Biblio

Federated Learning (FL) is a multiparty learning computing approach that can aid privacy-preservation machine learning. However, FL has several potential security and privacy threats. First, the existing FL requires a central coordinator for the learning process which brings a single point of failure and trust issues for the shared trained model. Second, during the learning process, intentionally unreliable model updates performed by Byzantine colluding parties can lower the quality and convergence of the shared ML models. Therefore, discovering verifiable local model updates (i.e., integrity or correctness) and trusted parties in FL becomes crucial. In this paper, we propose a resilient and verifiable FL algorithm based on a reputation scheme to cope with unreliable parties. We develop a selection algorithm for task publisher and blockchain-based multiparty learning architecture approach where local model updates are securely exchanged and verified without the central party. We also proposed a novel auditing scheme to ensure our proposed approach is resilient up to 50% Byzantine colluding attack in a malicious scenario.

Cognitive radio (CR) as a key technology of solving the problem of low spectrum utilization has attracted wide attention in recent years. However, due to the open nature of the radio, the communication links can be eavesdropped by illegal user, resulting to severe security threat. Unmanned aerial vehicle (UAV) equipped with signal sensing and data transmission module, can access to the unoccupied channel to improve network security performance by transmitting artificial noise (AN) in CR networks. In this paper, we propose a resource allocation scheme for UAV-assisted overlay CR network. Based on the result of spectrum sensing, the UAV decides to play the role of jammer or secondary transmitter. The power splitting ratio for transmitting secondary signal and AN is introduced to allocate the UAV's transmission power. Particularly, we jointly optimize the spectrum sensing time, the power splitting ratio and the hovering position of the UAV to maximize the total secrecy rate of primary and secondary users. The optimization problem is highly intractable, and we adopt an adaptive inertia coefficient particle swarm optimization (A-PSO) algorithm to solve this problem. Simulation results show that the proposed scheme can significantly improve the total secrecy rate in CR network.

Device-to-Device (D2D) communications play a key role in the mobile communication networks. In spite of its benefits, new system architecture expose the D2D communications to unique security threats. Due to D2D users share the same licensed spectrum resources with the cellular users, both the cellular user and D2D receiver can eavesdrop each other's critical information. Thus, to maximize the secrecy rate from the perspective of physical layer security, the letter proposed a optimal power allocation scheme and subsequently to optimization problem of resource allocation is systematically investigated. The efficacy of the proposed scheme is assessed numerically.

The traditional approach to distributed deep neural network (DNN) training is data-distributed learning, which partitions and distributes data to workers. This approach, although has good convergence properties, has high communication cost, which puts a strain especially on edge systems and increases delay. An emerging approach is model-distributed learning, where a training model is distributed across workers. Model-distributed learning is a promising approach to reduce communication and storage costs, which is crucial for edge systems. In this paper, we design ResPipe, a novel resilient model-distributed DNN training mechanism against delayed/failed workers. We analyze the communication cost of ResPipe and demonstrate the trade-off between resiliency and communication cost. We implement ResPipe in a real testbed consisting of Android-based smartphones, and show that it improves the convergence rate and accuracy of training for convolutional neural networks (CNNs).

{On considering workplace thefts as a major problem, there is a requirement of designing a vandal proof door hardware and locking mechanism for ensuring the security of our property. So the door lock system with extra security features with a user friendly cost is suggested in this paper. When a stranger comes at the door, he/she has to pass three security levels for unlocking the solenoid locks present at the door and if he fails to do so, the door will remain locked. These three levels are of three extraordinary security features as one of them is using Fingerprint sensor, second is using a knocking pattern, and the last lock is unlocked by the preset pin/pattern entered by the user. Since, in addition to these features, there is one more option for the case of appearing of guest at the door and that is the Image capturing using web-camera present at the door and here the owner of the house is able to unlock all the locks if he wants the guest to enter the home. This all will be monitored by Node MCU}.

The standard routing technique that was developed for satisfying low power IoT application needs is RPL which is a protocol in compliance with 6LoWPAN specification. RPL was created for addressing the issues and challenges of constrained and lossy network routing. However, RPL does not accomplish efficiency with respect to power and reliability altogether which are definitely needed in IoT applications. RPL runs on routing metrics and objective function which determines the optimal path in routing. This paper focuses on contributing a comprehensive survey on the improved objective functions proposed by several researchers for RPL. In addition, the paper concentrates on highlighting the strengths and shortcomings of the different approaches in designing the objective function. The approaches built on Fuzzy logic are found to be more efficient and the relevant works related to these are compared. Furthermore, we present the insights drawn from the survey and summarize the challenges which can be effectively utilized for future works.

