Biblio

Globalization of IC manufacturing has led to increased security concerns, notably IP theft. Several logic locking techniques have been developed for protecting designs, but they typically display very large overhead, and are generally susceptible to deciphering attacks. In this paper, we propose latch-based logic locking, which manipulates both the flow of data and logic in the design. This method converts an interconnected subset of existing flip-flops to pairs of latches with programmable phase. In tandem, decoy latches and logic are added, inhibiting an attacker from determining the actual design functionality. To validate this technique, we developed and verified a locking insertion flow, analyzed PPA and ATPG overhead on benchmark circuits and industry cores, extended existing attacks to account for the technique, and taped out a demonstration chip. Importantly, we show that the design overhead with this approach is significantly less than with previous logic locking schemes, while resisting model checker-based, oracle-driven attacks. With minimal delay overhead, large numbers of decoy latches can be added, cheaply increasing attack resistance.

Peer review is a widely utilized pedagogical feedback mechanism for engaging students, which has been shown to improve educational outcomes. However, we find limited discussion and empirical measurement of peer review in visualization coursework. In addition to engagement, peer review provides direct and diverse feedback and reinforces recently-learned course concepts through critical evaluation of others’ work. In this paper, we discuss the construction and application of peer review in a computer science visualization course, including: projects that reuse code and visualizations in a feedback-guided, continual improvement process and a peer review rubric to reinforce key course concepts. To measure the effectiveness of the approach, we evaluate student projects, peer review text, and a post-course questionnaire from 3 semesters of mixed undergraduate and graduate courses. The results indicate that course concepts are reinforced with peer review—82% reported learning more because of peer review, and 75% of students recommended continuing it. Finally, we provide a road-map for adapting peer review to other visualization courses to produce more highly engaged students.

With the gradual advancement of smart city construction, various information systems have been widely used in smart cities. In order to obtain huge economic benefits, criminals frequently invade the information system, which leads to the increase of malware. Malware attacks not only seriously infringe on the legitimate rights and interests of users, but also cause huge economic losses. Signature-based malware detection algorithms can only detect known malware, and are susceptible to evasion techniques such as binary obfuscation. Behavior-based malware detection methods can solve this problem well. Although there are some malware behavior analysis works, they may ignore semantic information in the malware API call sequence. In this paper, we design a joint framework based on local and global features for malware detection to solve the problem of network security of smart cities, called LGMal, which combines the stacked convolutional neural network and graph convolutional networks. Specially, the stacked convolutional neural network is used to learn API call sequence information to capture local semantic features and the graph convolutional networks is used to learn API call semantic graph structure information to capture global semantic features. Experiments on Alibaba Cloud Security Malware Detection datasets show that the joint framework gets better results. The experimental results show that the precision is 87.76%, the recall is 88.08%, and the F1-measure is 87.79%. We hope this paper can provide a useful way for malware detection and protect the network security of smart city.

Secure wireless communication is essential for most industrial applications. The secure and reliable control of processes as well as the data integrity of measured values are key targets in these applications. The industrial Internet-of-Things (IIoT) tries to connect an increasing number of sensors wirelessly. The wireless sensors form wireless sensor networks (WSNs). However, wireless sensor nodes are exposed to various security threats ranging from physical modification on the device itself to remote attacks via the communication channel. It is important to secure the complete lifetime of the wireless sensor nodes and other system components. This includes the production phase, shipping, preparation phase and operational phase. This paper presents a lifetime security concept for a wireless sensor network applied in automotive test beds. In this application scenario, the wireless sensor nodes are used to capture various temperatures in an automotive unit under test. In order to indicate the current state of trustworthiness of the system, a trustworthiness indicator is implemented which is shown to the user. An evaluation of the impact of encrypted communication on power consumption shows that the increase is negligible, and can be expected to be provided by the wireless sensor node's power supply without reducing the node lifetime.

