Biblio

Anonymous communication networks (ACNs) are intended to protect the metadata during communication. As classic ACNs, onion mix-nets are famous for strong anonymity, in which the source defines a static path and wraps the message multi-times with the public keys of nodes on the path, through which the message is relayed to the destination. However, onion mix-nets lacks in resilience when the static on-path mixes fail. Mix failure easily results in message loss, communication failure, and even specific attacks. Therefore, it is desirable to achieve resilient routing in onion mix-nets, providing persistent routing capability even though node failure. The state-of-theart solutions mainly adopt mix groups and thus need to share secret keys among all the group members which may cause single point of failure. To address this problem, in this work we propose a hybrid routing approach, which embeds the onion mix-net with hop-by-hop routing to increase routing resilience. Furthermore, we propose the threshold hybrid routing to achieve better key management and avoid single point of failure. As for experimental evaluations, we conduct quantitative analysis of the resilience and realize a local T-hybrid routing prototype to test performance. The experimental results show that our proposed routing strategy increases routing resilience effectively, at the expense of acceptable latency.

Encryption has become an important need for each and every data transmission. Large amount of delicate data is transferred regularly through different computer networks such as e-banking, email applications and file exchange. Cryptanalysis is study of analyzing the hidden information in the system. The process of cryptanalysis could be done by various features such as power, sound, electromagnetic radiation etc. Lightweight cryptography plays an important role in the IoT devices. It includes various appliances, vehicles, smart sensors and RFID-tags (RFID). PRESENT is one such algorithm, designed for resource constrained devices. This requires less memory and consumes less power. The project propounds a model in which the cryptographic keys are analyzed by the trace of power.

Lightweight cryptography concept has been a very hot topic for the last few years and considered as a new domain of encryption suitable for big data networks, small devices, phones, cards and embedded systems. These systems require low latency security and low power consuming [1]. An improved lightweight encryption algorithm ILEA is proposed in this paper. ILEA is based on PRINCE lightweight algorithm as his main core with two defacing balanced mixing layers added. ILEA presented in two programming languages: PYTHON, C++ with a comparative study with original PRINCE results and some of another lightweight algorithms.

Wireless sensor network (WSNs) formed from an enormous number of sensor hub with the capacity to detect and process information in the physical world in a convenient way. The sensor nodes contain a battery imperative, which point of confinement the system lifetime. Because of vitality limitations, the arrangement of WSNs will required development methods to keep up the system lifetime. The vitality productive steering is the need of the innovative WSN systems to build the process time of system. The WSN system is for the most part battery worked which should be ration as conceivable as to cause system to continue longer and more. WSN has developed as a significant figuring stage in the ongoing couple of years. WSN comprises of countless sensor points, which are worked by a little battery. The vitality of the battery worked nodes is the defenseless asset of the WSN, which is exhausted at a high rate when data is transmitted, because transmission vitality is subject to the separation of transmission. Sensor nodes can be sent in the cruel condition. When they are conveyed, it ends up difficult to supplant or energize its battery. Therefore, the battery intensity of sensor hub ought to be utilized proficiently. Many steering conventions have been proposed so far to boost the system lifetime and abatement the utilization vitality, the fundamental point of the sensor hubs is information correspondence, implies move of information packs from one hub to other inside the system. This correspondence is finished utilizing grouping and normal vitality of a hub. Each bunch chooses a pioneer called group head. The group heads CHs are chosen based by and large vitality and the likelihood. There are number of bunching conventions utilized for the group Head determination, the principle idea is the existence time of a system which relies on the normal vitality of the hub. In this work we proposed a model, which utilizes the leftover vitality for group head choice and LZW pressure Technique during the transmission of information bundles from CHs to base station. Work enhanced the throughput and life time of system and recoveries the vitality of hub during transmission and moves more information in less vitality utilization. The Proposed convention is called COMPRESSED MODLEACH.

Deception technology is a useful approach to improve the security posture of IoT systems. The deployment of replication techniques as a deception tactic is presented with a summary of our research progress towards quantifying the defensive improvement as part of overall risk management considerations.

