Biblio

As more and more information systems rely sen-sors for their critical decisions, there is a growing threat of injecting false signals to sensors in the analog domain. In particular, LightCommands showed that MEMS microphones are susceptible to light, through the photoacoustic and photoelectric effects, enabling an attacker to silently inject voice commands to smart speakers. Understanding such unexpected transduction mechanisms is essential for designing secure and reliable MEMS sensors. Is there any other transduction mechanism enabling laser-induced attacks? We positively answer the question by experimentally evaluating two commercial piezoresistive MEMS pressure sensors. By shining a laser light at the piezoresistors through an air hole on the sensor package, the pressure reading changes by ±1000 hPa with 0.5 mW laser power. This phenomenon can be explained by the photoelectric effect at the piezoresistors, which increases the number of carriers and decreases the resistance. We finally show that an attacker can induce the target signal at the sensor reading by shining an amplitude-modulated laser light.

Unsupervised cross-domain NER task aims to solve the issues when data in a new domain are fully-unlabeled. It leverages labeled data from source domain to predict entities in unlabeled target domain. Since training models on large domain corpus is time-consuming, in this paper, we consider an alternative way by introducing syntactic dependency structure. Such information is more accessible and can be shared between sentences from different domains. We propose a novel framework with dependency-aware GNN (DGNN) to learn these common structures from source domain and adapt them to target domain, alleviating the data scarcity issue and bridging the domain gap. Experimental results show that our method outperforms state-of-the-art methods.

Fully homomorphic encryption technologies allow you to operate on encrypted data without disclosing it, therefore they have a lot of potential for solving personal data storage and processing issues. Because of the increased interest in these technologies, various software tools and libraries that allow completely homomorphic encryption have emerged. However, because this subject of cryptography is still in its early stages, standards and recommendations for the usage of completely homomorphic encryption algorithms are still being developed. The paper presents the main areas of application of homomorphic encryption. The analysis of existing developments in the field of homomorphic encryption is carried out. The analysis showed that existing library implementations do not support the division and subtraction operation. The analysis revealed the need to develop a library of fully homomorphic encryption, which allows performing all mathematical operations on them (addition, difference, multiplication and division), as well as the relevance of developing its own implementation of a library of homomorphic encryption on integers. Then, implement the development of a fully homomorphic encryption library in C++ and on an ESP 32 microcontroller. The ability to perform four operations (addition, difference, multiplication and division) on encrypted data will expand the scope of application of homomorphic encryption. A method of homomorphic division and subtraction is proposed that allows performing the division and subtraction operation on homomorphically encrypted data. The level of security, the types of operations executed, the maximum length of operands, and the algorithm's running time are all described as a consequence of numerical experimentation with parameters.

Wireless-fidelity (Wi-Fi) and Bluetooth are examples of modern wireless communication technologies that employ radio waves as the primary channel for data transmission. but it ought to find alternatives over the limitation and interference in the radio frequency (RF) band. For viable alternatives, visible light communication (VLC) technology comes to play as Light Fidelity (Li-Fi) which uses visible light as a channel for delivering very high-speed communication in a Wi-Fi way. In terms of availability, bandwidth, security and efficiency, Li-Fi is superior than Wi-Fi. In this paper, we present a Li-Fi-based indoor communication system. prototype model has been proposed for single user scenario using visible light portion of electromagnetic spectrum. This system has been designed for audio data communication in between the users in transmitter and receiver sections. LED and photoresistor have been used as optical source and receiver respectively. The electro-acoustic transducer provides the required conversion of electrical-optical signal in both ways. This system might overcome problems like radio-frequency bandwidth scarcity However, its major problem is that it only works when it is pointed directly at the target.