The software industry is dominating many are like health care, finance, agriculture and entertainment. Software security has become an essential issue-outsider libraries, which assume a significant part in programming. The finding weaknesses in the binary code is a significant issue that presently cannot seem to be handled, as showed by numerous weaknesses wrote about an everyday schedule. Software seller sells the software to the client if the client wants to check the software's vulnerability it is a cumbersome task. Presently many deep learning-based methods also introduced to find the security weakness in the binary code. This paper present the merits and demerits of binary code analysis used by a different method.

This manuscript prescribes the design of a four-port ultra-wideband (UWB) diversity antenna combined with 2.4 GHz ISM radio band. The denim-based wearable antenna is intended for use as a radio frequency identification (RFID) tag for tracking and security applications. The unit cells of the antenna are arranged orthogonally to each other to achieve isolation \$\textbackslashtextbackslashgt15\$ dB. The bending analysis of the proposed antenna is performed to ensure its stability. The dimensions of the unit cell and four-port MIMO antenna are \$30 \textbackslashtextbackslashtimes 17 \textbackslashtextbackslashtimes 1\$ cubic millimeter and \$55 \textbackslashtextbackslashtimes 53 \textbackslashtextbackslashtimes 1\$ cubic millimeter, respectively. The proposed antenna’s specific absorption rate (SAR) is researched in order to determine the safer SAR limit set by the Federal Communications Commission (FCC).

Reconfigurable Intelligent Surface (RIS) is a new paradigm that enables the reconfiguration of the wireless environment. Based on this feature, RIS can be employed to facilitate Physical-layer Key Generation (PKG). However, this technique could also be exploited by the attacker to destroy the key generation process via manipulating the channel features at the legitimate user side. Specifically, this paper proposes a new RIS-assisted Manipulating attack (RISM) that reduces the wireless channel reciprocity by rapidly changing the RIS reflection coefficient in the uplink and downlink channel probing step in orthogonal frequency division multiplexing (OFDM) systems. The vulnerability of traditional key generation technology based on channel frequency response (CFR) under this attack is analyzed. Then, we propose a slewing rate detection method based on path separation. The attacked path is removed from the time domain and a flexible quantization method is employed to maximize the Key Generation Rate (KGR). The simulation results show that under RISM attack, when the ratio of the attack path variance to the total path variance is 0.17, the Bit Disagreement Rate (BDR) of the CFR-based method is greater than 0.25, and the KGR is close to zero. In addition, the proposed detection method can successfully detect the attacked path for SNR above 0 dB in the case of 16 rounds of probing and the KGR is 35 bits/channel use at 23.04MHz bandwidth.

For systems with order of dynamics higher than two and oscillating loads with low damping, a non-collocation of the sensing and control can deteriorate robustness of the feedback and, in worst case, even bring it to instability. Furthermore, for a contactless sensing of the oscillating mechanical load, like in the system under investigation, the control structure is often restricted to the single proportional feedback only. This paper proposes a novel robust feedback control scheme for a low-damped fourth-order system using solely the measured load displacement. For reference tracking, the loop shaping design relies on a band reject filter, while the plant uncertainties are used as robustness measure for determining the feedback gain. Since prime uncertainties are due to the stiffness of elastic link, correspondingly connecting spring, and due to the gain of actuator transducer, the loop sensitivity function with additive plant variation is used for robustness measure. In order to deal with unknown disturbances, which are inherently exciting the load oscillations independently of the loop shaping performance, an output delay-based compensator is proposed as a second control-degree-of-freedom. That one requires an estimate of the load oscillation frequency only and does not affect the shaped open-loop behavior, correspondingly sensitivity function. An extensive numerical setup of the modeled system, a two-mass oscillator with contactless sensing of the load under gravity and low damping of the connecting spring, is used for the control evaluation and assessment of its robustness.

In this paper, we introduce cooperative spectrum sensing (CSS) scheme for detection of primary user (PU) in a cognitive radio network. Our scheme is based on a separating-hyperplane that discriminates between ellipsoids corresponding to two hypotheses. Additionally, we present a method to eliminate malicious cognitive radio users (MCRUs) that send false sensing data to the fusion center (FC) and degrade the system's detection performance. Simulation results verify the outperformance of the proposed method for the elimination of MCRUs and detection of PU.

