Biblio
Voice assistants like Siri enable us to control IoT devices conveniently with voice commands, however, they also provide new attack opportunities for adversaries. Previous papers attack voice assistants with obfuscated voice commands by leveraging the gap between speech recognition system and human voice perception. The limitation is that these obfuscated commands are audible and thus conspicuous to device owners. In this poster, we propose a novel mechanism to directly attack the microphone used for sensing voice data with inaudible voice commands. We show that the adversary can exploit the microphone's non-linearity and play well-designed inaudible ultrasounds to cause the microphone to record normal voice commands, and thus control the victim device inconspicuously. We demonstrate via end-to-end real-world experiments that our inaudible voice commands can attack an Android phone and an Amazon Echo device with high success rates at a range of 2-3 meters.
We propose a new class of post-quantum digital signature schemes that: (a) derive their security entirely from the security of symmetric-key primitives, believed to be quantum-secure, and (b) have extremely small keypairs, and, (c) are highly parameterizable. In our signature constructions, the public key is an image y=f(x) of a one-way function f and secret key x. A signature is a non-interactive zero-knowledge proof of x, that incorporates a message to be signed. For this proof, we leverage recent progress of Giacomelli et al. (USENIX'16) in constructing an efficient Σ-protocol for statements over general circuits. We improve this Σ-protocol to reduce proof sizes by a factor of two, at no additional computational cost. While this is of independent interest as it yields more compact proofs for any circuit, it also decreases our signature sizes. We consider two possibilities to make the proof non-interactive: the Fiat-Shamir transform and Unruh's transform (EUROCRYPT'12, '15,'16). The former has smaller signatures, while the latter has a security analysis in the quantum-accessible random oracle model. By customizing Unruh's transform to our application, the overhead is reduced to 1.6x when compared to the Fiat-Shamir transform, which does not have a rigorous post-quantum security analysis. We implement and benchmark both approaches and explore the possible choice of f, taking advantage of the recent trend to strive for practical symmetric ciphers with a particularly low number of multiplications and end up using Low MC (EUROCRYPT'15).
Trustworthy and safe operation of the power grid critical infrastructures relies on secure execution of low-level substation controller devices such as programmable logic controllers (PLCs). Currently, there are very few security protection solutions deployed on these devices to ensure provenance control: to execute controller code on the device that is developed by trusted parties and complies with safety/security policies that are defined by the code developer as well as the power grid operators. Resource-limited PLC controllers have been becoming increasingly popular among not only legitimate system operators, but also malicious adversaries such as the most recent Stuxnet and BlackEnergy malware that caused various damages such as unauthorized infrastructural safety and integrity violations. We present PLCtrust, a domain-specific solution that deploys virtual micro security-perimeters, so-called capsules, and the corresponding device-level runtime power system-safety policy enforcement dynamically. PLCtrust makes use of data taint analysis to monitor and control data flow among the capsules based on data owner-defined policies. PLCtrust provides the operators with a transparent and lightweight solution to address various safety-critical data protection requirements. PLCtrust also provides the legitimate third-party controller code developers with a taint-aware programming interface to develop applications in compliance with the dynamic power system safety/security policies. Our experimental results on real-world settings show that PLCtrust is transparent to the end-users while ensuring the power grid safety maintenance with minimal performance overhead.
As a consequence of the recent development of situational awareness technologies for smart grids, the gathering and analysis of data from multiple sources offer a significant opportunity for enhanced fault diagnosis. In order to achieve improved accuracy for both fault detection and classification, a novel combined data analytics technique is presented and demonstrated in this paper. The proposed technique is based on a segmented approach to Bayesian modelling that provides probabilistic graphical representations of both electrical power and data communication networks. In this manner, the reliability of both the data communication and electrical power networks are considered in order to improve overall power system transmission line fault diagnosis.
The eleven papers in this special section focus on power electronics-enabled autonomous systems. Power systems are going through a paradigm change from centralized generation to distributed generation and further onto smart grid. Millions of relatively small distributed energy resources (DER), including wind turbines, solar panels, electric vehicles and energy storage systems, and flexible loads are being integrated into power systems through power electronic converters. This imposes great challenges to the stability, scalability, reliability, security, and resiliency of future power systems. This section joins the forces of the communities of control/systems theory, power electronics, and power systems to address various emerging issues of power-electronics-enabled autonomous power systems, paving the way for large-scale deployment of DERs and flexible loads.
