Biblio

Honeynet is deployed to trap attackers and learn their behavior patterns and motivations. Conventional honeynet is implemented by dedicated hardware and software. It suffers from inflexibility, high CAPEX and OPEX. There have been several virtualized honeynet architectures to solve those problems. But they lack a standard operating environment and common architecture for dynamic scheduling and adaptive resource allocation. Software Defined Security (SDS) framework has a centralized control mechanism and intelligent decision making ability for different security functions. In this paper, we present a new intelligent honeynet architecture based on SDS framework. It implements security functions over Network Function Virtualization Infrastructure (NFVI). Under uniform and intelligent control, security functional modules can be dynamically deployed and collaborated to complete different tasks. It migrates resources according to the workloads of each honeypot and power off unused modules. Simulation results show that intelligent honeynet has a better performance in conserving resources and reducing energy consumption. The new architecture can fit the needs of future honeynet development and deployment.

IoT Network Monitor is an intuitive and user-friendly interface for consumers to visualize vulnerabilities of IoT devices in their home. Running on a Raspberry Pi configured as a router, the IoT Network Monitor analyzes the traffic of connected devices in three ways. First, it detects devices with default passwords exploited by previous attacks such as the Mirai Botnet, changes default device passwords to randomly generated 12 character strings, and reports the new passwords to the user. Second, it conducts deep packet analysis on the network data from each device and notifies the user of potentially sensitive personal information that is being transmitted in cleartext. Lastly, it detects botnet traffic originating from an IoT device connected to the network and instructs the user to disconnect the device if it has been hacked. The user-friendly IoT Network Monitor will enable homeowners to maintain the security of their home network and better understand what actions are appropriate when a certain security vulnerability is detected. Wide adoption of this tool will make consumer home IoT networks more secure.

Privacy is a very active subject of research and also of debate in the political circles. In order to make good decisions about privacy, we need measurement systems for privacy. Most of the traditional measures such as k-anonymity lack expressiveness in many cases. We present a privacy measuring framework, which can be used to measure the value of privacy to an individual and also to evaluate the efficacy of privacy enhancing technologies. Our method is centered on a subject, whose privacy can be measured through the amount and value of information learned about the subject by some observers. This gives rise to interesting probabilistic models for the value of privacy and measures for privacy enhancing technologies.

The invent of distributed programming frameworks like Hadoop paved way for processing voluminous data known as big data. Due to exponential growth of data, enterprises started to exploit the availability of cloud infrastructure for storing and processing big data. Insider attacks on outsourced data causes leakage of sensitive data. Therefore, it is essential to sanitize data so as to preserve privacy or non-disclosure of sensitive data. Privacy Preserving Data Publishing (PPDP) and Privacy Preserving Data Mining (PPDM) are the areas in which data sanitization plays a vital role in preserving privacy. The existing anonymization techniques for MapReduce programming can be improved to have a misusability measure for determining the level of sanitization to be applied to big data. To overcome this limitation we proposed a framework known as M-Sanit which has mechanisms to exploit misusability score of big data prior to performing sanitization using MapReduce programming paradigm. Our empirical study using the real world cloud eco system such as Amazon Elastic Cloud Compute (EC2) and Amazon Elastic MapReduce (EMR) reveals the effectiveness of misusability score based sanitization of big data prior to publishing or mining it.

Lately, mobile operators experience threats from SMS grey routes which are used by fraudsters to evade SMS fees and to deny them millions in revenues. But more serious are the threats to the user's security and privacy and consequently the operator's reputation. Therefore, it is crucial for operators to have adequate solutions to protect both their network and their customers against this kind of fraud. Unfortunately, so far there is no sufficiently efficient countermeasure against grey routes. This paper proposes a near real time SMS grey traffic detection which makes use of Counting Bloom Filters combined with blacklist and whitelist to detect SMS grey traffic on the fly and to block them. The proposed detection has been implemented and proved to be quite efficient. The paper provides also comprehensive explanation of SMS grey routes and the challenges in their detection. The implementation and verification are also described thoroughly.

The traditional block-based compressive sensing (BCS) approach considers the image to be segmented. However, there is not much literature available on how many numbers of blocks or segments per image would be the best choice for the compression and recovery methods. In this article, we propose a BCS method to find out the optimal way of image retrieval, and the number of the blocks to which into image should be divided. In the theoretical analysis, we analyzed the effect of noise under compression perspective and derived the range of error probability. Experimental results show that the number of blocks of an image has a strong correlation with the image recovery process. As the sampling rate M/N increases, we can find the appropriate number of image blocks by comparing each line.

