Biblio

The impending threat of large-scale quantum computers to classical RSA and ECC-based public-key cryptographic schemes prompted NIST to initiate a global level standardization process for post-quantum cryptography. This process which started in 2017 with 69 submissions is currently in its third and final round with seven main candidates and eight alternate candidates, out of which seven (7) out of the fifteen (15) candidates are schemes based on hard problems over structured lattices, known as lattice-based cryptographic schemes. Among the various parameters such as theoretical post-quantum (PQ) security guarantees, implementation cost and performance, resistance against physical attacks such as Side-Channel Analysis (SCA) and Fault Injection Analysis (FIA) has also emerged as an important criterion for standardization in the final round [1]. This is especially relevant for adoption of PQC in embedded devices, which are most likely used in environments where an attacker can have unimpeded physical access to the device.

The fourth industrial revolution envisions industry manufacturing systems to be software driven where mundane manufacturing tasks can be automated. As software is perceived as an integral part of this vision, discovering vulnerabilities is of paramount of importance so that manufacturing systems are secure. A categorization of vulnerability discovery strategies can inform practitioners on how to identify undiscovered vulnerabilities in software. Recently researchers have investigated and identified vulnerability discovery strategies used in open source software (OSS) projects. The efficacy of the derived strategy needs to be validated by obtaining feedback from practitioners. Such feedback can be helpful to assess if identified strategies are useful for practitioners and possible directions the derived vulnerability discovery strategies can be improvised. We survey 51 practitioners to assess if four vulnerability discovery strategies: diagnostics, malicious payload construction, misconfiguration, and pernicious execution can be used to identify undiscovered vulnerabilities. Practitioners perceive the strategies to be useful: for example, we observe 88% of the surveyed practitioners to agree that diagnostics could be used to discover vulnerabilities. Our work provides evidence of usefulness for the identified strategies.

Mobile Social Networks have become one of the most convenient services for users to share information everywhere. This crowdsourced information is often meaningful and recommended to users, e.g., reviews on Yelp or high marks on Dianping, which poses the threat of Sybil attacks. To address the problem of Sybil attacks, previous solutions mostly use indirect/direct graph model or clickstream model to detect fake accounts. However, they are either dependent on strong connections or solely preserved by servers of social networks. In this paper, we propose a novel predictable approach by exploiting users' custom patterns to distinguish Sybil attackers from normal users for the application of recommendation in mobile social networks. First, we introduce the entropy of spatial-temporal features to profile the mobility traces of normal users, which is quite different from Sybil attackers. Second, we develop discriminative entropy-based features, i.e., users' preference features, to measure the uncertainty of users' behaviors. Third, we design a smart Sybil detection model based on a binary classification approach by combining our entropy-based features with traditional behavior-based features. Finally, we examine our model and carry out extensive experiments on a real-world dataset from Dianping. Our results have demonstrated that the model can significantly improve the detection accuracy of Sybil attacks.

This study used the support vector machine (SVM) algorithm to predict Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks on a proxy server. Proxy-servers are prone to attacks such as DoS and DDoS and existing detection and prediction systems are inefficient. Three convex optimization problems using the Gaussian, linear and non-linear kernel methods were solved using the SVM module to detect the attacks. The SVM module and proxy server were implemented in Python and javascript respectively and made to run on a local network. Four other computers running on the same network where made to each communicate with the proxy server (two dedicated to attack the server). The server was able to detect and filter out the malicious requests from the attacking clients. Hence, the SVM module can effectively predict cyber attacks and can be integrated into any server to detect such attacks for improved security.

