Biblio

Over the past few years, malicious hardware modifications, a.k.a. hardware Trojans (HT), have emerged as a major security threat because integrated circuit (IC) companies have been fabricating chips at offshore foundries due to various factors including time-to-market, cost reduction demands, and the increased complexity of ICs. Among proposed hardware Trojan detection techniques, reverse engineering appears to be the most accurate and reliable one because it works for all circuits and Trojan types without a golden example of the chip. However, because reverse engineering is an extremely expensive, time-consuming, and destructive process, it is difficult to apply this technique for a large population of ICs in a real test environment. This paper proposes a novel golden-chip-free clustering method using backscattering side-channel to divide ICs into groups of Trojan-free and Trojan-infected boards. The technique requires no golden chip or a priori knowledge of the chip circuitry, and divides a large population of ICs into clusters based on how HTs (if existed) affect their backscattered signals. This significantly reduces the size of test vectors for reverse engineering based detection techniques, thus enables deployment of reverse engineering approaches to a large population of ICs in a real testing scenario. The results are collected on 100 different FPGA boards where boards are randomly chosen to be infected or not. The results show that we can cluster the boards with 100% accuracy and demonstrate that our technique can tolerate manufacturing variations among hardware instances to cluster all the boards accurately for 9 different dormant Trojan designs on 3 different benchmark circuits from Trusthub. We have also shown that we can detect dormant Trojan designs whose trigger size has shrunk to as small as 0.19% of the original circuit with 100% accuracy as well.

In this paper, we proposed a path planning algorithm based on Q-learning model to simulate an environment model, which is suitable for the complex environment. A virtual simulation platform has been built to complete the experiments. The experimental results show that the algorithm proposed in this paper can be effectively applied to the solution of vehicle routing problems in the complex environment.

Nowadays, the Network on Chip (NoC) is widely adopted by multi-core System on Chip (SoC) to meet its communication needs. With the gradual popularization of the Internet of Things (IoT), the application of NoC is increasing. Due to its distribution characteristics on the chip, NoC has gradually become the focus of potential security attacks. Denial of service (DoS) is a typical attack and it is caused by malicious intellectual property (IP) core with unnecessary data packets causing communication congestion and performance degradation. In this article, we propose a novel approach to detect DoS attacks on-line based on random forest algorithm, and detect the router where the attack enters the sensitive communication path. This method targets malicious third-party vendors to implant a DoS Hardware Trojan into the NoC. The data set is generated based on the behavior of multi-core routers triggered by normal and Hardware Trojans. The detection accuracy of the proposed scheme is in the range of 93% to 94%.

Operating system (OS) classification is of growing importance to network administrators and cybersecurity analysts alike. The composition of OSs on a network allows for a better quality of device management to be achieved. Additionally, it can be used to identify devices that pose a security risk to the network. However, the sheer number and diversity of OSs that comprise modern networks have vastly increased this management complexity. We leverage insights from social networking theory to provide an encryption-invariant OS classification technique that is quick to train and widely deployable on various network configurations. In particular, we show how an affiliation graph can be used as an input to a machine learning classifier to predict the OS of a device using only the IP addresses for which the device communicates with.We examine the effectiveness of our approach through an empirical analysis of 498 devices on a university campus’ wireless network. In particular, we show our methodology can classify different OS families (i.e., Apple, Windows, and Android OSs) with an accuracy of 99.3%. Furthermore, we extend this study by: 1) examining distinct OSs (e.g., iOS, OS X, and Windows 10); 2) investigating the interval of time required to make an accurate prediction; and, 3) determining the effectiveness of our approach after six months.

