shorter key length to provide same level of security than other cryptosystems like RSA. However, cryptographic computations such as the multiplication of an elliptic curve point by a scalar value are computationally expensive and involve point additions and doublings on elliptic curves over finite fields. Much works are done to optimize their costs. Based on the result of these works, including parallel processing, we propose two new efficient distributed algorithms to reduce the computations in resource-constrained networks having as feature the cooperative processing of data. Our results are conclusive and can provide up to 125% of reduction of consumed energy by each device in a data exchange operation.

Cloud-hosted services are being increasingly used in online businesses in e.g., retail, healthcare, manufacturing, entertainment due to benefits such as scalability and reliability. These benefits are fueled by innovations in orchestration of cloud platforms that make them totally programmable as Software Defined everything Infrastructures (SDxI). At the same time, sophisticated targeted attacks such as Distributed Denial-of-Service (DDoS) are growing on an unprecedented scale threatening the availability of online businesses. In this paper, we present a novel defense system called Dolus to mitigate the impact of DDoS attacks launched against high-value services hosted in SDxI-based cloud platforms. Our Dolus system is able to initiate a 'pretense' in a scalable and collaborative manner to deter the attacker based on threat intelligence obtained from attack feature analysis in a two-stage ensemble learning scheme. Using foundations from pretense theory in child play, Dolus takes advantage of elastic capacity provisioning via 'quarantine virtual machines' and SDxI policy co-ordination across multiple network domains to deceive the attacker by creating a false sense of success. From the time gained through pretense initiation, Dolus enables cloud service providers to decide on a variety of policies to mitigate the attack impact, without disrupting the cloud services experience for legitimate users. We evaluate the efficacy of Dolus using a GENI Cloud testbed and demonstrate its real-time capabilities to: (a) detect DDoS attacks and redirect attack traffic to quarantine resources to engage the attacker under pretense, and (b) coordinate SDxI policies to possibly block DDoS attacks closer to the attack source(s).

We present a demo of DryVR 2.0, a framework for verification and controller synthesis of cyber-physical systems composed of black-box simulators and white-box automata. For verification, DryVR 2.0 takes as input a black-box simulator, a white-box transition graph, a time bound and a safety specification. As output it generates over-approximations of the reachable states and returns "Safe" if the system meets the given bounded safety specification, or it returns "Unsafe" with a counter-example. For controller synthesis, DryVR 2.0 takes as input black-box simulator(s) and a reach-avoid specification, and uses RRTs to find a transition graph such that the combined system satisfies the given specification.

Today, most embedded systems use Dynamic Voltage and Frequency Scaling (DVFS) to minimize energy consumption and maximize performance. The DVFS technique works by regulating the important parameters that govern the amount of energy consumed in a system, voltage and frequency. For the implementation of this technique, the operating system (OS) includes software applications that dynamically control a voltage regulator or a frequency regulator or both. In this paper, we demonstrate for the first time a malicious use of the frequency regulator against a TrustZone-enabled System-on-Chip (SoC). We demonstrate a use of frequency scaling to create covert channel in a TrustZone-enabled heterogeneous SoC. We present four proofs of concept to transfer sensitive data from a secure entity in the SoC to a non-secure one. The first proof of concept is from a secure ARM core to outside of SoC. The second is from a secure ARM core to a non-secure one. The third is from a non-trusted third party IP embedded in the programmable logic part of the SoC to a non-secure ARM core. And the last proof of concept is from a secure third party IP to a non-secure ARM core.

The choice of threshold is an important part of fault diagnosis. Most of the current methods use a constant threshold for detection and it is difficult to meet the robustness and sensitivity requirements of the diagnosis system. This article develops a dynamic threshold algorithm for aircraft engine fault detection and isolation systems. The algorithm firstly analyzes the bounded norm uncertainty that may appear in the process of model based on the state space equation, and gives the time domain response range calculation formula under the influence of uncertain parameters; then the Kalman filter is combined to calculate the threshold with the real-time change of state; the simulation is performed at the end. The simulation results show that dynamic threshold range changes with status in real time.

