Biblio

Nowadays Internet services have dramatically changed the way people interact with each other and many of our daily activities are supported by those services. Statistical indicators show that more than half of the world's population uses the Internet generating about 2.5 quintillion bytes of data on daily basis. While such a huge amount of data is useful in a number of fields, such as in medical and transportation systems, it also poses unprecedented threats for user's privacy. This is aggravated by the excessive data collection and user profiling activities of service providers. Yet, regulation require service providers to inform users about their data collection and processing practices. The de facto way of informing users about these practices is through the use of privacy policies. Unfortunately, privacy policies suffer from bad readability and other complexities which make them unusable for the intended purpose. To address this issue, we introduce PrivacyGuide, a privacy policy summarization tool inspired by the European Union (EU) General Data Protection Regulation (GDPR) and based on machine learning and natural language processing techniques. Our results show that PrivacyGuide is able to classify privacy policy content into eleven privacy aspects with a weighted average accuracy of 74% and further shed light on the associated risk level with an accuracy of 90%. This article is summarized in: the morning paper an interesting/influential/important paper from the world of CS every weekday morning, as selected by Adrian Colyer

Awareness and knowledge management are key components to achieve a high level of information security in organizations. However, practical evidence suggests that there are significant discrepancies between the typical elements of security awareness campaigns, the decisions made and goals set by top-level management, and routine operations carried out by systems administration personnel. This paper presents Vis4Sec, a process framework for the generation and distribution of stakeholder-specific visualizations of security metrics, which assists in closing the gap between theoretical and practical information security by respecting the different points of view of the involved security report audiences. An implementation for patch management on Linux servers, deployed at a large data center, is used as a running example.

Digital signatures are replacing paper-based work to make life easier for customers and employees in various industries. We rigorously use RSA and Elliptic Curve Cryptography (ECC) for public key cryptographic algorithms. Nowadays ECDSA (Elliptical Curve Digital Signature Algorithm) gaining more popularity than the RSA algorithm because of the better performance of ECDSA over RSA. The main advantage of ECC over RSA is ECC provides the same level of security with less key size and overhead than RSA. This paper focuses on a brief review of the performance of ECDSA and RSA in various aspects like time, security and power. This review tells us about why ECC has become the latest trend in the present cryptographic scenario.

Proof-of-work (PoW) is an algorithmic tool used to secure networks by imposing a computational cost on participating devices. Unfortunately, traditional PoW schemes require that correct devices perform computational work perpetually, even when the system is not under attack. We address this issue by designing a general PoW protocol that ensures two properties. First, the network stays secure. In particular, the fraction of identities in the system that are controlled by an attacker is always less than 1/2. Second, our protocol's computational cost is commensurate with the cost of an attacker. That is, the total computational cost of correct devices is a linear function of the attacker's computational cost plus the number of correct devices that have joined the system. Consequently, if the network is attacked, we ensure security, with cost that grows linearly with the attacker's cost; and, in the absence of attack, our computational cost is small. We prove similar guarantees for bandwidth cost. Our results hold in a dynamic, decentralized system where participants join and depart over time, and where the total computational power of the attacker is up to a constant fraction of the total computational power of correct devices. We show how to leverage our results to address important security problems in distributed computing including: Sybil attacks, Byzantine Consensus, and Committee Election.

Hardware information flow analysis detects security vulnerabilities resulting from unintended design flaws, timing channels, and hardware Trojans. These information flow models are typically generated in a general way, which includes a significant amount of redundancy that is irrelevant to the specified security properties. In this work, we propose a property specific approach for information flow security. We create information flow models tailored to the properties to be verified by performing a property specific search to identify security critical paths. This helps find suspicious signals that require closer inspection and quickly eliminates portions of the design that are free of security violations. Our property specific trimming technique reduces the complexity of the security model; this accelerates security verification and restricts potential security violations to a smaller region which helps quickly pinpoint hardware security vulnerabilities.

