Biblio

Found 2356 results

Filters: Keyword is privacy  [Clear All Filters]
2023-09-20
Khalil, Md Yusuf, Vivek, Anand, Kumar, Paul, Antarlina, Grover, Rahul.  2022.  PDF Malware Analysis. 2022 7th International Conference on Computing, Communication and Security (ICCCS). :1—4.
This document addresses the issue of the actual security level of PDF documents. Two types of detection approaches are utilized to detect dangerous elements within malware: static analysis and dynamic analysis. Analyzing malware binaries to identify dangerous strings, as well as reverse-engineering is included in static analysis for t1he malware to disassemble it. On the other hand, dynamic analysis monitors malware activities by running them in a safe environment, such as a virtual machine. Each method has its own set of strengths and weaknesses, and it is usually best to employ both methods while analyzing malware. Malware detection could be simplified without sacrificing accuracy by reducing the number of malicious traits. This may allow the researcher to devote more time to analysis. Our worry is that there is no obvious need to identify malware with numerous functionalities when it isn't necessary. We will solve this problem by developing a system that will identify if the given file is infected with malware or not.
2023-02-17
Zehnder, E., Dinet, J., Charpillet, F..  2022.  Perception of physical and virtual agents: exploration of factors influencing the acceptance of intrusive domestic agents. 2022 31st IEEE International Conference on Robot and Human Interactive Communication (RO-MAN). :1050–1057.
Domestic robots and agents are widely sold to the grand public, leading us to ethical issues related to the data harvested by such machines. While users show a general acceptance of these robots, concerns remain when it comes to information security and privacy. Current research indicates that there’s a privacy-security trade-off for better use, but the anthropomorphic and social abilities of a robot are also known to modulate its acceptance and use. To explore and deepen what literature already brought on the subject we examined how users perceived their robot (Replika, Roomba©, Amazon Echo©, Google Home©, or Cozmo©/Vector©) through an online questionnaire exploring acceptance, perceived privacy and security, anthropomorphism, disclosure, perceived intimacy, and loneliness. The results supported the literature regarding the potential manipulative effects of robot’s anthropomorphism for acceptance but also information disclosure, perceived intimacy, security, and privacy.
ISSN: 1944-9437
2023-09-18
Oshio, Kei, Takada, Satoshi, Han, Chansu, Tanaka, Akira, Takeuchi, Jun'ichi.  2022.  Poster: Flexible Function Estimation of IoT Malware Using Graph Embedding Technique. 2022 IEEE Symposium on Computers and Communications (ISCC). :1—3.
Most IoT malware is variants generated by editing and reusing parts of the functions based on publicly available source codes. In our previous study, we proposed a method to estimate the functions of a specimen using the Function Call Sequence Graph (FCSG), which is a directed graph of execution sequence of function calls. In the FCSG-based method, the subgraph corresponding to a malware functionality is manually created and called a signature-FSCG. The specimens with the signature-FSCG are expected to have the corresponding functionality. However, this method cannot detect the specimens with a slightly different subgraph from the signature-FSCG. This paper found that these specimens were supposed to have the same functionality for a signature-FSCG. These specimens need more flexible signature matching, and we propose a graph embedding technique to realize it.
2023-02-03
Muliono, Yohan, Darus, Mohamad Yusof, Pardomuan, Chrisando Ryan, Ariffin, Muhammad Azizi Mohd, Kurniawan, Aditya.  2022.  Predicting Confidentiality, Integrity, and Availability from SQL Injection Payload. 2022 International Conference on Information Management and Technology (ICIMTech). :600–605.
SQL Injection has been around as a harmful and prolific threat on web applications for more than 20 years, yet it still poses a huge threat to the World Wide Web. Rapidly evolving web technology has not eradicated this threat; In 2017 51 % of web application attacks are SQL injection attacks. Most conventional practices to prevent SQL injection attacks revolves around secure web and database programming and administration techniques. Despite developer ignorance, a large number of online applications remain susceptible to SQL injection attacks. There is a need for a more effective method to detect and prevent SQL Injection attacks. In this research, we offer a unique machine learning-based strategy for identifying potential SQL injection attack (SQL injection attack) threats. Application of the proposed method in a Security Information and Event Management(SIEM) system will be discussed. SIEM can aggregate and normalize event information from multiple sources, and detect malicious events from analysis of these information. The result of this work shows that a machine learning based SQL injection attack detector which uses SIEM approach possess high accuracy in detecting malicious SQL queries.
