Biblio

Unauthorized access of the data is one of the major threat for the real world digital data communication. Digital images are one of the most vital subset of the digital data. Several important and sensitive information is conveyed through digital images. Hence, digital image security is one of the foremost interest of the researchers. Cryptographic algorithms Biological sequences are often used to encrypt data due to their inherent features. DNA encryption is one of the widely used method used for data security which is based on the properties of the biological sequences. To protect the images from unwanted accesses, a new two stage method is proposed in this work. DNA Encryption and Polymerase Chain Reaction (PCR) Amplification is used to enhance the security. The proposed method is evaluated using different standard parameters that shows the efficiency of the algorithm.

Differential privacy, which is due to its rigorous mathematical proof and strong privacy guarantee, has become a standard for the release of statistics with privacy protection. Recently, a lot of dynamic data publishing algorithms based on differential privacy have been proposed, but most of the algorithms use a native method to allocate the privacy budget. That is, the limited privacy budget is allocated to each time point uniformly, which may result in the privacy budget being unreasonably utilized and reducing the utility of data. In order to make full use of the limited privacy budget in the dynamic data publishing and improve the utility of data publishing, we propose a dynamic data publishing algorithm based on reinforcement learning in this paper. The algorithm consists of two parts: privacy budget allocation and data release. In the privacy budget allocation phase, we combine the idea of reinforcement learning and the changing characteristics of dynamic data, and establish a reinforcement learning model for the allocation of privacy budget. Finally, the algorithm finds a reasonable privacy budget allocation scheme to publish dynamic data. In the data release phase, we also propose a new dynamic data publishing strategy to publish data after the privacy budget is exhausted. Extensive experiments on real datasets demonstrate that our algorithm can allocate the privacy budget reasonably and improve the utility of dynamic data publishing.

From the point of view of statistical signal processing, the dynamic range for one-bit quantisers with time-varying thresholds is studied. Maximum tolerable amplitudes, minimum detectable amplitudes and dynamic ranges of this one-bit sampling approach and uniform quantisers, such as N-bits analogue-to-digital converters (ADCs), are derived and simulated. The results reveal that like conventional ADCs, the dynamic ranges of one-bit sampling approach are linearly proportional to the Gaussian noise standard deviations, while one-bit sampling's dynamic ranges are lower than N-bits ADC under the same noise levels.

The edge and fog computing paradigms enable more responsive and smarter systems without relying on cloud servers for data processing and storage. This reduces network load as well as latency. Nonetheless, the addition of new layers in the network architecture increases the number of security vulnerabilities. In privacy-critical systems, the appearance of new vulnerabilities is more significant. To cope with this issue, we propose and implement an Ethereum Blockchain based architecture with edge artificial intelligence to analyze data at the edge of the network and keep track of the parties that access the results of the analysis, which are stored in distributed databases.

Most of the security algorithms proposed for the sensor networks such as secure routing, data encryption and authentication, and intrusion detection target protecting the content of the collected data from being exposed to different types of attacks. However, the context of the collected data, such as event occurrence, event time, and event location, is not addressed by these security mechanisms and can still be leaked to the adversaries. Therefore, we propose in this paper a novel and efficient unobservability scheme for source/sink location privacy for wireless multimedia sensor networks. The proposed privacy scheme is based on a cross-layer design between the application and routing layers in order to exploit the multimedia processing technique with multipath routing to hide the event occurrences and locations of important nodes without degrading the network performance. Simulation analysis shows that our proposed scheme satisfies the privacy requirements and has better performance compared to other existing techniques.

In recent years, cloud computing has gained lots of importance and is being used in almost all applications in terms of various services. One of the most widely used service is storage as a service. Even though the stored data can be accessed from anytime and at any place, security of such data remains a prime concern of storage server as well as data owner. It may possible that the stored data can be altered or deleted. Therefore, it is essential to verify the correctness of data (auditing) and an agent termed as Third Party Auditor (TPA) can be utilised to do so. Existing auditing approaches have their own strengths and weakness. Hence, it is essential to propose auditing scheme which eliminates limitations of existing auditing mechanisms. Here we are proposing public auditing scheme which supports data dynamics as well as preserves privacy. Data owner, TPA, and cloud server are integral part of any auditing mechanism. Data in the form of various blocks are encoded, hashed, concatenated and then signature is calculated on it. This scheme also supports data dynamics in terms of addition, modification and deletion of data. TPA reads encoded data from cloud server and perform hashing, merging and signature calculation for checking correctness of data. In this paper, we have proposed efficient privacy preserving and dynamic public auditing by utilizing Merkle Hash Tree (MHT) for indexing of encoded data. It allows updating of data dynamically while preserving data integrity. It supports data dynamics operations like insert, modify and deletion. Several users can request for storage correctness simultaneously and it will be efficiently handled in the proposed scheme. It also minimizes the communication and computing cost. The proposed auditing scheme is experimented and results are evaluated considering various block size and file size parameters.

