Biblio

Good programming languages provide helpful abstractions for writing secure code, but the security properties of the source language are generally not preserved when compiling a program and linking it with adversarial code in a low-level target language (e.g., a library or a legacy application). Linked target code that is compromised or malicious may, for instance, read and write the compiled program's data and code, jump to arbitrary memory locations, or smash the stack, blatantly violating any source-level abstraction. By contrast, a fully abstract compilation chain protects source-level abstractions all the way down, ensuring that linked adversarial target code cannot observe more about the compiled program than what some linked source code could about the source program. However, while research in this area has so far focused on preserving observational equivalence, as needed for achieving full abstraction, there is a much larger space of security properties one can choose to preserve against linked adversarial code. And the precise class of security properties one chooses crucially impacts not only the supported security goals and the strength of the attacker model, but also the kind of protections a secure compilation chain has to introduce. We are the first to thoroughly explore a large space of formal secure compilation criteria based on robust property preservation, i.e., the preservation of properties satisfied against arbitrary adversarial contexts. We study robustly preserving various classes of trace properties such as safety, of hyperproperties such as noninterference, and of relational hyperproperties such as trace equivalence. This leads to many new secure compilation criteria, some of which are easier to practically achieve and prove than full abstraction, and some of which provide strictly stronger security guarantees. For each of the studied criteria we propose an equivalent “property-free” characterization that clarifies which proof techniques apply. For relational properties and hyperproperties, which relate the behaviors of multiple programs, our formal definitions of the property classes themselves are novel. We order our criteria by their relative strength and show several collapses and separation results. Finally, we adapt existing proof techniques to show that even the strongest of our secure compilation criteria, the robust preservation of all relational hyperproperties, is achievable for a simple translation from a statically typed to a dynamically typed language.

Data Distribution Service (DDS) is a realtime peer-to-peer protocol that serves as a scalable middleware between distributed networked systems found in many Industrial IoT domains such as automotive, medical, energy, and defense. Since the initial ratification of the standard, specifications have introduced a Security Model and Service Plugin Interface (SPI) architecture, facilitating authenticated encryption and data centric access control while preserving interoperable data exchange. However, as Secure DDS v1.1, the default plugin specifications presently exchanges digitally signed capability lists of both participants in the clear during the crypto handshake for permission attestation; thus breaching confidentiality of the context of the connection. In this work, we present an attacker model that makes use of network reconnaissance afforded by this leaked context in conjunction with formal verification and model checking to arbitrarily reason about the underlying topology and reachability of information flow, enabling targeted attacks such as selective denial of service, adversarial partitioning of the data bus, or vulnerability excavation of vendor implementations.

A permissioned blockchain platform comes with numerous assurances such as transaction confidentiality and system scalability to several organizations. Most permissioned blockchains rely on a Public-Key Infrastructure (PKI)as cryptographic tools to provide security services such as identity authentication and data confidentiality. Using PKI to validate transactions includes validating digital certificates of endorsement peers which creates an overhead in the system. Because public-key operations are computationally intensive, they limit the scalability of blockchain applications. Due to a large modulus size and expensive modular exponentiation operations, public-key operations such as RSA become slower than polynomial-based schemes, which involve a smaller modulus size and a less smaller number of modular multiplications. For instance, the 2048-bit RSA is approximately 15,728 times slower than a polynomial with a degree of 50 and 128-bit modulus size. In this paper, we propose a lightweight polynomial-based key management scheme in the context of a permissioned blockchain. Our scheme involves computationally less intensive polynomial evaluation operations such as additions and multiplications that result in a faster processing compared with public-key schemes. In addition, our proposed solution reduces the overhead of processing transactions and improves the system scalability. Security and performance analysis are provided in the paper.

The paper considers data security and privacy issues in intelligent transportation systems which involve data streams coming out from individual vehicles to road side units. In this environment, there are issues in regards to the scalability of key management and computation limitations at the edge of the network. To address these issues, we suggest the formation of groups in the vehicular layer, where a group leader is assigned to communicate with group members and the road side unit. We propose a lightweight permutation mechanism for preserving the confidentiality and privacy of sensory data.