The purpose of this research is to propose a new mathematical model, designed to evaluate the security of cryptosystems. This model is a mixture of ideas from two basic mathematical theories, information theory and game theory. The role of information theory is assigning the model with security criteria of the cryptosystems. The role of game theory was to produce the value of the game which is representing the outcome of these criteria, which finally refers to cryptosystem's security. The proposed model support an accurate and mathematical way to evaluate the security of cryptosystems by unifying the criteria resulted from information theory and produce a unique reasonable value.

Cryptography is a widespread technique that maintains information security over insecure networks. The symmetric encryption scheme provides a good security, but the key exchange is difficult on the other hand, in the asymmetric encryption scheme, key management is easier, but it does not offer the same degree of security compared to symmetric scheme. A hybrid cryptosystem merges the easiness of the asymmetric schemes key distribution and the high security of symmetric schemes. In the proposed hybrid cryptosystem, Serpent algorithm is used as a data encapsulation scheme and Elliptic Curve Cryptography (ECC) is used as a key encapsulation scheme to achieve key generation and distribution within an insecure channel. This modification is done to tackle the issue of key management for Serpent algorithm, so it can be securely used in multimedia protection.

Close physical proximity among wireless devices that have never shared a secret key is sometimes used as a basis of trust. In these cases, devices in close proximity are deemed trustworthy while more distant devices are viewed as potential adversaries. Because radio waves are invisible, however, a user may believe a wireless device is communicating with a nearby device when in fact the user's device is communicating with a distant adversary. Researchers have previously proposed methods for multi-antenna devices to ascertain physical proximity with other devices, but devices with a single antenna, such as those commonly used in the Internet of Things, cannot take advantage of these techniques. We investigate a method for a single-antenna Wi-Fi device to quickly determine proximity with another Wi-Fi device. Our approach leverages the repeating nature Wi-Fi's preamble and the characteristics of a transmitting antenna's near field to detect proximity with high probability. Our method never falsely declares proximity at ranges longer than 14 cm.

Fuzzy extractors (Dodiset al., Eurocrypt 2004) turn a noisy secret into a stable, uniformly distributed key. Reusable fuzzy extractors remain secure when multiple keys are produced from a single noisy secret (Boyen, CCS 2004). Boyen showed information-theoretically secure reusable fuzzy extractors are subject to strong limitations. Simoens et al. (IEEE S&P, 2009) then showed deployed constructions suffer severe security breaks when reused. Canetti et al. (Eurocrypt 2016) used computational security to sidestep this problem, building a computationally secure reusable fuzzy extractor that corrects a sublinear fraction of errors. We introduce a generic approach to constructing reusable fuzzy extractors. We define a new primitive called a reusable pseudoentropic isometry that projects an input metric space to an output metric space. This projection preserves distance and entropy even if the same input is mapped to multiple output metric spaces. A reusable pseudoentropy isometry yields a reusable fuzzy extractor by 1) randomizing the noisy secret using the isometry and 2) applying a traditional fuzzy extractor to derive a secret key. We propose reusable pseudoentropic isometries for the set difference and Hamming metrics. The set difference construction is built from composable digital lockers (Canetti and Dakdouk, Eurocrypt 2008). For the Hamming metric, we show that the second construction of Canetti et al.(Eurocrypt 2016) can be seen as an instantiation of our framework. In both cases, the pseudoentropic isometry's reusability requires noisy secrets distributions to have entropy in each symbol of the alphabet. Our constructions yield the first reusable fuzzy extractors that correct a constant fraction of errors. We also implement our set difference solution and describe two use cases.

Background: Bug datasets have been created and used by many researchers to build bug prediction models. Aims: In this work we collected existing public bug datasets and unified their contents. Method: We considered 5 public datasets which adhered to all of our criteria. We also downloaded the corresponding source code for each system in the datasets and performed their source code analysis to obtain a common set of source code metrics. This way we produced a unified bug dataset at class and file level that is suitable for further research (e.g. to be used in the building of new bug prediction models). Furthermore, we compared the metric definitions and values of the different bug datasets. Results: We found that (i) the same metric abbreviation can have different definitions or metrics calculated in the same way can have different names, (ii) in some cases different tools give different values even if the metric definitions coincide because (iii) one tool works on source code while the other calculates metrics on bytecode, or (iv) in several cases the downloaded source code contained more files which influenced the afferent metric values significantly. Conclusions: Apart from all these imprecisions, we think that having a common metric set can help in building better bug prediction models and deducing more general conclusions. We made the unified dataset publicly available for everyone. By using a public dataset as an input for different bug prediction related investigations, researchers can make their studies reproducible, thus able to be validated and verified.

