Biblio

Big Data Platform provides business units with data platforms, data products and data services by integrating all data to fully analyze and exploit the intrinsic value of data. Data accessed by big data platforms may include many users' privacy and sensitive information, such as the user's hotel stay history, user payment information, etc., which is at risk of leakage. This paper first analyzes the risks of data leakage, then introduces in detail the theoretical basis and common methods of data desensitization technology, and finally puts forward a set of effective market subject credit supervision application based on asccii, which is committed to solving the problems of insufficient breadth and depth of data utilization for enterprises involved, the problems of lagging regulatory laws and standards, the problems of separating credit construction and market supervision business, and the credit constraints of data governance.

In order to solve the problem of data leakage and tampering in end-to-end power data security management, this paper proposes a Blockchain-based power terminal data security management model, which includes power terminals and Blockchain nodes. Among them, the power terminal is responsible for the collection of front-end substation data; the Blockchain node is responsible for data verification and data storage. Secondly, the data security management mechanism of power terminal based on Blockchain is proposed, including data aggregation, data encryption and transmission, signature verification for single Blockchain, aggregation signature for main Blockchain nodes, and intelligent contract storage. Finally, by applying the mechanism to the data storage process and data request process analysis, the data management mechanism proposed in this paper has a good application effect.

Data are generated and stored in databases at a very high speed and hence it need to be handled and analyzed properly. Nowadays industries are extensively using Hadoop and Spark to analyze the datasets. Both the frameworks are used for increasing processing speeds in computing huge complex datasets. Many researchers are comparing both of them. Now, the big questions arising are, Is Spark a substitute for Hadoop? Is hadoop going to be replaced by spark in mere future?. Spark is “built on top of” Hadoop and it extends the model to deploy more types of computations which incorporates Stream Processing and Interactive Queries. No doubt, Spark's execution speed is much faster than Hadoop, but talking in terms of fault tolerance, hadoop is slightly more fault tolerant than spark. In this article comparison of various bigdata analytics tools are done and Hadoop and Spark are discussed in detail. This article further gives an overview of bigdata, spark and hadoop issues. In this survey paper, the approaches to resolve the issues of spark and hadoop are discussed elaborately.

Using the blockchain technology to store the privatedocuments of individuals will help make data more reliable and secure, preventing the loss of data and unauthorized access. The Consensus algorithm along with the hash algorithms maintains the integrity of data simultaneously providing authentication and authorization. The paper incorporates the block chain and the Identity Based Encryption management concept. The Identity based Management system allows the encryption of the user's data as well as their identity and thus preventing them from Identity theft and fraud. These two technologies combined will result in a more secure way of storing the data and protecting the privacy of the user.

{With the rapid development of economic globalization, cooperation between countries, between enterprises, has become a key factor whether country and enterprises can make great economic progress. In these cooperation processes, it is necessary to trace the source of business data or log data for auditing and accountability. However, multi-party enterprises participating in cooperation often do not trust each other, and the separate accounting of the enterprises leads to isolated islands of information, which makes it difficult to trace the entire life cycle of the data. Therefore, there is an urgent need for a mechanism that can establish distributed trustworthiness among multiparty organizations that do not trust each other, and provide a tamper-resistant data storage mechanism to achieve credible traceability of data. This work proposes a data traceability platform architecture design plan for supply chain management based on the multi-disciplinary knowledge and technology of the Fabric Alliance chain architecture, perceptual identification technology, and cryptographic knowledge. At the end of the paper, the characteristics and shortcomings of data traceability of this scheme are evaluated.

Blackhole (BH) attacks are one of the most serious threats in mobile ad-hoc networks. A BH is a security attack in which a malicious node absorbs data packets and sends fake routing information to neighboring nodes. BH attacks are widely studied. However, existing defense methods wrongfully assume that BH attacks cannot overcome the most common defense approaches. A new wave of BH attacks is known as smart BH attacks. In this study, we used a highly aggressive type of BH attack that can predict sequence numbers to overcome traditional detection methods that set a threshold to sequence numbers. To protect the network from this type of BH attack, we propose a detection-and-prevention method that uses local information shared with neighboring nodes. Our experiments show that the proposed method successfully detects and contains even smart BH threats. Consequently, the attack success rate decreases.