Vulnerabilities in hypervisors are crucial in multi-tenant clouds since they can undermine the security of all virtual machines (VMs) consolidated on a vulnerable hypervisor. Unfortunately, 107 vulnerabilitiesin KVM+QEMU and 38 vulnerabilities in Xen have been reported in 2016. The device-emulation layer in hypervisors is a hotbed of vulnerabilities because the code for virtualizing devices is complicated and requires knowledge on the device internals. We propose a "device request filter", called Nioh, that raises the bar for attackers to exploit the vulnerabilities in hypervisors. The key insight behind Nioh is that malicious I/O requests attempt to exploit vulnerabilities and violate device specifications in many cases. Nioh inspects I/O requests from VMs and rejects those that do not conform to a device specification. A device specification is modeled as a device automaton in Nioh, an extended automaton to facilitate the description of device specifications. The software framework is also provided to encapsulate the interactions between the device request filter and the underlying hypervisors. The results of our attack evaluation suggests that Nioh can defend against attacks that exploit vulnerabilities in device emulation, i.e., CVE-2015-5158, CVE-2016-1568, CVE-2016-4439, and CVE-2016-7909. This paper shows that the notorious VENOM attack can be detected and rejected by using Nioh.

Context-sensitive graph grammars have been rigorous formalisms for specifying visual programming languages, as they possess sufficient expressive powers and intuitive forms. Efficient parsing mechanisms are essential to these formalisms. However, the existent parsing algorithms are either inefficient or confined to a minority of graph grammars. This paper introduces the notion of partial precedence, defines the partial precedence graph of a graph grammar and theoretically unveils the existence of a valid parsing path conforming to the topological orderings of the partial precedence graph. Then, it provides algorithms for computing the partial precedence graph and presents an approach to improving general parsing algorithms with the graph based on the drawn conclusion. It is shown that the approach can considerably improve the efficiency of general parsing algorithms.

In this paper, we present a differential privacy preserving approach, which extracts personality-based knowledge to serve privacy guarantee data analysis on personal sensitive data. Based on the approach, we further implement an end-to-end privacy guarantee system, KaPPA, to provide researchers iterative data analysis on sensitive data. The key challenge for differential privacy is determining a reasonable amount of privacy budget to balance privacy preserving and data utility. Most of the previous work applies unified privacy budget to all individual data, which leads to insufficient privacy protection for some individuals while over-protecting others. In KaPPA, the proposed personality-based privacy preserving approach automatically calculates privacy budget for each individual. Our experimental evaluations show a significant trade-off of sufficient privacy protection and data utility.

A well studied privacy problem in the area of smart grids is the question of how to aggregate the sum of a set of smart meter readings in a privacy friendly manner, i.e., in such a way that individual meter readings are not revealed to the adversary. Much less well studied is how to deal with arbitrary meter crashes during such aggregation protocols: current privacy friendly aggregation protocols cannot deal with these type of failures. Such failures do happen in practice, though. We therefore propose two privacy friendly aggregation protocols that tolerate such crash failures, up to a predefined maximum number of smart meters. The basic protocol tolerates meter crashes at the start of each aggregation round only. The full, more complex, protocol tolerates meter crashes at arbitrary moments during an aggregation round. It runs in a constant number of phases, cleverly avoiding the otherwise applicable consensus protocol lower bound.

As teleoperated robot technology becomes cheaper, more powerful, and more reliable, remotely-operated telepresence robots will become more prevalent in homes and businesses, allowing visitors and business partners to be present without the need to travel. Hindering adoption is the issue of privacy: an Internet-connected telepresence robot has the ability to spy on its local area, either for the remote operator or a third party with access to the video data. Additionally, since the remote operator may move about and manipulate objects without local-user intervention, certain typical privacy-protecting techniques such as moving objects to a different room or putting them in a cabinet may prove insufficient. In this paper, we examine the effects of three whole-image filters on the remote operator's ability to discern details while completing a navigation task.

This paper explores recent achievements and novel challenges of the annoying privacy-preserving big data stream mining problem, which consists in applying mining algorithms to big data streams while ensuring the privacy of data. Recently, the emerging big data analytics context has conferred a new light to this exciting research area. This paper follows the so-depicted research trend.

SDN approaches to inter-domain routing promise better traffic engineering, enhanced security, and higher automation. Yet, naïve deployment of SDN on the Internet is dangerous as the control-plane expressiveness of BGP is significantly more limited than the data-plane expressiveness of SDN, which allows fine-grained rules to deflect traffic from BGP's default routes. This mismatch may lead to incorrect forwarding behaviors such as forwarding loops and blackholes, ultimately hindering SDN deployment at the inter-domain level. In this work, we make a first step towards verifying the correctness of inter-domain forwarding state with a focus on loop freedom while keeping private the SDN rules, as they comprise confidential routing information. To this end, we design a simple yet powerful primitive that allows two networks to verify whether their SDN rules overlap, i.e., the set of packets matched by these rules is non-empty, without leaking any information about the SDN rules. We propose an efficient implementation of this primitive by using recent advancements in Secure Multi-Party Computation and we then leverage it as the main building block for designing a system that detects Internet-wide forwarding loops among any set of SDN-enabled Internet eXchange Points.