With the increase in the incidences of data leakage, enterprises have started to realize that the endpoints (especially mobile devices) used by their employees are the primary cause of data breach in most of the cases. Data shows that employee training, which aims to promote the awareness of protecting the sensitive data of the organization is not very useful. Besides, popular third-party cloud services make it even more difficult for employees to keep the secrets of their workplace safer. This pressing issue has caused the emergence of a significant market for various software products that provide endpoint data protection for these organizations. Our study will discuss some methods and technologies that deal with traditional, negative endpoint protection: Endpoint protection platform (EPP), and another new, positive endpoint protection: Endpoint detection and response (EDR). The comparison and evaluation between EPP and EDR in mechanism and effectiveness will also be shown. The study also aims to analyze the merits, faults, and key features that an excellent protection software should have. The objective of this paper is to assist small-scale and big-scale companies to improve their understanding of insider threats in such rapidly developing cyberspace, which is full of potential risks and attacks. This will also help the companies to have better control over their employee's endpoint to be able to avoid any future data leaks. It will also help negligent users to comprehend how serious is the problem that they are faced with, and how they should be careful in handling their privacy when they are surfing the Internet while being connected to the company's network. This paper aims to contribute to further research on endpoint detection and protection or some similar topics by trying to predict the future of protection products.

To increase security and to offer user experiences according to the requirements of a hyper-connected world, modern vehicles are integrating complex electronic systems, being transformed into systems of Cyber-Physical Systems (CPS). While a great diversity of heterogeneous hardware and software components must work together and control in real-time crucial functionalities, cybersecurity for the automotive sector is still in its infancy. This paper provides an analysis of the most common vulnerabilities and risks of connected vehicles, using a real example based on industrial and market-ready technologies. Several components have been implemented to inject and simulate multiple attacks, which enable security services and mitigation actions to be developed and validated.

Smart Grid (SG) is regarded as complex electrical power system due to massive penetration of Renewable Energy Resources and Distribution Generations. The implementation of adjustable speed drives, advance power electronic devices, and electric arc furnaces are incorporated in SG (the transition from conventional power system). Moreover, SG is an advance, automated, controlled, efficient, digital, and intelligent system that ensures pertinent benefits, such as: (a) consumer empowerment, (b) advanced communication infrastructure, (c) user-friendly system, and (d) supports bi-directional power flow. Digital Signal Processing (DSP) is key tool for SG deployment and provides key solutions to a vast array of complex SG challenges. This research provides a comprehensive study on DSP interactions within SG. The prominent challenges posed by conventional grid, such as: (a) monitoring and control, (b) Electric Vehicles infrastructure, (c) cyber data injection attack, (d) Demand Response management and (e) cyber data injection attack are thoroughly investigated in this research.

Benchmarking is an important measure for companies to investigate their performance and to increase efficiency. As companies usually are reluctant to provide their key performance indicators (KPIs) for public benchmarks, privacy-preserving benchmarking systems are required. In this paper, we present an enhanced privacy-preserving benchmarking protocol, which we implemented and evaluated based on the real-world scenario of product cost optimisation. It is based on homomorphic encryption and enables cloud-based KPI comparison, providing a variety of statistical measures. The theoretical and empirical evaluation of our benchmarking system underlines its practicability.