Firewalls and Demilitarized Zones (DMZs) are two mechanisms that have been widely employed to secure enterprise networks. Despite this, their security effectiveness has not been systematically quantified. In this paper, we make a first step towards filling this void by presenting a representational framework for investigating their security effectiveness in protecting enterprise networks. Through simulation experiments, we draw useful insights into the security effectiveness of firewalls and DMZs. To the best of our knowledge, these insights were not reported in the literature until now.

In this work, a quantum design for the Simplified-Advanced Encryption Standard (S-AES) algorithm is presented. Also, a quantum Grover attack is modeled on the proposed quantum S-AES. First, quantum circuits for the main components of S-AES in the finite field F2[x]/(x4 + x + 1), are constructed. Then, the constructed circuits are put together to form a quantum version of S-AES. A C-NOT synthesis is used to decompose some of the functions to reduce the number of the needed qubits. The quantum S-AES is integrated into a black-box queried by Grover's algorithm. A new approach is proposed to uniquely recover the secret key when Grover attack is applied. The entire work is simulated and tested on a quantum mechanics simulator. The complexity analysis shows that a block cipher can be designed as a quantum circuit with a polynomial cost. In addition, the secret key is recovered in quadratic speedup as promised by Grover's algorithm.

Recent worldwide cybersecurity attacks caused by Cryptographic Ransomware infected systems across countries and organizations with millions of dollars lost in paying extortion amounts. This form of malicious software takes user files hostage by encrypting them and demands a large ransom payment for providing the decryption key. Signature-based methods employed by Antivirus Software are insufficient to evade Ransomware attacks due to code obfuscation techniques and creation of new polymorphic variants everyday. Generic Malware Attack vectors are also not robust enough for detection as they do not completely track the specific behavioral patterns shown by Cryptographic Ransomware families. This work based on analysis of an extensive dataset of Ran-somware families presents RansomWall, a layered defense system for protection against Cryptographic Ransomware. It follows a Hybrid approach of combined Static and Dynamic analysis to generate a novel compact set of features that characterizes the Ransomware behavior. Presence of a Strong Trap Layer helps in early detection. It uses Machine Learning for unearthing zero-day intrusions. When initial layers of RansomWall tag a process for suspicious Ransomware behavior, files modified by the process are backed up for preserving user data until it is classified as Ransomware or Benign. We implemented RansomWall for Microsoft Windows operating system (the most attacked OS by Cryptographic Ransomware) and evaluated it against 574 samples from 12 Cryptographic Ransomware families in real-world user environments. The testing of RansomWall with various Machine Learning algorithms evaluated to 98.25% detection rate and near-zero false positives with Gradient Tree Boosting Algorithm. It also successfully detected 30 zero-day intrusion samples (having less than 10% detection rate with 60 Security Engines linked to VirusTotal).

With the development of large scale integrated circuits, the functions of the IoT chips have been increasingly perfect. The verification work has become one of the most important aspects. On the one hand, an efficient verification platform can ensure the correctness of the design. On the other hand, it can shorten the chip design cycle and reduce the design cost. In this paper, based on a transmission protocol of the IoT node, we propose a verification method which combines simulation verification and FPGA-based prototype verification. We also constructed a system verification platform for the IoT smart node chip combining two kinds of verification above. We have simulated and verificatied the related functions of the node chip using this platform successfully. It has a great reference value.

Feature extraction and feature selection are the first tasks in pre-processing of input logs in order to detect cybersecurity threats and attacks by utilizing data mining techniques in the field of Artificial Intelligence. When it comes to the analysis of heterogeneous data derived from different sources, these tasks are found to be time-consuming and difficult to be managed efficiently. In this paper, we present an approach for handling feature extraction and feature selection utilizing machine learning algorithms for security analytics of heterogeneous data derived from different network sensors. The approach is implemented in Apache Spark, using its python API, named pyspark.

