Biblio

Matrix sketching is aimed at finding compact representations of a matrix while simultaneously preserving most of its properties, which is a fundamental building block in modern scientific computing. Randomized algorithms represent state-of-the-art and have attracted huge interest from the fields of machine learning, data mining, and theoretic computer science. However, it still requires the use of the entire input matrix in producing desired factorizations, which can be a major computational and memory bottleneck in truly large problems. In this paper, we uncover an interesting theoretic connection between matrix low-rank decomposition and lossy signal compression, based on which a cascaded compression sampling framework is devised to approximate an m-by-n matrix in only O(m+n) time and space. Indeed, the proposed method accesses only a small number of matrix rows and columns, which significantly improves the memory footprint. Meanwhile, by sequentially teaming two rounds of approximation procedures and upgrading the sampling strategy from a uniform probability to more sophisticated, encoding-orientated sampling, significant algorithmic boosting is achieved to uncover more granular structures in the data. Empirical results on a wide spectrum of real-world, large-scale matrices show that by taking only linear time and space, the accuracy of our method rivals those state-of-the-art randomized algorithms consuming a quadratic, O(mn), amount of resources.

Most static analyzers are monolithic applications that define their own ways to analyze source code and present the results. Therefore aggregating multiple static analyzers into a single tool or integrating a new analyzer into existing tools requires a significant amount of effort. Over the last few years, we cultivated Renraku — a static analysis model that acts as a mediator between the static analyzers and the tools that present the reports. When used by both analysis and tool developers, this single quality model can reduce the cost to both introduce a new type of analysis to existing tools and create a tool that relies on existing analyzers.

Summary form only given. Authentication of people or objects using physical keys is insecure against secret duplication. Physical unclonable functions (PUF) are special physical keys that are assumed to be unclonable due to the large number of degrees of freedom in their manufacturing [1]. Opaque scattering media, such as white paint and teeth, comprise of millions of nanoparticles in a random arrangement. Under coherent light illumination, the multiple scattering from these nanoparticles gives rise to a complex interference resulting in a speckle pattern. The speckle pattern is seemingly random but highly sensitive to the exact position and size of the nanoparticles in the given piece of opaque scattering medium [2], thereby realizing an ideal optical PUF. These optical PUFs enabled applications such as quantum-secure authentication (QSA) and communication [3, 4].

A dynamic modeling method for network security vulnerabilities which is composed of the design of safety evaluation model, the design of risk model of intrusion event and the design of vulnerability risk model. The model based on identification of vulnerabilities values through dynamic forms can improve the tightness between vulnerability scanning system, intrusion prevention system and security configuration verification system. Based on this model, the network protection system which is most suitable for users can be formed, and the protection capability of the network protection system can be improved.

A dynamic modeling method for network security vulnerabilities which is composed of the design of safety evaluation model, the design of risk model of intrusion event and the design of vulnerability risk model. The model based on identification of vulnerabilities values through dynamic forms can improve the tightness between vulnerability scanning system, intrusion prevention system and security configuration verification system. Based on this model, the network protection system which is most suitable for users can be formed, and the protection capability of the network protection system can be improved.

The public cloud is moving to a Platform-as-a-Service model where services such as data management, machine learning or image classification are provided by the cloud operator while applications are written in high-level languages and leverage these services. Managed languages such as Java, Python or Scala are widely used in this setting. However, while these languages can increase productivity, they are often associated with problems such as unpredictable garbage collection pauses or warm-up overheads. We argue that the reason for these problems is that current language runtime systems were not initially designed for the cloud setting. To address this, we propose seven tenets for designing future language runtime systems for cloud data centers. We then outline the design of a general substrate for building such runtime systems, based on these seven tenets.

Searchable Symmetric Encryption is a mechanism that facilitates search over encrypted data that are outsourced to an untrusted server. SSE schemes are practical as they trade nicely security for efficiency. However, the supported functionalities are mainly limited to single keyword queries. In this paper, we present a new efficient SSE scheme, called REX, that supports range queries. REX is a no interactive (single round) and response-hiding scheme. It has optimal communication and search computation complexity, while it is much more secure than traditional Order Preserving Encryption based range SSE schemes.

Controlling user-agent-interactions by means of an external operator includes selecting the virtual interaction partners fast and faultlessly. However, especially in immersive scenes with a large number of potential partners, this task is non-trivial. Thus, we present a score-based recommendation system supporting an operator in the selection task. Agents are recommended as potential partners based on two parameters: the user's distance to the agents and the user's gazing direction. An additional graphical user interface (GUI) provides elements for configuring the system and for applying actions to those agents which the operator has confirmed as interaction partners.