The growing complexity of modern electronic systems often leads to the design of more sophisticated power delivery networks (PDNs). Similar to other system-level shared resources, the on-board PDN unintentionally introduces side channels across design layers and voltage domains, despite the fact that PDNs are not part of the functional design. Recent work have demonstrated that exploitation of the side channel can compromise the system security (i.e. information leakage and fault injection). In this work, we systematically investigate the PDN-based side channel as well as the countermeasures. To facilitate our goal, we develop PowerScout, a security-oriented PDN simulation framework that unifies the modeling of different PDN-based side-channel attacks. PowerScout performs fast nodal analysis of complex PDNs at the system level to quantitatively evaluate the severity of side-channel vulnerabilities. With the support of PowerScout, for the first time, we validate PDN side-channel attacks in literature through simulation results. Further, we are able to quantitatively measure the security impact of PDN parameters and configurations. For example, towards information leakage, removing near-chip capacitors can increase intra-chip information leakage by a maximum of 23.23dB at mid-frequency and inter-chip leakage by an average of 31.68dB at mid- and high-frequencies. Similarly, the optimal toggling frequency and duty cycle are derived to achieve fault injection attacks with higher success rate and more precise control.

Future intelligent transportation systems necessitate a fine-grained and accurate estimation of vehicular traffic flows across critical paths of the underlying road network. This task is relatively trivial if we are able to collect detailed trajectories from every moving vehicle throughout the day. Nevertheless, this approach compromises the location privacy of the vehicles and may be used to build accurate profiles of the corresponding individuals. To this end, this work introduces a privacy-preserving protocol that leverages roadside units (RSUs) to communicate with the passing vehicles, in order to construct encrypted Bloom filters stemming from the vehicle IDs. The aggregate Bloom filters are encrypted with a threshold cryptosystem and can only be decrypted by the transportation authority in collaboration with multiple trusted entities. As a result, the individual communications between the vehicles and the RSUs remain secret. The decrypted Bloom filters reveal the aggregate traffic information at each RSU, but may also serve as a means to compute an approximation of the traffic flow between any pair of RSUs, by simply estimating the number of common vehicles in their respective Bloom filters. We performed extensive simulation experiments with various configuration parameters and demonstrate that our protocol reduces the estimation error considerably when compared to the current state-of-the-art approaches. Furthermore, our implementation of the underlying cryptographic primitives illustrates the feasibility, practicality, and scalability of the system.

Similar to other digital assets, deep neural network (DNN) models could suffer from piracy threat initiated by insider and/or outsider adversaries due to their inherent commercial value. DNN watermarking is a promising technique to mitigate this threat to intellectual property. This work focuses on black-box DNN watermarking, with which an owner can only verify his ownership by issuing special trigger queries to a remote suspicious model. However, informed attackers, who are aware of the watermark and somehow obtain the triggers, could forge fake triggers to claim their ownerships since the poor robustness of triggers and the lack of correlation between the model and the owner identity. This consideration calls for new watermarking methods that can achieve better trade-off for addressing the discrepancy. In this paper, we exploit frequency domain image watermarking to generate triggers and build our DNN watermarking algorithm accordingly. Since watermarking in the frequency domain is high concealment and robust to signal processing operation, the proposed algorithm is superior to existing schemes in resisting fraudulent claim attack. Besides, extensive experimental results on 3 datasets and 8 neural networks demonstrate that the proposed DNN watermarking algorithm achieves similar performance on functionality metrics and better performance on security metrics when compared with existing algorithms.

This paper explores a practical approach to securing large wireless networks by applying Physical Layer Security (PLS). To date, PLS has mostly been seen as an information theory concept with few practical implementations. We present an Access Point (AP) selection algorithm that uses PLS to find an AP that offers the highest secrecy capacity to a legitimate user. We then propose an implementation of this algorithm using the novel concept of spectrum programming which extends Software-Defined Networking to the physical and data-link layers and makes wireless network management and control more flexible and scalable than traditional platforms. Our Wi-Fi network evaluation results show that our approach outperforms conventional solutions in terms of security, but at the expense of communication capacity, thus identifying a trade-off between security and performance. These results encourage implementation and extension to further wireless technologies.