Due to the reciprocity of wireless channels, the communication parties can directly extract the shared key from channel. This solution were verified through several schemes. However, in real situations, channel sampling of legitimate transceivers might be impacted by noises and other interferences, which makes the channel states obtained by initiator and responder might be obvious different. The efficiency and even availability of physical layer key generation are thus reduced. In this paper, we propose a lightweight and efficient physical layer key generation scheme, which extract shared secret keys from channel state information (CSI). To improve the key generation process, the discrete cosine transform (DCT) is employed to reduce differences of channel states of legitimate transceivers. Then, these outputs are quantified and encoded through multi-bit adaptive quantization(MAQ) quantizer and gray code to generate binary bit sequence, which can greatly reduce the bit error rate. Moreover, the low density parity check (LDPC) code and universal hashing functions are used to achieve information reconciliation and privacy amplifification. By adding preprocessing methods in the key generation process and using the rich information of CSI, the security of communications can be increased on the basis of improving the key generation rate. To evaluate this scheme, a number of experiments in various real environments are conducted. The experimental results show that the proposed scheme can effificiently generate shared secret keys for nodes and protect their communication.

System-on-Chip (SoC) supply chain is widely acknowledged as a major source of security vulnerabilities. Potentially malicious third-party IPs integrated on the same Network-on-Chip (NoC) with the trusted components can lead to security and trust concerns. While secure communication is a well studied problem in computer networks domain, it is not feasible to implement those solutions on resource-constrained SoCs. In this paper, we present a lightweight anonymous routing protocol for communication between IP cores in NoC based SoCs. Our method eliminates the major overhead associated with traditional anonymous routing protocols while ensuring that the desired security goals are met. Experimental results demonstrate that existing security solutions on NoC can introduce significant (1.5X) performance degradation, whereas our approach provides the same security features with minor (4%) impact on performance.

The appearance of distributed learning allows multiple participants to collaboratively train a global model, where instead of directly releasing their private training data with the server, participants iteratively share their local model updates (parameters) with the server. However, recent attacks demonstrate that sharing local model updates is not sufficient to provide reasonable privacy guarantees, as local model updates may result in significant privacy leakage about local training data of participants. To address this issue, in this paper, we present an alternative approach that combines distributed differential privacy (DDP) with a three-layer encryption protocol to achieve a better privacy-utility tradeoff than the existing DP-based approaches. An unbiased encoding algorithm is proposed to cope with floating-point values, while largely reducing mean squared error due to rounding. Our approach dispenses with the need for any trusted server, and enables each party to add less noise to achieve the same privacy and similar utility guarantees as that of the centralized differential privacy. Preliminary analysis and performance evaluation confirm the effectiveness of our approach, which achieves significantly higher accuracy than that of local differential privacy approach, and comparable accuracy to the centralized differential privacy approach.

Internet of things (IoT) mainly depends on clouds to process and store their data. Clouds cannot handle the volume and velocity of data generated by IoT. IoT is delay-sensitive and resources limited. Fog computing proposed endorsing the internet of things (IoT) demands. Fog computing extends the cloud computing service to the edge of the network. Fog utilization reduces response time and network overhead while maintaining security aspects. isolation and operating system (OS) dependency achieved by using virtualization. Blockchain proposed to solve the security and privacy of fog computing. Blockchain is a decentralized, immutable ledger. fog computing with blockchain proposed as an IoT infrastructure. Fog computing adopted with lightweight blockchain in this proposed work. This adaptation endorses the IoT demands for low response time with limited resources. This paper explores system applicability. Varies from other papers that focus on one factor such as privacy or security-applicability of the proposed model achieved by concentration different IoT needs and limits. Response time and ram usage with 1000 transactions did not encroach 100s and 300MiB in the proposed model.

Underwater Wireless Sensor Networks (UWSNs) are liable to malicious attacks due to limited bandwidth, limited power, high propagation delay, path loss, and variable speed. The major differences between UWSNs and Terrestrial Wireless Sensor Networks (TWSNs) necessitate a new mechanism to secure UWSNs. The existing Media Access Control (MAC) and routing protocols have addressed the network performance of UWSNs, but are vulnerable to several attacks. The secure MAC and routing protocols must exist to detect Sybil, Blackhole, Wormhole, Hello Flooding, Acknowledgment Spoofing, Selective Forwarding, Sinkhole, and Exhaustion attacks. These attacks can disrupt or disable the network connection. Hence, these attacks can degrade the network performance and total loss can be catastrophic in some applications, like monitoring oil/gas spills. Several researchers have studied the security of UWSNs, but most of the works detect malicious attacks solely based on a certain predefined threshold. It is not optimal to detect malicious attacks after the threshold value is met. In this paper, we propose a multi-factor authentication model that is based on zero-knowledge proof to detect malicious activities and secure UWSNs from several attacks.