Cyber-Physical Systems (CPS), such as Water Distribution Networks (WDNs), deploy digital devices to monitor and control the behavior of physical processes. These digital devices, however, are susceptible to cyber and physical attacks, that may alter their functionality, and therefore the integrity of their measurements/actions. In practice, industrial control systems utilize simple control laws, which rely on various sensor measurements and algorithms which are expected to operate normally. To reduce the impact of a potential failure, operators may deploy redundant components; this however may not be useful, e.g., when a cyber attack at a PLC component occurs. In this work, we address the problem of reducing vulnerability to cyber-physical attacks in water distribution networks. This is achieved by augmenting the graph which describes the information flow from sensors to actuators, by adding new connections and algorithms, to increase the number of redundant cyber components. These, in turn, increase the \textitcyber-physical security level, which is defined in the present paper as the number of malicious attacks a CPS may sustain before becoming unable to satisfy the control requirements. A proof-of-concept of the approach is demonstrated over a simple WDN, with intuition on how this can be used to increase the cyber-physical security level of the system.

We propose using memristor-based TCAMs (Ternary Content Addressable Memory) to accelerate Regular Expression (RegEx) matching. RegEx matching is a key function in network security, where deep packet inspection finds and filters out malicious actors. However, RegEx matching latency and power can be incredibly high and current proposals are challenged to perform wire-speed matching for large scale rulesets. Our approach dramatically decreases RegEx matching operating power, provides high throughput, and the use of mTCAMs enables novel compression techniques to expand ruleset sizes and allows future exploitation of the multi-state (analog) capabilities of memristors. We fabricated and demonstrated nanoscale memristor TCAM cells. SPICE simulations investigate mTCAM performance at scale and a mTCAM power model at 22nm demonstrates 0.2 fJ/bit/search energy for a 36x400 mTCAM. We further propose a tiled architecture which implements a Snort ruleset and assess the application performance. Compared to a state-of-the-art FPGA approach (2 Gbps,\textbackslashtextasciitilde1W), we show x4 throughput (8 Gbps) at 60% the power (0.62W) before applying standard TCAM power-saving techniques. Our performance comparison improves further when striding (searching multiple characters) is considered, resulting in 47.2 Gbps at 1.3W for our approach compared to 3.9 Gbps at 630mW for the strided FPGA NFA, demonstrating a promising path to wire-speed RegEx matching on large scale rulesets.

Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.

In this paper, we applied IoT (Internet of things) technology and SMS (short message service) technology to vehicle security system, and designed vehicle remote control system to ensure the vehicle security. Besides, we discussed the method that converted the displacement increment to latitude and longitude increment in order to solve the problem that how to accurately obtain the current location information when GPS (Global Positioning System) failed. The hardware system can realize such function that owners by sending an SMS, or by sending the password through web side of IoT platform, you can remotely control the car alarm system opening or closing, and query vehicle position and other functions. Through this method, it is easy to achieve security for vehicle positioning and tracking.

Secure Two Party Computation (2PC) has the potential to facilitate a wide range of real life applications where privacy of the computation and participants is critical. Nevertheless, this potential has not translated to widespread industry acceptance due to performance issues. Over the years a significant research effort has focused on optimising the performance of 2PC. The computation complexity has been continually improved and recently, following circuit optimisations and hardware support for cryptographic operations, evaluations of 2PC on a single host currently produce efficient results. Unfortunately, when evaluated on remote hosts, the performance remains prohibitive for practical purposes. The bottleneck is believed to be the bandwidth. In this work we explore the networking layer of 2PC implementations and show that the performance bottleneck is inherent in the usage of TCP sockets in implementations of 2PC schemes. Through experimental evaluations, we demonstrate that other transport protocols can significantly improve the performance of 2PC, making it suitable for practical applications.

