Biblio

Information exchange occurs all the time in today’s internet era. Some of the data are public, and some are private. Asymmetric cryptography plays a critical role in securing private data transfer. However, technological advances caused private data at risk due to the presence of quantum computers. Therefore, we need a new method for securing private data. This paper proposes combining DNA cryptography methods based on the NTRU cryptosystem to enhance security data confidentiality. This method is compared with conventional public key cryptography methods. The comparison shows that the proposed method has a slow encryption and decryption time compared to other methods except for RSA. However, the key generation time of the proposed method is much faster than other methods tested except for ECC. The proposed method is superior in key generation time and considerably different from other tested methods. Meanwhile, the encryption and decryption time is slower than other methods besides RSA. The test results can get different results based on the programming language used.

In this paper will be described a new security protocol for secret sharing and hiding, which use selected personal features. Such technique allows to create human-oriented personalized security protocols dedicated for particular users. Proposed method may be applied in dispersed computing systems, where secret data should be divided into particular number of parts.

Cloud computing has been widely used because of its low price, high reliability, and generality of services. However, considering that cloud computing transactions between users and service providers are usually asynchronous, data privacy involving users and service providers may lead to a crisis of trust, which in turn hinders the expansion of cloud computing applications. In this paper, we propose DPP, a data privacy-preserving cloud computing scheme based on homomorphic encryption, which achieves correctness, compatibility, and security. DPP implements data privacy-preserving by introducing homomorphic encryption. To verify the security of DPP, we instantiate DPP based on the Paillier homomorphic encryption scheme and evaluate the performance. The experiment results show that the time-consuming of the key steps in the DPP scheme is reasonable and acceptable.

Static analysis tools generate a large number of alarms that require manual inspection. In prior work, repositioning of alarms is proposed to (1) merge multiple similar alarms together and replace them by a fewer alarms, and (2) report alarms as close as possible to the causes for their generation. The premise is that the proposed merging and repositioning of alarms will reduce the manual inspection effort. To evaluate the premise, this paper presents an empirical study with 249 developers on the proposed merging and repositioning of static alarms. The study is conducted using static analysis alarms generated on \$C\$ programs, where the alarms are representative of the merging vs. non-merging and repositioning vs. non-repositioning situations in real-life code. Developers were asked to manually inspect and determine whether assertions added corresponding to alarms in \$C\$ code hold. Additionally, two spatial cognitive tests are also done to determine relationship in performance. The empirical evaluation results indicate that, in contrast to expectations, there was no evidence that merging and repositioning of alarms reduces manual inspection effort or improves the inspection accuracy (at times a negative impact was found). Results on cognitive abilities correlated with comprehension and alarm inspection accuracy.

Software-Defined Networking (SDN) can be a good option to support Industry 4.0 (4IR) and 5G wireless networks. SDN can also be a secure networking solution that improves the security, capability, and programmability in the networks. In this paper, we present and analyze an SDN-based security architecture for 4IR with 5G. SDN is used for increasing the level of security and reliability of the network by suitably dividing the whole network into data, control, and applications planes. The SDN control layer plays a beneficial role in 4IR with 5G scenarios by managing the data flow properly. We also evaluate the performance of the proposed architecture in terms of key parameters such as data transmission rate and response time.

Benchmark datasets are heavily depended upon by the research community to validate theoretical findings and track progression in the state-of-the-art. NIDS dataset creation presents numerous challenges on account of the volume, heterogeneity, and complexity of network traffic, making the process labor intensive, and thus, prone to error. This paper provides a critical review of CIC-IDS-2017 and CIC-CSE-IDS-2018, datasets which have seen extensive usage in the NIDS literature, and are currently considered primary benchmarking datasets for NIDS. We report a large number of previously undocumented errors throughout the dataset creation lifecycle, including in attack orchestration, feature generation, documentation, and labeling. The errors destabilize the results and challenge the findings of numerous publications that have relied on it as a benchmark. We demonstrate the implications of these errors through several experiments. We provide comprehensive documentation to summarize the discovery of these issues, as well as a fully-recreated dataset, with labeling logic that has been reverse-engineered, corrected, and made publicly available for the first time. We demonstrate the implications of dataset errors through a series of experiments. The findings serve to remind the research community of common pitfalls with dataset creation processes, and of the need to be vigilant when adopting new datasets. Lastly, we strongly recommend the release of labeling logic for any dataset released, to ensure full transparency.