2023-09-20
Winahyu, R R Kartika, Somantri, Maman, Nurhayati, Oky Dwi.  2022.  Predicting Creditworthiness of Smartphone Users in Indonesia during the COVID-19 pandemic using Machine Learning. 2021 International Seminar on Machine Learning, Optimization, and Data Science (ISMODE). :223—227.
In this research work, we attempted to predict the creditworthiness of smartphone users in Indonesia during the COVID-19 pandemic using machine learning. Principal Component Analysis (PCA) and Kmeans algorithms are used for the prediction of creditworthiness with the used a dataset of 1050 respondents consisting of twelve questions to smartphone users in Indonesia during the COVID-19 pandemic. The four different classification algorithms (Logistic Regression, Support Vector Machine, Decision Tree, and Naive Bayes) were tested to classify the creditworthiness of smartphone users in Indonesia. The tests carried out included testing for accuracy, precision, recall, F1-score, and Area Under Curve Receiver Operating Characteristics (AUCROC) assesment. Logistic Regression algorithm shows the perfect performances whereas Naïve Bayes (NB) shows the least. The results of this research also provide new knowledge about the influential and non-influential variables based on the twelve questions conducted to the respondents of smartphone users in Indonesia during the COVID-19 pandemic.
2023-02-17
Biström, Dennis, Westerlund, Magnus, Duncan, Bob, Jaatun, Martin Gilje.  2022.  Privacy and security challenges for autonomous agents : A study of two social humanoid service robots. 2022 IEEE International Conference on Cloud Computing Technology and Science (CloudCom). :230–237.
The development of autonomous agents have gained renewed interest, largely due to the recent successes of machine learning. Social robots can be considered a special class of autonomous agents that are often intended to be integrated into sensitive environments. We present experiences from our work with two specific humanoid social service robots, and highlight how eschewing privacy and security by design principles leads to implementations with serious privacy and security flaws. The paper introduces the robots as platforms and their associated features, ecosystems and cloud platforms that are required for certain use cases or tasks. The paper encourages design aims for privacy and security, and then in this light studies the implementation from two different manufacturers. The results show a worrisome lack of design focus in handling privacy and security. The paper aims not to cover all the security flaws and possible mitigations, but does look closer into the use of the WebSocket protocol and it’s challenges when used for operational control. The conclusions of the paper provide insights on how manufacturers can rectify the discovered security flaws and presents key policies like accountability when it comes to implementing technical features of autonomous agents.
ISSN: 2330-2186
2023-07-20
Schindler, Christian, Atas, Müslüm, Strametz, Thomas, Feiner, Johannes, Hofer, Reinhard.  2022.  Privacy Leak Identification in Third-Party Android Libraries. 2022 Seventh International Conference On Mobile And Secure Services (MobiSecServ). :1—6.
Developers of mobile applications rely on the trust of their customers. On the one hand the requirement exists to create feature-rich and secure apps, which adhere to privacy standards to not deliberately disclose user information. On the other hand the development process must be streamlined to reduce costs. Here third-party libraries come into play. Inclusion of many, possibly nested libraries pose security risks, app-creators are often not aware of. This paper presents a way to combine free open-source tools to support developers in checking their application that it does not induce security issues by using third-party libraries. The tools FlowDroid, Frida, and mitm-proxy are used in combination in a simple and viable way to perform checks to identify privacy leaks of third-party apps. Our proposed setup and configuration empowers average app developers to preserve user privacy without being dedicated security experts and without expensive external advice.
2023-07-14
Priya, M Janani, Yamuna, G.  2022.  Privacy preserving Data security model for Cloud Computing Technology. 2022 International Conference on Smart Technologies and Systems for Next Generation Computing (ICSTSN). :1–5.