Development of large-scale and complex software systems requires multiple teams, including software development teams, domain experts, user representatives, and other project stakeholders, to work collaboratively to achieve software development goals. These teams rely on the use of agreed software development processes, knowledge management tools, and communication channels collaboratively in the software development project. Software testing is an important and complicated process due to reasons such as difficulties in achieving testing goals with the given time constraint, absence of efficient data sharing policies, vague testing acceptance criteria at various levels of testing, and lack of trusted coordination among the teams involved in software testing. The efficiency of the software testing relies on efficient, reliable, and trusted information sharing among these teams. Existing approaches to software testing for collaborative software development use centralized or decentralize tools for software testing, knowledge management, and communication channels. Existing approaches have the limitations of centralized authority, a single point of failure/compromise, lack of automatic requirement compliance checking and transparency in information sharing, and lack of unified data sharing policy, and reliable knowledge management repositories for sharing and storing past software testing artifacts and data. In this paper, a software testing approach for collaborative software development using private blockchain is presented, and the desirable properties of private blockchain, such as distributed data management, tamper-resistance, auditability and automatic requirement compliance checking, are incorporated to greatly improve the quality of software testing for collaborative software development.

The wide expansion of the Internet of Things is pushing the growth of vehicular ad-hoc networks (VANETs) into the Internet of Vehicles (IoV). Secure data communication is vital to the success and stability of the IoV and should be integrated into its various operations and aspects. In this paper, we present a framework for secure IoV communications by utilizing the High Performance Blockchain Consensus (HPBC) algorithm. Based on a previously published communication model for VANETs that uses an efficient routing protocol for transmitting packets between vehicles, we describe in this paper how to integrate a blockchain model on top of the IoV communications system. We illustrate the method that we used to implement HPBC within the IoV nodes. In order to prove the efficiency of the proposed model, we carry out extensive simulations that test the proposed model and study its overhead on the IoV network. The simulation results demonstrated the good performance of the HPBC algorithm when implemented within the IoV environment.

The growth of IoT devices during the last decade has led to the development of smart ecosystems, such as smart homes, prone to cyberattacks. Traditional security methodologies support to some extend the requirement for preserving privacy and security of such deployments, but their centralized nature in conjunction with low computational capabilities of smart home gateways make such approaches not efficient. Last achievements on blockchain technologies allowed the use of such decentralized architectures to support cybersecurity defence mechanisms. In this work, a blockchain framework is presented to support the cybersecurity mechanisms of smart homes installations, focusing on the immutability of users and devices that constitute such environments. The proposed methodology provides also the appropriate smart contracts support for ensuring the integrity of the smart home gateway and IoT devices, as well as the dynamic and immutable management of blocked malicious IPs. The framework has been deployed on a real smart home environment demonstrating its applicability and efficiency.

In the Internet of Things (IoT), devices can interconnect and communicate autonomously, which requires devices to authenticate each other to exchange meaningful information. Otherwise, these things become vulnerable to various attacks. The conventional security protocols are not suitable for IoT applications due to the high computation and storage demand. Therefore, we proposed a blockchain-enabled secure storage and communication scheme for IoT applications, called BSS. The scheme ensures identification, authentication, and data integrity. Our scheme uses the security advantages of blockchain and helps to create safe zones (trust batch) where authenticated objects interconnect securely and do communication. A secure and robust trust mechanism is employed to build these batches, where each device has to authenticate itself before joining the trust batch. The obtained results satisfy the IoT security requirements with 60% reduced computation, storage and communication cost compared with state-of-the-art schemes. BSS also withstands various cyberattacks such as impersonation, message replay, man-in-the-middle, and botnet attacks.

The Extended Triple Diffie-Hellman (X3DH) protocol has been used for years as the basis of secure communication establishment among parties (i.e, humans and devices) over the Internet. However, such a protocol has several limits. It is typically based on a single trust third-party server that represents a single point of failure (SPoF) being consequently exposed to well- known Distributed Denial of Service (DDOS) attacks. In order to address such a limit, several solutions have been proposed so far that are often cost expensive and difficult to be maintained. The objective of this paper is to propose a BlockChain-Based X3DH (BCB-X3DH) protocol that allows eliminating such a SPoF, also simplifying its maintenance. Specifically, it combines the well- known X3DH security mechanisms with the intrinsic features of data non-repudiation and immutability that are typical of Smart Contracts. Furthermore, different implementation approaches are discussed to suits both human-to-human and device-to-device scenarios. Experiments compared the performance of both X3DH and BCB-X3DH.