Attack detection and recovery are fundamental elements for the operation of safe and resilient cyber-physical systems. Most of the literature focuses on attack-detection, while leaving attack-recovery as an open problem. In this paper, we propose novel attack-recovery control for securing cyber-physical systems. Our recovery control consists of new concepts required for a safe response to attacks, which includes the removal of poisoned data, the estimation of the current state, a prediction of the reachable states, and the online design of a new controller to recover the system. The synthesis of such recovery controllers for cyber-physical systems has barely investigated so far. To fill this void, we present a formal method-based approach to online compute a recovery control sequence that steers a system under an ongoing sensor attack from the current state to a target state such that no unsafe state is reachable on the way. The method solves a reach-avoid problem on a Linear Time-Invariant (LTI) model with the consideration of an error bound $ε$ $\geq$ 0. The obtained recovery control is guaranteed to work on the original system if the behavioral difference between the LTI model and the system's plant dynamics is not larger than $ε$. Since a recovery control should be obtained and applied at the runtime of the system, in order to keep its computational time cost as low as possible, our approach firstly builds a linear programming restriction with the accordingly constrained safety and target specifications for the given reach-avoid problem, and then uses a linear programming solver to find a solution. To demonstrate the effectiveness of our method, we provide (a) the comparison to the previous work over 5 system models under 3 sensor attack scenarios: modification, delay, and reply; (b) a scalability analysis based on a scalable model to evaluate the performance of our method on large-scale systems.

The fast growth of encrypted traffic puts forward burning requirements on the efficiency of traffic classification. Although deep learning models perform well in the classification, they sacrifice the efficiency to obtain high-precision results. To reduce the resource and time consumption, a novel and lightweight model is proposed in this paper. Our design principle is to “maximize the reuse of thin modules”. A thin module adopts the multi-head attention and the 1D convolutional network. Attributed to the one-step interaction of all packets and the parallelized computation of the multi-head attention mechanism, a key advantage of our model is that the number of parameters and running time are significantly reduced. In addition, the effectiveness and efficiency of 1D convolutional networks are proved in traffic classification. Besides, the proposed model can work well in a real time manner, since only three consecutive packets of a flow are needed. To improve the stability of the model, the designed network is trained with the aid of ResNet, layer normalization and learning rate warmup. The proposed model outperforms the state-of-the-art works based on deep learning on two public datasets. The results show that our model has higher accuracy and running efficiency, while the number of parameters used is 1.8% of the 1D convolutional network and the training time halves.

Volume, Variety, Velocity, Veracity & Value of data has drawn the attention of many analysts in the last few years. Performance optimization and comparison are the main challenges we face when we talk about the humongous volume of data. Data Analysts use data for activities like forecasting or deep learning and to process these data various tools are available which helps to achieve this task with minimum efforts. Recommendation System plays a crucial role while running any business such as a shopping website or travel agency where the system recommends the user according to their search history, likes, comments, or their past order/booking details. Recommendation System works on various strategies such as Content Filtering, Collaborative Filtering, Neighborhood Methods, or Matrix Factorization methods. For achieving maximum efficiency and accuracy based on the data a specific strategy can be the best case or the worst case for that scenario. Matrix Factorization is the key point of interest in this work. Matrix Factorization strategy includes multiplication of user matrix and item matrix in-order to get a rating matrix that can be recommended to the users. Matrix Multiplication can be achieved by using various algorithms such as Naive Algorithm, Strassen Algorithm, Coppersmith - Winograd (CW) Algorithm. In this work, a new algorithm is proposed to achieve less amount of time and space complexity used in-order for performing matrix multiplication which helps to get the results much faster. By using the Matrix Factorization strategy with various Matrix Multiplication Algorithm we are going to perform a comparative analysis of the same to conclude the proposed algorithm is more efficient.

The most recent and important developments in the field of computer networks are cloud and fog computing. In this study, modern cloud computer networks comprising computers, internet of things (IoT), fog servers, and cloud servers for data transmission, is investigated. A cloud computer networks can be modeled as a network with nodes and arcs, in which each arc represents a transmission line, and each node represents an IoT device, a fog server, or a cloud server. Each transmission line has several possible capacities and is regarded as a multistate. The network is termed a multi-state cloud computer network (MCCN). this study firstly constructs the mathematic model to elucidate the flow relationship among the IoT devices, edge servers, and cloud servers and subsequently develop an algorithm to evaluate the performance of the MCCN by calculating network reliability which is defined as the probability of the data being successfully processed by the MCCN.

