Biblio

A frequency domain (FD) time-reversal (TR) pre-coder is proposed to perform physical layer security (PLS) in single-input single-output (SISO) system using orthogonal frequency-division multiplexing (OFDM). To maximize the secrecy of the communication, the design of an artificial noise (AN) signal well-suited to the proposed FD TR-based OFDM SISO system is derived. This new scheme guarantees the secrecy of a communication toward a legitimate user when the channel state information (CSI) of a potential eavesdropper is not known. In particular, we derive an AN signal that does not corrupt the data transmission to the legitimate receiver but degrades the decoding performance of the eavesdropper. A closed-form approximation of the AN energy to inject is defined in order to maximize the secrecy rate (SR) of the communication. Simulation results are presented to demonstrate the security performance of the proposed secure FD TR SISO OFDM system.

Over the last few decades, and thanks to the advancement of embedded systems and wireless technologies, the wireless sensors network (WSN) are increasingly used in many fields. Many researches are being done on the use of WSN in Wireless body Area Network (WBAN) systems to facilitate and improve the quality of care and remote patient monitoring.The broadcast nature of wireless communications makes it difficult to hide transmitted signals from unauthorized users. To this end, Physical layer security is emerging as a promising paradigm to protect wireless communications against eavesdropping attacks. The primary contribution of this paper is achieving a minimum secrecy outage probability by using the jamming technique which can be used by the legitimate communication partner to increase the noise level of the eavesdropper and ensure higher secure communication rate. We also evaluate the effect of additional jammers on the security of the WBAN system.

Optical wireless communications (OWC) and its potential to solve physical layer security (PLS) issues are becoming important research areas in 6G communications systems. In this paper, an overview of PLS in visible light communications (VLC), is presented. Then, two new PLS techniques based on generalized space shift keying (GSSK) modulation with spatial constellation design (SCD) and non-orthogonal multiple access (NOMA) cooperative relaying are introduced. In the first technique, the PLS of the system is enhanced by the appropriate selection of a precoding matrix for randomly activated light emitting diodes (LEDs). With the aid of a legitimate user's (Bob's) channel state information (CSI) at the transmitter (CSIT), the bit error ratio (BER) of Bob is minimized while the BER performance of the potential eavesdroppers (Eves) is significantly degraded. In the second technique, superposition coding with uniform signaling is used at the transmitter and relays. The design of secure beamforming vectors at the relay nodes along with NOMA techniques is used to enhance PLS in a VLC system. Insights gained from the improved security levels of the proposed techniques are used to discuss how PLS can be further improved in future generation communication systems by using VLC.

This paper studies physical-layer security over slow fading channels, considering the impact of finite-blocklength secrecy coding. A comprehensive analysis and optimization framework is established to investigate the secrecy throughput (ST) of a legitimate user pair coexisting with an eavesdropper. Specifically, we devise both adaptive and non-adaptive optimization schemes to maximize the ST, where we derive optimal parameters including the transmission policy, blocklength, and code rates based on the instantaneous and statistical channel state information of the legitimate pair, respectively. Various important insights are provided. In particular, 1) increasing blocklength improves both reliability and secrecy with our transmission policy; 2) ST monotonically increases with blocklength; 3) ST initially increases and then decreases with secrecy rate, and there exists a critical secrecy rate that maximizes the ST. Numerical results are presented to verify theoretical findings.

The ever-growing advances in science and technology have led to a rapid increase in the complexity of most engineered systems. Cyber-physical Systems (CPSs) are the result of this technology advancement that involves new paradigms, architectures and functionalities derived from different engineering domains. Due to the nature of CPSs, which are composed of many heterogeneous components that constantly interact one another and with the environment, it is difficult to study, explain hypothesis and evaluate design alternatives without using Modeling and Simulation (M&S) approaches. M&S is increasingly used in the CPS domain with different objectives; however, its adoption is not easy and straightforward but can lead to pitfalls that need to be recognized and addressed. This paper identifies some important pitfalls deriving from the application of M&S approaches to the CPS study and presents remedies, which are already available in the literature, to prevent and face them.