Homomorphic Encryption is one of the most promising techniques to deal with privacy concerns, which is raised by remote deep learning paradigm, and maintain high classification accuracy. However, homomorphic encryption-based solutions are characterized by high overhead in terms of both computation and communication, which limits their adoption in pervasive health monitoring applications with constrained client-side devices. In this paper, we propose PReDIHERO, an improved privacy-preserving solution for remote deep learning inferences based on homomorphic encryption. The proposed solution applies a reversible obfuscation technique that successfully protects sensitive information, and enhances the client-side overhead compared to the conventional homomorphic encryption approach. The solution tackles three main heavyweight client-side tasks, namely, encryption and transmission of private data, refreshing encrypted data, and outsourcing computation of activation functions. The efficiency of the client-side is evaluated on a healthcare dataset and compared to a conventional homomorphic encryption approach. The evaluation results show that PReDIHERO requires increasingly less time and storage in comparison to conventional solutions when inferences are requested. At two hundreds inferences, the improvement ratio could reach more than 30 times in terms of computation overhead, and more than 8 times in terms of communication overhead. The same behavior is observed in sequential data and batch inferences, as we record an improvement ratio of more than 100 times in terms of computation overhead, and more than 20 times in terms of communication overhead.

In this paper we discuss distributed denial of service attacks on software defined networks, software defined networking is a network architecture approach that enables the network to be intelligently and centrally controlled using software applications. These days the usage of internet is increased because high availability of internet and low cost devices. At the same time lot of security challenges are faced by network monitors and administrators to tackle the frequent network access by the users. The main idea of SDN is to separate the control plane and the data plane, as a result all the devices in the data plane becomes forwarding devices and all the decision making activities transferred to the centralized system called controller. Openflow is the standardized and most important protocol among many SDN protocols. In this article given the overview of distributed denial of service attacks and prevention mechanisms to these malicious attacks.

Visible light communications (VLC) have been the focus of many recent investigations due to its potential for transmitting data at a higher bitrate than conventional communication systems. Alongside the advantages of being energy efficient through the use of LEDs (Light Emitting Diodes), it is imperative that these systems also take in consideration privacy and security measures available. This work highlights the technical aspects of a typical 16-QAM (Quadrature Amplitude Modulation) VLC system incorporating an enhanced privacy feature using an hyperchaotic map to scramble the symbols. The results obtained in this study showed a low dispersion symbol constellation while communicating at 100 Baud and with a 1 m link. Using the measured EVM (Error Vector Magnitude) of the constellation, the BER (Bit Error Rate) of this system was estimated to be bellow 10−12 which is lower than the threshold limit of 3.8.10−3 that corresponds to the 7% hard-decision forward error correction (HD- FEC) for optimal transmission, showing that this technique can be implemented with higher bitrates and with a higher modulation index.

Mobile edge computing (MEC) emerges recently to help process the computation-intensive and delay-sensitive applications of resource limited mobile devices in support of MEC servers. Due to the wireless offloading, MEC faces many security challenges, like eavesdropping and privacy leakage. The anti-eavesdropping offloading or privacy preserving offloading have been studied in existing researches. However, both eavesdropping and privacy leakage may happen in the meantime in practice. In this paper, we propose a privacy preserved secure offloading scheme aiming to minimize the energy consumption, where the location privacy, usage pattern privacy and secure transmission against the eavesdropper are jointly considered. We formulate this problem as a constrained Markov decision process (CMDP) with the constraints of secure offloading rate and pre-specified privacy level, and solve it with reinforcement learning (RL). It can be concluded from the simulation that this scheme can save the energy consumption as well as improve the privacy level and security of the mobile device compared with the benchmark scheme.

Advancement in network technology provides an opportunity for e-commerce industries to sell digital content. However, multimedia content has the drawback of easy copy and redistribution, which causes rampant piracy. Digital rights management (DRM) systems are developed to address content piracy. Basically, DRM focuses to control content consumption and distribution. In general, to provide copyright protection, DRM system loses flexibility and creates a severe threat to users’ privacy. Moreover, traditional DRM systems are client-server architecture, which cannot handle strategies geographically. These disadvantages discourage the adoption of DRM systems. At the same time, multi-distributor DRM (MD-DRM) system provides a way to facilitate content distribution more effectively. Most of the existing multi-distributor DRM systems are privacy encroaching and do not discuss the useful content distribution framework. To overcome the drawbacks of existing schemes, we propose a privacy-preserving MD-DRM system, which is flexible enough to support location-based content distribution. The proposed scheme maintains a flexible and transparent content distribution without breaching consumer privacy. Besides, the proposed scheme does not violate accountability parameters. This mechanism makes traitor identification possible without violating the privacy rights of authorized consumers.