Cyber security is a vital performance metric for networks. Wiretap attacks belong to passive attacks. It commonly exists in wired or wireless networks, where an eavesdropper steals useful information by wiretapping messages being shipped on network links. It seriously damages the confidentiality of communications. This paper proposed a secure network coding system architecture against wiretap attacks. It combines and collaborates network coding with cryptography technology. Some illustrating examples are given to show how to build such a system and prove its defense is much stronger than a system with a single defender, either network coding or cryptography. Moreover, the system is characterized by flexibility, simplicity, and easy to set up. Finally, it could be used for both deterministic and random network coding system.

Efficiently searchable and easily deployable encryption schemes enable an untrusted, legacy service such as a relational database engine to perform searches over encrypted data. The ease with which such schemes can be deployed on top of existing services makes them especially appealing in operational environments where encryption is needed but it is not feasible to replace large infrastructure components like databases or document management systems. Unfortunately all previously known approaches for efficiently searchable and easily deployable encryption are vulnerable to inference attacks where an adversary can use knowledge of the distribution of the data to recover the plaintext with high probability. We present a new efficiently searchable, easily deployable database encryption scheme that is provably secure against inference attacks even when used with real, low-entropy data. We implemented our constructions in Haskell and tested databases up to 10 million records showing our construction properly balances security, deployability and performance.

Botnets are responsible for many large scale attacks happening on the Internet. Their weak point, which is usually targeted to take down a botnet, is the command and control infrastructure: the foundation for the diffusion of the botmaster's instructions. Hence, botmasters employ stealthy communication methods to remain hidden and retain control of the botnet. Recent research has shown that blockchains can be leveraged for under the radar communication with bots, however these methods incur fees for transaction broadcasting. This paper discusses the use of a novel technology, Whisper, for command and control instruction dissemination. Whisper allows a botmaster to control bots at virtually zero cost, while providing a peer-to-peer communication infrastructure, as well as privacy and encryption as part of its dark communication strategy. It is therefore well suited for bidirectional botnet command and control operations, and creating a botnet that is very difficult to take down.

A key question for characterising a system's vulnerability against timing attacks is whether or not it allows an adversary to aggregate information about a secret over multiple timing measurements. Existing approaches for reasoning about this aggregate information rely on strong assumptions about the capabilities of the adversary in terms of measurement and computation, which is why they fall short in modelling, explaining, or synthesising real-world attacks against cryptosystems such as RSA or AES. In this paper we present a novel model for reasoning about information aggregation in timing attacks. The model is based on a novel abstraction of timing measurements that better captures the capabilities of real-world adversaries, and a notion of compositionality of programs that explains attacks by divide-and-conquer. Our model thus lifts important limiting assumptions made in prior work and enables us to give the first uniform explanation of high-profile timing attacks in the language of information-flow analysis.

Threat actors are constantly seeking new attack surfaces, with ransomeware being one the most successful attack vectors that have been used for financial gain. This has been achieved through the dispersion of unlimited polymorphic samples of ransomware whilst those responsible evade detection and hide their identity. Nonetheless, every ransomware threat actor adopts some similar style or uses some common patterns in their malicious code writing, which can be significant evidence contributing to their identification. he first step in attempting to identify the source of the attack is to cluster a large number of ransomware samples based on very little or no information about the samples, accordingly, their traits and signatures can be analysed and identified. T herefore, this paper proposes an efficient fuzzy analysis approach to cluster ransomware samples based on the combination of two fuzzy techniques fuzzy hashing and fuzzy c-means (FCM) clustering. Unlike other clustering techniques, FCM can directly utilise similarity scores generated by a fuzzy hashing method and cluster them into similar groups without requiring additional transformational steps to obtain distance among objects for clustering. Thus, it reduces the computational overheads by utilising fuzzy similarity scores obtained at the time of initial triaging of whether the sample is known or unknown ransomware. The performance of the proposed fuzzy method is compared against k-means clustering and the two fuzzy hashing methods SSDEEP and SDHASH which are evaluated based on their FCM clustering results to understand how the similarity score affects the clustering results.