Considering the influence of load, This paper proposes a robust analysis method of cyber-physical power system based on the evolution of adjacency matrix. This method uses the load matrix to detect whether the system has overload failure, utilizes the reachable matrix to detect whether the system has unconnected failure, and uses the dependency matrix to reveal the cascading failure mechanism in the system. Finally, analyze the robustness of the cyber-physical power system. The IEEE30 standard node system is taken as an example for simulation experiment, and introduced the connectivity index and the load loss ratio as evaluation indexes. The robustness of the system is evaluated and analyzed by comparing the variation curves of connectivity index and load loss ratio under different tolerance coefficients. The results show that the proposed method is feasible, reduces the complexity of graph-based attack methods, and easy to research and analyze.

The initially designed internet aimed to create a communication network. The hosts share specific IP addresses to establish a communication channel to transfer messages. However, with the advancement of internet technologies as well as recent growth in various applications such as social networking, web sites, and number of smart phone users, the internet today act as distribution network. The content distribution for large volume traffic on internet mainly suffers from two issues 1) IP addresses allocation for each request message and 2) Real time content delivery. Moreover, users nowadays care only about getting data irrespective of its location. To meet need of the hour for content centric networking (CCN), Information centric networking (ICN) has been proposed as the future internet architecture. Named data networks (NDN) found its roots under the umbrella of ICN as one of its project to overcome the above listed issues. NDN is based on the technique of providing named data retrieval from intermediate nodes. This conceptual shift raises questions on its design, services and challenges. In this paper, we contribute by presenting architectural design of NDN with its routing and forwarding mechanism. Subsequently, we cover services offered by NDN for request-response message communication. Furthermore, the challenges faced by NDN for its implementation has been discussed in last.

The era of big data continues to progress, and many new practices and applications are being advanced. One such application is big data in healthcare. In this application, big data, which includes patient information and measurements, must be transmitted and managed in smart and secure ways. In this study, we propose a novel big data cloud system, s2Cloud, standing for Smart and Secure Cloud. s2Cloud can enable health care systems to improve patient monitoring and help doctors gain crucial insights into their patients' health. This system provides an interactive website that allows doctors to effectively manage patients and patient records. Furthermore, both real-time and historical functions for big data management are supported. These functions provide visualizations of patient measurements and also allow for historic data retrieval so further analysis can be conducted. The security is achieved by protecting access and transmission of data via sign up and log in portals. Overall, the proposed s2Cloud system can effectively manage healthcare big data applications. This study will also help to advance other big data applications such as smart home and smart world big data practices.

Cloud-based enterprise search services (e.g., AWS Kendra) have been entrancing big data owners by offering convenient and real-time search solutions to them. However, the problem is that individuals and organizations possessing confidential big data are hesitant to embrace such services due to valid data privacy concerns. In addition, to offer an intelligent search, these services access the user’s search history that further jeopardizes his/her privacy. To overcome the privacy problem, the main idea of this research is to separate the intelligence aspect of the search from its pattern matching aspect. According to this idea, the search intelligence is provided by an on-premises edge tier and the shared cloud tier only serves as an exhaustive pattern matching search utility. We propose Smartness at Edge (SAED mechanism that offers intelligence in the form of semantic and personalized search at the edge tier while maintaining privacy of the search on the cloud tier. At the edge tier, SAED uses a knowledge-based lexical database to expand the query and cover its semantics. SAED personalizes the search via an RNN model that can learn the user’s interest. A word embedding model is used to retrieve documents based on their semantic relevance to the search query. SAED is generic and can be plugged into existing enterprise search systems and enable them to offer intelligent and privacy-preserving search without enforcing any change on them. Evaluation results on two enterprise search systems under real settings and verified by human users demonstrate that SAED can improve the relevancy of the retrieved results by on average ≈24% for plain-text and ≈75% for encrypted generic datasets.

This paper presents a new framework for SATCOM jamming resiliency in the presence of a smart adversary jammer that can prioritize specific channels to attack with a non-uniform probability of distribution. We first develop a model and a defense action strategy based on a Markov decision process (MDP). We propose a greedy algorithm for the MDP-based defense algorithm's policy to optimize the expected user's immediate and future discounted rewards. Next, we remove the assumption that the user has specific information about the attacker's pattern and model. We develop a Q-learning algorithm-a reinforcement learning (RL) approach-to optimize the user's policy. We show that the Q-learning method provides an attractive defense strategy solution without explicit knowledge of the jammer's strategy. Computer simulation results show that the MDP-based defense strategies are very efficient; they offer a significant data rate advantage over the simple random hopping approach. Also, the proposed Q-learning performance can achieve close to the MDP approach without explicit knowledge of the jammer's strategy or attacking model.