The problem of maintaining the privacy of sensitive healthcare data is crucial yet the significance of research efforts achieved still need robust development in privacy protection techniques for Wireless Multimedia Sensor Networks (WMSNs). This paper aims to investigate different privacy-preserving methods for WMSNs that can be applied in healthcare, to guarantee a privacy-aware transmission of multimedia data between sensors and base stations. The combination of ant colony optimization-based routing and hierarchical structure of the network have been proposed in the AntSensNet WMSN-based routing protocol to offer QoS and power efficient multipath multimedia packet scheduling. In this paper, the AntSensNet routing protocol was extended by utilizing privacy-preserving mechanisms thus achieving anonymity / pseudonymity, unlinkability, and location privacy. The vulnerability of standard AntSensNet routing protocol to privacy threats have raised the need for the following privacy attacks’ countermeasures: (i) injection of fake traffic, which achieved anonymity, privacy of source and base locations, as well as unlinkability; (ii) encrypting and correlating the size of scalar and multimedia data which is transmitted through a WMSN, along with encrypting and correlating the size of ants, to achieve unlinkability and location privacy; (iii) pseudonyms to achieve unlinkability. The impact of these countermeasures is assessed using quantitative performance analysis conducted through simulation to gauge the overhead of the added privacy countermeasures. It can be concluded that the introduced modifications did enhance the privacy but with a penalty of increased delay and multimedia jitter. The health condition of a patient determines the vitals to be monitored which affects the volumes and sources of fake traffic. Consequently, desired privacy level will dictate incurred overhead due to multimedia transmissions and privacy measures.

With the popularization of mobile communication and sensing equipment, as well as the rapid development of location-aware technology and wireless communication technology, LBSs(Location-based services) bring convenience to people’s lives and enable people to arrange activities more efficiently and reasonably. It can provide more flexible LBS proximity detection query, which has attracted widespread attention in recent years. However, the development of proximity detection query still faces many severe challenges including query information privacy. For example, when users want to ensure their location privacy and data security, they can get more secure location-based services. In this article, we propose an efficient and privacy-protecting proximity detection framework based on location services: PD(Proximity Detection). Through PD, users can query the range of arbitrary polygons and obtain accurate LBS results. Specifically, based on homomorphic encryption technology, an efficient PRQ(polygon range query) algorithm is constructed. With the help of PRQ, PD, you can obtain accurate polygon range query results through the encryption request and the services provided by the LAS(LBS Agent Server) and the CS(Cloud Server). In addition, the query privacy of the queryer and the information of the data provider are protected. The correctness proof and performance analysis show that the scheme is safe and feasible. Therefore, our scheme is suitable for many practical applications.

Modern vehicles become increasingly digitalized with advanced information technology-based solutions like advanced driving assistance systems and vehicle-to-x communications. These systems are complex and interconnected. Rising complexity and increasing outside exposure has created a steadily rising demand for more cyber-secure systems. Thus, also standardization bodies and regulators issued standards and regulations to prescribe more secure development processes. This security, however, also has to be validated and verified. In order to keep pace with the need for more thorough, quicker and comparable testing, today's generally manual testing processes have to be structured and optimized. Based on existing and emerging standards for cybersecurity engineering, this paper therefore outlines a structured testing process for verifying and validating automotive cybersecurity, for which there is no standardized method so far. Despite presenting a commonly structured framework, the process is flexible in order to allow implementers to utilize their own, accustomed toolsets.