Several computer vision applications such as object detection and face recognition have started to completely rely on deep learning based architectures. These architectures, when paired with appropriate loss functions and optimizers, produce state-of-the-art results in a myriad of problems. On the other hand, with the advent of "blockchain", the cybersecurity industry has developed a new sense of trust which was earlier missing from both the technical and commercial perspectives. Employment of cryptographic hash as well as symmetric/asymmetric encryption and decryption algorithms ensure security without any human intervention (i.e., centralized authority). In this research, we present the synergy between the best of both these worlds. We first propose a model which uses the learned parameters of a typical deep neural network and is secured from external adversaries by cryptography and blockchain technology. As the second contribution of the proposed research, a new parameter tampering attack is proposed to properly justify the role of blockchain in machine learning.

Cloud Computing is the most promising paradigm in recent times. It offers a cost-efficient service to individual and industries. However, outsourcing sensitive data to entrusted Cloud servers presents a brake to Cloud migration. Consequently, improving the security of data access is the most critical task. As an efficient cryptographic technique, Ciphertext Policy Attribute Based Encryption(CP-ABE) develops and implements fine-grained, flexible and scalable access control model. However, existing CP-ABE based approaches suffer from some limitations namely revocation, data owner overhead and computational cost. In this paper, we propose a sliced revocable solution resolving the aforementioned issues abbreviated RS-CPABE. We applied splitting algorithm. We execute symmetric encryption with Advanced Encryption Standard (AES)in large data size and asymmetric encryption with CP-ABE in constant key length. We re-encrypt in case of revocation one single slice. To prove the proposed model, we expose security and performance evaluation.

Cloud-assisted Internet of Vehicles (IoV)which merges the advantages of both cloud computing and Internet of Things that can provide numerous online services, and bring lots of benefits and conveniences to the connected vehicles. However, the security and privacy issues such as confidentiality, access control and driver privacy may prevent it from being widely utilized for message dissemination. Existing attribute-based message encryption schemes still bring high computational cost to the lightweight vehicles. In this paper, we introduce a secure and privacy-preserving dissemination scheme for warning message in cloud-assisted IoV. Firstly, we adopt attribute-based encryption to protect the disseminated warning message, and present a verifiable encryption and decryption outsourcing construction to reduce the computational overhead on vehicles. Secondly, we present a conditional privacy preservation mechanism which utilizes anonymous identity-based signature technique to ensure anonymous vehicle authentication and message integrity checking, and also allows the trusted authority to trace the real identity of malicious vehicle. We further achieve batch verification to improve the authentication efficiency. The analysis indicate that our scheme gains more security properties and reduces the computational overhead on the vehicles.

Wide adoption of artificial neural networks in various domains has led to an increasing interest in defending adversarial attacks against them. Preprocessing defense methods such as pixel discretization are particularly attractive in practice due to their simplicity, low computational overhead, and applicability to various systems. It is observed that such methods work well on simple datasets like MNIST, but break on more complicated ones like ImageNet under recently proposed strong white-box attacks. To understand the conditions for success and potentials for improvement, we study the pixel discretization defense method, including more sophisticated variants that take into account the properties of the dataset being discretized. Our results again show poor resistance against the strong attacks. We analyze our results in a theoretical framework and offer strong evidence that pixel discretization is unlikely to work on all but the simplest of the datasets. Furthermore, our arguments present insights why some other preprocessing defenses may be insecure.

In this paper, the two methods for ciphering are presented and compared. The aim is to reveal the suitability of chaotic neural network approach to ciphering compared to AES cipher. The durations in seconds of both methods are presented and the two methods are compared. The results show, that the chaotic neural network is fast, suitable for ciphering of short plaintexts. AES ciphering is suitable for longer plaintexts or images and is also more reliable.

The objective of this paper was to propose a 5D combined chaotic system used for image encryption by scrambling and DNA encryption. The initial chaotic values were calculated with a set of equations. The chaotic sequences were used for pixel scrambling, bit scrambling, DNA encryption and DNA complementary function. The average of NPCR, UACI and entropy values of the 6 images used for testing were 99.61, 33.51 and 7.997 respectively. The correlation values obtained for the encrypted image were much lower than the corresponding original image. The histogram of the encrypted image was flat. Based on the theoretical results from the tests performed on the proposed system it can be concluded that the system is suited for practical applications, since it offers high security.