Blockchain will increase supply chains' productivity and accountability, and have a positive effect on anything from warehousing to distribution to payment. To bridge the supply chain visibility gap, blockchain is being deployed because of its security features like immutability, tamper-resistant and hash proof. Blockchain integration with IoT increases the traceability and verifiability of the supply chain management and drastically eradicates the fraudulent activities including bribery, money laundering, forged checks, sanction violations, misrepresentation of goods and services. Blockchain can help to cross-check the verification, identification and authenticity of IoT devices to reduce the frequency and ramifications of fraud in supply chain management. The epidemic outbreak of SARS-CoV-2 has disrupted many global supply chains. The Geneva-based World Economic Forum declared that SARS-CoV-2 exposed supply chain failures can be tackled by blockchain technology. This paper explores the modern methodologies of supply chain management with integration of blockchain and IoT.

As the unmanned aerial vehicle (UAV) can play a vital role to collect information remotely in a military battlefield, researchers have shown great interest to reveal the domain of internet of battlefield Things (IoBT). In a rescue mission on a battlefield, UAV can collect data from different regions to identify the casualty of a soldier. One of the major challenges in IoBT is to identify the soldier in a complex environment. Image processing algorithm can be helpful if proper methodology can be applied to identify the victims. However, due to the limited hardware resources of a UAV, processing task can be handover to the nearby edge computing server for offloading the task as every second is very crucial in a battlefield. Furthermore, to avoid any third-party interaction in the network and to store the data securely, blockchain can help to create a trusted network as it forms a distributed ledger among the participants. This paper proposes a UAV assisted casualty detection scheme based on image processing algorithm where data is protected using blockchain technology. Result analysis has been conducted to identify the victims on the battlefield successfully using image processing algorithm and network issues like throughput and delay has been analyzed in details using public-key cryptography.

Recent studies on attacks exploiting processor hardware vulnerabilities have raised significant concern for information security. Particularly, transient execution attacks such as Spectre augment microarchitectural side channels with speculative executions that lead to exfiltration of secretive data not intended to be accessed. Many prior works have demonstrated the manipulation of branch predictors for triggering speculative executions, and thereafter leaking sensitive information through processor microarchitectural components. In this paper, we present a new class of microarchitectural attack, called BranchSpec, that performs information leakage by exploiting state changes of branch predictors in speculative path. Our key observation is that, branch instruction executions in speculative path alter the states of branch pattern history, which are not restored even after the speculatively executed branches are eventually squashed. Unfortunately, this enables adversaries to harness branch predictors as the transmitting medium in transient execution attacks. More importantly, as compared to existing speculative attacks (e.g., Spectre), BranchSpec can take advantage of much simpler code patterns in victim's code base, making the impact of such exploitation potentially even more severe. To demonstrate this security vulnerability, we have implemented two variants of BranchSpec attacks: a side channel where a malicious spy process infers cross-boundary secrets via victim's speculatively executed nested branches, and a covert channel that communicates secrets through intentionally perturbing the branch pattern history structure via speculative branch executions. Our evaluation on Intel Skylake- and Coffee Lake-based processors reveals that these information leakage attacks are highly accurate and successful. To the best of our knowledge, this is the first work to reveal the information leakage threat due to speculative state update in branch predictor. Our studies further broaden the attack surface of processor microarchitecture, and highlight the needs for branch prediction mechanisms that are secure in transient executions.

Modern control flow attacks circumvent existing defense mechanisms to transfer the program control to attacker chosen malicious code in the program, leaving application vulnerable to attack. Advanced attacks such as Return-Oriented Programming (ROP) attack and its variants, transfer program execution to gadgets (code-snippet that ends with return instruction). The code space to generate gadgets is large and attacks using these gadgets are Turing-complete. One big challenge to harden the program against ROP attack is to confine gadget selection to a limited locations, thus leaving the attacker to search entire code space according to payload criteria. In this paper, we present a novel approach to label the nodes of the Control-Flow Graph (CFG) of a program such that labels of the nodes on a valid control flow edge satisfy a Hamming distance property. The newly encoded CFG enables detection of illegal control flow transitions during the runtime in the processor pipeline. Experimentally, we have demonstrated that the proposed Control Flow Integrity (CFI) implementation is effective against control-flow hijacking and the technique can reduce the search space of the ROP gadgets upto 99.28%. We have also validated our technique on seven applications from MiBench and the proposed labeling mechanism incurs no instruction count overhead while, on average, it increases instruction width to a maximum of 12.13%.