New advancements in cloud computing technology enable the usage of cloud platforms for business purposes rapidly increasing every day. Data accumulation related to business transactions, Communications, business model architecture and much other information are stored in the cloud platform and access Dubai the business Associates commonly. Considering the security point of view data stored in the cloud need to be highly secured and accessed through authentication. The proposed system is focused on evaluating a cloud integrity auditing model in which the security and privacy preserving system is being audited, privacy is decided using a machine learning algorithm. The proposed model is developed using a hybrid CatBoost algorithm (HCBA) in which the input data is stored into the cloud platform using Bring your own encryption Key (BYOEK). The security of BYOEK model is evaluated and validated with respect to the given test model in terms of Execution time comparison Vs. Data transactions.
2023-05-12
Naseri, Amir Mohammad, Lucia, Walter, Youssef, Amr.  2022.  A Privacy Preserving Solution for Cloud-Enabled Set-Theoretic Model Predictive Control. 2022 European Control Conference (ECC). :894–899.
Cloud computing solutions enable Cyber-Physical Systems (CPSs) to utilize significant computational resources and implement sophisticated control algorithms even if limited computation capabilities are locally available for these systems. However, such a control architecture suffers from an important concern related to the privacy of sensor measurements and the computed control inputs within the cloud. This paper proposes a solution that allows implementing a set-theoretic model predictive controller on the cloud while preserving this privacy. This is achieved by exploiting the offline computations of the robust one-step controllable sets used by the controller and two affine transformations of the sensor measurements and control optimization problem. It is shown that the transformed and original control problems are equivalent (i.e., the optimal control input can be recovered from the transformed one) and that privacy is preserved if the control algorithm is executed on the cloud. Moreover, we show how the actuator can take advantage of the set-theoretic nature of the controller to verify, through simple set-membership tests, if the control input received from the cloud is admissible. The correctness of the proposed solution is verified by means of a simulation experiment involving a dual-tank water system.
2023-06-30
Gupta, Rishabh, Singh, Ashutosh Kumar.  2022.  Privacy-Preserving Cloud Data Model based on Differential Approach. 2022 Second International Conference on Power, Control and Computing Technologies (ICPC2T). :1–6.
With the variety of cloud services, the cloud service provider delivers the machine learning service, which is used in many applications, including risk assessment, product recommen-dation, and image recognition. The cloud service provider initiates a protocol for the classification service to enable the data owners to request an evaluation of their data. The owners may not entirely rely on the cloud environment as the third parties manage it. However, protecting data privacy while sharing it is a significant challenge. A novel privacy-preserving model is proposed, which is based on differential privacy and machine learning approaches. The proposed model allows the various data owners for storage, sharing, and utilization in the cloud environment. The experiments are conducted on Blood transfusion service center, Phoneme, and Wilt datasets to lay down the proposed model's efficiency in accuracy, precision, recall, and Fl-score terms. The results exhibit that the proposed model specifies high accuracy, precision, recall, and Fl-score up to 97.72%, 98.04%, 97.72%, and 98.80%, respectively.
2023-01-06
S, Harichandana B S, Agarwal, Vibhav, Ghosh, Sourav, Ramena, Gopi, Kumar, Sumit, Raja, Barath Raj Kandur.  2022.  PrivPAS: A real time Privacy-Preserving AI System and applied ethics. 2022 IEEE 16th International Conference on Semantic Computing (ICSC). :9—16.
With 3.78 billion social media users worldwide in 2021 (48% of the human population), almost 3 billion images are shared daily. At the same time, a consistent evolution of smartphone cameras has led to a photography explosion with 85% of all new pictures being captured using smartphones. However, lately, there has been an increased discussion of privacy concerns when a person being photographed is unaware of the picture being taken or has reservations about the same being shared. These privacy violations are amplified for people with disabilities, who may find it challenging to raise dissent even if they are aware. Such unauthorized image captures may also be misused to gain sympathy by third-party organizations, leading to a privacy breach. Privacy for people with disabilities has so far received comparatively less attention from the AI community. This motivates us to work towards a solution to generate privacy-conscious cues for raising awareness in smartphone users of any sensitivity in their viewfinder content. To this end, we introduce PrivPAS (A real time Privacy-Preserving AI System) a novel framework to identify sensitive content. Additionally, we curate and annotate a dataset to identify and localize accessibility markers and classify whether an image is sensitive to a featured subject with a disability. We demonstrate that the proposed lightweight architecture, with a memory footprint of a mere 8.49MB, achieves a high mAP of 89.52% on resource-constrained devices. Furthermore, our pipeline, trained on face anonymized data. achieves an F1-score of 73.1%.