Nowadays, the emerging Internet-of-Things (IoT) emphasize the need for the security of network-connected devices. Additionally, there are two types of services in IoT devices that are easily exploited by attackers, weak authentication services (e.g., SSH/Telnet) and exploited services using command injection. Based on this observation, we propose IoTCMal, a hybrid IoT honeypot framework for capturing more comprehensive malicious samples aiming at IoT devices. The key novelty of IoTC-MAL is three-fold: (i) it provides a high-interactive component with common vulnerable service in real IoT device by utilizing traffic forwarding technique; (ii) it also contains a low-interactive component with Telnet/SSH service by running in virtual environment. (iii) Distinct from traditional low-interactive IoT honeypots[1], which only analyze family categories of malicious samples, IoTCMal primarily focuses on homology analysis of malicious samples. We deployed IoTCMal on 36 VPS1 instances distributed in 13 cities of 6 countries. By analyzing the malware binaries captured from IoTCMal, we discover 8 malware families controlled by at least 11 groups of attackers, which mainly launched DDoS attacks and digital currency mining. Among them, about 60% of the captured malicious samples ran in ARM or MIPs architectures, which are widely used in IoT devices.

Return-oriented programming (ROP)is a technique used to break data execution protection(DEP). Existing ROP chain automatic construction technology cannot effectively use program controllable memory area. In order to improve the utilization of memory space, this paper proposes a method of ROP chain fragmentation layout. By searching the controllable memory area of the program, a set of layoutable space is formed, and the overall ROP chain is segmented to add jump instructions at the end of each segment, thereby achieving a fragmented layout of the ROP chain. The prototype system ROP-chip based on S2E proved the effectiveness of the fragmented layout of the ROP chain.

A Distributed Denial of Service ( DDoS ) attack is usually instigated on a primary server that provides important services in a network. However such DDoS attacks can be identified and mitigated by the controller in a Software Defined Network (SDN). If the intruder further performs an attack on the controller along with the server, the attack becomes successful.In this paper, we show how such a combined DDoS attack can be instigated on a controller as well as a primary server. The DDoS attack on the primary server is instigated by compromising few hosts to send packets with spoofed IP addresses and the attack on the controller is instigated by compromising few switches to send flow table requests repeatedly to the controller. With the help of an emulator called mininet, we show the severity of this attack on the performance of the network. We further propose a common technique that can be used to mitigate this kind of attack by observing the variation of destination IP addresses and setting different priorities to switches and handling the flow table requests accordingly by the controller.

Android, being the most widespread mobile operating systems is increasingly becoming a target for malware. Malicious apps designed to turn mobile devices into bots that may form part of a larger botnet have become quite common, thus posing a serious threat. This calls for more effective methods to detect botnets on the Android platform. Hence, in this paper, we present a deep learning approach for Android botnet detection based on Convolutional Neural Networks (CNN). Our proposed botnet detection system is implemented as a CNN-based model that is trained on 342 static app features to distinguish between botnet apps and normal apps. The trained botnet detection model was evaluated on a set of 6,802 real applications containing 1,929 botnets from the publicly available ISCX botnet dataset. The results show that our CNN-based approach had the highest overall prediction accuracy compared to other popular machine learning classifiers. Furthermore, the performance results observed from our model were better than those reported in previous studies on machine learning based Android botnet detection.

The complexity and ubiquity of modern computing systems is a fertile ground for anomalies, including security and privacy breaches. In this paper, we propose a new methodology that addresses the practical challenges to implement anomaly detection approaches. Specifically, it is challenging to define normal behavior comprehensively and to acquire data on anomalies in diverse cloud environments. To tackle those challenges, we focus on anomaly detection approaches based on system performance signatures. In particular, performance signatures have the potential of detecting zero-day attacks, as those approaches are based on detecting performance deviations and do not require detailed knowledge of attack history. The proposed methodology leverages an analytical performance model and experimentation, and allows to control the rate of false positives in a principled manner. The methodology is evaluated using the TPCx-V workload, which was profiled during a set of executions using resource exhaustion anomalies that emulate the effects of anomalies affecting system performance. The proposed approach was able to successfully detect the anomalies, with a low number of false positives (precision 90%-98%).

In recent years, software defined networking (SDN) has been proposed for enhancing the security of industrial control networks. However, its ability to guarantee the quality of service (QoS) requirements of such networks in the presence of adversarial flow still needs to be investigated. Queueing theory and particularly queueing network models have long been employed to study the performance and QoS characteristics of networks. The latter appears to be particularly suitable to capture the behaviour of SDN owing to the dependencies between layers, planes and components in an SDN architecture. Also, several authors have used queueing network models to study the behaviour of different application of SDN architectures, but none of the existing works have considered the strong periodic network traffic in software-defined industrial control networks. In this paper, we propose a queueing network model for softwaredefined industrial control networks, taking into account the strong periodic patterns of the network traffic in the data plane. We derive the performance measures for the analytical model and apply the queueing network model to study the effect of adversarial flow in software-defined industrial control networks.

