Biblio

We study the power of interactivity in local differential privacy. First, we focus on the difference between fully interactive and sequentially interactive protocols. Sequentially interactive protocols may query users adaptively in sequence, but they cannot return to previously queried users. The vast majority of existing lower bounds for local differential privacy apply only to sequentially interactive protocols, and before this paper it was not known whether fully interactive protocols were more powerful. We resolve this question. First, we classify locally private protocols by their compositionality, the multiplicative factor by which the sum of a protocol's single-round privacy parameters exceeds its overall privacy guarantee. We then show how to efficiently transform any fully interactive compositional protocol into an equivalent sequentially interactive protocol with a blowup in sample complexity linear in this compositionality. Next, we show that our reduction is tight by exhibiting a family of problems such that any sequentially interactive protocol requires this blowup in sample complexity over a fully interactive compositional protocol. We then turn our attention to hypothesis testing problems. We show that for a large class of compound hypothesis testing problems - which include all simple hypothesis testing problems as a special case - a simple noninteractive test is optimal among the class of all (possibly fully interactive) tests.

As data security has become one of the most crucial issues in modern storage system/application designs, the data sanitization techniques are regarded as the promising solution on 3D NAND flash-memory-based devices. Many excellent works had been proposed to exploit the in-place reprogramming, erasure and encryption techniques to achieve and implement the sanitization functionalities. However, existing sanitization approaches could lead to performance, disturbance overheads or even deciphered issues. Different from existing works, this work aims at exploring an instantaneous data sanitization scheme by taking advantage of programming disturbance properties. Our proposed design can not only achieve the instantaneous data sanitization by exploiting programming disturbance and error correction code properly, but also enhance the performance with the recycling programming design. The feasibility and capability of our proposed design are evaluated by a series of experiments on 3D NAND flash memory chips, for which we have very encouraging results. The experiment results show that the proposed design could achieve the instantaneous data sanitization with low overhead; besides, it improves the average response time and reduces the number of block erase count by up to 86.8% and 88.8%, respectively.

We investigate an implementation of a compressive sampling (CS) stepped frequency ground penetrating radar. Due to the small number of targets, the B-scan is represented as a sparse image. Due to the nature of stepped frequency radar, smaller number of random frequencies can be used to obtain each A-scan (sparse delays). Also, the measurements obtained from different antenna positions can be reduced to a smaller number of random antenna positions. We also use the structure in the B-scan, i.e. the shape of the targets, which can be known, for instance, when detecting land mines. We demonstrate our method using radar data available from the Web from the land mine targets buried in the ground. We use group sparsity, i.e. we assume that the targets have some non-zero (and presumably known) dimension in the cross-range coordinate of the B-scan. For such targets, we also use the Markov chain model for the targets, where we simultaneously estimate the model parameters using the EMturboGAMP algorithm. Both approaches result in improved performance.

Wear and tear are essential in establishing the market value of an asset. From shutter counters on DSLRs to odometers inside cars, specific counters, that encode the degree of wear, exist on most products. But malicious modification of the information that they report was always a concern. Our work explores a solution to this problem by using the blockchain technology, a layered encoding of product attributes and identity-based cryptography. Merging such technologies is essential since blockchains facilitate the construction of a distributed database that is resilient to adversarial modifications, while identity-based signatures set room for a more convenient way to check the correctness of the reported values based on the name of the product and pseudonym of the owner alone. Nonetheless, we reinforce security by using ownership cards deployed around NFC tokens. Since odometer fraud is still a major practical concern, we discuss a practical scenario centered on vehicles, but the framework can be easily extended to many other assets.