At present, Bluetooth Low Energy (BLE) is dominantly used in commercially available Internet of Things (IoT) devices – such as smart watches, fitness trackers, and smart appliances. Compared to classic Bluetooth, BLE has been simplified in many ways that include its connection establishment, data exchange, and encryption processes. Unfortunately, this simplification comes at a cost. For example, only a star topology is supported in BLE environments and a peripheral (an IoT device) can communicate with only one gateway (e.g. a smartphone, or a BLE hub) at a set time. When a peripheral goes out of range, it loses connectivity to a gateway, and cannot connect and seamlessly communicate with another gateway without user interventions. In other words, BLE connections do not get automatically migrated or handed-off to another gateway. In this paper, we propose a system which brings seamless connectivity to BLE-capable mobile IoT devices in an environment that consists of a network of gateways. Our framework ensures that unmodified, commercial off-the-shelf BLE devices seamlessly and securely connect to a nearby gateway without any user intervention.

Searchable Symmetric Encryption (SSE) when deployed in the cloud allows one to query encrypted data without the risk of data leakage. Despite the widespread interest, existing surveys do not examine in detail how SSE’s underlying structures are designed and how these result in the many properties of a SSE scheme. This is the gap we seek to address, as well as presenting recent state-of-the-art advances on SSE. Specifically, we present a general framework and believe the discussions may lead to insights for potential new designs. We draw a few observations. First, most schemes use index table, where optimal index size and sublinear search can be achieved using an inverted index. Straightforward updating can only be achieved using direct index, but search time would be linear. A recent trend is the combinations of index table, and tree, deployed for efficient updating and storage. Secondly, mechanisms from related fields such as Oblivious RAM (ORAM) have been integrated to reduce leakages. However, using these mechanisms to minimise leakages in schemes with richer functionalities (e.g., ranked, range) is relatively unexplored. Thirdly, a new approach (e.g., multiple servers) is required to mitigate new and emerging attacks on leakage. Lastly, we observe that a proposed index may not be practically efficient when implemented, where I/O access must be taken into consideration.

Real-time editing tools like Google Docs, Microsoft Office Online, or Etherpad have changed the way of collaboration. Many of these tools are based on Operational Transforms (OT), which guarantee that the views of different clients onto a document remain consistent over time. Usually, documents and operations are exposed to the server in plaintext – and thus to administrators, governments, and potentially cyber criminals. Therefore, it is highly desirable to work collaboratively on encrypted documents. Previous implementations do not unleash the full potential of this idea: They either require large storage, network, and computation overhead, are not real-time collaborative, or do not take the structure of the document into account. The latter simplifies the approach since only OT algorithms for byte sequences are required, but the resulting ciphertexts are almost four times the size of the corresponding plaintexts. We present SECRET, the first secure, efficient, and collaborative real-time editor. In contrast to all previous works, SECRET is the first tool that (1.) allows the encryption of whole documents or arbitrary sub-parts thereof, (2.) uses a novel combination of tree-based OT with a structure preserving encryption, and (3.) requires only a modern browser without any extra software installation or browser extension. We evaluate our implementation and show that its encryption overhead is three times smaller in comparison to all previous approaches. SECRET can even be used by multiple users in a low-bandwidth scenario. The source code of SECRET is published on GitHub as an open-source project:https://github.com/RUB-NDS/SECRET/

Internet-based online cloud services provide enormous volumes of storage space, tailor made computing resources and eradicates the obligation of native machines for data maintenance as well. Cloud storage service providers claim to offer the ability of secure and elastic data-storage services that can adapt to various storage necessities. Most of the security tools have a finite rate of failure, and intrusion comes with more complex and sophisticated techniques; the security failure rates are skyrocketing. Once we upload our data into the cloud, we lose control of our data, which certainly brings new security risks toward integrity and confidentiality of our data. In this paper, we discuss a secure file sharing mechanism for the cloud with the disintegration protocol (DIP). The paper also introduces new contribution of seamless file sharing technique among different clouds without sharing an encryption key.

A wireless sensor network (WSN) can provide a low cost and flexible solution to sensing and monitoring for large distributed applications. To save energy and prolong the network lifetime, the WSN is often partitioned into a set of spatial clusters. Each cluster includes sensor nodes with similar sensing data, and only a few sensor nodes (samplers) report their sensing data to a base node. Then the base node may predict the missed data of non-samplers using the spatial correlation between sensor nodes. The problem is that the WSN is vulnerable to internal security threat such as node compromise. If the samplers are compromised and report incorrect data intentionally, then the WSN should be contaminated rapidly due to the process of data prediction at the base node. In this paper, we propose three algorithms to detect compromised samplers for secure data collection in the WSN. The proposed algorithms leverage the unique property of spatial clustering to alleviate the overhead of compromised node detection. Experiment results indicate that the proposed algorithms can identify compromised samplers with a high accuracy and low energy consumption when as many as 50% sensor nodes are misbehaving.