2023-06-30
Ma, Xuebin, Yang, Ren, Zheng, Maobo.  2022.  RDP-WGAN: Image Data Privacy Protection Based on Rényi Differential Privacy. 2022 18th International Conference on Mobility, Sensing and Networking (MSN). :320–324.
In recent years, artificial intelligence technology based on image data has been widely used in various industries. Rational analysis and mining of image data can not only promote the development of the technology field but also become a new engine to drive economic development. However, the privacy leakage problem has become more and more serious. To solve the privacy leakage problem of image data, this paper proposes the RDP-WGAN privacy protection framework, which deploys the Rényi differential privacy (RDP) protection techniques in the training process of generative adversarial networks to obtain a generative model with differential privacy. This generative model is used to generate an unlimited number of synthetic datasets to complete various data analysis tasks instead of sensitive datasets. Experimental results demonstrate that the RDP-WGAN privacy protection framework provides privacy protection for sensitive image datasets while ensuring the usefulness of the synthetic datasets.
2023-04-28
Nema, Tesu, Parsai, M. P..  2022.  Reconstruction of Incomplete Image by Radial Sampling. 2022 International Conference on Computer Communication and Informatics (ICCCI). :1–4.
Signals get sampled using Nyquist rate in conventional sampling method, but in compressive sensing the signals sampled below Nyquist rate by randomly taking the signal projections and reconstructing it out of very few estimations. But in case of recovering the image by utilizing compressive measurements with the help of multi-resolution grid where the image has certain region of interest (RoI) that is more important than the rest, it is not efficient. The conventional Cartesian sampling cannot give good result in motion image sensing recovery and is limited to stationary image sensing process. The proposed work gives improved results by using Radial sampling (a type of compression sensing). This paper discusses the approach of Radial sampling along with the application of Sparse Fourier Transform algorithms that helps in reducing acquisition cost and input/output overhead.
ISSN: 2329-7190
Lu, Chaofan.  2022.  Research on the technical application of artificial intelligence in network intrusion detection system. 2022 International Conference on Electronics and Devices, Computational Science (ICEDCS). :109–112.
Network intrusion detection technology has been a popular application technology for current network security, but the existing network intrusion detection technology in the application process, there are problems such as low detection efficiency, low detection accuracy and other poor detection performance. To solve the above problems, a new treatment combining artificial intelligence with network intrusion detection is proposed. Artificial intelligence-based network intrusion detection technology refers to the application of artificial intelligence techniques, such as: neural networks, neural algorithms, etc., to network intrusion detection, and the application of these artificial intelligence techniques makes the automatic detection of network intrusion detection models possible.
2023-09-18
Cao, Michael, Ahmed, Khaled, Rubin, Julia.  2022.  Rotten Apples Spoil the Bunch: An Anatomy of Google Play Malware. 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE). :1919—1931.
This paper provides an in-depth analysis of Android malware that bypassed the strictest defenses of the Google Play application store and penetrated the official Android market between January 2016 and July 2021. We systematically identified 1,238 such malicious applications, grouped them into 134 families, and manually analyzed one application from 105 distinct families. During our manual analysis, we identified malicious payloads the applications execute, conditions guarding execution of the payloads, hiding techniques applications employ to evade detection by the user, and other implementation-level properties relevant for automated malware detection. As most applications in our dataset contain multiple payloads, each triggered via its own complex activation logic, we also contribute a graph-based representation showing activation paths for all application payloads in form of a control- and data-flow graph. Furthermore, we discuss the capabilities of existing malware detection tools, put them in context of the properties observed in the analyzed malware, and identify gaps and future research directions. We believe that our detailed analysis of the recent, evasive malware will be of interest to researchers and practitioners and will help further improve malware detection tools.
2023-06-09
Wang, Jinwen, Li, Ao, Li, Haoran, Lu, Chenyang, Zhang, Ning.  2022.  RT-TEE: Real-time System Availability for Cyber-physical Systems using ARM TrustZone. 2022 IEEE Symposium on Security and Privacy (SP). :352—369.