In this paper, a planning method of transportation-power coupled system based on road expansion model is proposed. First of all, based on the Wardrop equilibrium state, the traffic flow is distributed, to build the road expansion model and complete the traffic network modeling. It is assumed that the road charging demand is directly proportional to the road traffic flow, and the charging facilities will cause a certain degree of congestion on the road. This mutual influence relationship to establish a coupling system of transportation network and power network is used for the planning. In the planning method, the decision variables include the location of charging facilities, the setting of energy storage systems and the road expansion scheme. The planning goal is to minimize the investment cost and operation cost. The CPLEX solver is used to solve the mixed integer nonlinear programming problem. Finally, the simulation analysis is carried out to verify the validity and feasibility of the planning method, which can comprehensively consider the road expansion cost and travel time cost, taking a coupled system of 5-node traffic system and IEEE14 node distribution network as example.

Recently, deep neural network technology has been developed and used in various fields. The image recognition model can be used for automatic safety checks at the electric factory. However, as the deep neural network develops, the importance of security increases. A poisoning attack is one of security problems. It is an attack that breaks down by entering malicious data into the training data set of the model. This paper generates adversarial data that modulates feature values to different targets by manipulating less RGB values. Then, poisoning attacks in one of the image recognition models, the show and tell model. Then use autoencoder to defend adversarial data.

Intrusion Detection systems are important tools in preventing malicious traffic from penetrating into networks and systems. Recently, Intrusion Detection Systems are rapidly enhancing their detection capabilities using machine learning algorithms. However, these algorithms are vulnerable to new unknown types of attacks that can evade machine learning IDS. In particular, they may be vulnerable to attacks based on Generative Adversarial Networks (GAN). GANs have been widely used in domains such as image processing, natural language processing to generate adversarial data of different types such as graphics, videos, texts, etc. We propose a model using GAN to generate adversarial DDoS attacks that can change the attack profile and can be undetected. Our simulation results indicate that by continuous changing of attack profile, defensive systems that use incremental learning will still be vulnerable to new attacks.

Today's blockchain designs suffer from a trilemma claiming that no blockchain system can simultaneously achieve decentralization, security, and performance scalability. For current blockchain systems, as more nodes join the network, the efficiency of the system (computation, communication, and storage) stays constant at best. A leading idea for enabling blockchains to scale efficiency is the notion of sharding: different subsets of nodes handle different portions of the blockchain, thereby reducing the load for each individual node. However, existing sharding proposals achieve efficiency scaling by compromising on trust - corrupting the nodes in a given shard will lead to the permanent loss of the corresponding portion of data. In this paper, we settle the trilemma by demonstrating a new protocol for coded storage and computation in blockchains. In particular, we propose PolyShard: "polynomially coded sharding" scheme that achieves information-theoretic upper bounds on the efficiency of the storage, system throughput, as well as on trust, thus enabling a truly scalable system.

With the wild applications of machine learning (ML) technology, automatic speech recognition (ASR) has made great progress in recent years. Despite its great potential, there are various evasion attacks of ML-based ASR, which could affect the security of applications built upon ASR. Up to now, most studies focus on white-box attacks in ASR, and there is almost no attention paid to black-box attacks where attackers can only query the target model to get output labels rather than probability vectors in audio domain. In this paper, we propose an evasion attack against ASR in the above-mentioned situation, which is more feasible in realistic scenarios. Specifically, we first train a substitute model by using data augmentation, which ensures that we have enough samples to train with a small number of times to query the target model. Then, based on the substitute model, we apply Differential Evolution (DE) algorithm to craft adversarial examples and implement black-box attack against ASR models from the Speech Commands dataset. Extensive experiments are conducted, and the results illustrate that our approach achieves untargeted attacks with over 70% success rate while still maintaining the authenticity of the original data well.

In the 2010s, there has been significant interest in developing methods, such as searchable encryption for exact matching and order-preserving/-revealing encryption for range search, to perform search on encrypted data. However, the symmetric searchable encryption method has been steadily used not only in databases but also in full-text search engine because of its quick performance and high security against intruders and system administrators. Contrarily, order-preserving/-revealing encryption is rarely employed in practice: almost all related schemes suffer from inference attacks, and some schemes are secure but impractical because they require exponential storage size or communication complexity. In this study, we define the new security models based on order-revealing encryption (ORE) for performing range search, and explain that previous techniques are not satisfied with our weak security model. We present two generic constructions of ORE using the searchable encryption method. Our constructions offer practical performance such as the storage size of O(nb) and computation complexity of O(n2), where the plaintext space is a set of n-bit binaries and b denotes the block size of the ciphertext generated via searchable encryption. The first construction gives the comparison result to the server, and the security considers a weak security model. The second construction hides the comparison result from the server, and only the secret-key owner can recover it.