Electrical substations in power grid act as the critical interface points for the transmission and distribution networks. Over the years, digital technology has been integrated into the substations for remote control and automation. As a result, substations are more prone to cyber attacks and exposed to digital vulnerabilities. One of the notable cyber attack vectors is the malicious command injection, which can lead to shutting down of substations and subsequently power outages as demonstrated in Ukraine Power Plant Attack in 2015. Prevailing measures based on cyber rules (e.g., firewalls and intrusion detection systems) are often inadequate to detect advanced and stealthy attacks that use legitimate-looking measurements or control messages to cause physical damage. Additionally, defenses that use physics-based approaches (e.g., power flow simulation, state estimation, etc.) to detect malicious commands suffer from high latency. Machine learning serves as a potential solution in detecting command injection attacks with high accuracy and low latency. However, sufficient datasets are not readily available to train and evaluate the machine learning models. In this paper, focusing on this particular challenge, we discuss various approaches for the generation of synthetic data that can be used to train the machine learning models. Further, we evaluate the models trained with the synthetic data against attack datasets that simulates malicious commands injections with different levels of sophistication. Our findings show that synthetic data generated with some level of power grid domain knowledge helps train robust machine learning models against different types of attacks.

In the context of the Internet of Things (IoT), lightweight block ciphers are of vital importance. Due to the nature of the devices involved, traditional security solutions can add overhead and perhaps inhibit the application's objective due to resource limits. Lightweight cryptography is a novel suite of ciphers that aims to provide hardware-constrained devices with a high level of security while maintaining a low physical cost and high performance. In this paper, we are going to evaluate the performance of some of the recently proposed lightweight block ciphers (GIFT-COFB, Romulus, and TinyJAMBU) on the Arduino Due. We analyze data on each algorithm's performance using four metrics: average encryption and decryption execution time; throughput; power consumption; and memory utilization. Among our chosen ciphers, we find that TinyJAMBU and GIFT-COFB are excellent choices for resource-constrained IoT devices.

This paper provides an end-to-end solution to defend against known microarchitectural attacks such as speculative execution attacks, fault-injection attacks, covert and side channel attacks, and unknown or evasive versions of these attacks. Current defenses are attack specific and can have unacceptably high performance overhead. We propose an approach that reduces the overhead of state-of-art defenses by over 95%, by applying defenses only when attacks are detected. Many current proposed mitigations are not practical for deployment; for example, InvisiSpec has 27% overhead and Fencing has 74% overhead while protecting against only Spectre attacks. Other mitigations carry similar performance penalties. We reduce the overhead for InvisiSpec to 1.26% and for Fencing to 3.45% offering performance and security for not only spectre attacks but other known transient attacks as well, including the dangerous class of LVI and Rowhammer attacks, as well as covering a large set of future evasive and zero-day attacks. Critical to our approach is an accurate detector that is not fooled by evasive attacks and that can generalize to novel zero-day attacks. We use a novel Generative framework, Evasion Vaccination (EVAX) for training ML models and engineering new security-centric performance counters. EVAX significantly increases sensitivity to detect and classify attacks in time for mitigation to be deployed with low false positives (4 FPs in every 1M instructions in our experiments). Such performance enables efficient and timely mitigations, enabling the processor to automatically switch between performance and security as needed.

Social media has beneficial and detrimental impacts on social life. The vast distribution of false information on social media has become a worldwide threat. As a result, the Fake News Detection System in Social Networks has risen in popularity and is now considered an emerging research area. A centralized training technique makes it difficult to build a generalized model by adapting numerous data sources. In this study, we develop a decentralized Deep Learning model using Federated Learning (FL) for fake news detection. We utilize an ISOT fake news dataset gathered from "Reuters.com" (N = 44,898) to train the deep learning model. The performance of decentralized and centralized models is then assessed using accuracy, precision, recall, and F1-score measures. In addition, performance was measured by varying the number of FL clients. We identify the high accuracy of our proposed decentralized FL technique (accuracy, 99.6%) utilizing fewer communication rounds than in previous studies, even without employing pre-trained word embedding. The highest effects are obtained when we compare our model to three earlier research. Instead of a centralized method for false news detection, the FL technique may be used more efficiently. The use of Blockchain-like technologies can improve the integrity and validity of news sources.