Multi-Processor Systems-on-Chips (MPSoCs) are a platform for a wide variety of applications and use-cases. The high on-chip connectivity, the programming flexibility, and the reuse of IPs, however, also introduce security concerns. Problems arise when applications with different trust and protection levels share resources of the MPSoC, such as processing units, cache memories and the Network-on-Chip (NoC) communication structure. If a program gets compromised, an adversary can observe the use of these resources and infer (potentially secret) information from other applications. In this work, we explore the cache-based attack by Bogdanov et al., which infers the cache activity of a target program through timing measurements and exploits collisions that occur when the same cache location is accessed for different program inputs. We implement this differential cache-collision attack on the MPSoC Glass and introduce an optimized variant of it, the Earthquake Attack, which leverages the NoC-based communication to increase attack efficiency. Our results show that Earthquake performs well under different cache line and MPSoC configurations, illustrating that cache-collision attacks are considerable threats on MPSoCs.

Dozens of signature and anomaly based solutions have been proposed to detect malicious activities in computer networks. However, the number of successful attacks are increasing every day. In this paper, we developed a novel entropy based technique, called Edmund, to detect and mitigate Network attacks. While analyzing full payload network traffic was not recommended due to users' privacy, Edmund used netflow data to detect abnormal behavior. The experimental results showed that Edmund was able to highly accurate detect (around 95%) different application, transport, and network layers attacks. It could identify more than 100K malicious flows raised by 1168 different attackers in our campus. Identifying the attackers, is a great feature, which enables the network administrators to mitigate DDoS effects during the attack time.

Malware (or malicious software) is any program or file that brings harm to a computer system. Malware includes computer viruses, worms, trojan horses, rootkit, adware, ransomware and spyware. Due to the explosive growth in number and variety of malware, the demand of improving automatic malware detection has increased. Machine learning approaches are a natural choice to deal with this problem since they can automatically discover hidden patterns in large-scale datasets to distinguish malware from benign. In this paper, we propose different deep neural network architectures from simple to advanced ones. We then fuse hand-crafted and deep features, and combine all models together to make an overall effective ensemble framework for malware detection. The experiment results demonstrate the efficiency of our proposed method, which is capable to detect malware with accuracy of 96.24% on our large real-life dataset.

Elliptic Curve Cryptography (ECC), initially proposed by Koblitz [17] and Miller [20], is a public-key cipher. Compared with other popular public-key ciphers (e.g., RSA), ECC features a shorter key length for the same level of security. For example, a 256-bit ECC cipher provides 128-bit security, equivalent to a 2048-bit RSA cipher [4]. Using smaller keys, ECC requires less memory for performing cryptographic operations. Embedded systems, especially given the proliferation of Internet-of-Things (IoT) devices and platforms, require efficient and low-power secure communications between edge devices and gateways/clouds. ECC has been widely adopted in IoT systems for authentication of communications, while RSA, which is much more costly to compute, remains the standard for desktops and servers.

Industrial Wireless Sensor Networks (IWSNs) are an extension of the Internet of Things paradigm that integrates smart sensors in industrial processes. However, the unattended open environment makes IWSNs vulnerable to malicious attacks, such as node compromise in addition to eavesdropping. The compromised nodes can again launch notorious attacks such as the sinkhole or sybil attack which may degrade the network performance. In this paper, we propose a lightweight, Secure Directed Diffusion (SDD) protocol. The algorithm for the proposed protocol uses bilinear pairing to derive a location-based key (LK) by binding the ID and geographic location of a node, thereby ensuring neighborhood authentication. Thus, authenticated nodes can prevent eavesdropping, node compromise including sinkhole and sybil attacks while ensuring confidentiality, authenticity, integrity with reduced latency. Finally, through security analysis, we prove that basic security is maintained and above-mentioned attacks are also prevented. We also compute storage, computation and communication overheads which show that SDD performs at least 2.6 times better in terms of storage overhead and at least 1.3 times better in terms of communication overhead over the other state-of-the-art competing schemes for attack preventions in WSN domain.

Secure group-oriented communication is crucial to a wide range of applications in Internet of Things (IoT). Security problems related to group-oriented communications in IoT-based applications placed in a privacy-sensitive environment have become a major concern along with the development of the technology. Unfortunately, many IoT devices are designed to be portable and light-weight; thus, their functionalities, including security modules, are heavily constrained by the limited energy resources (e.g., battery capacity). To address these problems, we propose a group key management scheme based on a novel physically unclonable function (PUF) design: multistage interconnected PUF (MIPUF) to secure group communications in an energy-constrained environment. Our design is capable of performing key management tasks such as key distribution, key storage and rekeying securely and efficiently. We show that our design is secure against multiple attack methods and our experimental results show that our design saves 47.33% of energy globally comparing to state-of-the-art Elliptic-curve cryptography (ECC)-based key management scheme on average.