Named Data Networking (NDN) is a new kind of architecture for future Internet, which is exactly satisfied with the rapidly increasing mobile requirement and information-depended applications that dominate today's Internet. However, the current verification-data accessed system is not safe enough to prevent data leakage because no strongly method to resist any device or user to access it. We bring up a lightweight verification based on hash functions and a fine-grained access control based on Schnorr Signature to address the issue seamlessly. The proposed scheme is scalable and protect data confidentiality in a NDN network.

Increasing deep neural networks are applied in solving graph evolved tasks, such as node classification and link prediction. However, the vulnerability of deep models can be revealed using carefully crafted adversarial examples generated by various adversarial attack methods. To explore this security problem, we define the link prediction adversarial attack problem and put forward a novel iterative gradient attack (IGA) strategy using the gradient information in the trained graph autoencoder (GAE) model. Not surprisingly, GAE can be fooled by an adversarial graph with a few links perturbed on the clean one. The results on comprehensive experiments of different real-world graphs indicate that most deep models and even the state-of-the-art link prediction algorithms cannot escape the adversarial attack, such as GAE. We can benefit the attack as an efficient privacy protection tool from the link prediction of unknown violations. On the other hand, the adversarial attack is a robust evaluation metric for current link prediction algorithms of their defensibility.

This paper investigated the sliding mode load frequency control (LFC) for an multi-area power system (MPS) under deception attacks (DA). A Luenberger observer is designed to obtain the state estimate of MPS. By using the Lyapunov-Krasovskii method, a sliding mode surface (SMS) is designed to ensure the stability. Then the accessibility analysis ensures that the trajectory of the MPS can reach the specified SMS. Finally, the serviceability of the method is explained by providing a case study.

The recommender system is an important application in big data analytics because accurate recommendation items or high-valued suggestions can bring high profit to both commercial companies and customers. To make precise recommendations, a recommender system often needs large and fine-grained data for training. In the current big data era, data often exist in the form of isolated islands, and it is difficult to integrate the data scattered due to privacy security concerns. Moreover, privacy laws and regulations make it harder to share data. Therefore, designing a privacy-preserving recommender system is of paramount importance. Existing privacy-preserving recommender system models mainly adapt cryptography approaches to achieve privacy preservation. However, cryptography approaches have heavy overhead when performing encryption and decryption operations and they lack a good level of flexibility. In this paper, we propose a Locality Sensitive Hashing (LSH) based approach for federated recommender system. Our proposed efficient and scalable federated recommender system can make full use of multiple source data from different data owners while guaranteeing preservation of privacy of contributing parties. Extensive experiments on real-world benchmark datasets show that our approach can achieve both high time efficiency and accuracy under small privacy budgets.

Mobile edge computing (MEC), an emerging technology, has the characteristics of low latency, mobile energy savings, and context-awareness. As a type of access network, wireless mesh network (WMN) has gained wide attention due to its flexible network architecture, low deployment cost, and self-organization. The combination of MEC and WMN can solve the shortcomings of traditional wireless communication such as storage capacity, privacy, and security. In this paper, we propose a location-aware (LA) algorithm to cognize the location and a location-aware offloading policy (LAOP) algorithm considering the energy consumption and time delay. Simulation results show that the proposed LAOP algorithm can obtain a higher completion rate and lower average processing delay compared with the other two methods.

The recent advancement in the automotive sector has led to a technological explosion. As a result, the modern car provides a wide range of features supported by state of the art hardware and software. Unfortunately, while this is the case of most major components, in the same vehicle we find dozens of sensors and sub-systems built over legacy hardware and software with limited computational capabilities. This paper presents LOKI, a lightweight cryptographic key distribution scheme applicable in the case of the classical invehicle communication systems. The LOKI protocol stands out compared to already proposed protocols in the literature due to its ability to use only a single broadcast message to initiate the generation of a new cryptographic key across a group of nodes. It's lightweight key derivation algorithm takes advantage of a reverse hash chain traversal algorithm to generate fresh session keys. Experimental results consisting of a laboratory-scale system based on Vector Informatik's CANoe simulation environment demonstrate the effectiveness of the developed methodology and its seamless impact manifested on the network.