After the creation of the internet, the file sharing process has been changed. Several third-party applications have come to live for sharing and chatting purposes. A spammer can profit by these applications in different ways like, can achieve countless data, can acquire the user's personal information, and furthermore. Later that untrusted cloud storages are used for uploading a file even it is maintained by the third party If they use an untrusted cloud, there is a security problem. We need to give more security for file transfer in the defense-based organization. So, we developed a secure application for group member communication in a secure medium. The user belongs to a specific department from a specific group can access the data from the storage node and decrypt it. Every user in the group needs to register in the node to send or receive the data. Group Manager can restrict the access of the users in a Defense Network and he generates a user list, users in that list can only login to the node and share or download the files. We created a secure platform to upload files and share the data with multiple users by using Dynamic broadcasting Encryption. Users in the list can only download and decrypt the files from the storage node.

Nowadays, secure transmission of multimedia files has become more significant concern with the evolution of technologies. Cryptography is the well-known technique to safeguard the files from various destructive hacks. In this work, a colour image encryption scheme is suggested using chaos and Deoxyribo Nucleic Acid (DNA) coding. The encryption scheme is carried out in two stages namely confusion and diffusion. As the first stage, chaos aided inter-planar row and column shuffling are performed to shuffle the image pixels completely. DNA coding and decoding operations then diffuse the resultant confused image with the help of eight DNA XOR rules. This confusion-diffusion process has achieved the entropy value equal to 7.9973 and correlation coefficient nearer to zero with key space of 10140. Various other analyses are also done to ensure the effectiveness of the developed algorithm. The results show that the proposed scheme can withstand different attacks and better than the recent state-of-art methods.

Cloud computing is a rapid growing advanced technology which is Internet based, providing various ways for storage, resource sharing, and various features. It has brought a new way to securely store and share information and data with multiple users and groups. The cloud environment deals with many problems, and one of the most important problems in recent days is the security issues. Sharing the data in a group, in cloud conditions has turned into a blazing theme in up and coming decades. Thus the blasting interest in cloud computing, ways and measures to accomplish secure and effective information and data sharing in the cloud is a flourishing point to be engaged. In this way, the venture centers around empowering information sharing and capacity for a similar gathering inside the cloud with high security and intensity. Therefore, Honey Encryption and Advanced Encryption Standard is used for providing security for the data shared within the group by the crew members in cloud environment. In addition, an access key is provided by the Group Manager to enable access to the documents and files stored in cloud by the users for specific time period.

The deployment of smart devices in IoT applications are increasing with tremendous pace causing severe security concerns, as it trade most of private information. To counter that security issues in low resource applications, lightweight cryptographic algorithms have been introduced in recent past. In this paper we propose efficient hardware architecture of piccolo lightweight algorithm uses 64 bits block size with variable key size of length 80 and 128 bits. This paper introduces novel hardware architecture of piccolo-80, to supports high speed RFID security applications. Different design strategies are there to optimize the hardware metrics trade-off for particular application. The algorithm is implemented on different family of FPGAs with different devices to analyze the performance of design in 4 input LUTs and 6 input LUTs implementations. In addition, the results of hardware design are evaluated and compared with the most relevant lightweight block ciphers, shows the proposed architecture finds its utilization in terms of speed and area optimization from the hardware resources. The increment in throughput with optimized area of this architecture suggests that piccolo can applicable to implement for ultra-lightweight applications also.

Pervasive systems over the years continuous to grow exponentially. Engagement of IoT in fields such as Agriculture, Home automation, industrial applications etc is on the rise. Self organizing networks within the IoT field give rise to engagement of various nodes for data communication. The rise in Cyber-attacks within IoT pose a lot of threat to these connected nodes and hence there is a need for data passing through nodes to be verified during communication. In this paper we proposed a nodal authentication approach in IoT using blockchain in securing the integrity of data passing through the nodes in IoT. In our work, we engaged the GOST algorithm in our approach. At the end, we achieved a nodal authentication and verification of the transmitted data. This makes it very difficult for an attacker to fake a node in the communication chain of the connected nodes. Data integrity was achieved in the nodes during the communication.