Density information has been used as a property of sound to restore objects in a quantitative manner in ultrasound tomography based on backscatter theory. In the traditional method, the authors only study the distorted Born iterative method (DBIM) to create density images using Tikhonov regularization. The downside is that the image quality is still low, the resolution is low, the convergence rate is not high. In this paper, we study the DBIM method to create density images using compressive sampling technique. With compressive sampling technique, the probes will be randomly distributed on the measurement system (unlike the traditional method, the probes are evenly distributed on the measurement system). This approach uses the l1 regularization to restore images. The proposed method will give superior results in image recovery quality, spatial resolution. The limitation of this method is that the imaging time is longer than the one in the traditional method, but the less number of iterations is used in this method.

As many organizations deploy their chatbots on social network applications to interact with their customers, a person may switch among different chatbots for different services. To reduce the switching cost, this study proposed the Federated Chat Service Framework. The framework maintains user profiles and historical behaviors. Instead of deploying chatbots, organizations follow the rules of the framework to provide chat services. Therefore, the framework can organize service requests with context information and responses to emulate the conversations between users and chat services. Consequently, the study can hopefully contribute to reducing the cost for a user to communicate with different chatbots.

This paper focuses on the creation of information centric Cyber-Human Learning Frameworks involving Virtual Reality based mediums. A generalized framework is proposed, which is adapted for two educational domains: one to support education and training of residents in orthopedic surgery and the other focusing on science learning for children with autism. Users, experts and technology based mediums play a key role in the design of such a Cyber-Human framework. Virtual Reality based immersive and haptic mediums were two of the technologies explored in the implementation of the framework for these learning domains. The proposed framework emphasizes the importance of Information-Centric Systems Engineering (ICSE) principles which emphasizes a user centric approach along with formalizing understanding of target subjects or processes for which the learning environments are being created.

Trajectory data in the Internet of Things contains many behavioral information of users, and the method of Mix-zone can be used to separate the association among the user's movement trajectories. In this paper, the weighted undirected graph is used to establish a mathematical model for the Mix-zone, and a user flow-based algorithm is proposed to estimate the probability of migration between nodes in the graph. In response to the attack method basing on the migration probability, the traditional Mix-zone is improved. Finally, an algorithms for adaptively building enhanced Mix-zone is proposed and the simulation using real data sets shows the superiority of the algorithm.

A number of solutions have been proposed to tackle the user privacy-preserving issue. Most of existing schemes, however, focus on methodology and techniques from the perspective of data processing. In this paper, we propose a lightweight privacy-preserving scheme for user identity from the perspective of data user and applied cryptography. The basic idea is to break the association relationships between User identity and his behaviors and ensure that User can access data or services as usual while the real identity will not be revealed. To this end, an interactive zero-knowledge proof protocol of identity is executed between CSP and User. Besides, a trusted third-party is introduced to manage user information, help CSP to validate User identity and establish secure channel between CSP and User via random shared key. After passing identity validation, User can log into cloud platform as usual without changing existing business process using random temporary account and password generated by CSP and sent to User by the secure channel which can further obscure the association relationships between identity and behaviors. Formal security analysis and theoretic and experimental evaluations are conducted, showing that the proposal is efficient and practical.

Smart grid has evolved as the next generation power grid paradigm which enables the transfer of real time information between the utility company and the consumer via smart meter and advanced metering infrastructure (AMI). These information facilitate many services for both, such as automatic meter reading, demand side management, and time-of-use (TOU) pricing. However, there have been growing security and privacy concerns over smart grid systems, which are built with both smart and legacy information and operational technologies. Intrusion detection is a critical security service for smart grid systems, alerting the system operator for the presence of ongoing attacks. Hence, there has been lots of research conducted on intrusion detection in the past, especially anomaly-based intrusion detection. Problems emerge when common approaches of pattern recognition are used for imbalanced data which represent much more data instances belonging to normal behaviors than to attack ones, and these approaches cause low detection rates for minority classes. In this paper, we study various machine learning models to overcome this drawback by using CIC-IDS2018 dataset [1].