With Internet of Things (IoT) middleware solutions moving towards cloud computing, the problems of trust in cloud platforms and data privacy need to be solved. The emergence of Trusted Execution Environments (TEEs) opens new perspectives to increase security in cloud applications. We propose a privacy-preserving IoT middleware, using Intel Software Guard Extensions (SGX) to create a secure system on untrusted platforms. An encrypted index is used as a database and communication with the application is protected using asymmetric encryption. This set of measures allows our system to process events in an orchestration engine without revealing data to the hosting cloud platform.

IoT applications often utilize the cloud to store and provide ubiquitous access to collected data. This naturally facilitates data sharing with third-party services and other users, but bears privacy risks, due to data breaches or unauthorized trades with user data. To address these concerns, we present Pilatus, a data protection platform where the cloud stores only encrypted data, yet is still able to process certain queries (e.g., range, sum). More importantly, Pilatus features a novel encrypted data sharing scheme based on re-encryption, with revocation capabilities and in situ key-update. Our solution includes a suite of novel techniques that enable efficient partially homomorphic encryption, decryption, and sharing. We present performance optimizations that render these cryptographic tools practical for mobile platforms. We implement a prototype of Pilatus and evaluate it thoroughly. Our optimizations achieve a performance gain within one order of magnitude compared to state-of-the-art realizations; mobile devices can decrypt hundreds of data points in a few hundred milliseconds. Moreover, we discuss practical considerations through two example mobile applications (Fitbit and Ava) that run Pilatus on real-world data.

An effective storage and management of file systems is very much essential now a days to avoid the wastage of storage space provided by the cloud providers. Data de-duplication technique has been used widely which allows only to store a single copy of a file and thus avoids duplication of file in the cloud storage servers. It helps to reduce the amount of storage space and save bandwidth of cloud service and thus in high cost savings for the cloud service subscribers. Today data that we need to store are in encrypted format to ensure the security. So data encryption by data owners with their own keys makes the de-duplication impossible for the cloud service subscriber as the data encryption with a key converts data into an unidentifiable format called cipher text thus encrypting, even the same data, with different keys may result in different cipher texts. But de-duplication and encryption need to work in hand to hand to ensure secure, authorized and optimized storage. In this paper, we propose a scheme for file-level de-duplication on encrypted files like text, images and even on video files stored in cloud based on the user's privilege set and file privilege set. This paper proposed a de-duplication system which distributes the files across different servers. The system uses an Erasure Correcting Code technique to re-construct the files even if the parts of the files are lost by attacking any server. Thus the proposed system can ensure both the security and reliability of encrypted files.

The growing adoption of distributed data processing frameworks in a wide diversity of application domains challenges end-to-end integration of properties like security, in particular when considering deployments in the context of large-scale clusters or multi-tenant Cloud infrastructures. This paper therefore introduces SecureStreams, a reactive middleware framework to deploy and process secure streams at scale. Its design combines the high-level reactive dataflow programming paradigm with Intel®'s low-level software guard extensions (SGX) in order to guarantee privacy and integrity of the processed data. The experimental results of SecureStreams are promising: while offering a fluent scripting language based on Lua, our middleware delivers high processing throughput, thus enabling developers to implement secure processing pipelines in just few lines of code.

Many state-of-the-art information-flow control (IFC) tools are implemented as Haskell libraries. A distinctive feature of this language is lazy evaluation. In his influencal paper on why functional programming matters, John Hughes proclaims:,,Lazy evaluation is perhaps the most powerful tool for modularization in the functional programmer's repertoire.,,Unfortunately, lazy evaluation makes IFC libraries vulnerable to leaks via the internal timing covert channel. The problem arises due to sharing, the distinguishing feature of lazy evaluation, which ensures that results of evaluated terms are stored for subsequent re-utilization. In this sense, the evaluation of a term in a high context represents a side-effect that eludes the security mechanisms of the libraries. A naïve approach to prevent that consists in forcing the evaluation of terms before entering a high context. However, this is not always possible in lazy languages, where terms often denote infinite data structures. Instead, we propose a new language primitive, lazyDup, which duplicates terms lazily. By using lazyDup to duplicate terms manipulated in high contexts, we make the security library MAC robust against internal timing leaks via lazy evaluation. We show that well-typed programs satisfy progress-sensitive non-interference in our lazy calculus with non-strict references. Our security guarantees are supported by mechanized proofs in the Agda proof assistant.

This paper investigates the physical layer security in a multibeam satellite communication system, where each legitimate user is surrounded by one eavesdropper. First of all, an optimization problem is formulated to maximize the sum of achievable secrecy rate, while satisfying the on-board satellite transmit power constraint. Then, two transmit beamforming(BF) schemes, namely, the zero-forcing (ZF) and the signal-to-leakage-and-noise ratio (SLNR) BF algorithms are proposed to obtain the BF weight vectors as well as power allocation coefficients. Finally, simulation results are provided to verify the validity of the two proposed methods and demonstrate that the SLNR BF algorithm outperforms the ZF BF algorithm.