Group exponentiation is an important operation used in many public-key cryptosystems and, more generally, cryptographic protocols. To expand the applicability of these solutions to computationally weaker devices, it has been advocated that this operation is outsourced from a computationally weaker client to a computationally stronger server, possibly implemented in a cloud-based architecture. While preliminary solutions to this problem considered mostly honest servers, or multiple separated servers, some of which honest, solving this problem in the case of a single (logical), possibly malicious, server, has remained open since a formal cryptographic model was introduced in [20]. Several later attempts either failed to achieve privacy or only bounded by a constant the (security) probability that a cheating server convinces a client of an incorrect result. In this paper we solve this problem for a large class of cyclic groups, thus making our solutions applicable to many cryptosystems in the literature that are based on the hardness of the discrete logarithm problem or on related assumptions. Our main protocol satisfies natural correctness, security, privacy and efficiency requirements, where the security probability is exponentially small. In our main protocol, with very limited offline computation and server computation, the client can delegate an exponentiation to an exponent of the same length as a group element by performing an exponentiation to an exponent of short length (i.e., the length of a statistical parameter). We also show an extension protocol that further reduces client computation by a constant factor, while increasing offline computation and server computation by about the same factor.
Machine learning (ML) models, e.g., deep neural networks (DNNs), are vulnerable to adversarial examples: malicious inputs modified to yield erroneous model outputs, while appearing unmodified to human observers. Potential attacks include having malicious content like malware identified as legitimate or controlling vehicle behavior. Yet, all existing adversarial example attacks require knowledge of either the model internals or its training data. We introduce the first practical demonstration of an attacker controlling a remotely hosted DNN with no such knowledge. Indeed, the only capability of our black-box adversary is to observe labels given by the DNN to chosen inputs. Our attack strategy consists in training a local model to substitute for the target DNN, using inputs synthetically generated by an adversary and labeled by the target DNN. We use the local substitute to craft adversarial examples, and find that they are misclassified by the targeted DNN. To perform a real-world and properly-blinded evaluation, we attack a DNN hosted by MetaMind, an online deep learning API. We find that their DNN misclassifies 84.24% of the adversarial examples crafted with our substitute. We demonstrate the general applicability of our strategy to many ML techniques by conducting the same attack against models hosted by Amazon and Google, using logistic regression substitutes. They yield adversarial examples misclassified by Amazon and Google at rates of 96.19% and 88.94%. We also find that this black-box attack strategy is capable of evading defense strategies previously found to make adversarial example crafting harder.
In this paper, a practical quantum public-key encryption model is proposed by studying the recent quantum public-key encryption. This proposed model makes explicit stipulations on the generation, distribution, authentication, and usage of the secret keys, thus forms a black-box operation. Meanwhile, this proposed model encapsulates the process of encryption and decryption for the users, and forms a blackbox client-side. In our models, each module is independent and can be replaced arbitrarily without affecting the proposed model. Therefore, this model has a good guiding significance for the design and development of the quantum public key encryption schemes.
Data provenance describes how data came to be in its present form. It includes data sources and the transformations that have been applied to them. Data provenance has many uses, from forensics and security to aiding the reproducibility of scientific experiments. We present CamFlow, a whole-system provenance capture mechanism that integrates easily into a PaaS offering. While there have been several prior whole-system provenance systems that captured a comprehensive, systemic and ubiquitous record of a system's behavior, none have been widely adopted. They either A) impose too much overhead, B) are designed for long-outdated kernel releases and are hard to port to current systems, C) generate too much data, or D) are designed for a single system. CamFlow addresses these shortcoming by: 1) leveraging the latest kernel design advances to achieve efficiency; 2) using a self-contained, easily maintainable implementation relying on a Linux Security Module, NetFilter, and other existing kernel facilities; 3) providing a mechanism to tailor the captured provenance data to the needs of the application; and 4) making it easy to integrate provenance across distributed systems. The provenance we capture is streamed and consumed by tenant-built auditor applications. We illustrate the usability of our implementation by describing three such applications: demonstrating compliance with data regulations; performing fault/intrusion detection; and implementing data loss prevention. We also show how CamFlow can be leveraged to capture meaningful provenance without modifying existing applications.