Embedded devices are becoming increasingly pervasive in safety-critical systems of the emerging cyber-physical world. While trusted execution environments (TEEs), such as ARM TrustZone, have been widely deployed in mobile platforms, little attention has been given to deployment on real-time cyber-physical systems, which present a different set of challenges compared to mobile applications. For safety-critical cyber-physical systems, such as autonomous drones or automobiles, the current TEE deployment paradigm, which focuses only on confidentiality and integrity, is insufficient. Computation in these systems also needs to be completed in a timely manner (e.g., before the car hits a pedestrian), putting a much stronger emphasis on availability.To bridge this gap, we present RT-TEE, a real-time trusted execution environment. There are three key research challenges. First, RT-TEE bootstraps the ability to ensure availability using a minimal set of hardware primitives on commodity embedded platforms. Second, to balance real-time performance and scheduler complexity, we designed a policy-based event-driven hierarchical scheduler. Third, to mitigate the risks of having device drivers in the secure environment, we designed an I/O reference monitor that leverages software sandboxing and driver debloating to provide fine-grained access control on peripherals while minimizing the trusted computing base (TCB).We implemented prototypes on both ARMv8-A and ARMv8-M platforms. The system is tested on both synthetic tasks and real-life CPS applications. We evaluated rover and plane in simulation and quadcopter both in simulation and with a real drone.
2023-07-12
Hadi, Ahmed Hassan, Abdulshaheed, Sameer Hameed, Wadi, Salim Muhsen.  2022.  Safeguard Algorithm by Conventional Security with DNA Cryptography Method. 2022 Muthanna International Conference on Engineering Science and Technology (MICEST). :195—201.
Encryption defined as change information process (which called plaintext) into an unreadable secret format (which called ciphertext). This ciphertext could not be easily understood by somebody except authorized parson. Decryption is the process to converting ciphertext back into plaintext. Deoxyribonucleic Acid (DNA) based information ciphering techniques recently used in large number of encryption algorithms. DNA used as data carrier and the modern biological technology is used as implementation tool. New encryption algorithm based on DNA is proposed in this paper. The suggested approach consists of three steps (conventional, stream cipher and DNA) to get high security levels. The character was replaced by shifting depend character location in conventional step, convert to ASCII and AddRoundKey was used in stream cipher step. The result from second step converted to DNA then applying AddRoundKey with DNA key. The evaluation performance results proved that the proposed algorithm cipher the important data with high security levels.
2023-02-17
Lu, Shaofeng, Lv, Chengzhe, Wang, Wei, Xu, Changqing, Fan, Huadan, Lu, Yuefeng, Hu, Yulong, Li, Wenxi.  2022.  Secret Numerical Interval Decision Protocol for Protecting Private Information and Its Application. 2022 Asia Conference on Algorithms, Computing and Machine Learning (CACML). :726–731.
Cooperative secure computing based on the relationship between numerical value and numerical interval is not only the basic problems of secure multiparty computing but also the core problems of cooperative secure computing. It is of substantial theoretical and practical significance for information security in relation to scientific computing to continuously investigate and construct solutions to such problems. Based on the Goldwasser-Micali homomorphic encryption scheme, this paper propose the Morton rule, according to the characteristics of the interval, a double-length vector is constructed to participate in the exclusive-or operation, and an efficient cooperative decision-making solution for integer and integer interval security is designed. This solution can solve more basic problems in cooperative security computation after suitable transformations. A theoretical analysis shows that this solution is safe and efficient. Finally, applications that are based on these protocols are presented.
2023-07-20
Moni, Shafika Showkat, Gupta, Deepti.  2022.  Secure and Efficient Privacy-preserving Authentication Scheme using Cuckoo Filter in Remote Patient Monitoring Network. 2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA). :208—216.
With the ubiquitous advancement in smart medical devices and systems, the potential of Remote Patient Monitoring (RPM) network is evolving in modern healthcare systems. The medical professionals (doctors, nurses, or medical experts) can access vitals and sensitive physiological information about the patients and provide proper treatment to improve the quality of life through the RPM network. However, the wireless nature of communication in the RPM network makes it challenging to design an efficient mechanism for secure communication. Many authentication schemes have been proposed in recent years to ensure the security of the RPM network. Pseudonym, digital signature, and Authenticated Key Exchange (AKE) protocols are used for the Internet of Medical Things (IoMT) to develop secure authorization and privacy-preserving communication. However, traditional authentication protocols face overhead challenges due to maintaining a large set of key-pairs or pseudonyms results on the hospital cloud server. In this research work, we identify this research gap and propose a novel secure and efficient privacy-preserving authentication scheme using cuckoo filters for the RPM network. The use of cuckoo filters in our proposed scheme provides an efficient way for mutual anonymous authentication and a secret shared key establishment process between medical professionals and patients. Moreover, we identify the misbehaving sensor nodes using a correlation-based anomaly detection model to establish secure communication. The security analysis and formal security validation using SPAN and AVISPA tools show the robustness of our proposed scheme against message modification attacks, replay attacks, and man-in-the-middle attacks.