In this paper, we design a new framework that can utilize the current global optimization heuristics for solving the straight-line program (SLP) problem. We combine Paar1, Paar2, BP (Boyar-Peralta), BFI, RNBP (Random-Boyar Peralta), A1, A2, XZLBZ, and LWFWSW (backward search) state-of-the-art heuristics by taking the XOR (exclusive OR) count metrics into consideration. Thus, by using the proposed framework, optimal circuit implementations of a given diffusion (or linear) layer can be found with fewer XOR gate counts.

While the existence of many security elements in software can be measured (e.g., vulnerabilities, security controls, or privacy controls), it is challenging to measure their relative security impact. In the physical world we can often measure the impact of individual elements to a system. However, in cyber security we often lack ground truth (i.e., the ability to directly measure significance). In this work we propose to solve this by leveraging human expert opinion to provide ground truth. Experts are iteratively asked to compare pairs of security elements to determine their relative significance. On the back end our knowledge encoding tool performs a form of binary insertion sort on a set of security elements using each expert as an oracle for the element comparisons. The tool not only sorts the elements (note that equality may be permitted), but it also records the strength or degree of each relationship. The output is a directed acyclic ‘constraint’ graph that provides a total ordering among the sets of equivalent elements. Multiple constraint graphs are then unified together to form a single graph that is used to generate a scoring or prioritization system.For our empirical study, we apply this domain-agnostic measurement approach to generate scoring/prioritization systems in the areas of vulnerability scoring, privacy control prioritization, and cyber security control evaluation.

The development of science and technology has led to the construction of smart cities, and in this scenario, there are many applications that need to provide their real-time location information, which is very likely to cause the leakage of personal location privacy. To address this situation, this paper designs a location privacy protection scheme based on graph anonymity, which is based on the privacy protection idea of K-anonymity, and represents the spatial distribution among APs in the form of a graph model, using the method of finding clustered noisy fingerprint information in the graph model to ensure a similar performance to the real location fingerprint in the localization process, and thus will not be distinguished by the location providers. Experiments show that this scheme can improve the effectiveness of virtual locations and reduce the time cost using greedy strategy, which can effectively protect location privacy.

While digitization of distribution grids through information and communications technology brings numerous benefits, it also increases the grid's vulnerability to serious cyber attacks. Unlike conventional systems, attacks on many industrial control systems such as power grids often occur in multiple stages, with the attacker taking several steps at once to achieve its goal. Detection mechanisms with situational awareness are needed to detect orchestrated attack steps as part of a coherent attack campaign. To provide a foundation for detection and prevention of such attacks, this paper addresses the detection of multi-stage cyber attacks with the aid of a graph-based cyber intelligence database and alert correlation approach. Specifically, we propose an approach to detect multi-stage attacks by lever-aging heterogeneous data to form a knowledge base and employ a model-based correlation approach on the generated alerts to identify multi-stage cyber attack sequences taking place in the network. We investigate the detection quality of the proposed approach by using a case study of a multi-stage cyber attack campaign in a future-orientated power grid pilot.

In this work, we examine the following question: How can we improve the best data complexity among the impossible differential (ID) attacks on AES? One of the most efficient attacks on AES are ID attacks. We have seen that the Biham-Keller ID characteristics are frequently used in these ID attacks. We observe the following fact: The probability that a given pair with a wrong key produce an ID characteristic is closely correlated to the data usage negatively. So, we maximize this probability by exploiting a Biham-Keller ID characteristic in a different manner than the other attacks. As a result, we mount an ID attack on 7-round AES-192 and obtain the best data requirement among all the ID attacks on 7-round AES. We make use of only 2$^\textrm58$ chosen plaintexts.

The importance of data and its transmission rate are increasing as the world is moving towards online services every day. Thus, providing data security is becoming of utmost importance. This paper proposes a secure data encryption and hiding method based on DNA cryptography and steganography. Our approach uses DNA for encryption and data hiding processes due to its high capacity and simplicity in securing various kinds of data. Our proposed method has two phases. In the first phase, it encrypts the data using DNA bases along with Huffman coding. In the second phase, it hides the encrypted data into a DNA sequence using a substitution algorithm. Our proposed method is blind and preserves biological functionality. The result shows a decent cracking probability with comparatively better capacity. Our proposed method has eliminated most limitations identified in the related works. Our proposed hybrid technique can provide a double layer of security to sensitive data.