In this paper, we focus on Information-Centric Delay-Tolerant Network (ICDTN), which incorporates the communication paradigm of Information-Centric Networking (ICN) into Delay-Tolerant Networking (DTN). Conventional ICNs adopt a naming scheme that names the content with the content identifier. However, a past study proposed an alternative naming scheme that describes the name of content with the content descriptor. We believe that, in ICDTN, it is more suitable to utilize the approach using the content descriptor. In this paper, we therefore propose keyword-based ICDTN that resolves content requests and deliveries contents based on keywords, i.e., content descriptor, in the request and response messages.

Crypto-ransomware is a malware that uses the system’s cryptography functions to encrypt user data. The irreversible effect of crypto-ransomware makes it challenging to survive the attack compared to other malware categories. When a crypto-ransomware attack encrypts user files, it becomes difficult to access these files without having the decryption key. Due to the availability of ransomware development tool kits like Ransomware as a Service (RaaS), many ransomware variants are being developed. This contributes to the rise of ransomware attacks witnessed nowadays. However, the conventional approaches employed by malware detection solutions are not suitable to detect ransomware. This is because ransomware needs to be detected as early as before the encryption takes place. These attacks can effectively be handled only if detected during the pre-encryption phase. Early detection of ransomware attacks is challenging due to the limited amount of data available before encryption. An adaptive pre-encryption model is proposed in this paper which is expected to deal with the population concept drift of crypto-ransomware given the limited amount of data collected during the pre-encryption phase of the attack lifecycle. With such adaptability, the model can maintain up-to-date knowledge about the attack behavior and identify the polymorphic ransomware that continuously changes its behavior.

Ever since Machine Learning as a Service emerges as a viable business that utilizes deep learning models to generate lucrative revenue, Intellectual Property Right (IPR) has become a major concern because these deep learning models can easily be replicated, shared, and re-distributed by any unauthorized third parties. To the best of our knowledge, one of the prominent deep learning models - Generative Adversarial Networks (GANs) which has been widely used to create photorealistic image are totally unprotected despite the existence of pioneering IPR protection methodology for Convolutional Neural Networks (CNNs). This paper therefore presents a complete protection framework in both black-box and white-box settings to enforce IPR protection on GANs. Empirically, we show that the proposed method does not compromise the original GANs performance (i.e. image generation, image super-resolution, style transfer), and at the same time, it is able to withstand both removal and ambiguity attacks against embedded watermarks. Codes are available at https://github.com/dingsheng-ong/ipr-gan.

The Internet of Things (IoT) paradigm has been proposed in the last few years with the goal of addressing technical problems in fields such as home and industrial automation, smart lighting systems and traffic monitoring. However, due to the very nature of the IoT devices (generally low-powered and often lacking strong security functionalities), typical deployments pose a great risk in terms of security and privacy. In this respect, the utilization of both a Trusted Execution Environment (TEE) and a Trusted Platform Module (TPM) can serve as a countermeasure against typical attacks. Furthermore, these functional blocks can serve as safe key storage services and provide a robust secure boot implementation and a firmware update mechanism, thus ensuring run-time authentication and integrity. The Common Criteria for Information Technology Security Evaluation allows to determine the degree of attainment of precise security properties in a product. The main objective of this work is to identify, propose and compose bricks of protection profile (PP), as defined by Common Criteria, that are applicable to secure IoT architectures. Moreover, it aims at giving some guiding rules and facilitate future certifications of components and/or their composition. Finally, it also provides a structure for a future methodology of assessment for IoT devices.

