Biblio

Found 2356 results

Filters: Keyword is privacy  [Clear All Filters]
2023-01-20
Choudhary, Sachin, Kumar, Abhimanyu, Kumar, Krishan.  2022.  An Efficient Key Agreement Protocol for Smart Grid communication. 2022 2nd International Conference on Emerging Frontiers in Electrical and Electronic Technologies (ICEFEET). :1—5.
Integration of technology with power grid emerged Smart grid. The advancement of power grid into smart grid faces some security issues like message mod-ification attacks, message injection attacks etc. If these issues are correctly not addressed, then the performance of the smart grid is degraded. Smart grid has bidirectional communication among the smart grid entities. The flow of user energy consumption information between all smart grid entities may lead the user privacy violation. Smart grids have various components but service providers and smart meters are the main components. Smart meters have sensing and communication functionality, while service providers have control and communication functionality. There are many privacy preservation schemes proposed that ensure the cus-tomer's privacy in the smart grid. To preserve the customer's data privacy and communication, authentication and key agreement schemes are required between the smart meter and the service provider. This paper proposes an efficient key agreement protocol to handle several security challenges in smart grid. The proposed protocol is tested against the various security attributes necessary for a key establishment protocol and found safe. Further the performance of the proposed work is compared with several others existing work for smart grid application and it has been observed that the proposed protocol performs significantly better than the existing protocols available in the literature.
2023-08-11
Patel, Sakshi, V, Thanikaiselvan.  2022.  New Image Encryption Algorithm based on Pixel Confusion-Diffusion using Hash Functions and Chaotic Map. 2022 7th International Conference on Communication and Electronics Systems (ICCES). :862—867.
Information privacy and security has become a necessity in the rapid growth of computer technology. A new algorithm for image encryption is proposed in this paper; using hash functions, chaotic map and two levels of diffusion process. The initialization key for chaos map is generated with the help of two hash functions. The initial seed for these hash functions is the sum of rows, columns and pixels across the diagonal of the plain image. Firstly, the image is scrambled using quantization unit. In the first level of diffusion process, the pixel values of the scrambled image are XOR with the normalized chaotic map. Odd pixel value is XOR with an even bit of chaotic map and even pixel is XOR with an odd bit of chaotic map. To achieve strong encryption, the image undergoes a second level of diffusion process where it is XOR with the map a finite number of times. After every round, the pixel array is circular shifted three times to achieve a strong encrypted image. The experimental and comparative analysis done with state of the art techniques on the proposed image encryption algorithm shows that it is strong enough to resist statistical and differential attacks present in the communication channel.
2023-02-03
Praveen, Sivakami, Dcouth, Alysha, Mahesh, A S.  2022.  NoSQL Injection Detection Using Supervised Text Classification. 2022 2nd International Conference on Intelligent Technologies (CONIT). :1–5.
For a long time, SQL injection has been considered one of the most serious security threats. NoSQL databases are becoming increasingly popular as big data and cloud computing technologies progress. NoSQL injection attacks are designed to take advantage of applications that employ NoSQL databases. NoSQL injections can be particularly harmful because they allow unrestricted code execution. In this paper we use supervised learning and natural language processing to construct a model to detect NoSQL injections. Our model is designed to work with MongoDB, CouchDB, CassandraDB, and Couchbase queries. Our model has achieved an F1 score of 0.95 as established by 10-fold cross validation.
2023-01-06
Hai, Xuesong, Liu, Jing.  2022.  PPDS: Privacy Preserving Data Sharing for AI applications Based on Smart Contracts. 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC). :1561—1566.
With the development of artificial intelligence, the need for data sharing is becoming more and more urgent. However, the existing data sharing methods can no longer fully meet the data sharing needs. Privacy breaches, lack of motivation and mutual distrust have become obstacles to data sharing. We design a privacy-preserving, decentralized data sharing method based on blockchain smart contracts, named PPDS. To protect data privacy, we transform the data sharing problem into a model sharing problem. This means that the data owner does not need to directly share the raw data, but the AI model trained with such data. The data requester and the data owner interact on the blockchain through a smart contract. The data owner trains the model with local data according to the requester's requirements. To fairly assess model quality, we set up several model evaluators to assess the validity of the model through voting. After the model is verified, the data owner who trained the model will receive reward in return through a smart contract. The sharing of the model avoids direct exposure of the raw data, and the reasonable incentive provides a motivation for the data owner to share the data. We describe the design and workflow of our PPDS, and analyze the security using formal verification technology, that is, we use Coloured Petri Nets (CPN) to build a formal model for our approach, proving its security through simulation execution and model checking. Finally, we demonstrate effectiveness of PPDS by developing a prototype with its corresponding case application.