With the development of Internet of Things (IoT) technology, the transaction behavior of IoT devices has gradually increased, which also brings the problem of transaction data security and transaction processing efficiency. As one of the research hotspots in the field of data security, blockchain technology has been widely applied in the maintenance of transaction records and the construction of financial payment systems. However, the proportion of microtransactions in the Internet of Things poses challenges to the coupling of blockchain and IoT devices. This paper proposes a three-party scalable architecture based on “IoT device-edge server-blockchain”. In view of the characteristics of micropayment, the verification mechanism of the execution results of the off-chain transaction is designed, and the bridge node is designed in the off-chain architecture, which ensures the finality of the blockchain to the transaction. According to system evaluation, this scalable architecture improves the processing efficiency of micropayments on blockchain, while ensuring its decentration equal to that of blockchain. Compared with other blockchain-based IoT device payment schemes, our architecture is more excellent in activity.

In this paper, we propose a new ordered statistics decoding (OSD) for linear block codes, which is referred to as local constraint-based OSD (LC-OSD). Distinguished from the conventional OSD, which chooses the most reliable basis (MRB) for re-encoding, the LC-OSD chooses an extended MRB on which local constraints are naturally imposed. A list of candidate codewords is then generated by performing a serial list Viterbi algorithm (SLVA) over the trellis specified with the local constraints. To terminate early the SLVA for complexity reduction, we present a simple criterion which monitors the ratio of the bound on the likelihood of the unexplored candidate codewords to the sum of the hard-decision vector’s likelihood and the up-to-date optimal candidate’s likelihood. Simulation results show that the LC-OSD can have a much less number of test patterns than that of the conventional OSD but cause negligible performance loss. Comparisons with other complexity-reduced OSDs are also conducted, showing the advantages of the LC-OSD in terms of complexity.

Internet speeds and technological advancements have made individuals increasingly concerned about their personal information being compromised by criminals. There have been a slew of new steganography and data concealment methods suggested in recent years. Steganography is the art of hiding information in plain sight (text, audio, image and video). Unauthorized users now have access to steganographic analysis software, which may be used to retrieve the carrier files valuable secret information. Unfortunately, because to their inefficiency and lack of security, certain steganography techniques are readily detectable by steganalytical detectors. We present a video steganography technique based on the linear block coding concept that is safe and secure. Data is protected using a binary graphic logo but also nine uncompressed video sequences as cover data and a secret message. It's possible to enhance the security by rearranging pixels randomly in both the cover movies and the hidden message. Once the secret message has been encoded using the Hamming algorithm (7, 4) before being embedded, the message is even more secure. The XOR function will be used to add the encoded message's result to a random set of values. Once the message has been sufficiently secured, it may be inserted into the video frames of the cover. In addition, each frame's embedding region is chosen at random so that the steganography scheme's resilience can be improved. In addition, our experiments have shown that the approach has a high embedding efficiency. The video quality of stego movies is quite close to the original, with a PSNR (Pick Signal to Noise Ratio) over 51 dB. Embedding a payload of up to 90 Kbits per frame is also permissible, as long as the quality of the stego video is not noticeably degraded.

In advanced metering infrastructure (AMI), the customers' power consumption data is considered private but needs to be revealed to data-driven attack detection frameworks. In this paper, we present a system for privacy-preserving anomaly-based data falsification attack detection over fully homomorphic encrypted (FHE) data, which enables computations required for the attack detection over encrypted individual customer smart meter's data. Specifically, we propose a homomorphic look-up table (LUT) based FHE approach that supports privacy preserving anomaly detection between the utility, customer, and multiple partied providing security services. In the LUTs, the data pairs of input and output values for each function required by the anomaly detection framework are stored to enable arbitrary arithmetic calculations over FHE. Furthermore, we adopt a private information retrieval (PIR) approach with FHE to enable approximate search with LUTs, which reduces the execution time of the attack detection service while protecting private information. Besides, we show that by adjusting the significant digits of inputs and outputs in our LUT, we can control the detection accuracy and execution time of the attack detection, even while using FHE. Our experiments confirmed that our proposed method is able to detect the injection of false power consumption in the range of 11–17 secs of execution time, depending on detection accuracy.

The discussion about forward error correction (FEC) used for 800G unamplified link (800LR) is ongoing. Aiming at two potential options for FEC bit error ratio (BER) threshold, we propose two FEC schemes, respectively based on channel-polarized (CP) multilevel coding (MLC) and bit interleaved coded modulation (BICM), with the same inner FEC code. The field-programmable gate array (FPGA) verification results indicate that with the same FEC overhead (OH), proposed CP-MLC outperforms BICM scheme with less resource and power consumption.