Android smartphones are ubiquitous all over the world, and organizations that turn profits out of data mining user personal information are on the rise. Many users are not aware of the risks of accepting permissions from Android apps, and the continued state of insecurity, manifested in increased level of breaches across all large organizations means that personal information is falling in the hands of malicious actors. This paper aims at shedding the light on privacy leakage in apps that target a specific demography, Arabs. The research takes into consideration apps that cater to specific cultural aspects of this region and identify how they could be abusing the trust given to them by unsuspecting users. Dynamic taint analysis is used in a virtualized environment to analyze top free apps based on popularity in Google Play store. Information presented highlights how different categories of apps leak different categories of private information.

Matrix sketching is aimed at finding compact representations of a matrix while simultaneously preserving most of its properties, which is a fundamental building block in modern scientific computing. Randomized algorithms represent state-of-the-art and have attracted huge interest from the fields of machine learning, data mining, and theoretic computer science. However, it still requires the use of the entire input matrix in producing desired factorizations, which can be a major computational and memory bottleneck in truly large problems. In this paper, we uncover an interesting theoretic connection between matrix low-rank decomposition and lossy signal compression, based on which a cascaded compression sampling framework is devised to approximate an m-by-n matrix in only O(m+n) time and space. Indeed, the proposed method accesses only a small number of matrix rows and columns, which significantly improves the memory footprint. Meanwhile, by sequentially teaming two rounds of approximation procedures and upgrading the sampling strategy from a uniform probability to more sophisticated, encoding-orientated sampling, significant algorithmic boosting is achieved to uncover more granular structures in the data. Empirical results on a wide spectrum of real-world, large-scale matrices show that by taking only linear time and space, the accuracy of our method rivals those state-of-the-art randomized algorithms consuming a quadratic, O(mn), amount of resources.

Comparison of two binary files has many practical applications: the ability to detect programmatic changes between two versions, the ability to find old versions of statically linked libraries to prevent the use of well-known bugs, malware analysis, etc. In this article, a framework for comparison of binary files is presented. Framework uses IdaPro [1] disassembler and Binnavi [2] platform to recover structure of the target program and represent it as a call graph (CG). A program dependence graph (PDG) corresponds to each vertex of the CG. The proposed comparison algorithm consists of two main stages. At the first stage, several heuristics are applied to find the exact matches. Two functions are matched if at least one of the calculated heuristics is the same and unique in both binaries. At the second stage, backward and forward slicing is applied on matched vertices of CG to find further matches. According to empiric results heuristic method is effective and has high matching quality for unchanged or slightly modified functions. As a contradiction, to match heavily modified functions, binary code clone detection is used and it is based on finding maximum common subgraph for pair of PDGs. To achieve high performance on extensive binaries, the whole matching process is parallelized. The framework is tested on the number of real world libraries, such as python, openssh, openssl, libxml2, rsync, php, etc. Results show that in most cases more than 95% functions are truly matched. The tool is scalable due to parallelization of functions matching process and generation of PDGs and CGs.

In an attempt to preserve the structural information in malware binaries during feature extraction, function call graph-based features have been used in various research works in malware classification. However, the approach usually employed when performing classification on these graphs, is based on computing graph similarity using computationally intensive techniques. Due to this, much of the previous work in this area incurred large performance overhead and does not scale well. In this paper, we propose a linear time function call graph (FCG) vector representation based on function clustering that has significant performance gains in addition to improved classification accuracy. We also show how this representation can enable using graph features together with other non-graph features.

Swarms of embedded devices provide new challenges for privacy and security. We propose Permissioned Blockchains as an effective way to secure and manage these systems of systems. A long view of blockchain technology yields several requirements absent in extant blockchain implementations. Our approach to Permissioned Blockchains meets the fundamental requirements for longevity, agility, and incremental adoption. Distributed Identity Management is an inherent feature of our Permissioned Blockchain and provides for resilient user and device identity and attribute management.