The field of Big Data is expanding at an alarming rate since its inception in 2012. The excessive use of Social Networking Sites, collection of Data from Sensors for analysis and prediction of future events, improvement in Customer Satisfaction on Online S hopping portals by monitoring their past behavior and providing them information, items and offers of their interest instantaneously, etc had led to this rise in the field of Big Data. This huge amount of data, if analyzed and processed properly, can lead to decisions and outcomes that would be of great values and benefits to organizations and individuals. Security of Data and Privacy of User is of keen interest and high importance for individuals, industry and academia. Everyone ensure that their Sensitive information must be kept away from unauthorized access and their assets must be kept safe from security breaches. Privacy and Security are also equally important for Big Data and here, it is typical and complex to ensure the Privacy and Security, as the amount of data is enormous. One possible option to effectively and efficiently handle, process and analyze the Big Data is to make use of Machine Learning techniques. Machine Learning techniques are straightforward; applying them on Big Data requires resolution of various issues and is a challenging task, as the size of Data is too big. This paper provides a brief introduction to Big Data, the importance of Security and Privacy in Big Data and the various challenges that are required to overcome for applying the Machine Learning techniques on Big Data.

Facial biometrics have the advantages of high reliability, strong distinguishability and easily acquired for authentication. Therefore, it is becoming wildly used in identity authentication filed. However, there are stability, security and privacy issues in generating face key, which brings great challenges to face biometric authentication. In this paper, we propose a biometric key generation scheme based on face image. On the one hand, a deep neural network model for feature extraction is used to improve the stability of identity authentication. On the other hand, a key generation mechanism is designed to generate random biometric key while hiding original facial biometrics to enhance security and privacy of user authentication. The results show the FAR reach to 0.53% and the FRR reach to 0.57% in LFW face database, which achieves the better performance of biometric identification, and the proposed method is able to realize randomness of the generated biometric keys by NIST statistical test suite.

The mechanism for distributing information on the source of the attack by combining blockchain technology with the Intrusion Prevention System (IPS) can be done so that DDoS attack mitigation becomes more flexible, saves resources and costs. Also, by informing the blacklisted Internet Protocol(IP), each IPS can share attack source information so that attack traffic blocking can be carried out on IPS that are closer to the source of the attack. Therefore, the attack traffic passing through the network can be drastically reduced because the attack traffic has been blocked on the IPS that is closer to the attack source. The blocking of existing DDoS attack traffic is generally carried out on each IPS without a mechanism to share information on the source of the attack so that each IPS cannot cooperate. Also, even though the DDoS attack traffic did not reach the server because it had been blocked by IPS, the attack traffic still flooded the network so that network performance was reduced. Through smart contracts on the Ethereum blockchain, it is possible to inform the source of the attack or blacklisted IP addresses without requiring additional infrastructure. The blacklisted IP address is used by IPS to detect and handle DDoS attacks. Through the blacklisted IP distribution scheme, testing and analysis are carried out to see information on the source of the attack on each IPS and the attack traffic that passes on the network. The result is that each IPS can have the same blacklisted IP so that each IPS can have the same attack source information. The results also showed that the attack traffic through the network infrastructure can be drastically reduced. Initially, the total number of attack packets had an average of 115,578 reduced to 27,165.

Achieving efficient and secure accesses to real-time information from the designated IoT node is the fundamental key requirement for the applications of the Internet of Things. However, IoT nodes are prone to physical attacks, public channels reveal the sensitive information, and gateways that manage the IoT nodes suffer from the single-point failure, thereby causing the security and privacy problems. In this paper, a blockchain-based user remote authentication scheme using physical unclonable functions (PUFs) is proposed to overcome these problems. The PUFs provide physically secure identities for the IoT nodes and the blockchain acts as a distributed database to manage the key materials reliably for gateways. The security analysis is conducted and shows that our scheme realizes reliable security features and resists various attacks. Furthermore, a prototype was implemented to prove our scheme is efficient, scalable, and suitable for IoT scenarios.

Software developers make mistakes that can lead to failures of a software product. One approach to detect defects is static analysis: examine code without execution. Currently, various source code static analysis tools are widely used to detect defects. However, source code analysis is not enough. The reason for this is the use of third-party binary libraries, the unprovability of the correctness of all compiler optimizations. This paper introduces BinSide : binary static analysis framework for defects detection. It does interprocedural, context-sensitive and flow-sensitive analysis. The framework uses platform independent intermediate representation and provide opportunity to analyze various architectures binaries. The framework includes value analysis, reaching definition, taint analysis, freed memory analysis, constant folding, and constant propagation engines. It provides API (application programming interface) and can be used to develop new analyzers. Additionally, we used the API to develop checkers for classic buffer overflow, format string, command injection, double free and use after free defects detection.