Cybersecurity analysts are often presented suspicious machine activity that does not conclusively indicate compromise, resulting in undetected incidents or costly investigations into the most appropriate remediation actions. There are many reasons for this: deficiencies in the number and quality of security products that are deployed, poor configuration of those security products, and incomplete reporting of product-security telemetry. Managed Security Service Providers (MSSP's), which are tasked with detecting security incidents on behalf of multiple customers, are confronted with these data quality issues, but also possess a wealth of cross-product security data that enables innovative solutions. We use MSSP data to develop Virtual Product, which addresses the aforementioned data challenges by predicting what security events would have been triggered by a security product if it had been present. This benefits the analysts by providing more context into existing security incidents (albeit probabilistic) and by making questionable security incidents more conclusive. We achieve up to 99% AUC in predicting the incidents that some products would have detected had they been present.
Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities are known and users quickly install those patches as soon as they are available. However, most vulnerabilities are never actually exploited. Since writing, testing, and installing software patches can involve considerable resources, it would be desirable to prioritize the remediation of vulnerabilities that are likely to be exploited. Several published research studies have reported moderate success in applying machine learning techniques to the task of predicting whether a vulnerability will be exploited. These approaches typically use features derived from vulnerability databases (such as the summary text describing the vulnerability) or social media posts that mention the vulnerability by name. However, these prior studies share multiple methodological shortcomings that inflate predictive power of these approaches. We replicate key portions of the prior work, compare their approaches, and show how selection of training and test data critically affect the estimated performance of predictive models. The results of this study point to important methodological considerations that should be taken into account so that results reflect real-world utility.
Vulnerabilities need to be detected and removed from software. Although previous studies demonstrated the usefulness of employing prediction techniques in deciding about vulnerabilities of software components, the improvement of effectiveness of these prediction techniques is still a grand challenging research question. This paper employed a technique based on a deep neural network with rectifier linear units trained with stochastic gradient descent method and batch normalization, for predicting vulnerable software components. The features are defined as continuous sequences of tokens in source code files. Besides, a statistical feature selection algorithm is then employed to reduce the feature and search space. We evaluated the proposed technique based on some Java Android applications, and the results demonstrated that the proposed technique could predict vulnerable classes, i.e., software components, with high precision, accuracy and recall.
Blacklisting IP addresses is an important part of enterprise security today. Malware infections and Advanced Persistent Threats can be detected when blacklisted IP addresses are contacted. It can also thwart phishing attacks by blocking suspicious websites. An unknown binary file may be executed in a sandbox by a modern firewall. It is blocked if it attempts to contact a blacklisted IP address. However, today's providers of IP blacklists are based on observed malicious activities, collected from multiple sources around the world. Attackers can evade those reactive IP blacklist defense by using IP addresses that have not been recently engaged in malicious activities. In this paper, we report an approach that can predict IP addresses that are likely to be used in malicious activities in the near future. Our evaluation shows that this approach can detect 88% of zero-day malware instances missed by top five antivirus products. It can also block 68% of phishing websites before reported by Phishtank.
Cloud computing emerges as an endowment technological data for the longer term and increasing on one of the standards of utility computing is most likely claimed to symbolize a wholly new paradigm for viewing and getting access to computational assets. As a result of protection problem many purchasers hesitate in relocating their touchy data on the clouds, regardless of gigantic curiosity in cloud-based computing. Security is a tremendous hassle, considering the fact that so much of firms present a alluring goal for intruders and the particular considerations will pursue to lower the advancement of distributed computing if not located. Hence, this recent scan and perception is suitable to honeypot. Distributed Denial of Service (DDoS) is an assault that threats the availability of the cloud services. It's fundamental investigate the most important features of DDoS Defence procedures. This paper provides exact techniques that been carried out to the DDoS attack. These approaches are outlined in these paper and use of applied sciences for special kind of malfunctioning within the cloud.
Security is the most important issue which needs to be given utmost importance and as both `Mobile Ad hoc Networks (MANET) and Wireless Sensor Networks (WSN) have similar system models, their security issues are also similar. This study deals in analysing the various lapses in security and the characteristics of various routing protocol's functionality and structure. This paper presents the implementation of ECC algorithm in the prevention of Denial of Service (DoS) attack through fictitious node. Optimized Link State Routing (OLSR) protocol is a MANET routing protocol and is evaluated mainly for two things. Primarily OLSR is less secure like AODV and others. The reason for it being less secure is that it is a table-driven in nature and uses a methodology called selective flooding technique, where redundancy is reduced and thus the security possibilities of the protocol is reduced. Another reason for selecting OLSR is that is an highly effective routing protocol for MANET. A brief information about formal routing is provided by the proposed methodology termed Denial Contradictions with Fictitious Node Mechanism (DCFM) which provides brief information about formal routing. Here, fictitious node acts as a virtual node and large networks are managed from attacks. More than 95% of attacks are prevented by this proposed methodology and the solution is applicable all the other DoS attacks of MANET.