At present, when the device management application programs the devices (such as mobile terminals, Internet of things terminals and devices, etc.), buffer overflow will inevitably occur due to the defects of filter input condition setting, variable type conversion error, logical judgment error, pointer reference error and so on. For this kind of software and its running environment, it is difficult to reduce the false positive rate and false negative rate with traditional static detection method for buffer overflow vulnerability, while the coverage rate of dynamic detection method is still insufficient and it is difficult to achieve full automation. In view of this, this paper proposes an automatic dynamic detection method based on boundary testing, which has complete test data set and full coverage of defects. With this method, the input test points of the software system under test are automatically traversed, and each input test point is analyzed automatically to generate complete test data; driven by the above complete test data, the software under test runs automatically, in which the embedded dynamic detection code automatically judges the conditions of overflow occurrence, and returns the overflow information including the location of the error code before the overflow really occurs. Because the overflow can be located accurately without real overflow occurrence, this method can ensure the normal detection of the next input test point, thus ensuring the continuity of the whole automatic detection process and the full coverage of buffer overflow detection. The test results show that all the indexes meet the requirements of the method and design.

The proliferation of artificial intelligence based systems in all walks of life raises concerns about their safety and robustness, especially for cyber-physical systems including multiple machine learning components. In this paper, we introduce robustness contracts as a framework for compositional specification and reasoning about the robustness of cyber-physical systems based on neural network (NN) components. Robustness contracts can encompass and generalize a variety of notions of robustness which were previously proposed in the literature. They can seamlessly apply to NN-based perception as well as deep reinforcement learning (RL)-enabled control applications. We present a sound and complete algorithm that can efficiently verify the satisfaction of a class of robustness contracts on NNs by leveraging notions from Lagrangian duality to identify system configurations that violate the contracts. We illustrate the effectiveness of our approach on the verification of NN-based perception systems and deep RL-based control systems.

Internet of Things (IoT) devices have been increasingly integrated into our daily life. However, such smart devices suffer a broad attack surface. Particularly, attacks targeting the device software at runtime are challenging to defend against if IoT devices use resource-constrained microcontrollers (MCUs). TrustZone-M, a TrustZone extension for MCUs, is an emerging security technique fortifying MCU based IoT devices. This paper presents the first security analysis of potential software security issues in TrustZone-M enabled MCUs. We explore the stack-based buffer overflow (BOF) attack for code injection, return-oriented programming (ROP) attack, heap-based BOF attack, format string attack, and attacks against Non-secure Callable (NSC) functions in the context of TrustZone-M. We validate these attacks using the Microchip SAM L11 MCU, which uses the ARM Cortex-M23 processor with the TrustZone-M technology. Strategies to mitigate these software attacks are also discussed.

The increasing vulnerabilities in Android kernel make it an attractive target to the attackers. Most kernel-targeted attacks are initiated through system calls. For security purpose, Google has introduced a Linux kernel security mechanism named “seccomp” since Android O to constrain the system calls accessible to the Android apps. Unfortunately, existing Android seccomp mechanism provides a fairly coarse-grained restriction by enforcing a unified seccomp policy containing more than 250 system calls for Android apps, which greatly reduces the effectiveness of seccomp. Also, it lacks an approach to profile the unnecessary system calls for a given Android app. In this paper we present a two-level control scheme named SASAK, which can shrink the attack surface of Android kernel by strictly constraining the system calls available to the Android apps with seccomp mechanism. First, instead of leveraging a unified seccomp policy for all Android apps, SASAK introduces an architecture- dedicated system call constraining by enforcing two separate and refined seccomp policies for the 32-bit Android apps and 64-bit Android apps, respectively. Second, we provide a tool to profile the necessary system calls for a given Android app and enforce an app-dedicated seccomp policy to further reduce the allowed system calls for the apps selected by the users. The app-dedicated control could dynamically change the seccomp policy for an app according to its actual needs. We implement a prototype of SASAK and the experiment results show that the architecture-dedicated constraining reduces 39.6% system calls for the 64-bit apps and 42.5% system calls for the 32-bit apps. 33% of the removed system calls for the 64-bit apps are vulnerable, and the number for the 32-bit apps is 18.8%. The app-dedicated restriction reduces about 66.9% and 62.5% system calls on average for the 64-bit apps and 32-bit apps, respectively. In addition, SASAK introduces negligible performance overhead.