Alotaibi, Jamal, Alazzawi, Lubna.  2022.  PPIoV: A Privacy Preserving-Based Framework for IoV- Fog Environment Using Federated Learning and Blockchain. 2022 IEEE World AI IoT Congress (AIIoT). :597—603.
The integration of the Internet-of-Vehicles (IoV) and fog computing benefits from cooperative computing and analysis of environmental data while avoiding network congestion and latency. However, when private data is shared across fog nodes or the cloud, there exist privacy issues that limit the effectiveness of IoV systems, putting drivers' safety at risk. To address this problem, we propose a framework called PPIoV, which is based on Federated Learning (FL) and Blockchain technologies to preserve the privacy of vehicles in IoV.Typical machine learning methods are not well suited for distributed and highly dynamic systems like IoV since they train on data with local features. Therefore, we use FL to train the global model while preserving privacy. Also, our approach is built on a scheme that evaluates the reliability of vehicles participating in the FL training process. Moreover, PPIoV is built on blockchain to establish trust across multiple communication nodes. For example, when the local learned model updates from the vehicles and fog nodes are communicated with the cloud to update the global learned model, all transactions take place on the blockchain. The outcome of our experimental study shows that the proposed method improves the global model's accuracy as a result of allowing reputed vehicles to update the global model.
Abbasi, Wisam, Mori, Paolo, Saracino, Andrea, Frascolla, Valerio.  2022.  Privacy vs Accuracy Trade-Off in Privacy Aware Face Recognition in Smart Systems. 2022 IEEE Symposium on Computers and Communications (ISCC). :1—8.
This paper proposes a novel approach for privacy preserving face recognition aimed to formally define a trade-off optimization criterion between data privacy and algorithm accuracy. In our methodology, real world face images are anonymized with Gaussian blurring for privacy preservation. The anonymized images are processed for face detection, face alignment, face representation, and face verification. The proposed methodology has been validated with a set of experiments on a well known dataset and three face recognition classifiers. The results demonstrate the effectiveness of our approach to correctly verify face images with different levels of privacy and results accuracy, and to maximize privacy with the least negative impact on face detection and face verification accuracy.
2023-06-16
Lavania, Kushagra, Gupta, Gaurang, Kumar, D.V.N. Siva.  2022.  A Secure and Efficient Fine-Grained Deletion Approach over Encrypted Data. 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC). :1123—1128.
Documents are a common method of storing infor-mation and one of the most conventional forms of expression of ideas. Cloud servers store a user's documents with thousands of other users in place of physical storage devices. Indexes corresponding to the documents are also stored at the cloud server to enable the users to retrieve documents of their interest. The index includes keywords, document identities in which the keywords appear, along with Term Frequency-Inverse Document Frequency (TF-IDF) values which reflect the keywords' relevance scores of the dataset. Currently, there are no efficient methods to delete keywords from millions of documents over cloud servers while avoiding any compromise to the user's privacy. Most of the existing approaches use algorithms that divide a bigger problem into sub-problems and then combine them like divide and conquer problems. These approaches don't focus entirely on fine-grained deletion. This work is focused on achieving fine-grained deletion of keywords by keeping the size of the TF-IDF matrix constant after processing the deletion query, which comprises of keywords to be deleted. The experimental results of the proposed approach confirm that the precision of ranked search still remains very high after deletion without recalculation of the TF-IDF matrix.
2023-01-20
Yao, Jiming, Wu, Peng, Chen, Duanyun, Wang, Wei, Fang, Youxu.  2022.  A security scheme for network slicing selection based on Pohlig-Hellman algorithm in smart grid. 2022 IEEE 10th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). 10:906—910.
5G has significantly facilitated the development of attractive applications such as autonomous driving and telemedicine due to its lower latency, higher data rates, and enormous connectivity. However, there are still some security and privacy issues in 5G, such as network slicing privacy and flexibility and efficiency of network slicing selection. In the smart grid scenario, this paper proposes a 5G slice selection security scheme based on the Pohlig-Hellman algorithm, which realizes the protection of slice selection privacy data between User i(Ui) and Access and Mobility Management function (AMF), so that the data will not be exposed to third-party attackers. Compared with other schemes, the scheme proposed in this paper is simple in deployment, low in computational overhead, and simple in process, and does not require the help of PKI system. The security analysis also verifies that the scheme can accurately protect the slice selection privacy data between Ui and AMF.