A Software-Defined Wireless Sensor Network (SD-WSN) is a recently developed model which is expected to play a large role not only in the development of the Internet of Things (IoT) paradigm but also as a platform for other applications such as smart water management. This model makes use of a Software-Defined Networking (SDN) approach to manage a Wireless Sensor Network (WSN) in order to solve most of the inherent issues surrounding WSNs. One of the most important aspects of any network, is security. This is an area that has received little attention within the development of SDWSNs, as most research addresses security concerns within SDN and WSNs independently. There is a need for research into the security of SDWSN. Some concepts from both SDN and WSN security can be adjusted to suit the SDWSN model while others cannot. Further research is needed into consolidating SDN and WSN security measures to consider security in SDWSN. Threats, challenges and potential solutions to securing SDWSN are presented by considering both the WSN and SDN paradigms.

We consider the situation, where an adversary may learn the ephemeral values used by the prover within an identification protocol, aiming to get the secret keys of the user, or just to impersonate the prover subsequently. Unfortunately, most classical cryptographic identification protocols are exposed to such attacks, which might be quite realistic in case of software implementations. According to a recent proposal from SECIT-2017, we regard a scheme to be secure, if a malicious verifier, allowed to set the prover's ephemerals in the query stage, cannot impersonate the prover later on. We focus on the Okamoto Identification Scheme (IS), and show how to make it immune to the threats described above. Via reduction to the GDH Problem, we provide security guarantees in case of insufficient control over the unit executing Okamoto identification protocol (the standard Okamoto protocol is insecure in this situation).

In this paper, we analyze the security-reliability tradeoff (SRT) performance of the multi-relay cooperative networks over Nakagami-m fading channels. By considering the reliability of the first phase from the source to relay, a cooperative jamming (CJ) assisted secure transmission scheme is investigated to improve the security performance of the considered system. Specifically, we derive the approximate closed-form expression of the outage probability (OP) and exact closed-form expression of the intercepted probability (IP) for the CJ scheme to evaluate the SRT performance of the system. Finally, the simulation results verify the validity of our theoretical derivations and the advantage of the CJ scheme compared to the traditional scheme with no cooperative jammer.

Online peer-to-peer platforms like Airbnb allow hosts to list a property (e.g. a house, or a room) for short-term rentals. In this work, we examine how hosts describe themselves on their Airbnb profile pages. We use a mixed-methods study to develop a categorization of the topics that hosts self-disclose in their profile descriptions, and show that these topics differ depending on the type of guest engagement expected. We also examine the perceived trustworthiness of profiles using topic-coded profiles from 1,200 hosts, showing that longer self-descriptions are perceived to be more trustworthy. Further, we show that there are common strategies (a mix of topics) hosts use in self-disclosure, and that these strategies cause differences in perceived trustworthiness scores. Finally, we show that the perceived trustworthiness score is a significant predictor of host choice–especially for shorter profiles that show more variation. The results are consistent with uncertainty reduction theory, reflect on the assertions of signaling theory, and have important design implications for sharing economy platforms, especially those facilitating online-to-offline social exchange.

Multileaved comparison methods generalize interleaved comparison methods to provide a scalable approach for comparing ranking systems based on regular user interactions. Such methods enable the increasingly rapid research and development of search engines. However, existing multileaved comparison methods that provide reliable outcomes do so by degrading the user experience during evaluation. Conversely, current multileaved comparison methods that maintain the user experience cannot guarantee correctness. Our contribution is two-fold. First, we propose a theoretical framework for systematically comparing multileaved comparison methods using the notions of considerateness, which concerns maintaining the user experience, and fidelity, which concerns reliable correct outcomes. Second, we introduce a novel multileaved comparison method, Pairwise Preference Multileaving (PPM), that performs comparisons based on document-pair preferences, and prove that it is considerate and has fidelity. We show empirically that, compared to previous multileaved comparison methods, PPM is more sensitive to user preferences and scalable with the number of rankers being compared.

Internet of Things (IoT) and its various application domains are radically changing the lives of people, providing smart services which will ultimately constitute integral components of the living environment. The services of IoT operate based on the data flows collected from the different sensors and actuators. In this respect, the correctness and security of the sensor data transported over the IoT system is a crucial factor in ensuring the correct functioning of the IoT services. In this work, we present a method that can detect abnormal sensor events based on “apriori” knowledge of the behavior of the monitored process. The main advantage of the proposed methodology is that it builds on well-established theoretical works, while delivering a practical technique with low computational requirements. As a result, the developed technique can be hosted on various components of an IoT system. The developed approach is evaluated through real-world use-cases.