Despite the functional success of deep neural networks (DNNs), their trustworthiness remains a crucial open challenge. To address this challenge, both testing and verification techniques have been proposed. But these existing techniques pro- vide either scalability to large networks or formal guarantees, not both. In this paper, we propose a scalable quantitative verification framework for deep neural networks, i.e., a test-driven approach that comes with formal guarantees that a desired probabilistic property is satisfied. Our technique performs enough tests until soundness of a formal probabilistic property can be proven. It can be used to certify properties of both deterministic and randomized DNNs. We implement our approach in a tool called PROVERO1 and apply it in the context of certifying adversarial robustness of DNNs. In this context, we first show a new attack- agnostic measure of robustness which offers an alternative to purely attack-based methodology of evaluating robustness being reported today. Second, PROVERO provides certificates of robustness for large DNNs, where existing state-of-the-art verification tools fail to produce conclusive results. Our work paves the way forward for verifying properties of distributions captured by real-world deep neural networks, with provable guarantees, even where testers only have black-box access to the neural network.

Since a training system using VR can reproduce an actual training environment, training systems have been studied in commercial fields such as medical care and construction. This immersive experience in a virtual space can have a great effect on learning a second language. In this paper, we propose an immersive learning system that learns phrases used in the customer service industry in the customer service experience. We asked the subjects to experience the system, measured the effects of learning, and evaluated the system. Evaluating the learning effect of phrases used in customer service English on 8 students, all student achieved good learning results. Besides, to evaluate the usability of the system, the VR system was evaluated by performing SSQ to measure VR sickness shows this system doesn't cause virtual sickness, SUS to measure usability shows this system evaluation is higher than average system, and IPQ to measure presence in an immersive space shows this system gives average virtual reality experience.

Cryptographic algorithms are playing an important role in the information security field. Strong and unbreakable algorithms provide high security and good throughput. The strength of any encryption algorithm is basically based on the degree of difficulty to obtain the encryption key by such cyber-attacks as brute. It is supposed that the bigger the key size, the more difficult it is to compute the key. But increasing the key size will increase both the computational complexity and the processing time of algorithms. In this paper, we proposed a reliable, effective, and more secure symmetric stream cipher algorithm for encryption and decryption called Symmetric Cipher based on Key Hashing Algorithm (SCKHA). The idea of this algorithm is based on hashing and splitting the encryption symmetric key. Hashing the key will hide the encrypted key to prevent any intruder from forging the hash code, and, thus, it satisfies the purpose of security, authentication, and integrity for a message on the network. In addition, the algorithm is secure against a brute-force attack by increasing the resources it takes for testing each possible key. Splitting the hashed value of the encryption key will divide the hashed key into two key chunks. The encryption process performed using such one chunk based on some calculations on the plaintext. This algorithm has three advantages that are represented in computational simplicity, security and efficiency. Our algorithm is characterized by its ability to search on the encrypted data where the plaintext character is represented by two ciphertext characters (symbols).

With the new coronavirus crisis, medical devices' workload has increased dramatically, leaving them growingly vulnerable to security threats and in need of a comprehensive solution. In this work, we take advantage of the flexible and highly manageable nature of Software Defined Networks (SDN) to design a thoroughgoing security framework that covers a health organization's various security requirements. Our solution comes to be an advanced SDN firewall that solves the issues facing traditional firewalls. It enables the partitioning of the organization's network and the enforcement of different filtering and monitoring behaviors on each partition depending on security conditions. We pursued the network's efficient and dynamic security management with the least human intervention in designing our model which makes it generally qualified to use in networks with different security requirements.

Industrial Internet is widely used in the production field. As the openness of networks increases, industrial networks facing increasing security risks. Information and communication technologies are now available for most industrial manufacturing. This industry-oriented evolution has driven the emergence of cloud systems, the Internet of Things (IoT), Big Data, and Industry 4.0. However, new technologies are always accompanied by security vulnerabilities, which often expose unpredictable risks. Industrial safety has become one of the most essential and challenging requirements. In this article, we highlight the serious challenges facing Industry 4.0, introduce industrial security issues and present the current awareness of security within the industry. In this paper, we propose solutions for the anomaly detection and defense of the industrial Internet based on the demand characteristics of network security, the main types of intrusions and their vulnerability characteristics. The main work is as follows: This paper first analyzes the basic network security issues, including the network security needs, the security threats and the solutions. Secondly, the security requirements of the industrial Internet are analyzed with the characteristics of industrial sites. Then, the threats and attacks on the network are analyzed, i.e., system-related threats and process-related threats; finally, the current research status is introduced from the perspective of network protection, and the research angle of this paper, i.e., network anomaly detection and network defense, is proposed in conjunction with relevant standards. This paper proposes a software-defined network (SDN)-based industrial Internet security gateway for the security protection of the industrial Internet. Since there are some known types of attacks in the industrial network, in order to fully exploit the effective information, we combine the ExtratreesClassifier to enhance the detection rate of anomaly detection. In order to verify the effectiveness of the algorithm, this paper simulates an industrial network attack, using the acquired training data for testing. The test data are industrial network traffic datasets, and the experimental results show that the algorithm is suitable for anomaly detection in industrial networks.