Typically, in an assessment project for a web application or database with a large scale and scope, tasks required to be performed by a security analyst are such as SQL injection and penetration testing. To carry out these large-scale tasks, the analyst will have to perform 100 or more SQLi penetration tests on one or more target. This makes the process much more complex and much harder to implement. This paper attempts to compare large-scale SQL injections performed with Manual Methods, which is the benchmark, and the proposed SQLiAutoScript Method. The SQLiAutoScript method uses sqlmap as a tool, in combination with sqlmap scripting and logging features, to facilitate a more effective and manageable approach within a large scale of hundreds or thousands of SQL injection penetration tests. Comparison of the test results for both Manual and SQLiAutoScript approaches and their benefits is included in the comparative analysis. The tests were performed over a scope of 24 SQL injection (SQLi) tests that comprises over 100,000 HTTP requests and injections, and within a total testing run-time period of about 50 hours. The scope of testing also covers both SQLiAutoScript and Manual methods. In the SQLiAutoScript method, each SQL injection test has its own sub-folder and files for data such as results (output), progress (traffic logs) and logging. In this way across all SQLi tests, the results, data and details related to SQLi tests are logged, available, traceable, accurate and not missed out. Available and traceable data also facilitates traceability of failed SQLi tests, and higher recovery and reruns of failed SQLi tests to maximize increased attack surface upon the target.

With the emergence of IoT, wearable devices are drawing attention and becoming part of our daily life. These wearable devices collect private information about their wearers. Mostly, a secure authentication process is used to verify a legitimate user that relies on the mobile terminal. Similarly, remote cloud services are used for verification and authentication of both wearable devices and wearers. Security is necessary to preserve the privacy of users. Some traditional authentication protocols are proposed which have vulnerabilities and are prone to different attacks like forgery, de-synchronization, and un-traceability issues. To address these vulnerabilities, recently, Wu et al. (2017) proposed a cloud-assisted authentication scheme which is costly in terms of computations required. Therefore this paper proposed an improved, lightweight and computationally efficient authentication scheme for wearable devices. The proposed scheme provides similar level of security as compared to Wu's (2017) scheme but requires 41.2% lesser computations.

A distributed energy resource prototype is used to show cybersecurity best practices. These best practices include straightforward security techniques, such as encrypted serial communication. The best practices include more sophisticated security techniques, such as a method to evaluate and respond to firmware integrity at run-time. The prototype uses embedded Linux, a hardware-assisted monitor, one or more digital signal processors, and grid-connected power electronics. Security features to protect communication, firmware, power flow, and hardware are developed. The firmware run-time integrity security is presently evaluated, and shown to maintain power electronics uptime during firmware updating. The firmware run-time security feature can be extended to allow software rejuvenation, multi-mission controls, and greater flexibility and security in controls.

In this paper, we leverage previous work in the Identity Ecosystem, a Bayesian network mathematical representation of a person's identity, to create a framework to evaluate identity protection systems. Information dynamic is considered and a protection game is formed given that the owner and the attacker both gain some level of control over the status of other PII within the dynamic Identity Ecosystem. We present a policy iteration algorithm to solve the optimal policy for the game and discuss its convergence. Finally, an evaluation and comparison of identity protection strategies is provided given that an optimal policy is used against different protection policies. This study is aimed to understand the evolutionary process of identity theft and provide a framework for evaluating different identity protection strategies and future privacy protection system.

Research in genetic improvement (GI) conventionally focuses on the improvement of software, including the automated repair of bugs and vulnerabilities as well as the refinement of software to increase performance. Eliminating or reducing vulnerabilities using GI has improved the security of benign software, but the growing volume and complexity of malicious software necessitates better analysis techniques that may benefit from a GI-based approach. Rather than focus on the use of GI to improve individual software artifacts, we believe GI can be applied to the tools used to analyze malicious code for its behavior. First, malware analysis is critical to understanding the damage caused by an attacker, which GI-based bug repair does not currently address. Second, modern malware samples leverage complex vectors for infection that cannot currently be addressed by GI. In this paper, we discuss an application of genetic improvement to the realm of automated malware analysis through the use of variable-strength covering arrays.

With the current significant penetration of mobile devices (i.e. smartphones and tablets) and the tremendous increase in the number of the corresponding mobile applications, they have become an indispensable part of our lives. Nowadays, there is a significant growth in the number of sensitive applications such as personal health applications, personal financial applications, home monitoring applications, etc. In addition, with the significant growth of Internet-of-Things (IoT) devices, smartphones and the corresponding applications are widely considered as the Internet gateways for these devices. Mobile devices mostly use wireless LANs (WLANs) (i.e., WiFi networks) as the prominent network interface to the Internet. However, due to the broadcast nature of WiFi links, wireless traffics are exposed to any eavesdropping adversary within the WLAN. Despite WiFi encryption, studies show that application usage information could be inferred from the encrypted wireless traffic. The leakage of this sensitive information is very serious issue that will significantly impact users' privacy and security. In addressing this privacy concern, we design and develop a lightweight programmable privacy framework, called PrivacyGuard. PrivacyGuard is inspired by the vision of pushing the Software Defined Network (SDN)-like paradigm all the way to wireless network edge, is designed to support of adopting privacy preserving policies to protect the wireless communication of the sensitive applications. In this paper, we demonstrate and evaluate a prototype of PrivacyGuard framework on Android devices showing the flexibility and efficiency of the framework.