2023-06-02
Sharad Sonawane, Hritesh, Deshmukh, Sanika, Joy, Vinay, Hadsul, Dhanashree.  2022.  Torsion: Web Reconnaissance using Open Source Intelligence. 2022 2nd International Conference on Intelligent Technologies (CONIT). :1—4.

Internet technology has made surveillance widespread and access to resources at greater ease than ever before. This implied boon has countless advantages. It however makes protecting privacy more challenging for the greater masses, and for the few hacktivists, supplies anonymity. The ever-increasing frequency and scale of cyber-attacks has not only crippled private organizations but has also left Law Enforcement Agencies(LEA's) in a fix: as data depicts a surge in cases relating to cyber-bullying, ransomware attacks; and the force not having adequate manpower to tackle such cases on a more microscopic level. The need is for a tool, an automated assistant which will help the security officers cut down precious time needed in the very first phase of information gathering: reconnaissance. Confronting the surface web along with the deep and dark web is not only a tedious job but which requires documenting the digital footprint of the perpetrator and identifying any Indicators of Compromise(IOC's). TORSION which automates web reconnaissance using the Open Source Intelligence paradigm, extracts the metadata from popular indexed social sites and un-indexed dark web onion sites, provided it has some relating Intel on the target. TORSION's workflow allows account matching from various top indexed sites, generating a dossier on the target, and exporting the collected metadata to a PDF file which can later be referenced.

2023-02-03
Samuel, Henry D, Kumar, M Santhanam, Aishwarya, R., Mathivanan, G..  2022.  Automation Detection of Malware and Stenographical Content using Machine Learning. 2022 6th International Conference on Computing Methodologies and Communication (ICCMC). :889–894.
In recent times, the occurrence of malware attacks are increasing at an unprecedented rate. Particularly, the image-based malware attacks are spreading worldwide and many people get harmful malware-based images through the technique called steganography. In the existing system, only open malware and files from the internet can be identified. However, the image-based malware cannot be identified and detected. As a result, so many phishers make use of this technique and exploit the target. Social media platforms would be totally harmful to the users. To avoid these difficulties, Machine learning can be implemented to find the steganographic malware images (contents). The proposed methodology performs an automatic detection of malware and steganographic content by using Machine Learning. Steganography is used to hide messages from apparently innocuous media (e.g., images), and steganalysis is the approach used for detecting this malware. This research work proposes a machine learning (ML) approach to perform steganalysis. In the existing system, only open malware and files from the internet are identified but in the recent times many people get harmful malware-based images through the technique called steganography. Social media platforms would be totally harmful to the users. To avoid these difficulties, the proposed Machine learning has been developed to appropriately detect the steganographic malware images (contents). Father, the steganalysis method using machine learning has been developed for performing logistic classification. By using this, the users can avoid sharing the malware images in social media platforms like WhatsApp, Facebook without downloading it. It can be also used in all the photo-sharing sites such as google photos.
Roobini, M.S., Srividhya, S.R., Sugnaya, Vennela, Kannekanti, Nikhila, Guntumadugu.  2022.  Detection of SQL Injection Attack Using Adaptive Deep Forest. 2022 International Conference on Communication, Computing and Internet of Things (IC3IoT). :1–6.
Injection attack is one of the best 10 security dangers declared by OWASP. SQL infusion is one of the main types of attack. In light of their assorted and quick nature, SQL injection can detrimentally affect the line, prompting broken and public data on the site. Therefore, this article presents a profound woodland-based technique for recognizing complex SQL attacks. Research shows that the methodology we use resolves the issue of expanding and debasing the first condition of the woodland. We are currently presenting the AdaBoost profound timberland-based calculation, which utilizes a blunder level to refresh the heaviness of everything in the classification. At the end of the day, various loads are given during the studio as per the effect of the outcomes on various things. Our model can change the size of the tree quickly and take care of numerous issues to stay away from issues. The aftereffects of the review show that the proposed technique performs better compared to the old machine preparing strategy and progressed preparing technique.