Existing consumer devices represent the most pervasive computational platform available, but their inherently decentralized nature poses significant challenges for distributed computing adoption. In particular, device owners must willingly cooperate in collective deployments even while others may intentionally work to maliciously disrupt that cooperation. Public, cooperative systems benefit from low barriers to entry improving scalability and adoption, but simultaneously increase risk exposure to adversarial threats via promiscuous participant adoption. In this work, I aim to facilitate widespread adoption of cooperative systems by discussing the unique security and operational challenges of these systems, and highlighting several novel approaches that mitigate these disadvantages.

Emerging trends that are shaping the future of the automotive industry include electrification, autonomous driving, sharing, and connectivity, and these trends keep changing annually. Thus, the automotive industry is shifting from mechanical devices to electronic control devices, and is not moving to Internet of Things devices connected to 5G networks. Owing to the convergence of automobile-information and communication technology (ICT), the safety and convenience features of automobiles have improved significantly. However, cyberattacks that occur in the existing ICT environment and can occur in the upcoming 5G network are being replicated in the automobile environment. In a hyper-connected society where 5G networks are commercially available, automotive security is extremely important, as vehicles become the center of vehicle to everything (V2X) communication connected to everything around them. Designing, developing, and deploying information security techniques for vehicles require a systematic security-risk-assessment and management process throughout the vehicle's lifecycle. To do this, a security risk analysis (SRA) must be performed, which requires an analysis of cyber threats on automotive vehicles. In this study, we introduce a cyber kill chain-based cyberattack analysis method to create a formal vulnerability-analysis system. We can also analyze car-hacking studies that were conducted on real cars to identify the characteristics of the attack stages of existing car-hacking techniques and propose the minimum but essential measures for defense. Finally, we propose an automotive common-vulnerabilities-and-exposure system to manage and share evolving vehicle-related cyberattacks, threats, and vulnerabilities.

In this paper, we propose a power allocation scheme in order to improve both secure and reliable performance in the wireless two-hop threshold-selection decode-and-forward (DF) relaying networks, which is so crucial to set a threshold value related the signal-to-noise ratio (SNR) of the source signal at relay nodes for perfect decoding. We adapt the maximal-ratio combining (MRC) receiving SNR from the direct and relaying paths both at the destination and at the eavesdropper. Particularly worth mentioning is that the closed expression form of outage probability and intercept probability is driven, which can quantify the security and reliability, respectively. We also make endeavors to utilize a metric to tradeoff the security and the reliability (SRT) and find out the relevance between them in the balanced case. But beyond that, in the pursuit of tradeoff performance, power allocation tends to depend on the threshold value. In other words, it provides a new method optimizing total power to the source and the relay by the threshold value. The results are obtained from analysis, confirmed by simulation, and predicted by artificial neural networks (ANNs), which is trained with back propagation (BP) algorithm, and thus the feasibility of the proposed method is verified.

The Edward Snowden data breach of 2013 clearly illustrates the damage that insiders can do to an organization. An insider's knowledge of an organization allows them legitimate access to the systems where valuable information is stored. Because they belong within an organizations security perimeter, an insider is inherently difficult to detect and prevent information leakage. To counter this, proactive measures must be deployed to limit the ability of an insider to steal information. Email monitoring at the edge is can easily be monitored for large file exaltation. However, USB drives are ideally suited for large-scale file extraction in a covert manner. This work discusses a process for disabling write-access to USB drives while allowing read-access. Allowing read-access for USB drives allows an organization to adapt to the changing security posture of the organization. People can still bring USB devices into the organization and read data from them, but exfiltration is more difficult.

In this New Age where information has an indispensable value for companies and data mining technologies are growing in the area of Information Technology, privacy remains a sensitive issue in the approach to the exploitation of the large volume of data generated and processed by companies. The way data is collected, handled and destined is not yet clearly defined and has been the subject of constant debate by several areas of activity. This literature review gives an overview of privacy in the era of Business Analytics and Big Data in different timelines, the opportunities and challenges faced, aiming to broaden discussions on a subject that deserves extreme attention and aims to show that, despite measures for data protection have been created, there is still a need to discuss the subject among the different parties involved in the process to achieve a positive ideal for both users and companies.