Wireless networks offer great flexibility and ease of deployment for the rapid implementation of smart grids. However, these data network technologies are prone to security issues. Especially, the risk of eavesdropping attacks increases due to the inherent characteristics of the wireless medium. In this context, physical layer security can augment secrecy through appropriate coding and signal processing. In this paper we consider the use of faster-than-Nyquist signaling to introduce artificial noise in the wireless network segment of the smart grid; with the aim of reinforce the information security at the physical layer. The results show that the proposed scheme can significantly improves the secrecy rate of the channel. Guaranteeing, in coexistence with other security mechanisms and despite the presence of potential eavesdroppers, a reliable and secure flow of information for smart grids.

We consider the problem of reinforcing federated learning with formal privacy guarantees. We propose to employ Bayesian differential privacy, a relaxation of differential privacy for similarly distributed data, to provide sharper privacy loss bounds. We adapt the Bayesian privacy accounting method to the federated setting and suggest multiple improvements for more efficient privacy budgeting at different levels. Our experiments show significant advantage over the state-of-the-art differential privacy bounds for federated learning on image classification tasks, including a medical application, bringing the privacy budget below ε = 1 at the client level, and below ε = 0.1 at the instance level. Lower amounts of noise also benefit the model accuracy and reduce the number of communication rounds.

Many organizations around the world recognize the vitality of cloud computing. However, some concerns make organizations reluctant to adopting cloud computing. These include data security, privacy, and trust issues. It is very important that these issues are addressed to meet client concerns and to encourage the wider adoption of cloud computing. This paper develops a user privacy framework based upon on emerging security model that includes access control, encryption and protection monitor schemas in the cloud environment.

Cognitive Radio is a prominent solution for effective spectral resource utilization. The rapidly growing device to device (D2D) communications and the next generation networks urge the cognitive radio networks to facilitate wideband spectrum sensing in order to assure newer spectral opportunities. As Nyquist sampling rates are formidable owing to complexity and cost of the ADCs, compressive sampling approaches are becoming increasingly popular. One such approach exploited in this paper is the Modulated Wideband Converter (MWC) to recover the spectral support. On the multiple measurement vector (MMV) framework provided by the MWC, threshold based Orthogonal Matching Pursuit (OMP) and Sparse Bayesian Learning (SBL) algorithms are employed for support recovery. We develop a Graphical User Interface (GUI) that assists a beginner to simulate the RF front-end of a MWC and thereby enables the user to explore support recovery as a function of Signal to Noise Ratio (SNR), number of measurement vectors and threshold. The GUI enables the user to explore spectrum sensing in DVB-T, 3G and 4G bands and recovers the support using OMP or SBL approach. The results show that the performance of SBL is better than that of OMP at a lower SNR values.

Advancement in communication technologies and the Internet of Things (IoT) is driving adoption in smart cities that aims to increase operational efficiency and improve the quality of services and citizen welfare, among other potential benefits. The privacy, reliability, and integrity of communications must be ensured so that actions can be appropriate, safe, accurate, and implemented promptly after receiving actionable information. In this work, we present a multi-tier methodology consisting of an authentication and trust-building/distribution framework designed to ensure the safety and validity of the information exchanged in the system. Blockchain protocols and Radio Frequency-Distinct Native Attributes (RF-DNA) combine to provide a hardware-software codesigned system for enhanced device identity and overall system trustworthiness. Our threat model accounts for counterfeiting, breakout fraud, and bad mouthing of one entity by others. Entity trust (e.g., IoT devices) depends on quality and level of participation, quality of messages, lifetime of a given entity in the system, and the number of known "bad" (non-consensus) messages sent by that entity. Based on this approach to trust, we are able to adjust trust upward and downward as a function of real-time and past behavior, providing other participants with a trust value upon which to judge information from and interactions with the given entity. This approach thereby reduces the potential for manipulation of an IoT system by a bad or byzantine actor.