The Internet of Things (IoT) and RFID devices are essential parts of the new information technology generation. They are mostly characterized by their limited power and computing resources. In order to ensure their security under computing and power constraints, a number of lightweight cryptography algorithms has emerged. This paper outlines the performance analysis of six lightweight blocks crypto ciphers with different structures - LED, PRESENT, HIGHT, LBlock, PICCOLO and TWINE on a LEON3 open source processor. We have implemented these crypto ciphers on the FPGA board using the C language and the LEON3 processor. Analysis of these crypto ciphers is evaluated after considering various benchmark parameters like throughput, execution time, CPU performance, AHB bandwidth, Simulator performance, and speed. These metrics are tested with different key sizes provided by each crypto algorithm.

New IoT applications are demanding for more and more performance in embedded devices while their deployment and operation poses strict power constraints. We present the security concept for a customizable Internet of Things (IoT) platform based on the RISC-V ISA and developed by several Fraunhofer Institutes. It integrates a range of peripherals with a scalable computing subsystem as a three dimensional System-in-Package (3D-SiP). The security features aim for a medium security level and target the requirements of the IoT market. Our security architecture extends given implementations to enable secure deployment, operation, and update. Core security features are secure boot, an authenticated watchdog timer, and key management. The Universal Sensor Platform (USeP) SoC is developed for GLOBALFOUNDRIES' 22FDX technology and aims to provide a platform for Small and Medium-sized Enterprises (SMEs) that typically do not have access to advanced microelectronics and integration know-how, and are therefore limited to Commercial Off-The-Shelf (COTS) products.

Logic encryption is a powerful hardware protection technique that uses extra key inputs to lock a circuit from piracy or unauthorized use. The recent discovery of the SAT-based attack with Distinguishing Input Pattern (DIP) generation has rendered all traditional logic encryptions vulnerable, and thus the creation of new encryption methods. However, a critical question for any new encryption method is whether security against the DIP-generation attack means security against all other attacks. In this paper, a new high-level SAT-based attack called SigAttack has been discovered and thoroughly investigated. It is based on extracting a key-revealing signature in the encryption. A majority of all known SAT-resilient encryptions are shown to be vulnerable to SigAttack. By formulating the condition under which SigAttack is effective, the paper also provides guidance for the future logic encryption design.

Crowdsensing, driven by the proliferation of sensor-rich mobile devices, has emerged as a promising data sensing and aggregation paradigm. Despite useful, traditional crowdsensing systems typically rely on a centralized third-party platform for data collection and processing, which leads to concerns like single point of failure and lack of operation transparency. Such centralization hinders the wide adoption of crowdsensing by wary participants. We therefore explore an alternative design space of building crowdsensing systems atop the emerging decentralized blockchain technology. While enjoying the benefits brought by the public blockchain, we endeavor to achieve a consolidated set of desirable security properties with a proper choreography of latest techniques and our customized designs. We allow data providers to safely contribute data to the transparent blockchain with the confidentiality guarantee on individual data and differential privacy on the aggregation result. Meanwhile, we ensure the service correctness of data aggregation and sanitization by delicately employing hardware-assisted transparent enclave. Furthermore, we maintain the robustness of our system against faulty data providers that submit invalid data, with a customized zero-knowledge range proof scheme. The experiment results demonstrate the high efficiency of our designs on both mobile client and SGX-enabled server, as well as reasonable on-chain monetary cost of running our task contract on Ethereum.

There has been a growing expansion in the use of steganography, due to the evolution in using internet technology and multimedia technology. Hence, nowadays, the information is not secured sufficiently while transmitting it over the network. Therefore, information security has taken an important role to provide security against unauthorized individuals. This paper proposes steganography and cryptography technique to secure image based on hybrid edge detector. Cryptography technique is used to encrypt a secret image by using Vernam cipher algorithm. The robust of this algorithm is depending on pseudorandom key. Therefore, pseudo-random key is generated from a nonlinear feedback shift register (Geffe Generator). While in steganography, Hybrid Sobel and Kirch edge detector have been applied on the cover image to locate edge pixels. The least significant bit (LSB) steganography technique is used to embed secret image bits in the cover image in which 3 bits are embedded in edge pixel and 2 bits in smooth pixel. The proposed method can be used in multi field such as military, medical, communication, banking, Electronic governance, and so on. This method gives an average payload ratio of 1.96 with 41.5 PSNR on average. Besides, the maximum size of secret image that can be hidden in the cover image of size 512*512 is 262*261. Also, when hiding 64800 bits in baboon cover image of size 512*512, it gives PSNR of 50.42 and MSE of 0.59.