Named Data Networking (NDN) is an emerging network architecture, which is built by keeping data as its pivotal point. The in-network cache, one of the important characteristics, makes data packets to be available from multiple locations on the Internet. Hence data access control and their enforcement mechanisms become even more critical in the NDNs. In this paper, we propose a novel encryption-based data access control scheme using Role-Based Encryption (RBE). The inheritance property of our scheme provides a natural way to achieve efficient data access control over hierarchical content. This in turn makes our scheme suitable for large scale real world content-centric applications and services such as Netflix. Further, the proposed scheme introduces an anonymous signature-based authentication mechanism to reject bogus data requests nearer to the source, thereby preventing them from entering the network. This in turn helps to mitigate better denial of service attacks. In addition, the signature mechanism supports unlinkability, which is essential to prevent leakages of individual user's access patterns. Another major feature of the proposed scheme is that it provides accountability of the Internet Service Providers (ISPs) using batch signature verification. Moreover, we have developed a transparent and secure dispute resolution and payment mechanism using smart-contract and blockchain technologies. We present a formal security analysis of our scheme to show it is provably secure against Chosen Plaintext Attacks. We also demonstrate that our scheme supports more functionalities than the existing schemes and its performance is better in terms of computation, communication and storage.

Integrity verification of cloud data is of great importance for secure and effective cloud storage since attackers can change the data even though it is encrypted. Traditional integrity verification schemes only let the client know the integrity status of the remote data. When the data is corrupted, the system cannot hold the server accountable. Besides, almost all existing schemes assume that the users are credible. Instead, especially in a dynamic operation environment, users can deny their behaviors, and let the server bear the penalty of data loss. To address the issues above, we propose an accountable dynamic storage integrity verification (ADS-IV) scheme which provides means to detect or eliminate misbehavior of all participants. In the meanwhile, we modify the Invertible Bloom Filter (IBF) to recover the corrupted data and use the Mahalanobis distance to calculate the degree of damage. We prove that our scheme is secure under Computational Diffie-Hellman (CDH) assumption and Discrete Logarithm (DL) assumption and that the audit process is privacy-preserving. The experimental results demonstrate that the computational complexity of the audit is constant; the storage overhead is \$O(\textbackslashtextbackslashsqrt n )\$, which is only 1/400 of the size of the original data; and the whole communication overhead is O(1).As a result, the proposed scheme is not only suitable for large-scale cloud data storage systems, but also for systems with sensitive data, such as banking systems, medical systems, and so on.

Most present reconfiguration methods in sharding blockchains rely on a secure randomness, whose generation might be complicated. Besides, a reference committee is usually in charge of the reconfiguration, making the process not decentralized. To address the above issues, this paper proposes a secure and decentralized shard reconfiguration protocol, which allows each shard to complete the selection and confirmation of its own shard members in turn. The PoW mining puzzle is calculated using the public key hash value in the member list confirmed by the last shard. Through the mining and shard member list commitment process, each shard can update its members safely and efficiently once in a while. Furthermore, it is proved that our protocol satisfies the safety, consistency, liveness, and decentralization properties. The honest member proportion in each confirmed shard member list is guaranteed to exceed a certain safety threshold, and all honest nodes have an identical view on the list. The reconfiguration is ensured to make progress, and each node has the same right to participate in the process. Our secure and decentralized shard reconfiguration protocol could be applied to all committee-based sharding blockchains.

In this paper, a blockchain based scheme is proposed to provide registration, mutual authentication and data sharing in wireless sensor network. The proposed model consists of three types of nodes: coordinators, cluster heads and sensor nodes. A consortium blockchain is deployed on coordinator nodes. The smart contracts execute on coordinators to record the identities of legitimate nodes. Moreover, they authenticate nodes and facilitate in data sharing. When a sensor node communicate and accesses data of any other sensor node, both nodes mutually authenticate each other. The smart contract of data sharing is used to provide a secure communication and data exchange between sensor nodes. Moreover, the data of all the nodes is stored on the decentralized storage called interplanetary file system. The simulation results show the response time of IPFS and message size during authentication and registration.