In this paper, we propose a conditional privacy-preserving authentication scheme based on pseudonyms and (t,n) threshold secret sharing, named CPPT, for vehicular communications. To achieve conditional privacy preservation, our scheme implements anonymous communications based on pseudonyms generated by hash chains. To prevent bad vehicles from conducting framed attacks on honest ones, CPPT introduces Shamir (t,n) threshold secret sharing technique. In addition, through two one-way hash chains, forward security and backward security are guaranteed, and it also optimize the revocation overhead. The size of certificate revocation list (CRL) is only proportional to the number of revoked vehicles and irrelated to how many pseudonymous certificates are held by the revoked vehicles. Extensive simulations demonstrate that CPPT outperforms ECPP, DCS, Hybrid and EMAP schemes in terms of revocation overhead, certificate updating overhead and authentication overhead.

In recent years, various cloud-based services have been introduced in our daily lives, and information security is now an important topic for protecting the users. In the literature, many technologies have been proposed and incorporated into different services. Data hiding or steganography is a data protection technology, and images are often used as the cover data. On the other hand, steganalysis is an important tool to test the security strength of a steganography technique. So far, steganalysis has been used mainly for detecting the existence of secret data given an image, i.e., to classify if the given image is a normal or a stego image. In this paper, we investigate the possibility of identifying the locations of the embedded data if the a given image is suspected to be a stego image. The purpose is of two folds. First, we would like to confirm the decision made by the first level steganalysis; and the second is to provide a way to guess the size of the embedded data. Our experimental results show that in most cases the embedding positions can be detected. This result can be useful for developing more secure steganography technologies.

A spin-Hall nano-oscillator (SHNO) is a type of spintronic oscillator that shows promising performance as a nanoscale microwave source and for neuromorphic computing applications. Within such nanodevices, a non-ferromagnetic layer in the presence of an external magnetic field and a DC bias current generates an oscillating microwave voltage. For developing optimal nano-oscillators, accurate simulations of the device's complex behaviour are required before fabrication. This work simulates the key behaviour of a nanoconstriction SHNO as the applied DC bias current is varied. The current density and Oersted field of the device have been presented, the magnetisation oscillations have been clearly visualised in three dimensions and the spatial distribution of the active mode determined. These simulations allow designers a greater understanding and characterisation of the device's behaviour while also providing a means of comparison when experimental resultsO are generated.

Malicious software, known as malware, has become urgently serious threat for computer security, so automatic mal-ware classification techniques have received increasing attention. In recent years, deep learning (DL) techniques for computer vision have been successfully applied for malware classification by visualizing malware files and then using DL to classify visualized images. Although DL-based classification systems have been proven to be much more accurate than conventional ones, these systems have been shown to be vulnerable to adversarial attacks. However, there has been little research to consider the danger of adversarial attacks to visualized image-based malware classification systems. This paper proposes an adversarial attack method based on the gradient to attack image-based malware classification systems by introducing perturbations on resource section of PE files. The experimental results on the Malimg dataset show that by a small interference, the proposed method can achieve success attack rate when challenging convolutional neural network malware classifiers.

The low attention to security and privacy causes some problems on data and information that can lead to a lack of public trust in e-Gov service. Security threats are not only included in technical issues but also non-technical issues and therefore, it needs the implementation of inclusive security. The application of inclusive security to e-Gov needs to develop a model involving security and privacy requirements as a trusted security solution. The method used is the elicitation of security and privacy requirements in a security perspective. Identification is carried out on security and privacy properties, then security and privacy relationships are determined. The next step is developing the design of an inclusive security model on e-Gov. The last step is doing an analysis of e-Gov service activities and the role of inclusive security. The results of this study identified security and privacy requirements for building inclusive security. Identification of security requirements involves properties such as confidentiality (C), integrity (I), availability (A). Meanwhile, privacy requirement involves authentication (Au), authorization (Az), and Non-repudiation (Nr) properties. Furthermore, an inclusive security design model on e-Gov requires trust of internet (ToI) and trust of government (ToG) as an e-Gov service provider. Access control is needed to provide solutions to e-Gov service activities.