2023-07-21
Almutairi, Mishaal M., Apostolopoulou, Dimitra, Halikias, George, Abi Sen, Adnan Ahmed, Yamin, Mohammad.  2022.  Enhancing Privacy and Security in Crowds using Fog Computing. 2022 9th International Conference on Computing for Sustainable Global Development (INDIACom). :57—62.
Thousands of crowded events take place every year. Often, management does not properly implement and manage privacy and security of data of the participants and personnel of the events. Crowds are also prone to significant security issues and become vulnerable to terrorist attacks. The aim of this paper is to propose a privacy and security framework for large, crowded events like the Hajj, Kumbh, Arba'een, and many sporting events and musical concerts. The proposed framework uses the latest technologies including Internet of Things, and Fog computing, especially in the Location based Services environments. The proposed framework can also be adapted for many other scenarios and situations.
2023-02-03
Ashlam, Ahmed Abadulla, Badii, Atta, Stahl, Frederic.  2022.  A Novel Approach Exploiting Machine Learning to Detect SQLi Attacks. 2022 5th International Conference on Advanced Systems and Emergent Technologies (IC\_ASET). :513–517.
The increasing use of Information Technology applications in the distributed environment is increasing security exploits. Information about vulnerabilities is also available on the open web in an unstructured format that developers can take advantage of to fix vulnerabilities in their IT applications. SQL injection (SQLi) attacks are frequently launched with the objective of exfiltration of data typically through targeting the back-end server organisations to compromise their customer databases. There have been a number of high profile attacks against large enterprises in recent years. With the ever-increasing growth of online trading, it is possible to see how SQLi attacks can continue to be one of the leading routes for cyber-attacks in the future, as indicated by findings reported in OWASP. Various machine learning and deep learning algorithms have been applied to detect and prevent these attacks. However, such preventive attempts have not limited the incidence of cyber-attacks and the resulting compromised database as reported by (CVE) repository. In this paper, the potential of using data mining approaches is pursued in order to enhance the efficacy of SQL injection safeguarding measures by reducing the false-positive rates in SQLi detection. The proposed approach uses CountVectorizer to extract features and then apply various supervised machine-learning models to automate the classification of SQLi. The model that returns the highest accuracy has been chosen among available models. Also a new model has been created PALOSDM (Performance analysis and Iterative optimisation of the SQLI Detection Model) for reducing false-positive rate and false-negative rate. The detection rate accuracy has also been improved significantly from a baseline of 94% up to 99%.
Kumar, Abhinav, Tourani, Reza, Vij, Mona, Srikanteswara, Srikathyayani.  2022.  SCLERA: A Framework for Privacy-Preserving MLaaS at the Pervasive Edge. 2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops). :175–180.
The increasing data generation rate and the proliferation of deep learning applications have led to the development of machine learning-as-a-service (MLaaS) platforms by major Cloud providers. The existing MLaaS platforms, however, fall short in protecting the clients’ private data. Recent distributed MLaaS architectures such as federated learning have also shown to be vulnerable against a range of privacy attacks. Such vulnerabilities motivated the development of privacy-preserving MLaaS techniques, which often use complex cryptographic prim-itives. Such approaches, however, demand abundant computing resources, which undermine the low-latency nature of evolving applications such as autonomous driving.To address these challenges, we propose SCLERA–an efficient MLaaS framework that utilizes trusted execution environment for secure execution of clients’ workloads. SCLERA features a set of optimization techniques to reduce the computational complexity of the offloaded services and achieve low-latency inference. We assessed SCLERA’s efficacy using image/video analytic use cases such as scene detection. Our results show that SCLERA achieves up to 23× speed-up when compared to the baseline secure model execution.
2022-12-20
Gracia, Mulumba Banza, Malele, Vusumuzi, Ndlovu, Sphiwe Promise, Mathonsi, Topside Ehleketani, Maaka, Lebogang, Muchenje, Tonderai.  2022.  6G Security Challenges and Opportunities. 2022 IEEE 13th International Conference on Mechanical and Intelligent Manufacturing Technologies (ICMIMT). :339–343.