Vehicular Social Networks (VSNs) are expected to become a reality soon, where commuters having common interests in the virtual community of vehicles, drivers, passengers can share information, both about road conditions and their surroundings. This will improve transportation efficiency and public safety. However, social networking exposes vehicles to different kinds of cyber-attacks. This concern can be addressed through an efficient and secure key management framework. This study presents a Secure and Transparent Public-key Management (ST-PKMS) based on blockchain and notary system, but it addresses security and privacy challenges specific to VSNs. ST-PKMS significantly enhances the efficiency and trustworthiness of mutual authentication. In ST-PKMS, each vehicle has multiple short-lived anonymous public-keys, which are recorded on the blockchain platform. However, public-keys get activated only when a notary system notarizes it, and clients accept only notarized public-keys during mutual authentication. Compromised vehicles can be effectively removed from the VSNs by blocking notarization of their public-keys; thus, the need to distribute Certificate Revocation List (CRL) is eliminated in the proposed scheme. ST-PKMS ensures transparency, security, privacy, and availability, even in the face of an active adversary. The simulation and evaluation results show that the ST-PKMS meets real-time performance requirements, and it is cost-effective in terms of scalability, delay, and communication overhead.

In recent years, the computation security of edge computing has been raised as a major concern since the edge devices are often distributed on the edge of the network, less trustworthy than cloud servers and have limited storage/ computation/ communication resources. Recently, coded computing has been proposed to protect the confidentiality of computing data under edge device's independent attack and minimize the total cost (resource consumption) of edge system. In this paper, for the cooperative attack, we design an efficient scheme to ensure the information-theory security (ITS) of user's data and further reduce the total cost of edge system. Specifically, we take matrix multiplication as an example, which is an important module appeared in many application operations. Moreover, we theoretically analyze the necessary and sufficient conditions for the existence of feasible scheme, prove the security and decodeability of the proposed scheme. We also prove the effectiveness of the proposed scheme through considerable simulation experiments. Compared with the existing schemes, the proposed scheme further reduces the total cost of edge system. The experiments also show a trade-off between storage and communication.

With the increasing application of micro-nano satellite network, it is extremely vulnerable to the influence of internal malicious nodes in the practical application process. However, currently micro-nano satellite network still lacks effective means of routing security protection. In order to solve this problem, combining with the characteristics of limited energy and computing capacity of micro-nano satellite nodes, this research proposes a secure routing algorithm based on trust value. First, the trust value of the computing node is synthesized, and then the routing path is generated by combining the trust value of the node with the AODV routing algorithm. Simulation results show that the proposed MNS-AODV routing algorithm can effectively resist the influence of internal malicious nodes on data transmission, and it can reduce the packet loss rate and average energy consumption.

Majority of the daily and business activities nowadays are integrated and interconnected to the world across national, geographic and boundaries. Securing the Internet of Things (IoT) system is a challenge as these low powered devices in IoT system are very vulnerable to cyber-attacks and this will reduce the reliability of the system. Software Defined Network (SDN) intends to greatly facilitate the policy enforcement and dynamic network reconfiguration. This paper presents several architectures in the integration of IoT via SDN to improve security in the network and system.

With the development of positioning technology and the popularity of mobile devices, location-based services have been widely deployed. To use the services, users must provide the server accurate location information, during which the attacker tends to infer sensitive information from intercepting queries. In this paper, we model the road network as an edge cluster graph with its location semantics considered. Then, we propose the Circle First Structure Optimization (CFSO) algorithm which generates an anonymous set by adding optimal adjacent locations. Furthermore, we introduce controllable randomness and propose the Attack-Resilient (AR) algorithm to enhance the anti-attack ability. Meanwhile, to reduce the system overhead, our algorithms build the anonymous set quickly and take the structure of the anonymous set into account. Finally, we conduct experiments on a real map and the results demonstrate a higher anonymity success rate and a stronger anti-attack capability with less system overhead.