2023-03-17
Pham, Hong Thai, Nguyen, Khanh Nam, Phun, Vy Hoa, Dang, Tran Khanh.  2022.  Secure Recommender System based on Neural Collaborative Filtering and Federated Learning. 2022 International Conference on Advanced Computing and Analytics (ACOMPA). :1–11.
A recommender system aims to suggest the most relevant items to users based on their personal data. However, data privacy is a growing concern for anyone. Secure recommender system is a research direction to preserve user privacy while maintaining as high performance as possible. The most recent strategy is to use Federated Learning, a machine learning technique for privacy-preserving distributed training. In Federated Learning, a subset of users will be selected for training model using data at local systems, the server will securely aggregate the computing result from local models to generate a global model, finally that model will give recommendations to users. In this paper, we present a novel algorithm to train Collaborative Filtering recommender system specialized for the ranking task in Federated Learning setting, where the goal is to protect user interaction information (i.e., implicit feedback). Specifically, with the help of the algorithm, the recommender system will be trained by Neural Collaborative Filtering, one of the state-of-the-art matrix factorization methods and Bayesian Personalized Ranking, the most common pairwise approach. In contrast to existing approaches which protect user privacy by requiring users to download/upload the information associated with all interactions that they can possibly interact with in order to perform training, the algorithm can protect user privacy at low communication cost, where users only need to obtain/transfer the information related to a small number of interactions per training iteration. Above all, through extensive experiments, the algorithm has demonstrated to utilize user data more efficient than the most recent research called FedeRank, while ensuring that user privacy is still preserved.
2023-06-22
Raghav, Nidhi, Bhola, Anoop Kumar.  2022.  Secured framework for privacy preserving healthcare based on blockchain. 2022 International Conference on Computer Communication and Informatics (ICCCI). :1–5.
Healthcare has become one of the most important aspects of people’s lives, resulting in a surge in medical big data. Healthcare providers are increasingly using Internet of Things (IoT)-based wearable technologies to speed up diagnosis and treatment. In recent years, Through the Internet, billions of sensors, gadgets, and vehicles have been connected. One such example is for the treatment and care of patients, technology—remote patient monitoring—is already commonplace. However, these technologies also offer serious privacy and data security problems. Data transactions are transferred and logged. These medical data security and privacy issues might ensue from a pause in therapy, putting the patient’s life in jeopardy. We planned a framework to manage and analyse healthcare large data in a safe manner based on blockchain. Our model’s enhanced privacy and security characteristics are based on data sanitization and restoration techniques. The framework shown here make data and transactions more secure.
ISSN: 2329-7190
2023-07-12
Bari, N., Wajid, M., Ali Shah, M., Ejaz, G., Stanikzai, A. Q..  2022.  Securing digital economies byimplementing DNA cryptography with amino acid and one-time pad. Competitive Advantage in the Digital Economy (CADE 2022). 2022:99—104.
Technology is transforming rapidly. Security during data transmission is an increasingly critical and essential factor for the integrity and confidentiality of data in the financial domain, such as e-commerce transactions and bank transactions, etc. We cannot overestimate the importance of encryption/decryption of information in the digital economy. The need to strengthen and secure the digital economy is urgent. Cryptography maintains the security and integrity of data kept on computers and data communicated over the internet using encryption/decryption. A new concept in cryptography named DNA cryptography has attracted the interest of information security professionals. The DNA cryptography method hides data using a DNA sequence, with DNA encryption converting binary data into the DNA sequence. Deoxy Ribonucleic Acid (DNA) is a long polymer strand having nitrogen bases adenine (A), thymine (T), cytosine (C), and guanine (G), which play an important role in plain text encoding and decoding. DNA has high storage capacity, fast processing, and high computation capacity, and is more secure than other cryptography algorithms. DNA cryptography supports both symmetric and asymmetric cryptography. DNA cryptography can encrypt numeric values, English language and unicast. The main aim of this paper is to explain different aspects of DNA cryptography and how it works. We also compare different DNA algorithms/methods proposed in a previous paper, and implement DNA cryptography using one-time pad (OTP) and amino acid sequence using java language. OTP is used for symmetric key generation and the DNA sequence is converted to an amino acid sequence to create confusion.