Security and privacy of smart grid communication data is crucial given the nature of the continuous bidirectional information exchange between the consumer and the utilities. Data security has conventionally been ensured using cryptographic techniques implemented at the upper layers of the network stack. However, it has been shown that security can be further enhanced using physical layer (PHY) methods. To aid and/or complement such PHY and upper layer techniques, in this paper, we propose a PHY design that can detect and locate not only an active intruder but also a passive eavesdropper in the network. Our method can either be used as a stand-alone solution or together with existing techniques to achieve improved smart grid data security. Our machine learning based solution intelligently and automatically detects and locates a possible intruder in the network by reusing power line transmission modems installed in the grid for communication purposes. Simulation results show that our cost-efficient design provides near ideal intruder detection rates and also estimates its location with a high degree of accuracy.

Over the past few years, virtual and mixed reality systems have evolved significantly yielding high immersive experiences. Most of the metaphors used for interaction with the virtual environment do not provide the same meaningful feedback, to which the users are used to in the real world. This paper proposes a cyber-glove to improve the immersive sensation and the degree of embodiment in virtual and mixed reality interaction tasks. In particular, we are proposing a cyber-glove system that tracks wrist movements, hand orientation and finger movements. It provides a decoupled position of the wrist and hand, which can contribute to a better embodiment in interaction and manipulation tasks. Additionally, the detection of the curvature of the fingers aims to improve the proprioceptive perception of the grasping/releasing gestures more consistent to visual feedback. The cyber-glove system is being developed for VR applications related to real estate promotion, where users have to go through divisions of the house and interact with objects and furniture. This work aims to assess if glove-based systems can contribute to a higher sense of immersion, embodiment and usability when compared to standard VR hand controller devices (typically button-based). Twenty-two participants tested the cyber-glove system against the HTC Vive controller in a 3D manipulation task, specifically the opening of a virtual door. Metric results showed that 83% of the users performed faster door pushes, and described shorter paths with their hands wearing the cyber-glove. Subjective results showed that all participants rated the cyber-glove based interactions as equally or more natural, and 90% of users experienced an equal or a significant increase in the sense of embodiment.

The virtual world does not observe national borders, has no uniform legal system, and does not have a common perception of security and privacy issues. It is however, relatively homogenous in terms of technology.A cyberattack on an energy delivery system can have significant impacts on the availability of a system to perform critical functions as well as the integrity of the system and the confidentiality of sensitive information.

We study a model where a data collector obtains data from users through a payment mechanism to learn the underlying state from the elicited data. The private signal of each user represents her individual knowledge about the state. Through social interactions, each user can also learn noisy versions of her friends' signals, which is called group signals. Based on both her private signal and group signals, each user makes strategic decisions to report a privacy-preserved version of her data to the data collector. We develop a Bayesian game theoretic framework to study the impact of social learning on users' data reporting strategies and devise the payment mechanism for the data collector accordingly. Our findings reveal that, the Bayesian-Nash equilibrium can be in the form of either a symmetric randomized response (SR) strategy or an informative non-disclosive (ND) strategy. A generalized majority voting rule is applied by each user to her noisy group signals to determine which strategy to follow. When a user plays the ND strategy, she reports privacy-preserving data completely based on her group signals, independent of her private signal, which indicates that her privacy cost is zero. Both the data collector and the users can benefit from social learning which drives down the privacy costs and helps to improve the state estimation at a given payment budget. We derive bounds on the minimum total payment required to achieve a given level of state estimation accuracy.