Following substantial advancements in stochastic classes of decision-making optimization problems, scenario-based stochastic optimization, robust\textbackslashtextbackslash distributionally robust optimization, and chance-constrained optimization have recently gained an increasing attention. Despite the remarkable developments in probabilistic forecast of uncertainties (e.g., in renewable energies), most approaches are still being employed in a univariate framework which fails to unlock a full understanding on the underlying interdependence among uncertain variables of interest. In order to yield cost-optimal solutions with predefined probabilistic guarantees, conditional and dynamic interdependence in uncertainty forecasts should be accommodated in power systems decision-making. This becomes even more important during the emergencies where high-impact low-probability (HILP) disasters result in remarkable fluctuations in the uncertain variables. In order to model the interdependence correlation structure between different sources of uncertainty in power systems during both normal and emergency operating conditions, this paper aims to bridge the gap between the probabilistic forecasting methods and advanced optimization paradigms; in particular, perdition regions are generated in the form of ellipsoids with probabilistic guarantees. We employ a modified Khachiyan's algorithm to compute the minimum volume enclosing ellipsoids (MVEE). Application results based on two datasets on wind and photovoltaic power are used to verify the efficiency of the proposed framework.

Network covert timing channel(NCTC) is a process of transmitting hidden information by means of inter-packet delay (IPD) of legitimate network traffic. Their ability to evade traditional security policies makes NCTCs a grave security concern. However, a robust method that can be used to detect a large number of NCTCs is missing. In this paper, a NCTC detection method based on chaos theory and threshold secret sharing is proposed. Our method uses chaos theory to reconstruct a high-dimensional phase space from one-dimensional time series and extract the unique and stable channel traits. Then, a channel identifier is constructed using the secret reconstruction strategy from threshold secret sharing to realize the mapping of the channel features to channel identifiers. Experimental results show that the approach can detect varieties of NCTCs with a guaranteed true positive rate and greatly improve the versatility and robustness.

Language-based information flow control (IFC) aims to provide guarantees about information propagation in computer systems having multiple security levels. Existing IFC systems extend the lattice model of Denning's, enforcing transitive security policies by tracking information flows along with a partially ordered set of security levels. They yield a transitive noninterference property of either confidentiality or integrity. In this paper, we explore IFC for security policies that are not necessarily transitive. Such nontransitive security policies avoid unwanted or unexpected information flows implied by transitive policies and naturally accommodate high-level coarse-grained security requirements in modern component-based software. We present a novel security type system for enforcing nontransitive security policies. Unlike traditional security type systems that verify information propagation by subtyping security levels of a transitive policy, our type system relaxes strong transitivity by inferring information flow history through security levels and ensuring that they respect the nontransitive policy in effect. Such a type system yields a new nontransitive noninterference property that offers more flexible information flow relations induced by security policies that do not have to be transitive, therefore generalizing the conventional transitive noninterference. This enables us to directly reason about the extent of information flows in the program and restrict interactions between security-sensitive and untrusted components.

Despite the latest initiatives and research efforts to increase user privacy in digital scenarios, identity-related cybercrimes such as identity theft, wrong identity or user transactions surveillance are growing. In particular, blanket surveillance that might be potentially accomplished by Identity Providers (IdPs) contradicts the data minimization principle laid out in GDPR. Hence, user movements across Service Providers (SPs) might be tracked by malicious IdPs that become a central dominant entity, as well as a single point of failure in terms of privacy and security, putting users at risk when compromised. To cope with this issue, the OLYMPUS H2020 EU project is devising a truly privacy-preserving, yet user-friendly, and distributed identity management system that addresses the data minimization challenge in both online and offline scenarios. Thus, OLYMPUS divides the role of the IdP among various authorities by relying on threshold cryptography, thereby preventing user impersonation and surveillance from malicious or nosy IdPs. This paper overviews the OLYMPUS framework, including requirements considered, the proposed architecture, a series of use cases as well as the privacy analysis from the legal point of view.