Most programming languages support foreign language interoperation that allows developers to integrate multiple modules implemented in different languages into a single multilingual program. While utilizing various features from multiple languages expands expressivity, differences in language semantics require developers to understand the semantics of multiple languages and their inter-operation. Because current compilers do not support compile-time checking for interoperation, they do not help developers avoid in-teroperation bugs. Similarly, active research on static analysis and bug detection has been focusing on programs written in a single language. In this paper, we propose a novel approach to analyze multilingual programs statically. Unlike existing approaches that extend a static analyzer for a host language to support analysis of foreign function calls, our approach extracts semantic summaries from programs written in guest languages using a modular analysis technique, and performs a whole-program analysis with the extracted semantic summaries. To show practicality of our approach, we design and implement a static analyzer for multilingual programs, which analyzes JNI interoperation between Java and C. Our empirical evaluation shows that the analyzer is scalable in that it can construct call graphs for large programs that use JNI interoperation, and useful in that it found 74 genuine interoperation bugs in real-world Android JNI applications.

Steganalysis is an interesting classification problem in order to discriminate the images, including hidden messages from the clean ones. There are many methods, including deep CNN networks to extract fine features for this classification task. Nevertheless, a few researches have been conducted to improve the final classifier. Some state-of-the-art methods try to ensemble the networks by a voting strategy to achieve more stable performance. In this paper, a selection phase is proposed to filter improper networks before any voting. This filtering is done by a binary relevance multi-label classification approach. The Logistic Regression (LR) is chosen here as the last layer of network for classification. The large-margin Fisher’s linear discriminant (FLD) classifier is assigned to each one of the networks. It learns to discriminate the training instances which associated network is suitable for or not. Xu-Net, one of the most famous state-of-the-art Steganalysis models, is chosen as the base networks. The proposed method with different approaches is applied on the BOSSbase dataset and is compared with traditional voting and also some state-of-the-art related ensemble techniques. The results show significant accuracy improvement of the proposed method in comparison with others.

This paper proposes a basic strategy for Botnet Defense System (BDS). BDS is a cybersecurity system that utilizes white-hat botnets to defend IoT systems against malicious botnets. Once a BDS detects a malicious botnet, it launches white-hat worms in order to drive out the malicious botnet. The proposed strategy aims at the proper use of the worms based on the worms' capability such as lifespan and secondary infectivity. If the worms have high secondary infectivity or a long lifespan, the BDS only has to launch a few worms. Otherwise, it should launch as many worms as possible. The effectiveness of the strategy was confirmed through the simulation evaluation using agent-oriented Petri nets.

Advancing network technologies allows the setup of two-way communication links between energy providers and consumers. These developing technologies aim to enhance grid reliability and energy efficiency in smart grids. To achieve this goal, energy usage reports from consumers are required to be both trustworthy and confidential. In this paper, we construct a new data aggregation scheme in smart grids based on a homomorphic encryption algorithm. In the constructed scheme, obedient consumers who follow the instruction can prove its ajustment using a range proof protocol. Additionally, we propose a new identity-based signature algorithm in order to ensure authentication and integrity of the constructed scheme. By using this signature algorithm, usage reports are verified in real time. Extensive simulations demonstrate that our scheme outperforms other data aggregation schemes.

As Vehicular Ad hoc Network (VANET) features random topology and accommodates freely connected nodes, it is important that the cooperation among the nodes exists. This paper proposes a trust model called Implicit Web of Trust in VANET (IWOT-V) to reason out the trustworthiness of vehicles. Such that untrusted nodes can be identified and avoided when we make a decision regarding whom to follow or cooperate with. Furthermore, the performance of Cooperative Intelligent Transport System (C-ITS) applications improves. The idea of IWOT-V is mainly inspired by web page ranking algorithms such as PageRank. Although there does not exist explicit link structure in VANET because of random topology and dynamic connections, social trust relationship among vehicles exists and an implicit web of trust can be derived. To accomplish the derivation, two algorithms are presented, i.e., BayesTrust and VehicleRank. They are responsible for deriving the local and global trust relationships, respectively. The simulation results show that IWOT-V can accurately identify trusted and untrusted nodes if enough local trust information is collected. The performance of IWOT-V affected by five threat models is demonstrated, and the related discussions are also given.