The Sixth Generation (6G) is currently under development and it is a planned successor of the Fifth Generation (5G). It is a new wireless communication technology expected to have a greater coverage area, significant fast and a higher data rate. The aim of this paper is to examine the literature on challenges and possible solutions of 6G's security, privacy and trust. It uses the systematic literature review technique by searching five research databases for search engines which are precise keywords like “6G,” “6G Wireless communication,” and “sixth generation”. The latter produced a total of 1856 papers, then the security, privacy and trust issues of the 6G wireless communication were extracted. Two security issues, the artificial intelligence and visible light communication, were apparent. In conclusion, there is a need for new paradigms that will provide a clear 6G security solutions.
2023-03-03
Hong, Geng, Yang, Zhemin, Yang, Sen, Liaoy, Xiaojing, Du, Xiaolin, Yang, Min, Duan, Haixin.  2022.  Analyzing Ground-Truth Data of Mobile Gambling Scams. 2022 IEEE Symposium on Security and Privacy (SP). :2176–2193.
With the growth of mobile computing techniques, mobile gambling scams have seen a rampant increase in the recent past. In mobile gambling scams, miscreants deliver scamming messages via mobile instant messaging, host scam gambling platforms on mobile apps, and adopt mobile payment channels. To date, there is little quantitative knowledge about how this trending cybercrime operates, despite causing daily fraud losses estimated at more than \$\$\$522,262 USD. This paper presents the first empirical study based on ground-truth data of mobile gambling scams, associated with 1,461 scam incident reports and 1,487 gambling scam apps, spanning from January 1, 2020 to December 31, 2020. The qualitative and quantitative analysis of this ground-truth data allows us to characterize the operational pipeline and full fraud kill chain of mobile gambling scams. In particular, we study the social engineering tricks used by scammers and reveal their effectiveness. Our work provides a systematic analysis of 1,068 confirmed Android and 419 iOS scam apps, including their development frameworks, declared permissions, compatibility, and backend network infrastructure. Perhaps surprisingly, our study unveils that public online app generators have been abused to develop gambling scam apps. Our analysis reveals several payment channels (ab)used by gambling scam app and uncovers a new type of money mule-based payment channel with the average daily gambling deposit of \$\$\$400,000 USD. Our findings enable a better understanding of the mobile gambling scam ecosystem, and suggest potential avenues to disrupt these scam activities.
ISSN: 2375-1207
2023-05-12
Ponce-de-Leon, Hernán, Kinder, Johannes.  2022.  Cats vs. Spectre: An Axiomatic Approach to Modeling Speculative Execution Attacks. 2022 IEEE Symposium on Security and Privacy (SP). :235–248.

The SPECTRE family of speculative execution attacks has required a rethinking of formal methods for security. Approaches based on operational speculative semantics have made initial inroads towards finding vulnerable code and validating defenses. However, with each new attack grows the amount of microarchitectural detail that has to be integrated into the underlying semantics. We propose an alternative, lightweight and axiomatic approach to specifying speculative semantics that relies on insights from memory models for concurrency. We use the CAT modeling language for memory consistency to specify execution models that capture speculative control flow, store-to-load forwarding, predictive store forwarding, and memory ordering machine clears. We present a bounded model checking framework parameterized by our speculative CAT models and evaluate its implementation against the state of the art. Due to the axiomatic approach, our models can be rapidly extended to allow our framework to detect new types of attacks and validate defenses against them.

ISSN: 2375-1207

2023-01-13
Wermke, Dominik, Wöhler, Noah, Klemmer, Jan H., Fourné, Marcel, Acar, Yasemin, Fahl, Sascha.  2022.  Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects. 2022 IEEE Symposium on Security and Privacy (SP). :1880–1896.
Open Source Software plays an important role in many software ecosystems. Whether in operating systems, network stacks, or as low-level system drivers, software we encounter daily is permeated with code contributions from open source projects. Decentralized development and open collaboration in open source projects introduce unique challenges: code submissions from unknown entities, limited personpower for commit or dependency reviews, and bringing new contributors up-to-date in projects’ best practices & processes.In 27 in-depth, semi-structured interviews with owners, maintainers, and contributors from a diverse set of open source projects, we investigate their security and trust practices. For this, we explore projects’ behind-the-scene processes, provided guidance & policies, as well as incident handling & encountered challenges. We find that our participants’ projects are highly diverse both in deployed security measures and trust processes, as well as their underlying motivations. Based on our findings, we discuss implications for the open source software ecosystem and how the research community can better support open source projects in trust and security considerations. Overall, we argue for supporting open source projects in ways that consider their individual strengths and limitations, especially in the case of smaller projects with low contributor numbers and limited access to resources.