Sky surveys represent a fundamental data source in astronomy. Today, these surveys are moving into a petascale regime produced by modern telescopes. Due to the exponential growth of astronomical data, there is a pressing need to provide efficient astronomical query processing. Our goal is to bridge the gap between existing distributed systems and high-level languages for astronomers. In this paper, we present efficient techniques for query processing of astronomical data using ASTROIDE. Our framework helps astronomers to take advantage of the richness of the astronomical data. The proposed model supports complex astronomical operators expressed using ADQL (Astronomical Data Query Language), an extension of SQL commonly used by astronomers. ASTROIDE proposes spatial indexing and partitioning techniques to better filter the data access. It also implements a query optimizer that injects spatial-aware optimization rules and strategies. Experimental evaluation based on real datasets demonstrates that the present framework is scalable and efficient.

Elliptic Curve Cryptography (ECC) provides high security levels with shorter keys than other public-key cryptosystems such as RSA. Usually modular inversion operation is a choke point in realizing the public-key cryptosystem. Based on the Extended Euclidean Algorithm, this work proposes an efficient FPGA implementation of ECC modular inversion over F256. According to this proposed algorithm, one modular inversion requires 320 clock cycles with a maximum clock frequency of 144.011MHz on a Xilinx Virtex-7 FPGA device which gives a computation time of 2.22μs. On the other words, our scenario can perform 450 thousand times division operations in one second approximately. Compared to other available literature, our scheme presented in this paper provides a high performance FPGA implementation of 256-bit modular inversion over F256. This makes the elliptic curve cryptography have important practical value in hardware implementation.

ZUC stream cipher is the first stream cipher developed independently by Chinese cryptologists as an international standard. The fast implementation of encryption algorithm is an important issue in cryptography application. At present, the research on ZUC stream cipher is mainly based on hardware implementation, and there are many efficient hardware implementations of ZUC stream cipher, but there are few efficient software implementations at present. This paper presents an efficient software design and implementation of ZUC stream cipher. Firstly, we propose the delayed modular, sliding window, and S-box optimizations to reduce the computational cost without modifying the calculation result of ZUC stream cipher. Secondly, single instruction multiple data instructions, reducing the times of memory access, loop unrolling optimization and other code optimization methods can improve the speed of encryption and decryption. Finally, we design and implementation a genetic algorithm to find the optimal sequence of optimizations in compiler. Experiments show that compared with the implementation of ZUC stream cipher given in the official document, these methods can give 102% performance improvement.

Cloud computing is an assured progression inside the future of facts generation. It's far a sub-domain of network security. These days, many huge or small organizations are switching to cloud which will shop and arrange their facts. As a result, protection of cloud networks is the want of the hour. DDoS is a killer software for cloud computing environments on net today. It is a distributed denial of carrier. we will beat the ddos attacks if we have the enough assets. ddos attacks can be countered by means of dynamic allocation of the assets. In this paper the attack is detected as early as possible and prevention methods is done and also mitigation method is also implemented thus attack can be avoided before it may occur.

The non-stationary nature of the human Electroencephalogram (EEG) has caused problems in EEG based biometrics. Stationary signals analysis is done simply with Discrete Fourier Transform (DFT), while it is not possible to analyze non-stationary signals with DFT, as it does not have the ability to show the occurrence time of different frequency components. The Fractional Fourier Transform (FrFT), as a generalization of Fourier Transform (FT), has the ability to exhibit the variable frequency nature of non-stationary signals. In this paper, Discrete Fractional Fourier Transform (DFrFT) with different fractional orders is proposed as a novel feature extraction technique for EEG based human verification with different number of channels. The proposed method in its' best performance achieved 0.22% Equal Error Rate (EER) with three EEG channels of 104 subjects.