A large amount of malware families use the domain generation algorithms (DGA) to randomly generate a large amount of domain names. It is a good way to bypass conventional blacklists of domain names, because we cannot predict which of the randomly generated domain names are selected for command and control (C&C) communications. An effective approach for detecting known DGA families is to investigate the malware with reverse engineering to find the adopted generation algorithms. As reverse engineering cannot handle the variants of DGA families, some researches leverage supervised learning to find new variants. However, the explainability of supervised learning is low and cannot find previously unseen DGA families. In this paper, we propose a graph-based semi-supervised learning scheme to track the evolution of known DGA families and find previously unseen DGA families. With a domain relation graph, we can clearly figure out how new variants relate to known DGA domain names, which induces better explainability. We deployed the proposed scheme on real network scenarios and show that the proposed scheme can not only comprehensively and precisely find known DGA families, but also can find new DGA families which have not seen before.

As the next-generation network architecture, Information-Centric Networking (ICN) has emerged as a novel paradigm to cope with the increasing demand for content delivery on the Internet. In contrast to the conventional host-centric architectures, ICN focuses on content retrieval based on their name rather than their storage location. However, ICN is vulnerable to various security and privacy attacks due to the inherent attributes of the ICN architectures. For example, a curious ICN node can monitor the network traffic to reveal the sensitive data issued by specific users. Hence, further research on privacy protection for ICN is needed. This paper presents a practical approach to effectively enhancing the security and privacy of ICN by utilizing Intel SGX, a commodity trusted execution environment. The main idea is to leverage secure enclaves residing on ICN nodes to do computations on sensitive data. Performance evaluations on the real-world datasets demonstrate the efficiency of the proposed scheme. Moreover, our scheme outperforms the cryptography based method.

In order to improve the reliability of power supply in adjacent hydropower stations, the auxiliary power systems of the two stations are connected through a contact transformer. The magnetizing inrush current generated by the connecting transformer of a hydropower station has the characteristics of high frequency, strong energy, and multi-coupling. The harm caused by the connecting transformer is huge. In order to prevent misoperation during the closing process of the connecting transformer, this article aims at the problem of setting the switching current of the connecting transformer of the two hydropower stations, and establishes the analysis model of the excitation inrush current with SimPowerSystem software, and carries out the quantitative simulation calculation of the excitation inrush current of the connecting transformer. A setting strategy for overcurrent protection of tie transformers to suppress the excitation inrush current is proposed. Under the conditions of changing switch closing time, generator load, auxiliary transformer load, tie transformer core remanence, the maximum amplitude of the excitation inrush current is comprehensively judged Value, and then achieve the suppression of the excitation inrush current, and accurately determine the protection setting of the switch.

With the development of smart grid technologies and the fast adoption of household IoT devices in recent years, new threats, attacks, and security challenges arise. While a large number of vulnerabilities, threats, attacks and controls have been discussed in the literature, there lacks an abstract and generalizable framework that can be used to model the cyber-physical interactions of attacks and guide the design of defense mechanisms. In this paper, we propose a new modeling approach for security attacks in smart grids and IoT devices using a Cyber-Physical Systems (CPS) perspective. The model considers both the cyber and physical aspects of the core components of the smart grid system and the household IoT devices, as well as the interactions between the components. In particular, our model recognizes the two parallel attack channels via the cyber world and the physical world, and identifies the potential crossing routes between these two attack channels. We further discuss all possible attack surfaces, attack objectives, and attack paths in this newly proposed model. As case studies, we examine from the perspective of this new model three representative attacks proposed in the literature. The analysis demonstrates the applicability of the model, for instance, to assist the design of detection and defense mechanisms against smart grid cyber-attacks.