Smart Meters (SM) are IoT end devices used to collect user utility consumption with limited processing power on the edge of the smart grid (SG). While SMs have great applications in providing data analysis to the utility provider and consumers, private user information can be inferred from SMs readings. For preserving user privacy, a number of methods were developed that use perturbation by adding noise to alter user load and hide consumer data. Most methods limit the amount of perturbation noise using differential privacy to preserve the benefits of data analysis. However, additive noise perturbation may have an undesirable effect on billing. Additionally, users may desire to select complete privacy without giving consent to having their data analyzed. We present a virtual battery model that uses perturbation with additive noise obtained from a virtual chargeable battery. The level of noise can be set to make user data differentially private preserving statistics or break differential privacy discarding the benefits of data analysis for more privacy. Our model uses fog aggregation with authentication and encryption that employs lightweight cryptographic primitives. We use Diffie-Hellman key exchange for symmetrical encryption of transferred data and a two-way challenge-response method for authentication.

To protect data in cloud servers, fully homomorphic encryption (FHE) is an effective solution. In addition to encrypting data, FHE allows a third party to evaluate arithmetic circuits (i.e., computations) over encrypted data without decrypting it, guaranteeing protection even during the calculation. However, FHE supports only addition and multiplication. Functions that cannot be directly represented by additions or multiplications cannot be evaluated with FHE. A naïve implementation of such arithmetic operations with FHE is a bit-wise operation that encrypts numerical data as a binary string. This incurs huge computation time and storage costs, however. To overcome this limitation, we propose an efficient protocol to evaluate multi-input functions with FHE using a lookup table. We extend our previous work, which evaluates a single-integer input function, such as f(x). Our extended protocol can handle multi-input functions, such as f(x,y). Thus, we propose a new method of constructing lookup tables that can evaluate multi-input functions to handle general functions. We adopt integer encoding rather than bit-wise encoding to speed up the evaluations. By adopting both permutation operations and a private information retrieval scheme, we guarantee that no information from the underlying plaintext is leaked between two parties: a cloud computation server and a decryptor. Our experimental results show that the runtime of our protocol for a two-input function is approximately 13 minutes, when there are 8,192 input elements in the lookup table. By adopting a multi-threading technique, the runtime can be further reduced to approximately three minutes with eight threads. Our work is more practical than a previously proposed bit-wise implementation, which requires 60 minutes to evaluate a single-input function.

In recent days the attention of the researchers has been grabbed by the advent of fog computing which is found to be a conservatory of cloud computing. The fog computing is found to be more advantageous and it solves mighty issues of the cloud namely higher delay and also no proper mobility awareness and location related awareness are found in the cloud environment. The IoT devices are connected to the fog nodes which support the cloud services to accumulate and process a component of data. The presence of Fog nodes not only reduces the demands of processing data, but it had improved the quality of service in real time scenarios. Nevertheless the fog node endures from challenges of false data injection, privacy violation in IoT devices and violating integrity of data. This paper is going to address the key issues related to homomorphic encryption algorithms which is used by various researchers for providing data integrity and authenticity of the devices with their merits and demerits.

Many organizations are still reluctant to move sensitive data to the cloud. Moreover, data protection regulations have established considerable punishments for violations of privacy and security requirements. Privacy, however, is a concept that is difficult to measure and to demonstrate. While many privacy design strategies, tactics and patterns have been proposed for privacy-preserving system design, it is difficult to evaluate an existing system with regards to whether these strategies have or have not appropriately been implemented. In this paper we propose indicators for a system's non-compliance with privacy design strategies, called privacy smells. To that end we first identify concrete metrics that measure certain aspects of existing privacy design strategies. We then define smells based on these metrics and discuss their limitations and usefulness. We identify these indicators on two levels of a cloud system: the data flow level and the access control level. Using a cloud system built in Microsoft Azure we show how the metrics can be measured technically and discuss the differences to other cloud providers, namely Amazon Web Services and Google Cloud Platform. We argue that while it is difficult to evaluate the privacy-awareness in a cloud system overall, certain privacy aspects in cloud systems can be mapped to useful metrics that can indicate underlying privacy problems. With this approach we aim at enabling cloud users and auditors to detect deep-rooted privacy problems in cloud systems.