The H2020 European research project GHOST - Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control - aims to deploy a highly effective security framework for IoT smart home residents through a novel reference architecture for user-centric cyber security in smart homes providing an unobtrusive and user-comprehensible solution. The aforementioned security framework leads to a transparent cyber security environment by increasing the effectiveness of the existing cyber security services and enhancing system's self-defence through disruptive software-enabled network security solutions. In this paper, GHOST security framework for IoT-based smart homes is presented. It is aiming to address the security challenges posed by several types of attacks, such as network, device and software. The effective design of the overall multi-layered architecture is analysed, with particular emphasis given to the integration aspects through dynamic and re-configurable solutions and the features provided by each one of the architectural layers. Additionally, real-life trials and the associated use cases are described showcasing the competences and potential of the proposed framework.

In this research project, we are interested by finding solutions to the problem of image analysis and processing in the encrypted domain. For security reasons, more and more digital data are transferred or stored in the encrypted domain. However, during the transmission or the archiving of encrypted images, it is often necessary to analyze or process them, without knowing the original content or the secret key used during the encryption phase. We propose to work on this problem, by associating theoretical aspects with numerous applications. Our main contributions concern: data hiding in encrypted images, correction of noisy encrypted images, recompression of crypto-compressed images and secret image sharing.

Smart Grids require extensive communication to enable safe and stable energy supply in the age of decentralized and dynamic energy production and consumption. To protect the communication in this critical infrastructure, public authorities mandate smart meter gateways (SMGWs) to be in control of the communication security. To this end, the SMGW intercepts all inbound and outbound communication of its premise, e.g., a factory or smart home, and forwards it on secure channels that the SMGW established itself. However, using the SMGW as proxy, local devices can neither review the security of these remote connections established by the SMGW nor enforce higher security guarantees than established by the all in one configuration of the SMGW which does not allow for use case-specific security settings. We present mechanisms that enable local devices to regain this insight and control over the full connection, i.e., up to the final receiver, while retaining the SMGW's ability to ensure a suitable security level. Our evaluation shows modest computation and transmission overheads for this increased security in the critical smart grid infrastructure.

This SQL injection attack is one of the common means for hackers to attack database. With the development of B/S mode application development, more and more programmers use this mode to write applications. However, due to the uneven level and experience of programmers, a considerable number of programmers do not judge the legitimacy of user input data when writing code, which makes the application security risks. Users can submit a database query code and get some data they want to know according to the results of the program. SQL injection attack belongs to one of the means of database security attack. It can be effectively protected by database security protection technology. This paper introduces the principle of SQL injection, the main form of SQL injection attack, the types of injection attack, and how to prevent SQL injection. Discussed and illustrated with examples.

{Static characteristic extraction method Control flow-based features proposed by Ding has the ability to detect malicious code with higher accuracy than traditional Text-based methods. However, this method resolved NP-hard problem in a graph, therefore it is not feasible with the large-size and high-complexity programs. So, we propose the C500-CFG algorithm in Control flow-based features based on the idea of dynamic programming, solving Ding's NP-hard problem in O(N2) time complexity, where N is the number of basic blocks in decom-piled executable codes. Our algorithm is more efficient and more outstanding in detecting malware than Ding's algorithm: fast processing time, allowing processing large files, using less memory and extracting more feature information. Applying our algorithms with IoT data sets gives outstanding results on 2 measures: Accuracy = 99.34%

There has been growing concern about privacy and security risks towards electronic-government (e-government) services adoption. Though there are positive results of e- government, there are still other contestable challenges that hamper success of e-government services. While many of the challenges have received considerable attention, there is still little to no firm research on others such as privacy and security risks, effects of infrastructure both in urban and rural settings. Other concerns that have received little consideration are how for instance; e-government serves as a function of perceived usefulness, ease of use, perceived benefit, as well as cultural dimensions and demographic constructs in South Africa. Guided by technology acceptance model, privacy calculus, Hofstede cultural theory and institutional logic theory, the current research sought to examine determinants of e- government use in developing countries. Anchored upon the aforementioned theories and background, the current study proposed three recommendations as potential value chain, derived from e-government service in response to citizens (end- user) support, government and community of stakeholders.