Biblio

Due to globalization of Integrated Circuit (IC) design flow, Intellectual Property (IP) cores have increasingly become susceptible to various hardware threats such as Trojan insertion, piracy, overbuilding etc. An IP core can be secured against these threats using functional obfuscation based security mechanism. This paper presents a functional obfuscation of digital signal processing (DSP) core for consumer electronics systems using a novel IP core locking block (ILB) logic that leverages the structure of flip-flops and combinational circuits. These ILBs perform the locking of the functionality of a DSP design and actuate the correct functionality only on application of a valid key sequence. In existing approaches so far, executing exhaustive trials are sufficient to extract the valid keys from an obfuscated design. However, proposed work is capable of hindering the extraction of valid keys even on exhaustive trials, unless successfully applied in the first attempt only. In other words, the proposed work drastically reduces the probability of obtaining valid key of a functionally obfuscated design in exhaustive trials. Experimental results indicate that the proposed approach achieves higher security and lower design overhead than previous works.

Network lifetime and energy consumption of sensor nodes have an inversely proportional relationship. Thus, it is important to ensure source location privacy (SLP) routing schemes are energy-efficient. This work performs an experimental evaluation of some existing routing schemes and proposes a new angle-based routing algorithm to modify the schemes. The dynamic route creation process of the modified schemes is characterized by processes which include determination of route and banned regions and computation of control angle and lead factor parameters. Results of the analysis show that the modified schemes are effective at obfuscating the adversaries to provide strong SLP protection. Furthermore, the modified schemes consume relatively lower energy and guarantee longer network lifetime.

IT technology is a vital part of our everyday life and society. Additionally, as it is present in strategic domains like the military, healthcare or critical infrastructure, the aspect of protection, i.e. cybersecurity is of utmost importance. In recent years, the demand for cybersecurity experts is exponentially rising. Additionally, the field of cybersecurity is very much interdisciplinary and therefore requires a broad set of skills. Renowned organisations as ACM or IEEE have recognized the importance of cybersecurity experts and proposed guidelines for higher education training of such professionals. This paper presents an overview of a cybersecurity education model from the Information Systems and Information Technology perspective together with a good example and experience of the University of Maribor. The presented education model is shaped according to the guidelines by the Joint Task Force on Cybersecurity Education and the expectations of the Slovene industry regarding the knowledge and skills their future employees should possess.

Multi-Processor Systems-on-Chips (MPSoCs) are a platform for a wide variety of applications and use-cases. The high on-chip connectivity, the programming flexibility, and the reuse of IPs, however, also introduce security concerns. Problems arise when applications with different trust and protection levels share resources of the MPSoC, such as processing units, cache memories and the Network-on-Chip (NoC) communication structure. If a program gets compromised, an adversary can observe the use of these resources and infer (potentially secret) information from other applications. In this work, we explore the cache-based attack by Bogdanov et al., which infers the cache activity of a target program through timing measurements and exploits collisions that occur when the same cache location is accessed for different program inputs. We implement this differential cache-collision attack on the MPSoC Glass and introduce an optimized variant of it, the Earthquake Attack, which leverages the NoC-based communication to increase attack efficiency. Our results show that Earthquake performs well under different cache line and MPSoC configurations, illustrating that cache-collision attacks are considerable threats on MPSoCs.

Dozens of signature and anomaly based solutions have been proposed to detect malicious activities in computer networks. However, the number of successful attacks are increasing every day. In this paper, we developed a novel entropy based technique, called Edmund, to detect and mitigate Network attacks. While analyzing full payload network traffic was not recommended due to users' privacy, Edmund used netflow data to detect abnormal behavior. The experimental results showed that Edmund was able to highly accurate detect (around 95%) different application, transport, and network layers attacks. It could identify more than 100K malicious flows raised by 1168 different attackers in our campus. Identifying the attackers, is a great feature, which enables the network administrators to mitigate DDoS effects during the attack time.

This paper aims at identifying the neural correlates of human trust in autonomous systems using electroencephalography (EEG) signals. Quantifying the relationship between trust and brain activities allows for real-time assessment of human trust in automation. This line of effort contributes to the design of trusted autonomous systems, and more generally, modeling the interaction in human-autonomy interaction. To study the correlates of trust, we use an investment game in which artificial agents with different levels of trustworthiness are employed. We collected EEG signals from 10 human subjects while they are playing the game; then computed three types of features from these signals considering the signal time-dependency, complexity and power spectrum using an autoregressive model (AR), sample entropy and Fourier analysis, respectively. Results of a mixed model analysis showed significant correlation between human trust and EEG features from certain electrodes. The frontal and the occipital area are identified as the predominant brain areas correlated with trust.