2023-01-13
Benarous, Leila, Boudjit, Saadi.  2022.  Security and Privacy Evaluation Methods and Metrics in Vehicular Networks. 2022 IEEE 19th Annual Consumer Communications & Networking Conference (CCNC). :1—6.
The vehicular networks extend the internet services to road edge. They allow users to stay connected offering them a set of safety and infotainment services like weather forecasts and road conditions. The security and privacy are essential issues in computing systems and networks. They are particularly important in vehicular networks due to their direct impact on the users’ safety on road. Various researchers have concentrated their efforts on resolving these two issues in vehicular networks. A great number of researches are found in literature and with still existing open issues and security risks to be solved, the research is continuous in this area. However, the researchers may face some difficulties in choosing the correct method to prove their works or to illustrate their excellency in comparison with existing solutions. In this paper, we review a set of evaluation methodologies and metrics to measure, proof or analyze privacy and security solutions. The aim of this review is to illuminate the readers about the possible existing methods to help them choose the correct techniques to use and reduce their difficulties.
2023-08-23
Zhang, Chaochao, HOU, RUI.  2022.  Security Support on Memory Controller for Heap Memory Safety. 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :248—257.
Memory corruption attacks have existed for multiple decades, and have become a major threat to computer systems. At the same time, a number of defense techniques have been proposed by research community. With the wide adoption of CPU-based memory safety solutions, sophisticated attackers tend to tamper with system memory via direct memory access (DMA) attackers, which leverage DMA-enabled I/O peripherals to fully compromise system memory. The Input-Output Memory Management Units (IOMMUs) based solutions are widely believed to mitigate DMA attacks. However, recent works point out that attackers can bypass IOMMU-based protections by manipulating the DMA interfaces, which are particularly vulnerable to race conditions and other unsafe interactions.State-of-the-art hardware-supported memory protections rely on metadata to perform security checks on memory access. Consequently, the additional memory request for metadata results in significant performance degradation, which limited their feasibility in real world deployments. For quantitative analysis, we separate the total metadata access latency into DRAM latency, on-chip latency, and cache latency, and observe that the actual DRAM access is less than half of the total latency. To minimize metadata access latency, we propose EMC, a low-overhead heap memory safety solution that implements a tripwire based mechanism on the memory controller. In addition, by using memory controller as a natural gateway of various memory access data paths, EMC could provide comprehensive memory safety enforcement to all memory data paths from/to system physical memory. Our evaluation shows an 0.54% performance overhead on average for SPEC 2017 workloads.
2023-06-30
Shejy, Geocey, Chavan, Pallavi.  2022.  Sensitivity Support in Data Privacy Algorithms. 2022 2nd Asian Conference on Innovation in Technology (ASIANCON). :1–4.
Personal data privacy is a great concern by governments across the world as citizens generate huge amount of data continuously and industries using this for betterment of user centric services. There must be a reasonable balance between data privacy and utility of data. Differential privacy is a promise by data collector to the customer’s personal privacy. Centralised Differential Privacy (CDP) is performing output perturbation of user’s data by applying required privacy budget. This promises the inclusion or exclusion of individual’s data in data set not going to create significant change for a statistical query output and it offers -Differential privacy guarantee. CDP is holding a strong belief on trusted data collector and applying global sensitivity of the data. Local Differential Privacy (LDP) helps user to locally perturb his data and there by guaranteeing privacy even with untrusted data collector. Many differential privacy algorithms handles parameters like privacy budget, sensitivity and data utility in different ways and mostly trying to keep trade-off between privacy and utility of data. This paper evaluates differential privacy algorithms in regard to the privacy support it offers according to the sensitivity of the data. Generalized application of privacy budget is found ineffective in comparison to the sensitivity based usage of privacy budget.