This paper investigates the use of BeagleBone Black Wireless single-board Linux computers with Long Range (LoRa) transceivers to send and receive information in a mesh network while one of the transmitting/receiving nodes is acting as a relay in the system. An experiment is conducted to examine how long each LoRa node needed to learn the transmission intervals of any other transmitting nodes on the network and to synchronize with the other nodes prior to transmission. The spread factor, bandwidth, and coding rate are all varied for a total of 18 different combinations. A link to the Python code used on the BeagleBone Black is provided at the end of this paper. The best parameter combinations for each individual node and for the system as a whole is investigated. Additional experiments and applications of this technology are explored in the conclusions.

Negative curvature hollow core fibers (NC-HCFs) realize great research attention due to their comparatively low losses with simplified design and fabrication simplicity. Recently, revolver type fibers that combine the NC-HCF and conventional lattice structured photonic crystal fiber (PCF) have opened up a new era in communications due to their low loss, power confinement capacity, and multi-bandwidth applications. In this study, we present a customized optical fiber design that comprises the PCF with the NC-HCF to get lowest confinement loss. Extensive numerical simulations are performed and a noteworthy low loss of 4.47×10-05dB/m at a wavelength of 0.85 μm has been recorded for the designed fiber, which is almost 4600 times lower than annular revolver type fibers. In addition, a conspicuous low loss transmission bandwidth ranging from 0.6 μm to 1.8 μm has found in this study. This may have potential applications in spectroscopy, material processing, chemical and bio-molecular sensing, security, and industry applications.

The continuous change of communication frequency brings difficulties to the reconnaissance and prediction of non-cooperative communication. The core of this communication process is the frequency-hopping (FH) sequence with pseudo-random characteristics, which controls carrier frequency hopping. However, FH sequence is always generated by a certain model and is a kind of time sequence with certain regularity. Long Short-Term Memory (LSTM) neural network in deep learning has been proved to have strong ability to solve time series problems. Therefore, in this paper, we establish LSTM model to implement FH sequence prediction. The simulation results show that LSTM-based scheme can effectively predict frequency point by point based on historical HF frequency data. Further, we achieve frequency interval prediction based on frequency point prediction.

Legacy and novel network services are expected to be migrated and designed to be deployed in fully virtualized environments. Starting with 5G, NFV becomes a formally required brick in the specifications, for services integrated within the infrastructure provider networks. This evolution leads to deployment of virtual resources Virtual-Machine (VM)-based, container-based and/or server-less platforms, all calling for a deep virtualization of infrastructure components. Such a network softwarization also unleashes further logical network virtualization, easing multi-layered, multi-actor and multi-access services, so as to be able to fulfill high availability, security, privacy and resilience requirements. However, the derived increased components heterogeneity makes the detection and the characterization of anomalies difficult, hence the relationship between anomaly detection and corresponding reconfiguration of the NFV stack to mitigate anomalies. In this article we propose an unsupervised machine-learning data-driven approach based on Long-Short- Term-Memory (LSTM) autoencoders to detect and characterize anomalies in virtualized networking services. With a radiography visualization, this approach can spot and describe deviations from nominal parameter values of any virtualized network service by means of a lightweight and iterative mean-squared reconstruction error analysis of LSTM-based autoencoders. We implement and validate the proposed methodology through experimental tests on a vIMS proof-of-concept deployed using Kubernetes.

Recommender system helps people in decision making by asking their preferences about various items and recommends other items that have not been rated yet and are similar to their taste. A traditional recommendation system aims at generating a set of recommendations based on inter-user similarity that will satisfy the target user. Positive preferences as well as negative preferences of the users are taken into account so as to find strongly related users. Weighted entropy is usedz as a similarity measure to determine the similar taste users. The target user is asked to fill in the ratings so as to identify the closely related users from the knowledge base and top N recommendations are produced accordingly. Results show a considerable amount of improvement in accuracy after using weighted entropy and opposite preferences as a similarity measure.