The two-factor authentication (2FA) has drawn increasingly attention as the mobile devices become more prevalent. For example, the user's possession of the enrolled phone could be used by the 2FA system as the second proof to protect his/her online accounts. Existing 2FA solutions mainly require some form of user-device interaction, which may severely affect user experience and creates extra burdens to users. In this work, we propose Proximity-Echo, a secure 2FA system utilizing the proximity of a user's enrolled phone and the login device as the second proof without requiring the user's interactions or pre-constructed device fingerprints. The basic idea of Proximity-Echo is to derive location signatures based on acoustic beep signals emitted alternately by both devices and sensing the echoes with microphones, and compare the extracted signatures for proximity detection. Given the received beep signal, our system designs a period selection scheme to identify two sound segments accurately: the chirp period is the sound segment propagating directly from the speaker to the microphone whereas the echo period is the sound segment reflected back by surrounding objects. To achieve an accurate proximity detection, we develop a new energy loss compensation extraction scheme by utilizing the extracted chirp periods to estimate the intrinsic differences of energy loss between microphones of the enrolled phone and the login device. Our proximity detection component then conducts the similarity comparison between the identified two echo periods after the energy loss compensation to effectively determine whether the enrolled phone and the login device are in proximity for 2FA. Our experimental results show that our Proximity-Echo is accurate in providing 2FA and robust to both man-in-the-middle (MiM) and co-located attacks across different scenarios and device models.

Recent advancements of spatial audio technologies to enhance human’s emotional and immersive experiences are gathering attention. Many studies are clarifying the neural mechanisms of acoustic spatial perception; however, they are limited to the evaluation of mechanisms using basic sound stimuli. Therefore, it remains challenging to evaluate the experience of actual music contents and to verify the effects of higher-order neurophysiological responses including a sense of immersive and realistic experience. To investigate the effects of spatial audio experience, we verified the psychophysiological responses of immersive spatial audio experience using sound field synthesis (SFS) technology. Specifically, we evaluated alpha power as the central nervous system activity, heart rate/heart rate variability and skin conductance as the autonomic nervous system activity during an acoustic experience of an actual music content by comparing stereo and SFS conditions. As a result, statistically significant differences (p \textbackslashtextless 0.05) were detected in the changes in alpha wave power, high frequency wave power of heart rate variability (HF), and skin conductance level (SCL) among the conditions. The results of the SFS condition showed enhanced the changes in alpha power in the frontal and parietal regions, suggesting enhancement of emotional experience. The results of the SFS condition also suggested that close objects are grouped and perceived on the basis of the spatial proximity of sounds in the presence of multiple sound sources. It is demonstrating that the potential use of SFS technology can enhance emotional and immersive experiences by spatial acoustic expression.

Recently, it is predicted that interworking between heterogeneous devices will be accelerated due to the openness of the IoT (Internet of Things) platform, but various security threats are also expected to increase. However, most IoT open platforms remain at the level that utilizes existing security technologies. Therefore, a more secure security technology is required to prevent illegal copying and leakage of important data through stealing, theft, and hacking of IoT devices. In addition, a technique capable of ensuring interoperability with existing standard technologies is required. This paper proposes an IoT device authentication method based on PUF (Physical Unclonable Function) that operates on an IoT open platform. By utilizing PUF technology, the proposed method can effectively respond to the threat of exposure of the authentication key of the existing IoT open platform. Above all, the proposed method can contribute to compatibility and interoperability with existing technologies by providing a device authentication method that can be effectively applied to the OCF Iotivity standard specification, which is a representative IoT open platform.

Our proposal aims to help solving a trust problem between licensors and licensees that occurs during the active life of license agreements. We particularly focus on licensing of proprietary intellectual property (IP) that is embedded in Internet of Things (IoT) devices and services (e.g. patented technologies). To achieve this we propose to encode the logic of license agreements into smart licenses (SL). We define a SL as a `digital twin' of a licensing contract, i.e. one or more smart contracts that represent the full or relevant parts of a licensing agreement in machine readable and executable code. As SL are self enforcing, the royalty computation and execution of payments can be fully automated in a tamper free and trustworthy way. This of course, requires to employ a Distributed Ledger Technology (DLT). Such an Automated Licensing Payment System (ALPS) can thus automate an established business process and solve a longstanding trust issue in licensing markets. It renders traditional costly audits obsolete, lowers entry barriers for those who want to participate in licensing markets, and enables novel business models too complex with traditional approaches.