2023-09-20
Dixit, Utkarsh, Bhatia, Suman, Bhatia, Pramod.  2022.  Comparison of Different Machine Learning Algorithms Based on Intrusion Detection System. 2022 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COM-IT-CON). 1:667—672.
An IDS is a system that helps in detecting any kind of doubtful activity on a computer network. It is capable of identifying suspicious activities at both the levels i.e. locally at the system level and in transit at the network level. Since, the system does not have its own dataset as a result it is inefficient in identifying unknown attacks. In order to overcome this inefficiency, we make use of ML. ML assists in analysing and categorizing attacks on diverse datasets. In this study, the efficacy of eight machine learning algorithms based on KDD CUP99 is assessed. Based on our implementation and analysis, amongst the eight Algorithms considered here, Support Vector Machine (SVM), Random Forest (RF) and Decision Tree (DT) have the highest testing accuracy of which got SVM does have the highest accuracy
2023-04-28
Nicholls, D., Robinson, A., Wells, J., Moshtaghpour, A., Bahri, M., Kirkland, A., Browning, N..  2022.  Compressive Scanning Transmission Electron Microscopy. ICASSP 2022 - 2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). :1586–1590.
Scanning Transmission Electron Microscopy (STEM) offers high-resolution images that are used to quantify the nanoscale atomic structure and composition of materials and biological specimens. In many cases, however, the resolution is limited by the electron beam damage, since in traditional STEM, a focused electron beam scans every location of the sample in a raster fashion. In this paper, we propose a scanning method based on the theory of Compressive Sensing (CS) and subsampling the electron probe locations using a line hop sampling scheme that significantly reduces the electron beam damage. We experimentally validate the feasibility of the proposed method by acquiring real CS-STEM data, and recovering images using a Bayesian dictionary learning approach. We support the proposed method by applying a series of masks to fully-sampled STEM data to simulate the expectation of real CS-STEM. Finally, we perform the real data experimental series using a constrained-dose budget to limit the impact of electron dose upon the results, by ensuring that the total electron count remains constant for each image.
ISSN: 2379-190X
2023-02-17
Yang, Jin, Liu, Yunqing.  2022.  Countermeasure Against Anti-Sandbox Technology Based on Activity Recognition. 2022 3rd International Conference on Computer Vision, Image and Deep Learning & International Conference on Computer Engineering and Applications (CVIDL & ICCEA). :834–839.
In order to prevent malicious environment, more and more applications use anti-sandbox technology to detect the running environment. Malware often uses this technology against analysis, which brings great difficulties to the analysis of applications. Research on anti-sandbox countermeasure technology based on application virtualization can solve such problems, but there is no good solution for sensor simulation. In order to prevent detection, most detection systems can only use real device sensors, which brings great hidden dangers to users’ privacy. Aiming at this problem, this paper proposes and implements a sensor anti-sandbox countermeasure technology for Android system. This technology uses the CNN-LSTM model to identify the activity of the real machine sensor data, and according to the recognition results, the real machine sensor data is classified and stored, and then an automatic data simulation algorithm is designed according to the stored data, and finally the simulation data is sent back by using the Hook technology for the application under test. The experimental results show that the method can effectively simulate the data characteristics of the acceleration sensor and prevent the triggering of anti-sandbox behaviors.
2023-02-03
Dong, Siyuan, Fan, Zhong.  2022.  Cybersecurity Threats Analysis and Management for Peer-to-Peer Energy Trading. 2022 IEEE 7th International Energy Conference (ENERGYCON). :1–6.
The distributed energy resources (DERs) have significantly stimulated the development of decentralized energy system and changed the way how the energy system works. In recent years, peer-to-peer (P2P) trading has drawn attention as a promising alternative for prosumers to engage with the energy market more actively, particular by using the emerging blockchain technology. Blockchain can securely hold critical information and store data in blocks linking with chain, providing a desired platform for the P2P energy trading. This paper provides a detailed description of blockchain-enabled P2P energy trading, its essential components, and how it can be implemented within the local energy market An analysis of potential threats during blockchain-enabled P2P energy trading is also performed, which subsequently results in a list of operation and privacy requirements suggested to be implemented in the local energy market.
2023-03-03
Saxena, Anish, Panda, Biswabandan.  2022.  DABANGG: A Case for Noise Resilient Flush-Based Cache Attacks. 2022 IEEE Security and Privacy Workshops (SPW). :323–334.