In this paper, two lightweight cryptography methods were introduced and developed on hardware. The PRESENT lightweight block cipher, and the DM-PRESENT lightweight hash function were implemented on Intel FPGA. The PRESENT core with 64-bit block data and 80-bit data key consumes 2,945 logic element, 1,824 registers, and 273,408 memory bits. Meanwhile, the DM-PRESENT core with 64-bit input and 80-bit key consumes 2,336 logic element, 1,380 registers, and 273,408 memory bits. The PRESENT core with 128-bit key and DM-PRESENT based on this core were also implemented. These cores were simulated for functional verification and embedded in NIOS II for implementation possibility on hardware. They consumed less logic resources and power consumption compared with conventional cryptography methods.

The phenomenon known as "Internet ossification" describes the process through which certain components of the Internet’s older design have become immovable at the present time. This presents considerable challenges to the adoption of IPv6 and makes it hard to implement IP multicast services. For new applications such as data centers, cloud computing and virtualized networks, improved network availability, improved internal and external domain routing, and seamless user connectivity throughout the network are some of the advantages of Internet growth. To meet these needs, we've developed Software Defined Networking for the Future Internet (SDN). When compared to current networks, this new paradigm emphasizes control plane separation from network-forwarding components. To put it another way, this decoupling enables the installation of control plane software (such as Open Flow controller) on computer platforms that are substantially more powerful than traditional network equipment (such as switches/routers). This research describes Mininet’s routing techniques for a virtualized software-defined network. There are two obstacles to overcome when attempting to integrate SDN in an LTE/WiFi network. The first problem is that external network load monitoring tools must be used to measure QoS settings. Because of the increased demand for real-time load balancing methods, service providers cannot adopt QoS-based routing. In order to overcome these issues, this research suggests a router configuration method. Experiments have proved that the network coefficient matrix routing arrangement works, therefore it may provide an answer to the above-mentioned concerns. The Java-based SDN controller outperforms traditional routing systems by nine times on average highest sign to sound ratio. The study’s final finding suggests that the field’s future can be forecast. We must have a thorough understanding of this emerging paradigm to solve numerous difficulties, such as creating the Future Internet and dealing with its obliteration problem. In order to address these issues, we will first examine current technologies and a wide range of current and future SDN projects before delving into the most important issues in this field in depth.

With the development of urbanization, the number of vehicles is gradually increasing, and vehicles are gradually developing in the direction of intelligence. How to ensure that the data of intelligent vehicles is not tampered in the process of transmission to the cloud is the key problem of current research. Therefore, we have established a data security transmission system based on blockchain. First, we collect and filter vehicle data locally, and then use blockchain technology to transmit key data. Through the smart contract, the key data is automatically and accurately transmitted to the surrounding node vehicles, and the vehicles transmit data to each other to form a transaction and spread to the whole network. The node data is verified through the node data consensus protocol of intelligent vehicle data security transmission system, and written into the block to form a blockchain. Finally, the vehicle user can query the transaction record through the vehicle address. The results show that we can safely and accurately transmit and query vehicle data in the blockchain database.

In 2020, Omar and abed proposed a new noise-free fully homomorphic encryption scheme that allows arbitrary computations on encrypted data without decryption. However, they did not provide a sufficient security analysis of the proposed scheme and just stated that it is secure under the integer factorization assumption. In this paper, we present known plaintext attacks on their scheme and illustrate them with toy examples. Our attack algorithms are quite simple: They require several times of greatest common divisor (GCD) computations using only a few pair of message and ciphertext.

The modernization of legacy power grids relies on the prevalence of information technology (IT). While the benefits are multi-fold and include increased reliability, more accurate monitoring, etc., the reliance on IT increases the attack surface of power grids by making them vulnerable to cyber-attacks. One of the modernization paths is the emergence of multi-terminal dc systems that offer numerous advantages over traditional ac systems. Therefore, cyber-security issues surrounding dc networks need to be investigated. Contributing to this effort, a class of false data injection attacks, called load redistribution (LR) attacks, that targets dc grids is proposed. These attacks aim to compromise the system load data and lead the system operator to dispatch incorrect power flow commands that lead to adverse consequences. Although similar attacks have been recently studied for ac systems, their feasibility in the converter-based dc grids has yet to be demonstrated. Such an attack assessment is necessary because the dc grids have a much smaller control timescale and are more dependent on IT than their traditional ac counterparts. Hence, this work formulates and evaluates dc grid LR attacks by incorporating voltage-sourced converter (VSC) control strategies that appropriately delineate dc system operations. The proposed attack strategy is solved with Gurobi, and the results show that both control and system conditions can affect the success of an LR attack.