Security vulnerabilities in firmware/software pose an important threat ton power grid security, and thus electric utility companies should quickly decide how to remediate vulnerabilities after they are discovered. Making remediation decisions is a challenging task in the electric industry due to the many factors to consider, the balance to maintain between patching and service reliability, and the large amount of vulnerabilities to deal with. Unfortunately, remediation decisions are current manually made which take a long time. This increases security risks and incurs high cost of vulnerability management. In this paper, we propose a machine learning-based automation framework to automate remediation decision analysis for electric utilities. We apply it to an electric utility and conduct extensive experiments over two real operation datasets obtained from the utility. Results show the high effectiveness of the solution.

Due to centralized control and programmable capability of the SDN architecture, network administrators can easily manage and control the whole network through the centralized controller. According to the SDN architecture, the SDN controller is vulnerable to distributed denial of service (DDOS) attacks. Thus, a failure of SDN controller is a major leak for security concern. The objectives of paper is therefore to detect the DDOS attacks and classify the normal or attack traffic in SDN network using machine learning algorithms. In this proposed system, polynomial SVM is applied to compare to existing linear SVM by using scapy, which is packet generation tool and RYU SDN controller. According to the experimental result, polynomial SVM achieves 3% better accuracy and 34% lower false alarm rate compared to Linear SVM.

Multi-factor authentication (MFA) systems are being deployed for user authentication in online and personal device systems, whereas physical spaces mostly rely on single-factor authentication; examples are entering offices and homes, airport security, and classroom attendance. The Internet of Things (IoT) growth and market interest has created a diverse set of low-cost and flexible sensors and actuators that can be used for MFA. However, combining multiple authentication factors in a physical space adds several challenges, such as complex deployment, reduced usability, and increased energy consumption. We introduce MAFIA (Multi-layered Architecture For IoT-based Authentication), a novel architecture for co-located user authentication composed of multiple IoT devices. In MAFIA, we improve the security of physical spaces while considering usability, privacy, energy consumption, and deployment complexity. MAFIA is composed of three layers that define specific purposes for devices, guiding developers in the authentication design while providing a clear understanding of the trade-offs for different configurations. We describe a case study for an Automated Classroom Attendance System, where we evaluated three distinct types of authentication setups and showed that the most secure setup had a greater usability penalty, while the other two setups had similar attributes in terms of security, privacy, complexity, and usability but varied highly in their energy consumption.

Reliable communication over the wireless network with high throughput is a major target for the next generation communication technologies. Network coding can significantly improve the throughput efficiency of the network in a cooperative environment. The small cell technology and device to device communication make network coding an ideal candidate for improved performance in the fifth generation of communication networks. However, the security concerns associated with network coding needs to be addressed before any practical implementations. Pollution attacks are considered one of the most threatening attacks in the network coding environment. Although there are different integrity schemes to detect polluted packets, identifying the exact adversary in a network coding environment is a less addressed challenge. This paper proposes a scheme for identifying and locating adversaries in a dense, network coding enabled environment of mobile nodes. It also discusses a non-repudiation protocol that will prevent adversaries from deceiving the network.

In this era, where the volume and diversity of malware is rising exponentially, new techniques need to be employed for faster and accurate identification of the malwares. Manual heuristic inspection of malware analysis are neither effective in detecting new malware, nor efficient as they fail to keep up with the high spreading rate of malware. Machine learning approaches have therefore gained momentum. They have been used to automate static and dynamic analysis investigation where malware having similar behavior are clustered together, and based on the proximity unknown malwares get classified to their respective families. Although many such research efforts have been conducted where data-mining and machine-learning techniques have been applied, in this paper we show how the accuracy can further be improved using deep learning networks. As deep learning offers superior classification by constructing neural networks with a higher number of potentially diverse layers it leads to improvement in automatic detection and classification of the malware variants.In this research, we present a framework which extracts various feature-sets such as system calls, operational codes, sections, and byte codes from the malware files. In the experimental and result section, we compare the accuracy obtained from each of these features and demonstrate that feature vector for system calls yields the highest accuracy. The paper concludes by showing how deep learning approach performs better than the traditional shallow machine learning approaches.