We propose a novel hybrid imaging system to acquire 4D high-speed hyperspectral (HSHS) videos with high spatial and spectral resolution. The proposed system consists of two branches: one branch performs Nyquist sampling in the temporal dimension while integrating the whole spectrum, resulting in a high-frame-rate panchromatic video; the other branch performs compressive sampling in the spectral dimension with longer exposures, resulting in a low-frame-rate hyperspectral video. Owing to the high light throughput and complementary sampling, these two branches jointly provide reliable measurements for recovering the underlying HSHS video. Moreover, the panchromatic video can be used to learn an over-complete 3D dictionary to represent each band-wise video sparsely, thanks to the inherent structural similarity in the spectral dimension. Based on the joint measurements and the self-adaptive dictionary, we further propose a simultaneous spectral sparse (3S) model to reinforce the structural similarity across different bands and develop an efficient computational reconstruction algorithm to recover the HSHS video. Both simulation and hardware experiments validate the effectiveness of the proposed approach. To the best of our knowledge, this is the first time that hyperspectral videos can be acquired at a frame rate up to 100fps with commodity optical elements and under ordinary indoor illumination.

Hiding contents of users' messages has been successfully addressed before, while anonymization of message senders remains a challenge since users do not usually trust ISPs and messaging application providers. To resolve this challenge, several solutions have been proposed so far. Among them, the Dining Cryptographers network protocol (DC-net) provides the strongest anonymity guarantees. However, DC-net suffers from two critical issues that makes it impractical, i.e., (1) collision possibility and (2) vulnerability against disruptions. Apart from that, we noticed a third critical issue during our investigation. (3) DC-net users can be deanonymized after they publish at least three messages. We name this problem the short stability issue and prove that anonymity is provided only for a few cycles of message publishing. As far as we know, this problem has not been identified in the previous research works. In this paper, we propose Harmonized and Stable DC-net (HSDC-net), a self-organizing protocol for anonymous communications. In our protocol design, we first resolve the short stability issue and obtain SDC-net, a stable extension of DC-net. Then, we integrate the Slot Reservation and Disruption Management sub-protocols into SDC-net to overcome the collision and security issues, respectively. The obtained HSDC-net protocol can also be integrated into blockchain-based cryptocurrencies (e.g. Bitcoin) to mix multiple transactions (belonging to different users) into a single transaction in such a way that the source of each payment is unknown. This preserves privacy of blockchain users. Our prototype implementation shows that HSDC-net achieves low latencies that makes it a practical protocol.

This research concerns the detection of unauthorised access within hospital networks through the real-time analysis of audit logs. Privacy is a primary concern amongst patients due to the rising adoption of Electronic Patient Record (EPR) systems. There is growing evidence to suggest that patients may withhold information from healthcare providers due to lack of Trust in the security of EPRs. Yet, patient record data must be available to healthcare providers at the point of care. Ensuring privacy and confidentiality of that data is challenging. Roles within healthcare organisations are dynamic and relying on access control is not sufficient. Through proactive monitoring of audit logs, unauthorised accesses can be detected and presented to an analyst for review. Advanced data analytics and visualisation techniques can be used to aid the analysis of big data within EPR audit logs to identify and highlight pertinent data points. Employing a human-in-the-loop model ensures that suspicious activity is appropriately investigated and the data analytics is continuously improving. This paper presents a system that employs a Human-in-the-Loop Machine Learning (HILML) algorithm, in addition to a density-based local outlier detection model. The system is able to detect 145 anomalous behaviours in an unlabelled dataset of 1,007,727 audit logs. This equates to 0.014% of the EPR accesses being labelled as anomalous in a specialist Liverpool (UK) hospital.

In this paper, we propose the first traffic monitoring and labeling system for iOS devices, named iMonitor, which not just captures mobile network traffic in .pcap files, but also provides comprehensive APP-related and user-related information of captured packets. Through further analysis, one can obtain the exact APP or device where each packet comes from. The labeled traffic can be used in many research areas for mobile security, such as privacy leakage detection and user profiling. Given the implementation methodology of NetworkExtension framework of iOS 9+, APP labels of iMonitor are reliable enough so that labeled traffic can be regarded as training data for any traffic classification methods. Evaluations on real iPhones demonstrate that iMonitor has no notable impact upon user experience even with slight packet latency. Also, the experiment result supports our motivation that mobile traffic monitoring for iOS is absolutely necessary, as traffic generated by different OSes like Android and iOS are different and unreplaceable in researches.