The correctness of user traffic forwarding paths is an important goal of trusted transmission. Many network security issues are related to it, i.e., denial-of-service attacks, route hijacking, etc. The current path-aware network architecture can effectively overcome this issue through path verification. At present, the main problems of path verification are high communication and high computation overhead. To this aim, this article proposes a lightweight real-time verification mechanism of intradomain forwarding paths in autonomous systems to achieve a path verification architecture with no communication overhead and low computing overhead. The problem situation is that a packet finally reaches the destination, but its forwarding path is inconsistent with the expected path. The expected path refers to the packet forwarding path determined by the interior gateway protocols. If the actual forwarding path is different from the expected one, it is regarded as an incorrect forwarding path. This article focuses on the most typical intradomain routing environment. A few routers are set as the verification routers to block the traffic with incorrect forwarding paths and raise alerts. Experiments prove that this article effectively solves the problem of path verification and the problem of high communication and computing overhead.

With the rapid development of artificial intelligence (AI), many companies are moving towards automating their services using automated conversational agents. Dialogue-based conversational recommender agents, in particular, have gained much attention recently. The successful development of such systems in the case of natural language input is conditioned by the ability to understand the users’ utterances. Predicting the users’ intents allows the system to adjust its dialogue strategy and gradually upgrade its preference profile. Nevertheless, little work has investigated this problem so far. This paper proposes an LSTM-based Neural Network model and compares its performance to seven baseline Machine Learning (ML) classifiers. Experiments on a new publicly available dataset revealed The superiority of the LSTM model with 95% Accuracy and 94% F1-score on the full dataset despite the relatively small dataset size (9300 messages and 17 intents) and label imbalance.

In the recent development of the online cryptocurrency mining platform, Coinhive, numerous websites have employed “Cryptojacking.” They may need the unauthorized use of CPU resources to mine cryptocurrency and replace advertising income. Web cryptojacking technologies are the most recent attack in information security. Security teams have suggested blocking Cryptojacking scripts by using a blacklist as a strategy. However, the updating procedure of the static blacklist has not been able to promptly safeguard consumers because of the sharp rise in “Cryptojacking kidnapping”. Therefore, we propose a Cryptojacking identification technique based on analyzing the user's computer resources to combat the assault technology known as “Cryptojacking kidnapping.” Machine learning techniques are used to monitor changes in computer resources such as CPU changes. The experiment results indicate that this method is more accurate than the blacklist system and, in contrast to the blacklist system, manually updates the blacklist regularly. The misuse of online Cryptojacking programs and the unlawful hijacking of users' machines for Cryptojacking are becoming worse. In the future, information security undoubtedly addresses the issue of how to prevent Cryptojacking and abduction. The result of this study helps to save individuals from unintentionally becoming miners.

Model compression is one of the most preferred techniques for efficiently deploying deep neural networks (DNNs) on resource- constrained Internet of Things (IoT) platforms. However, the simply compressed model is often vulnerable to adversarial attacks, leading to a conflict between robustness and efficiency, especially for IoT devices exposed to complex real-world scenarios. We, for the first time, address this problem by developing a novel framework dubbed Magical-Decomposition to simultaneously enhance both robustness and efficiency for hardware. By leveraging a hardware-friendly model compression method called singular value decomposition, the defending algorithm can be supported by most of the existing DNN hardware accelerators. To step further, by using a recently developed DNN interpretation tool, the underlying scheme of how the adversarial accuracy can be increased in the compressed model is highlighted clearly. Ablation studies and extensive experiments under various attacks/models/datasets consistently validate the effectiveness and scalability of the proposed framework.