Nowadays we are witnessing an unprecedented evolution in how we gather and process information. Technological advances in mobile devices as well as ubiquitous wireless connectivity have brought about new information processing paradigms and opportunities for virtually all kinds of scientific and business activity. These new paradigms rest on three pillars: i) numerous powerful portable devices operated by human intelligence, ubiquitous in space and available, most of the time, ii) unlimited environment sensing capabilities of the devices, and iii) fast networks connecting the devices to Internet information processing platforms and services. These pillars implement the concepts of crowdsourcing and collective intelligence. These concepts describe online services that are based on the massive participation of users and the capabilities of their devices.in order to produce results and information which are "more than the sum of the part". The EU project Privacy Flag relies exactly on these two concepts in order to mobilize roaming citizens to contribute, through crowdsourcing, information about risky applications and dangerous web sites whose processing may produce emergent threat patterns, not evident in the contributed information alone, reelecting a collective intelligence action. Crowdsourcing and collective intelligence, in this context, has numerous advantages, such as raising privacy-awareness among people. In this paper we summarize our work in this project and describe the capabilities and functionalities of the Privacy Flag Platform.
With all data services of cloud, it's not only stored the data, although shared the data among the multiple users or clients, which make doubt in its integrity due to the existence of software/hardware error along with human error too. There is an existence of several mechanisms to allow data holders and public verifiers to precisely, efficiently and effectively audit integrity of cloud data without accessing the whole data from server. After all, public auditing on the integrity of shared data with pervious extant mechanisms will somehow affirm the confidential information and its identity privacy to the public verifiers. In this paper, to achieve the privacy preserving public for auditing, we intended an explanation for TPA using three way handshaking protocol through the Extensible Authentication Protocol (EAP) with liberated encryption standard. Appropriately, from the cloud, we use the VerifyProof execute by TPA to audit to certify. In addition to this mechanism, the identity of each segment in the shared data is kept private from the public verifiers. Moreover, rather than verifying the auditing task one by one, this will capable to perform, the various auditing tasks simultaneously.
Comparing with the traditional grid, energy internet will collect data widely and connect more broader. The analysis of electrical data use of Non-intrusive Load Monitoring (NILM) can infer user behavior privacy. Consideration both data security and availability is a problem must be addressed. Due to its rigid and provable privacy guarantee, Differential Privacy has proverbially reached and applied to privacy preserving data release and data mining. Because of its high sensitivity, increases the noise directly will led to data unavailable. In this paper, we propose a differentially private mechanism to protect energy internet privacy. Our focus is the aggregated data be released by data owner after added noise in disaggregated data. The theoretically proves and experiments show that our scheme can achieve the purpose of privacy-preserving and data availability.
Cloud computing services have gained a lot of attraction in the recent years, but the shift of data from user-owned desktops and laptops to cloud storage systems has led to serious data privacy implications for the users. Even though privacy notices supplied by the cloud vendors details the data practices and options to protect their privacy, the lengthy and free-flowing textual format of the notices are often difficult to comprehend by the users. Thus we propose a simplified presentation format for privacy practices and choices termed as "Privacy-Dashboard" based on Protection Motivation Theory (PMT) and we intend to test the effectiveness of presentation format using cognitive-fit theory. Also, we indirectly model the cloud privacy concerns using Item-Response Theory (IRT) model. We contribute to the information privacy literature by addressing the literature gap to develop privacy protection artifacts in order to improve the privacy protection behaviors of individual users. The proposed "privacy dashboard" would provide an easy-to-use choice mechanisms that allow consumers to control how their data is collected and used.
Large-scale sensing and actuation infrastructures have allowed buildings to achieve significant energy savings; at the same time, these technologies introduce significant privacy risks that must be addressed. In this paper, we present a framework for modeling the trade-off between improved control performance and increased privacy risks due to occupancy sensing. More specifically, we consider occupancy-based HVAC control as the control objective and the location traces of individual occupants as the private variables. Previous studies have shown that individual location information can be inferred from occupancy measurements. To ensure privacy, we design an architecture that distorts the occupancy data in order to hide individual occupant location information while maintaining HVAC performance. Using mutual information between the individual's location trace and the reported occupancy measurement as a privacy metric, we are able to optimally design a scheme to minimize privacy risk subject to a control performance guarantee. We evaluate our framework using real-world occupancy data: first, we verify that our privacy metric accurately assesses the adversary's ability to infer private variables from the distorted sensor measurements; then, we show that control performance is maintained through simulations of building operations using these distorted occupancy readings.