The ability to independently regenerate published computational claims is widely recognized as a key component of scientific reproducibility. In this article we take a narrow interpretation of this goal, and attempt to regenerate published claims from author-supplied information, including data, code, inputs, and other provided specifications, on a different computational system than that used by the original authors. We are motivated by Claerbout and Donoho's exhortation of the importance of providing complete information for reproducibility of the published claim. We chose the Elsevier journal, the Journal of Computational Physics, which has stated author guidelines that encourage the availability of computational digital artifacts that support scholarly findings. In an IRB approved study at the University of Illinois at Urbana-Champaign (IRB \#17329) we gathered artifacts from a sample of authors who published in this journal in 2016 and 2017. We then used the ICERM criteria generated at the 2012 ICERM workshop "Reproducibility in Computational and Experimental Mathematics" to evaluate the sufficiency of the information provided in the publications and the ease with which the digital artifacts afforded computational reproducibility. We find that, for the articles for which we obtained computational artifacts, we could not easily regenerate the findings for 67% of them, and we were unable to easily regenerate all the findings for any of the articles. We then evaluated the artifacts we did obtain (55 of 306 articles) and find that the main barriers to computational reproducibility are inadequate documentation of code, data, and workflow information (70.9%), missing code function and setting information, and missing licensing information (75%). We recommend improvements based on these findings, including the deposit of supporting digital artifacts for reproducibility as a condition of publication, and verification of computational findings via re-execution of the code when possible.

Location Privacy breach in Wireless Sensor Networks (WSNs) cannot be controlled by encryption techniques as all the communications are signal based. Signal strength can be analyzed to reveal many routing information. Adversary takes advantage of this and tracks the incoming packet to know the direction of the packet. With the information of location of origin of packets, the Source is also exposed which is generating packets on sensing any object. Thus, the location of subject is exposed. For protecting such privacy breaches, routing schemes are used which create anonymization or diverts the adversary. In this paper, we are using `Dummy' packets that will be inserted into real traffic to confuse the adversary. The dummy packets are such inserted that they encircle the Sink or Base Station. These Dummy packets are send with a value of TTL (Time To Live) field such that they travel only a few hops. Since adversary starts backtracking from the Sink, it will be trapped in the dummy traffic. In our protocol, we are confusing adversary without introducing any delay in packet delivery. Adversary uses two common methods for knowing the source i.e. Traffic Analysis and Back-tracing. Mathematically and experimentally, our proposal is sound for both type of methods. Overhead is also balanced as packets will not live long.

Trust is an important topic in today's interconnected world. Breaches of trust in today's systems has had profound effects upon us all, and they are very difficult and costly to fix especially when caused by flaws in the system's architecture. Trust modeling can expose these types of issues, but modeling trust in complex multi-tiered system architectures can be very difficult. Often experts have differing views of trust and how it applies to systems within their domain. This work presents a graph-based modeling methodology that normalizes the application of trust across disparate system domains allowing the modeling of complex intersystem trust relationships. An algorithm is proposed that applies graph theory to model, validate and evaluate trust in system architectures. Also, it provides the means to apply metrics to compare and prioritize the effectiveness of trust management in system and component architectures. The results produced by the algorithm can be used in conjunction with systems engineering processes to ensure both trust and the efficient use of resources.

Live VM migration is the most vulnerable process in cloud federations for DDOS attacks, loss of data integrity, confidentiality, unauthorized access and injection of malicious viruses on VM disk images. We have scrutinized following set of crucial security features which are; authorization, confidentiality, replay protection (accountability), integrity, mutual authentication and source non-repudiation (availability) to cater different threats and vulnerabilities during live VM migration. The investigated threats and vulnerabilities are catered and implemented in a proposed solution, presented in this paper. Six security features-authorization, confidentiality, replay protection, integrity, mutual authentication and source non-repudiation are focused and modular implementation has been done. Solution is validated in AVISPA tool in modules for threats for all the notorious security requirements and no outbreak were seen.

This paper presents a novel research model of identity and the use of this model to answer some interesting research questions. Information travels in the cyber world, not only bringing us convenience and prosperity but also jeopardy. Protecting this information has been a commonly discussed issue in recent years. One type of this information is Personally Identifiable Information (PII), often used to perform personal authentication. People often give PIIs to organizations, e.g., when applying for a new job or filling out a new application on a website. While the use of such PII might be necessary for authentication, giving PII increases the risk of its exposure to criminals. We introduce two innovative approaches based on our model of identity to help evaluate and find an optimal set of PIIs that satisfy authentication purposes but minimize risk of exposure. Our model paves the way for more informed selection of PIIs by organizations that collect them as well as by users who offer PIIs to these organizations.