Distributed denial of service (DDoS) attacks can bring tremendous damage to online services and ISPs. Existing adopted mitigation methods either require the victim to have a sufficient number of resources for traffic filtering or to pay a third party cloud service to filter the traffic. In our previous work we proposed CoFence, a collaborative network that allows member domains to help each other in terms of DDoS traffic handling. In that network, victim servers facing a DDoS attack can redirect excessive connection requests to other helping servers in different domains for filtering. Only filtered traffic will continue to interact with the victim server. However, sending traffic to third party servers brings up the issue of privacy: specifically leaked client source IP addresses. In this work we propose a privacy protection mechanism for defense so that the helping servers will not be able to see the IP address of the client traffic while it has minimum impact to the data filtering function. We implemented the design through a test bed to demonstrated the feasibility of the proposed design.

Smart meters (SMs) play a pivotal rule in the smart grid by being able to report the electricity usage of consumers to the utility provider (UP) almost in real-time. However, this could leak sensitive information about the consumers to the UP or a third-party. Recent works have leveraged the availability of energy storage devices, e.g., a rechargeable battery (RB), in order to provide privacy to the consumers with minimal additional energy cost. In this paper, a privacy-cost management unit (PCMU) is proposed based on a model-free deep reinforcement learning algorithm, called deep double Q-learning (DDQL). Empirical results evaluated on actual SMs data are presented to compare DDQL with the state-of-the-art, i.e., classical Q-learning (CQL). Additionally, the performance of the method is investigated for two concrete cases where attackers aim to infer the actual demand load and the occupancy status of dwellings. Finally, an abstract information-theoretic characterization is provided.

Load profiling is to cluster power consumption data to generate load patterns showing typical behaviors of consumers, and thus it has enormous potential applications in smart grid. However, short-interval readings would generate massive smart meter data. Although cloud computing provides an excellent choice to analyze such big data, it also brings significant privacy concerns since the cloud is not fully trustworthy. In this paper, based on a modified vector homomorphic encryption (VHE), we propose a privacy-preserving and outsourced k-means clustering scheme (PPOk M) for secure load profiling over encrypted meter data. In particular, we design a similarity-measuring method that effectively and non-interactively performs encrypted distance metrics. Besides, we present an integrity verification technique to detect the sloppy cloud server, which intends to stop iterations early to save computational cost. In addition, extensive experiments and analysis show that PPOk M achieves high accuracy and performance while preserving convergence and privacy.

As a new paradigm for the monitoring and troubleshooting of backbone networks, the multilayer in-band network telemetry (ML-INT) with deep learning (DL) based data analytics (DA) has recently been proven to be effective on realtime visualization and fine-grained monitoring. However, the existing studies on ML-INT&DA systems have overlooked the privacy and security issues, i.e., a malicious party can apply tapping in the data reporting channels between the data and control planes to illegally obtain plaintext ML-INT data in them. In this paper, we discuss a privacy-preserving DL-based ML-INT&DA system for realizing AI-assisted network automation in backbone networks in the form of IP-over-Optical. We first show a lightweight encryption scheme based on integer vector homomorphic encryption (IVHE), which is used to encrypt plaintext ML-INT data. Then, we architect a DL model for anomaly detection, which can directly analyze the ciphertext ML-INT data. Finally, we present the implementation and experimental demonstrations of the proposed system. The privacy-preserving DL-based ML-INT&DA system is realized in a real IP over elastic optical network (IP-over-EON) testbed, and the experimental results verify the feasibility and effectiveness of our proposal.

The necessity for peer-to-peer (p2p) communications is obvious; current centralized solutions are capturing and storing too much information from the individual people communicating with each other. Privacy concerns with a centralized solution in possession of all the users data are a difficult matter. HELIOS platform introduces a new social-media platform that is not in control of any central operator, but brings the power of possession of the data back to the users. It does not have centralized servers that store and handle receiving/sending of the messages. Instead, it relies on the current open-source solutions available in the p2p communities to propagate the messages to the wanted recipients of the data and/or messages. The p2p communications also introduce new problems in terms of privacy and tracking of the user, as the nodes part of a p2p network can see what data the other nodes provide and ask for. How the sharing of data in a p2p network can be achieved securely, taking into account the user's privacy is a question that has not been fully answered so far. We do not claim we answer this question fully in this paper either, but we propose a set of protocols to help answer one specific problem. Especially, this paper proposes how to privately share data (end-point address or other) of the user between other users, provided that they have previously connected with each other securely, either offline or online.