Cyber-physical systems are subject to natural uncertainties and sensor noise that can be amplified/attenuated due to feedback. In this work, we want to leverage these properties in order to define the inherent differential privacy of feedback-control systems without the addition of an external differential privacy noise. If larger levels of privacy are required, we introduce a methodology to add an external differential privacy mechanism that injects the minimum amount of noise that is needed. On the other hand, we show how the combination of inherent and external noise affects system security in terms of the impact that integrity attacks can impose over the system while remaining undetected. We formulate a bilevel optimization problem to redesign the control parameters in order to minimize the attack impact for a desired level of inherent privacy.

This paper investigates the physical layer security in a multibeam satellite communication system, where each legitimate user is surrounded by one eavesdropper. First of all, an optimization problem is formulated to maximize the sum of achievable secrecy rate, while satisfying the on-board satellite transmit power constraint. Then, two transmit beamforming(BF) schemes, namely, the zero-forcing (ZF) and the signal-to-leakage-and-noise ratio (SLNR) BF algorithms are proposed to obtain the BF weight vectors as well as power allocation coefficients. Finally, simulation results are provided to verify the validity of the two proposed methods and demonstrate that the SLNR BF algorithm outperforms the ZF BF algorithm.

This article is concerned with the security of modern Cyber-Physical Systems in the presence of transient sensor faults. We consider a system with multiple sensors measuring the same physical variable, where each sensor provides an interval with all possible values of the true state. We note that some sensors might output faulty readings and others may be controlled by a malicious attacker. Differing from previous works, in this article, we aim to distinguish between faults and attacks and develop an attack detection algorithm for the latter only. To do this, we note that there are two kinds of faults—transient and permanent; the former are benign and short-lived, whereas the latter may have dangerous consequences on system performance. We argue that sensors have an underlying transient fault model that quantifies the amount of time in which transient faults can occur. In addition, we provide a framework for developing such a model if it is not provided by manufacturers. Attacks can manifest as either transient or permanent faults depending on the attacker’s goal. We provide different techniques for handling each kind. For the former, we analyze the worst-case performance of sensor fusion over time given each sensor’s transient fault model and develop a filtered fusion interval that is guaranteed to contain the true value and is bounded in size. To deal with attacks that do not comply with sensors’ transient fault models, we propose a sound attack detection algorithm based on pairwise inconsistencies between sensor measurements. Finally, we provide a real-data case study on an unmanned ground vehicle to evaluate the various aspects of this article.

Deduplication removes redundant copies of files or data blocks stored on the cloud. Client-side deduplication, where the client only uploads the file upon the request of the server, provides major storage and bandwidth savings, but introduces a number of security concerns. Harnik et al. (2010) showed how cross-user client-side deduplication inherently gives the adversary access to a (noisy) side-channel that may divulge whether or not a particular file is stored on the server, leading to leakage of user information. We provide formal definitions for deduplication strategies and their security in terms of adversarial advantage. Using these definitions, we provide a criterion for designing good strategies and then prove a bound characterizing the necessary trade-off between security and efficiency.

Cyber-physical systems have shown to be susceptible to cyber-attacks. Incidents such as Stuxnet Attack and Ukraine power outage have shown that attackers are capable of penetrating into industrial control systems, compromising PLCs, and sending false commands to physical devices while reporting normal sensing values. Therefore, one of the critical needs of CPS is to ensure the validity of the sensor values. In this paper, we explore path diversity in SCADA networks and develop Path Redundancy to improve data validity. The proposed solution is shown to be able to effectively prevent data integrity attacks and detect false command attacks from a single compromised path or PLC. We provide detailed analysis on solution design and implement an application of the technique in building automation networks. Our cost-efficient and easy-to-deploy solution improves the resilience of SCADA networks.

Mature push button tools have emerged for checking trace properties (e.g. secrecy or authentication) of security protocols. The case of indistinguishability-based privacy properties (e.g. ballot privacy or anonymity) is more complex and constitutes an active research topic with several recent propositions of techniques and tools. We explore a novel approach based on type systems and provide a (sound) type system for proving equivalence of protocols, for a bounded or an unbounded number of sessions. The resulting prototype implementation has been tested on various protocols of the literature. It provides a significant speed-up (by orders of magnitude) compared to tools for a bounded number of sessions and complements in terms of expressiveness other state-of-the-art tools, such as ProVerif and Tamarin: e.g., we show that our analysis technique is the first one to handle a faithful encoding of the Helios e-voting protocol in the context of an untrusted ballot box.

We present a new method to protect projected content from secret photography using high-speed projection. Protection techniques for digital copies have been discussed over many years from the viewpoint of data protection. However, content displayed by general display techniques is not only visible to the human eye but also can be captured by cameras. Therefore, projected content is, at times, secretly taken by malicious small cameras even when protection techniques for digital copies are adopted. In this study, we aim to realize a protectable projection method that allows people to observe content with their eyes but not record content with camera devices.