In this paper, a closely packed Biosensor construction by using a two-dimensional structure is described. This structure uses air-holes slab constructed on silicon material. By removing certain air holes in the slab, waveguides are constructed. By carrying out simulation, it is proved that the harmonic guided wave changes to lengthier wavelengths with reagents, pesticides, proteins & DNA capturing. A Biosensor is constructed with an improved Quality factor & wavelength. This gives high Quality Factor (HQF) resolution Biosensor. The approach used for Simulation purpose is Finite Difference Time Domain(FDTD).

Information security is a process of securing data from security breaches, hackers. The program of intrusion detection is a software framework that keeps tracking and analyzing the data in the network to identify the attacks by using traditional techniques. These traditional intrusion techniques work very efficient when it uses on small data. but when the same techniques used for big data, process of analyzing the data properties take long time and become not efficient and need to use the big data technologies like Apache Spark, Hadoop, Flink etc. to design modern Intrusion Detection System (IDS). In this paper, the design of Apache Spark and classification algorithm-based IDS is presented and employed Chi-square as a feature selection method for selecting the features from network security events data. The performance of Logistic Regression, Decision Tree and SVM is evaluated with SGD in the design of Apache Spark based IDS with AUROC and AUPR used as metrics. Also tabulated the training and testing time of each algorithm and employed NSL-KDD dataset for designing all our experiments.

Intelligent environments work collaboratively, bringing more comfort to human beings. The intelligence of these environments comes from technological advances in sensors and communication. IoT is the model developed that allows a wide and intelligent communication between devices. Hardware reduction of IoT devices results in vulnerabilities. Thus, there are numerous concerns regarding the security of user information, since mobile devices are easily trackable over the Internet. Care must be taken regarding the information in user profiles. Mobile devices are protected by a permission-based mechanism, which limits third-party applications from accessing sensitive device resources. In this context, this work aims to present a proposal for materialization of application for the evolution of user profiles in intelligent environments. Having as parameters the parameters presented in the proposed taxonomy. The proposed solution is the development of two applications, one for Android devices, responsible for allowing or blocking some features of the device. And another in Cloud, responsible for imposing the parameters and privacy criteria, formalizing the profile control module (PRIPRO - PRIvacy PROfiles).

In recent years, persistent cyber adversaries have developed increasingly sophisticated techniques to evade detection. Once adversaries have established a foothold within the target network, using seemingly-limited passive reconnaissance techniques, they can develop significant network reconnaissance capabilities. Cyber deception has been recognized as a critical capability to defend against such adversaries, but, without an accurate model of the adversary's reconnaissance behavior, current approaches are ineffective against advanced adversaries. To address this gap, we propose a novel model to capture how advanced, stealthy adversaries acquire knowledge about the target network and establish and expand their foothold within the system. This model quantifies the cost and reward, from the adversary's perspective, of compromising and maintaining control over target nodes. We evaluate our model through simulations in the CyberVAN testbed, and indicate how it can guide the development and deployment of future defensive capabilities, including high-interaction honeypots, so as to influence the behavior of adversaries and steer them away from critical resources.

As RFID system has fewer calculation and storage resources for RF tag, it is difficult to adopt the traditional encryption algorithm technology with higher security, which leads to the system being vulnerable to counterfeiting, tampering, leakage and other problems. To this end, a lightweight bidirectional security authentication method based on the combined public key is proposed. The method deals with the key management problem of the power Internet of things (IoT) in the terminal layer device by studying the combined public key (CPK) technology. The elliptic curve cryptosystem in the CPK has the advantages of short key length, fast calculation speed and small occupied bandwidth, which is very suitable for the hardware environment of RFID system with limited performance. It also ensures the security of the keys used in the access of the IoT terminal equipment to the authentication, and achieves overall optimization of speed, energy consumption, processing capacity and security.

The construction of power Internet of things is an important development direction of power grid enterprises in the future. Big data not only brings economic and social benefits to the power system industry, but also brings many information security problems. Therefore, in the case of accelerating the construction of ubiquitous electric Internet of things, it is urgent to standardize the data security protection in the ubiquitous electric Internet of things environment. By analyzing the characteristics of big data in power system, this paper discusses the security risks faced by big data in power system. Finally, we propose some methods of data security protection based on the defects of big data security in current power system. By building a data security intelligent management and control platform, it can automatically discover and identify the types and levels of data assets, and build a classification and grading information base of dynamic data assets. And through the detection and identification of data labels and data content characteristics, tracking the use of data flow process. So as to realize the monitoring of data security state. By protecting sensitive data against leakage based on the whole life cycle of data, the big data security of power grid informatization can be effectively guaranteed and the safety immunity of power information system can be improved.