This paper proposes a novel privacy-preserving smart metering system for aggregating distributed smart meter data. It addresses two important challenges: (i) individual users wish to publish sensitive smart metering data for specific purposes, and (ii) an untrusted aggregator aims to make queries on the aggregate data. We handle these challenges using two main techniques. First, we propose Fourier Perturbation Algorithm (FPA) and Wavelet Perturbation Algorithm (WPA) which utilize Fourier/Wavelet transformation and distributed differential privacy (DDP) to provide privacy for the released statistic with provable sensitivity and error bounds. Second, we leverage an exponential ElGamal encryption mechanism to enable secure communications between the users and the untrusted aggregator. Standard differential privacy techniques perform poorly for time-series data as it results in a Θ(n) noise to answer n queries, rendering the answers practically useless if n is large. Our proposed distributed differential privacy mechanism relies on Gaussian principles to generate distributed noise, which guarantees differential privacy for each user with O(1) error, and provides computational simplicity and scalability. Compared with Gaussian Perturbation Algorithm (GPA) which adds distributed Gaussian noise to the original data, the experimental results demonstrate the superiority of the proposed FPA and WPA by adding noise to the transformed coefficients.
With the advancement of sensor electronic devices, wireless sensor networks have attracted more and more attention. Range query has become a significant part of sensor networks due to its availability and convenience. However, It is challenging to process range query while still protecting sensitive data from disclosure. Existing work mainly focuses on privacy- preserving range query, but neglects the damage of collusion attacks, probability attacks and differential attacks. In this paper, we propose a privacy- preserving, energy-efficient and multi-dimensional range query protocol called PERQ, which not only achieves data privacy, but also considers collusion attacks, probability attacks and differential attacks. Generalized distance-based and modular arithmetic range query mechanism are used. In addition, a novel cyclic modular verification scheme is proposed to verify the data integrity. Extensive theoretical analysis and experimental results confirm the high performance of PERQ in terms of energy efficiency, security and accountability requirements.
In order to achieve more secure and privacy-preserving, a new method of cancelable palmprint template generation scheme using noise data is proposed. Firstly, the random projection is used to reduce the dimension of the palmprint image and the reduced dimension image is normalized. Secondly, a chaotic matrix is produced and it is also normalized. Then the cancelable palmprint feature is generated by comparing the normalized chaotic matrix with reduced dimension image after normalization. Finally, in order to enhance the privacy protection, and then the noise data with independent and identically distributed is added, as the final palmprint features. In this article, the algorithm of adding noise data is analyzed theoretically. Experimental results on the Hong Kong PolyU Palmprint Database verify that random projection and noise are generated in an uncomplicated way, the computational complexity is low. The theoretical analysis of nosie data is consistent with the experimental results. According to the system requirement, on the basis of guaranteeing accuracy, adding a certain amount of noise will contribute to security and privacy protection.
This paper investigates the privacy-preserving problem of the distributed consensus-based energy management considering both generation units and responsive demands in smart grid. First, we reveal the private information of consumers including the electricity consumption and the sensitivity of the electricity consumption to the electricity price can be disclosed without any privacy-preserving strategy. Then, we propose a privacy-preserving algorithm to preserve the private information of consumers through designing the secret functions, and adding zero-sum and exponentially decreasing noises. We also prove that the proposed algorithm can preserve the privacy while keeping the optimality of the final state and the convergence performance unchanged. Extensive simulations validate the theoretical results and demonstrate the effectiveness of the proposed algorithm.
The Internet of Things is a disruptive paradigm based on the cooperation of a plethora of heterogeneous smart things to collect, transmit, and analyze data from the ambient environment. To this end, many monitored variables are combined by a data analysis module in order to implement efficient context-aware decision mechanisms. To ensure resource efficiency, aggregation is a long established solution, however it is applicable only in the case of one sensed variable. We extend the use of aggregation to the complex context of IoT by proposing a novel approach for secure cooperation of smart things while granting confidentiality and integrity. Traditional solutions for data concealment in resource constrained devices rely on hop-by-hop or end-to-end encryption, which are shown to be inefficient in our context. We use a more sophisticated scheme relying on homomorphic encryption which is not compromise resilient. We combine fully additive encryption with fully additive secret sharing to fulfill the required properties. Thorough security analysis and performance evaluation show a viable tradeoff between security and efficiency for our scheme.