Detection of malware and security attacks is a complex process that can vary in its details and analysis activities. As part of the detection process, malware scanners try to categorize a malware once it is detected under one of the known malware categories (e.g. worms, spywares, viruses, etc.). However, many studies and researches indicate problems with scanners categorizing or identifying a particular malware under more than one malware category. This paper, and several others, show that machine learning can be used for malware detection especially with ensemble base prediction methods. In this paper, we evaluated several custom-built ensemble models. We focused on multi-label malware classification as individual or classical classifiers showed low accuracy in such territory.This paper showed that recent machine models such as ensemble and deep learning can be used for malware detection with better performance in comparison with classical models. This is very critical in such a dynamic and yet important detection systems where challenges such as the detection of unknown or zero-day malware will continue to exist and evolve.

Requirement Elicitation is a key phase in software development. The fundamental goal of security requirement elicitation is to gather appropriate security needs and policies from stakeholders or organizations. The majority of systems fail due to incorrect elicitation procedures, affecting development time and cost. Security requirement elicitation is a major activity of requirement engineering that requires the attention of developers and other stakeholders. To produce quality requirements during software development, the authors suggested a methodology for effective requirement elicitation. Many challenges surround requirement engineering. These concerns can be connected to scope, preconceptions in requirements, etc. Other difficulties include user confusion over technological specifics, leading to confusing system aims. They also don't realize that the requirements are dynamic and prone to change. To protect the privacy of medical images, the proposed image cryptosystem uses a CCM-generated chaotic key series to confuse and diffuse them. A hexadecimal pre-processing technique is used to increase the security of color images utilising a hyper chaos-based image cryptosystem. Finally, a double-layered security system for biometric photos is built employing chaos and DNA cryptography.

This paper presents a MATLAB Graphical User Interface (GUI) based tool that determines the performance evaluation metrics of the physically unclonable functions (PUFs). The PUFs are hardware security primitives which can be utilized in several hardware security applications like integrated circuits protection, device authentication, secret key generation, and hardware obfuscation. Like any other technology approach, PUFs evaluation requires testing different performance metrics, each of which can be determined by at least one mathematical equation. The proposed tool (PUFs Tool) reads the PUF instances’ output and then computes and generates the values of the main PUFs’ performance metrics: uniqueness, reliability, uniformity, and bit-aliasing. In addition, it generates a bar code for each PUF instance considered in the evaluation process. The PUFs Tool is designed and developed using the app designer of MATLAB software 2021b.

The growing amount of data and advances in data science have created a need for a new kind of cloud platform that provides users with flexibility, strong security, and the ability to couple with supercomputers and edge devices through high-performance networks. We have built such a nation-wide cloud platform, called "mdx" to meet this need. The mdx platform's virtualization service, jointly operated by 9 national universities and 2 national research institutes in Japan, launched in 2021, and more features are in development. Currently mdx is used by researchers in a wide variety of domains, including materials informatics, geo-spatial information science, life science, astronomical science, economics, social science, and computer science. This paper provides an overview of the mdx platform, details the motivation for its development, reports its current status, and outlines its future plans.

The botnet-based network assault are one of the most serious security threats overlay the Internet this day. Although significant progress has been made in this region of research in recent years, it is still an ongoing and challenging topic to virtually direction the threat of botnets due to their continuous evolution, increasing complexity and stealth, and the difficulties in detection and defense caused by the limitations of network and system architectures. In this paper, we propose a novel and efficient botnet detection method, and the results of the detection method are validated with the CTU-13 dataset.

A new type of time modulated metamaterial (MTM) antenna array transmitter capable of realizing 2D directional modulation (DM) for physical layer (PHY) security is presented in this work. The proposed 2D DM MTM antenna array is formed by a time modulated corporate feed network loaded with composite right/left-handed (CRLH) leaky wave antennas (LWAs). By properly designing the on-off states of the switch for each antenna feeding branch as well as harnessing the frequency scanning characteristics of CRLH L WAs, 2D DM can be realized to form a PHY secured transmission link in the 2D space. Experimental results demonstrate the bit-error-rate (BER) is low only at a specific 2D angle for the orthogonal frequency-division multiplexing (OFDM) wireless data links.