Ultra high frequency (UHF) partial discharge detection technology has been widely used in on-line monitoring of electrical equipment, for the influence factors of UHF signal's transfer function is complicated, the calibration of UHF method is still not realized until now. In order to study the calibration influence factors of UHF partial discharge (PD) detector, the discharge mechanism of typical PD defects is analyzed, and use a PD UHF signal simulator with multiple adjustable parameters to simulate types of PD UHF signals of electrical equipment, then performed the relative experimental research in propagation characteristics and Sensor characteristics of UHF signals. It is concluded that the calibration reliability has big differences between UHF signal energy and discharge capacity of different discharge source. The calibration curve of corona discharge and suspended discharge which can representation the severity of equipment insulation defect more accurate, and the calibration curve of internal air gap discharge and dielectric surface discharge is poorer. The distance of UHF signal energy decays to stable period become smaller with increase of frequency, and the decay of UHF signal energy is irrelevant to its frequencies when the measuring angle is changing. The frequency range of measuring UHF signal depends on effective frequency range of measurement sensor, moreover, the gain and standing-wave ratio of sensor and the energy of the received signal manifested same change trend. Therefore, in order to calibration the UHF signal, it is necessary to comprehensive consideration the specific discharge type and measuring condition. The results provide the favorable reference for a further study to build the calibration system of UHF measuring method, and to promote the effective application of UHF method in sensor characteristic fault diagnosis and insulation evaluation of electrical equipment.

Fully securing networks from remote attacks is recognized by the IT industry as a critical and imposing challenge. Even highly secure systems remain vulnerable to attacks and advanced persistent threats. Air-gapped networks may be secure from remote attack. One-way flows are a novel approach to improving the security of telemetry for critical infrastructure, retaining some of the benefits of interconnectivity whilst maintaining a level of network security analogous to that of unconnected devices. Simple and inexpensive techniques can be used to provide this unidirectional security, removing the risk of remote attack from a range of potential targets and subnets. The application of one-way networks is demonstrated using IEEE compliant PMU data streams as a case study. Scalability is demonstrated using SDN techniques. Finally, these techniques are combined, demonstrating a node which can be secured from remote attack, within defined limitations.

Passive radio frequency identification (RFID) systems raise new transmission secrecy protection challenges against the special proactive eavesdropper, since it is able to both enhance the information wiretap and interfere with the information detection at the RFID reader simultaneously by broadcasting its own continuous wave (CW) signal. To defend against proactive eavesdropping attacks, we propose an artificial noise (AN) aided secure transmission scheme for the RFID reader, which superimposes an AN signal on the CW signal to confuse the proactive eavesdropper. The power allocation between the AN signal and the CW signal are optimized to maximize the secrecy rate. Furthermore, we model the attack and defense process between the proactive eavesdropper and the RFID reader as a hierarchical security game, and prove it can achieve the equilibrium. Simulation results show the superiority of our proposed scheme in terms of the secrecy rate and the interactions between the RFID reader and the proactive eavesdropper.

Distributed Denial of Service (DDoS) attacks aim at bringing down or decreasing the availability of services for their legitimate users, by exhausting network or server resources. It is difficult to differentiate attack traffic from legitimate traffic as the attack can come from distributed nodes that additionally might spoof their IP addresses. Traditional DoS mitigation solutions fail to defend all kinds of DoS attacks and huge DoS attacks might exceed the processing capacity of routers and firewalls easily. The advent of Software-defined Networking (SDN) and Network Function Virtualization (NFV) has brought a new perspective for network defense. Key features of such technologies like global network view and flexibly positionable security functionality can be used for mitigating DDoS attacks. In this paper, we propose a collaborative DDoS attack mitigation scheme that uses SDN and NFV. We adopt a machine learning algorithm from related work to derive accurate patterns describing DDoS attacks. Our experimental results indicate that our framework is able to differentiate attack and legitimate traffic with high accuracy and in near-realtime. Furthermore, the derived patterns can be used to create OpenFlow (OF) or Firewall rules that can be pushed back into the direction of the attack origin for more efficient and distributed filtering.