In order to solve the problem of large data volume brought by the traditional Nyquist sampling theorem in radar signal detection, a compressive detection (CD) model based on compressed sensing (CS) theory is proposed by analyzing the sparsity of the radar target in the range domain. The lower sampling rate completes the compressive sampling of the radar signal on the range field. On this basis, the two-dimensional distribution of the Doppler unit is established by moving target detention moving target detention (MTD), and the detection of the target is achieved with the two-dimensional constant false alarm rate (2D-CFAR) detection algorithm. The simulation experiment results prove that the algorithm can effectively detect the target without the need for reconstruction signals, and has good detection performance.

The cryptology science has gradually gained importance with our digitalized lives. Ensuring the security of data transmitted, processed and stored across digital channels is a major challenge. One of the frequently used components in cryptographic algorithms to ensure security is substitution-box structures. Random selection-based substitution-box structures have become increasingly important lately, especially because of their advantages to prevent side channel attacks. However, the low nonlinearity value of these designs is a problem. In this study, a dataset consisting of twenty different substitution-box structures have been publicly presented to the researchers. The fact that the proposed dataset has high nonlinearity values will allow it to be used in many practical applications in the future studies. The proposed dataset provides a contribution to the literature as it can be used both as an input dataset for the new post-processing algorithm and as a countermeasure to prevent the success of side-channel analyzes.

The prevalence of Internet of Things (IoT) allows heterogeneous and lightweight smart devices to collaboratively provide services with or without human intervention. With an ever-increasing presence of IoT-based smart applications and their ubiquitous visibility from the Internet, user data generated by highly connected smart IoT devices also incur more concerns on security and privacy. While a lot of efforts are reported to develop lightweight information assurance approaches that are affordable to resource-constrained IoT devices, there is not sufficient attention paid from the aspect of security solutions against hardware-oriented attacks, i.e. side channel attacks. In this paper, a COTS (commercial off-the-shelf) based Randomized Switched-Mode Voltage Regulation System (RSMVRS) is proposed to prevent power analysis based side channel attacks (P-SCA) on bare metal IoT edge device. The RSMVRS is implemented to direct power to IoT edge devices. The power is supplied to the target device by randomly activating power stages with random time delays. Therefore, the cryptography algorithm executing on the IoT device will not correlate to a predictable power profile, if an adversary performs a SCA by measuring the power traces. The RSMVRS leverages COTS components and experimental study has verified the correctness and effectiveness of the proposed solution.

Maintaining critical data and process availability is an important challenge of Industry 4.0. Given the variety of smart nodes, data and the access latency that can be tolerated by consumers in modern IoT-based industry, we propose a method for analyzing the resiliency of an IoT network. Due to the complexity of modern system structures, different components in the system can affect the system’s resiliency. Therefore, a fundamental problem is to propose methods to quantify the value of resilience contribution of a node in each system effectively. This paper aims to identify the most critical vertices of the network with respect to the latency constraint resiliency metric. Using important centrality metrics, we identify critical nodes in industrial IoT networks to analyze the degree of resiliency in the IoT environments. The results show that when nodes with the highest value of Closeness Centrality (CC) were disrupted Resiliency of Latency (RL) would have the lowest value. In other words, the results indicate the nodes with the high values for CC are most critical in an IoT network.

The data-driven period produces more and more security-related challenges that even experts can hardly deal with. One of the most complex threats is ransomware, which is very taxing and devastating to detect and mainly prevent. Our research methods showed significant results in identifying ransomware processes using the honeypot concept augmented with symbolic linking to reduce damage made to the file system. The CIA (confidentiality, integrity, availability) metrics have been adhered to. We propose to optimize the malware process termination procedure and introduce an artificial intelligence-human collaboration to enhance ransomware classification and detection.