Application domains like big data and IoT require a lot of user data collected and analyzed to extract useful information, and those data might include user's sensitive and personal information. Hence, it is strongly required to ensure the privacy of user data before releasing them in the public space. Since the fields of IoT and big data are constantly evolving with new types of privacy attacks and prevention mechanisms, there is an urgent need for new research and surveys to develop an overview of the state-of-art. We conducted a systematic mapping study on selected papers related to user privacy in IoT and big data, published between 2010 to 2021. This study focuses on identifying the main privacy objectives, attacks and measures taken to prevent the attacks in the two application domains. Additionally, a visualized classification of the existing attacks is presented along with privacy metrics to draw similarities and dissimilarities among different attacks.

The cutting-edge biometric recognition systems extract distinctive feature vectors of biometric samples using deep neural networks to measure the amount of (dis-)similarity between two biometric samples. Studies have shown that personal information (e.g., health condition, ethnicity, etc.) can be inferred, and biometric samples can be reconstructed from those feature vectors, making their protection an urgent necessity. State-of-the-art biometrics protection solutions are based on homomorphic encryption (HE) to perform recognition over encrypted feature vectors, hiding the features and their processing while releasing the outcome only. However, this comes at the cost of those solutions' efficiency due to the inefficiency of HE-based solutions with a large number of multiplications; for (dis-)similarity measures, this number is proportional to the vector's dimension. In this paper, we tackle the HE performance bottleneck by freeing the two common (dis-)similarity measures, the cosine similarity and the squared Euclidean distance, from multiplications. Assuming normalized feature vectors, our approach pre-computes and organizes those (dis-)similarity measures into lookup tables. This transforms their computation into simple table-lookups and summation only. We study quantization parameters for the values in the lookup tables and evaluate performances on both synthetic and facial feature vectors for which we achieve a recognition performance identical to the non-tabularized baseline systems. We then assess their efficiency under HE and record runtimes between 28.95ms and 59.35ms for the three security levels, demonstrating their enhanced speed.

With the rapid development of Ethernet, RS (544, 514) (KP4-forward error correction), which was widely used in high-speed Ethernet standards for its good performance-complexity trade-off, may not meet the demands of next-generation Ethernet for higher data transmission speed and better decoding performance. A concatenated code based on KP4-FEC has become a good solution because of its low complexity and excellent compatibility. For concatenated codes, aside from the selection of outer and inner codes, an efficient interleaving scheme is also very critical to deal with different channel conditions. Aiming at burst errors in wired communication, we propose a novel matrix interleaving scheme for concatenated codes which set the outer code as KP4-FEC and the inner code as Bose-Chaudhuri-Hocquenghem (BCH) code. In the proposed scheme, burst errors are evenly distributed to each BCH code as much as possible to improve their overall decoding efficiency. Meanwhile, the bit continuity in each symbol of the RS codeword is guaranteed during transmission, so the number of symbols affected by burst errors is minimized. Simulation results demonstrate that the proposed interleaving scheme can achieve a better decoding performance on burst-error channels than the original scheme. In some cases, the extra coding gain at the bit-error-rate (BER) of 1 × 10−15 can even reach 1 dB.

A long-standing open question in computational learning theory is to prove NP-hardness of learning efficient programs, the setting of which is in between proper learning and improper learning. Ko (COLT’90, SICOMP’91) explicitly raised this open question and demonstrated its difficulty by proving that there exists no relativizing proof of NP-hardness of learning programs. In this paper, we overcome Ko’s relativization barrier and prove NP-hardness of learning programs under randomized polynomial-time many-one reductions. Our result is provably non-relativizing, and comes somewhat close to the parameter range of improper learning: We observe that mildly improving our inapproximability factor is sufficient to exclude Heuristica, i.e., show the equivalence between average-case and worst-case complexities of N P. We also make progress on another long-standing open question of showing NP-hardness of the Minimum Circuit Size Problem (MCSP). We prove NP-hardness of the partial function variant of MCSP as well as other meta-computational problems, such as the problems MKTP* and MINKT* of computing the time-bounded Kolmogorov complexity of a given partial string, under randomized polynomial-time reductions. Our proofs are algorithmic information (a.k. a. Kolmogorov complexity) theoretic. We utilize black-box pseudorandom generator constructions, such as the Nisan-Wigderson generator, as a one-time encryption scheme secure against a program which “does not know” a random function. Our key technical contribution is to quantify the “knowledge” of a program by using conditional Kolmogorov complexity and show that no small program can know many random functions.