Wireless security and privacy is gaining a significant interest due to the burgeoning growth of communication devices across the electromagnetic spectrum. In this article, we introduce the concept of the space-time modulated millimeter-wave wireless links enabling physical layer security in highspeed communication links. Such an approach does not require cryptographic key exchanges and enables security in a seamless fashion with no overhead on latency. We show both the design and implementation of such a secure system using custom integrated chips at 71-76 GHz with off-chip packaged antenna array. We also demonstrate the security metric of such a system and analyze the efficacy through distributed eavesdropper attack.

The expanding streaming culture of large amounts of data, as well as the requirement for faster and more reliable data transport systems, necessitates the development of innovative communication technologies such as Visible Light Communication (VLC). Nonetheless, incorporating VLC into next-generation networks is challenging due to technological restrictions such as air absorption, shadowing, and beam dispersion. One technique for addressing some of the challenges is to use the multiple input multiple output (MIMO) technique, which involves the simultaneous transmission of data from several sources, hence increasing data rate. In this work, the data transmission performance of the MIMO-VLC system is evaluated using a variety of factors such as distance from the source, data bit rate, and modulation method.

The security of embedded systems is particularly crucial given the prevalence of embedded devices in daily life, business, and national defense. Firmware for embedded systems poses a serious threat to the safety of society, business, and the nation because of its robust concealment, difficulty in detection, and extended maintenance cycle. This technology is now an essential part of the contemporary experience, be it in the smart office, smart restaurant, smart home, or even the smart traffic system. Despite the fact that these systems are often fairly effective, the rapid expansion of embedded systems in smart cities have led to inconsistencies and misalignments between secured and unsecured systems, necessitating the development of secure, hacker-proof embedded systems. To solve this issue, we created a sizable, original, and objective dataset that is based on the latest Linux vulnerabilities for identifying the embedded system vulnerabilities and we modified a cutting-edge machine learning model for the Linux Kernel. The paper provides an updated EVDD and analysis of an extensive dataset for embedded system based vulnerability detection and also an updated state of the art deep learning model for embedded system vulnerability detection. We kept our dataset available for all researchers for future experiments and implementation.

The marine and maritime domain is well represented in the Sustainable Development Goals (SDG) envisaged by the United Nations, which aim at conserving and using the oceans, seas and their resources for sustainable development. At the same time, there is a need for improved safety in navigation, especially in coastal areas. Up to date, there exist operational services based on advanced technologies, including remote sensing and in situ monitoring networks which provide aid to the navigation and control over the environment for its preservation. Yet, the possibilities offered by crowdsensing have not yet been fully explored. This paper addresses this issue by presenting an app based on a crowdsensing approach for improved safety and awareness at sea. The app can be integrated into more comprehensive systems and frameworks for environmental monitoring as envisaged in our future work.

The development of cloud apps enables people to exchange resources, goods, and expertise online with other clients. The material is more vulnerable to numerous security dangers from outsiders due to the fact that millions of users exchange data through the same system. How to maintain the security of this data is now the main concern. The current data protection system functions best when it places a greater priority on safeguarding data maintained in online storage than it does on cybersecurity during transportation. The data becomes open to intrusion attacks while being transferred. Additionally, the present craze states that an outside auditor may view data as it is being transmitted. Additionally, by allowing the hacker to assume a third-person identity while obtaining the information, this makes the data more susceptible to exploitation. The proposed system focuses on using encryption to safeguard information flow since cybersecurity is seen as a major issue. The approach also takes into account the fourth auditing issue, which is that under the recommended manner, the inspector is not allowed to see the user information. Tests have shown that the recommended technique improves security overall by making it harder for hackers to decode the supplied data.

A multi-designated receiver authentication code (MDRA-code) with information-theoretic security is proposed as an extension of the traditional multi-receiver authentication code. The purpose of the MDRA-code is to securely transmit a message via a broadcast channel from a single sender to an arbitrary subset of multiple receivers that have been designated by the sender, and only the receivers in the subset (i.e., not all receivers) should accept the message if an adversary is absent. This paper proposes a model and security formalization of MDRA-codes, and provides constructions of MDRA-codes.