Flush-based cache attacks like Flush+Reload and Flush+Flush are highly precise and effective. Most of the flush-based attacks provide high accuracy in controlled and isolated environments where attacker and victim share OS pages. However, we observe that these attacks are prone to low accuracy on a noisy multi-core system with co-running applications. Two root causes for the varying accuracy of flush-based attacks are: (i) the dynamic nature of core frequencies that fluctuate depending on the system load, and (ii) the relative placement of victim and attacker threads in the processor, like same or different physical cores. These dynamic factors critically affect the execution latency of key instructions like clflush and mov, rendering the pre-attack calibration step ineffective.We propose DABANGG, a set of novel refinements to make flush-based attacks resilient to system noise by making them aware of frequency and thread placement. First, we introduce pre-attack calibration that is aware of instruction latency variation. Second, we use low-cost attack-time optimizations like fine-grained busy waiting and periodic feedback about the latency thresholds to improve the effectiveness of the attack. Finally, we provide victim-specific parameters that significantly improve the attack accuracy. We evaluate DABANGG-enabled Flush+Reload and Flush+Flush attacks against the standard attacks in side-channel and covert-channel experiments with varying levels of compute, memory, and IO-intensive system noise. In all scenarios, DABANGG+Flush+Reload and DABANGG+Flush+Flush outperform the standard attacks in stealth and accuracy.
ISSN: 2770-8411
2022-12-20
Rakin, Adnan Siraj, Chowdhuryy, Md Hafizul Islam, Yao, Fan, Fan, Deliang.  2022.  DeepSteal: Advanced Model Extractions Leveraging Efficient Weight Stealing in Memories. 2022 IEEE Symposium on Security and Privacy (SP). :1157–1174.
Recent advancements in Deep Neural Networks (DNNs) have enabled widespread deployment in multiple security-sensitive domains. The need for resource-intensive training and the use of valuable domain-specific training data have made these models the top intellectual property (IP) for model owners. One of the major threats to DNN privacy is model extraction attacks where adversaries attempt to steal sensitive information in DNN models. In this work, we propose an advanced model extraction framework DeepSteal that steals DNN weights remotely for the first time with the aid of a memory side-channel attack. Our proposed DeepSteal comprises two key stages. Firstly, we develop a new weight bit information extraction method, called HammerLeak, through adopting the rowhammer-based fault technique as the information leakage vector. HammerLeak leverages several novel system-level techniques tailored for DNN applications to enable fast and efficient weight stealing. Secondly, we propose a novel substitute model training algorithm with Mean Clustering weight penalty, which leverages the partial leaked bit information effectively and generates a substitute prototype of the target victim model. We evaluate the proposed model extraction framework on three popular image datasets (e.g., CIFAR-10/100/GTSRB) and four DNN architectures (e.g., ResNet-18/34/Wide-ResNetNGG-11). The extracted substitute model has successfully achieved more than 90% test accuracy on deep residual networks for the CIFAR-10 dataset. Moreover, our extracted substitute model could also generate effective adversarial input samples to fool the victim model. Notably, it achieves similar performance (i.e., 1-2% test accuracy under attack) as white-box adversarial input attack (e.g., PGD/Trades).
ISSN: 2375-1207
2023-02-03
Feng, Jinliu, Wang, Yaofei, Chen, Kejiang, Zhang, Weiming, Yu, Nenghai.  2022.  An Effective Steganalysis for Robust Steganography with Repetitive JPEG Compression. ICASSP 2022 - 2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). :3084–3088.
With the development of social networks, traditional covert communication requires more consideration of lossy processes of Social Network Platforms (SNPs), which is called robust steganography. Since JPEG compression is a universal processing of SNPs, a method using repeated JPEG compression to fit transport channel matching is recently proposed and shows strong compression-resist performance. However, the repeated JPEG compression will inevitably introduce other artifacts into the stego image. Using only traditional steganalysis methods does not work well towards such robust steganography under low payload. In this paper, we propose a simple and effective method to detect the mentioned steganography by chasing both steganographic perturbations as well as continuous compression artifacts. We introduce compression-forensic features as a complement to steganalysis features, and then use the ensemble classifier for detection. Experiments demonstrate that this method owns a similar and better performance with respect to both traditional and neural-network-based steganalysis.
ISSN: 2379-190X