We provide the first solution to an important question, "how a physical-layer RFID authentication method can defend against signal replay attacks". It was believed that if the attacker has a device that can replay the exact same reply signal of a legitimate tag, any physical-layer authentication method will fail. This paper presents Hu-Fu, the first physical layer RFID authentication protocol that is resilient to the major attacks including tag counterfeiting, signal replay, signal compensation, and brute-force feature reply. Hu-Fu is built on two fundamental ideas, namely inductive coupling of two tags and signal randomization. Hu-Fu does not require any hardware or protocol modification on COTS passive tags and can be implemented with COTS devices. We implement a prototype of Hu-Fu and demonstrate that it is accurate and robust to device diversity and environmental changes.

With the progress over technology, it is becoming viable to set up mobile ad hoc networks for non-military services as like well. Examples consist of networks of cars, law about communication facilities into faraway areas, and exploiting the solidity between urban areas about present nodes such as cellular telephones according to offload or otherwise keep away from using base stations. In such networks, there is no strong motive according to assume as the nodes cooperate. Some nodes may also be disruptive and partial may additionally attempt according to save sources (e.g. battery power, memory, CPU cycles) through “selfish” behavior. The proposed method focuses on the robustness of packet forwarding: keeping the usual packet throughput over a mobile ad hoc network in the rear regarding nodes that misbehave at the routing layer. Proposed system listen at the routing layer or function no longer try after address attacks at lower layers (eg. jamming the network channel) and passive attacks kind of eavesdropping. Moreover such functionate now not bear together with issues kind of node authentication, securing routes, or message encryption. Proposed solution addresses an orthogonal problem the encouragement concerning proper routing participation.

Since the application mode of cryptography technology currently has different types in the cloud environment, a novel cryptography cloud framework was proposed, due to the non-expandability of cryptography resources. Through researching on the application models of the current encryption technology, the cryptography service demand under the cloud environment and the virtual structure of the cloud cryptography machine, this paper designed the framework of the cryptography cloud framework that provides cryptography services with the cloud computing mode. the design idea of the framework is expounded from two aspects include the function of modules and service flow of cryptography cloud, which resulted in the improvement of the flexibility of the application of cryptography technology in the cloud environment. Through the analysis of system function and management mode, it illustrated the availability and security of cryptography cloud framework. It was proved that cryptography cloud has the characteristics of high-availability in the implementation and experiment, and it can satisfy cryptography service demand in the cloud environment.

With the advancement of Technology, the existing electric grids are shifting towards smart grid. The smart grids are meant to be effective in power management, secure and safe in communication and more importantly, it is favourable to the environment. The smart grid is having huge architecture it includes various stakeholders that encounter challenges in the name of authorisation and authentication. The smart grid has another important issue to deal with that is securing the communication from varieties of cyber-attacks. In this paper, we first discussed about the challenges in the smart grid data communication and later we surveyed the existing cryptographic algorithm and presented comparative work on certain factors for existing working cryptographic algorithms This work gives insight conclusion to improve the working scheme for data security and Privacy preservation of customer who is one of the stack holders. Finally, with the comparative work, we suggest a direction of future work on improvement of working algorithms for secure and safe data communication in a smart grid.

Modern industrial control systems (ICS) act as victims of cyber attacks more often in last years. These attacks are hard to detect and their consequences can be catastrophic. Cyber attacks can cause anomalies in the work of the ICS and its technological equipment. The presence of mutual interference and noises in this equipment significantly complicates anomaly detection. Moreover, the traditional means of protection, which used in corporate solutions, require updating with each change in the structure of the industrial process. An approach based on the machine learning for anomaly detection was used to overcome these problems. It complements traditional methods and allows one to detect signal correlations and use them for anomaly detection. Additional Tennessee Eastman Process Simulation Data for Anomaly Detection Evaluation dataset was analyzed as example of industrial process. In the course of the research, correlations between the signals of the sensors were detected and preliminary data processing was carried out. Algorithms from the most common techniques of machine learning (decision trees, linear algorithms, support vector machines) and deep learning models (neural networks) were investigated for industrial process anomaly detection task. It's shown that linear algorithms are least demanding on computational resources, but they don't achieve an acceptable result and allow a significant number of errors. Decision tree-based algorithms provided an acceptable accuracy, but the amount of RAM, required for their operations, relates polynomially with the training sample volume. The deep neural networks provided the greatest accuracy, but they require considerable computing power for internal calculations.