It is time-consuming and labor-intensive to learn and locate the correct API for programming tasks. Thus, it is beneficial to perform API recommendation automatically. The graph-based statistical model has been shown to recommend top-10 API candidates effectively. It falls short, however, in accurately recommending an actual top-1 API. To address this weakness, we propose RecRank, an approach and tool that applies a novel ranking-based discriminative approach leveraging API usage path features to improve top-1 API recommendation. Empirical evaluation on a large corpus of (1385+8) open source projects shows that RecRank significantly improves top-1 API recommendation accuracy and mean reciprocal rank when compared to state-of-the-art API recommendation approaches.

Malware (or malicious software) is any program or file that brings harm to a computer system. Malware includes computer viruses, worms, trojan horses, rootkit, adware, ransomware and spyware. Due to the explosive growth in number and variety of malware, the demand of improving automatic malware detection has increased. Machine learning approaches are a natural choice to deal with this problem since they can automatically discover hidden patterns in large-scale datasets to distinguish malware from benign. In this paper, we propose different deep neural network architectures from simple to advanced ones. We then fuse hand-crafted and deep features, and combine all models together to make an overall effective ensemble framework for malware detection. The experiment results demonstrate the efficiency of our proposed method, which is capable to detect malware with accuracy of 96.24% on our large real-life dataset.

Elliptic Curve Cryptography (ECC), initially proposed by Koblitz [17] and Miller [20], is a public-key cipher. Compared with other popular public-key ciphers (e.g., RSA), ECC features a shorter key length for the same level of security. For example, a 256-bit ECC cipher provides 128-bit security, equivalent to a 2048-bit RSA cipher [4]. Using smaller keys, ECC requires less memory for performing cryptographic operations. Embedded systems, especially given the proliferation of Internet-of-Things (IoT) devices and platforms, require efficient and low-power secure communications between edge devices and gateways/clouds. ECC has been widely adopted in IoT systems for authentication of communications, while RSA, which is much more costly to compute, remains the standard for desktops and servers.

Low-level programming languages with weak/static type systems, such as C and C++, are vulnerable to errors relating to the misuse of memory at runtime, such as (sub-)object bounds overflows, (re)use-after-free, and type confusion. Such errors account for many security and other undefined behavior bugs for programs written in these languages. In this paper, we introduce the notion of dynamically typed C/C++, which aims to detect such errors by dynamically checking the "effective type" of each object before use at runtime. We also present an implementation of dynamically typed C/C++ in the form of the Effective Type Sanitizer (EffectiveSan). EffectiveSan enforces type and memory safety using a combination of low-fat pointers, type meta data and type/bounds check instrumentation. We evaluate EffectiveSan against the SPEC2006 benchmark suite and the Firefox web browser, and detect several new type and memory errors. We also show that EffectiveSan achieves high compatibility and reasonable overheads for the given error coverage. Finally, we highlight that EffectiveSan is one of only a few tools that can detect sub-object bounds errors, and uses a novel approach (dynamic type checking) to do so.

Research has demonstrated promising benefits of applying virtual trainers to promote physical fitness. The current study investigated the value of virtual agents in the context of personal fitness, compared to trainers with greater levels of perceived agency (avatar or live human). We also explored the possibility that the effectiveness of the virtual trainer might depend on the affective tone it uses when trying to motivate users. Accordingly, participants received either positively or negatively valenced motivational messages from a virtual human they believed to be either an agent or an avatar, or they received the messages from a human instructor via skype. Both self-report and physiological data were collected. Like in-person coaches, the live human trainer who used negatively valenced messages were well-regarded; however, when the agent or avatar used negatively valenced messages, participants responded more poorly than when they used positively valenced ones. Perceived agency also affected rapport: compared to the agent, users felt more rapport with the live human trainer or the avatar. Regardless of trainer type, they also felt more rapport - and said they put in more effort - with trainers that used positively valenced messages than those that used negatively valenced ones. However, in reality, they put in more physical effort (as measured by heart rate) when trainers employed the more negatively valenced affective tone. We discuss implications for human–computer interaction.

Industrial Wireless Sensor Networks (IWSNs) are an extension of the Internet of Things paradigm that integrates smart sensors in industrial processes. However, the unattended open environment makes IWSNs vulnerable to malicious attacks, such as node compromise in addition to eavesdropping. The compromised nodes can again launch notorious attacks such as the sinkhole or sybil attack which may degrade the network performance. In this paper, we propose a lightweight, Secure Directed Diffusion (SDD) protocol. The algorithm for the proposed protocol uses bilinear pairing to derive a location-based key (LK) by binding the ID and geographic location of a node, thereby ensuring neighborhood authentication. Thus, authenticated nodes can prevent eavesdropping, node compromise including sinkhole and sybil attacks while ensuring confidentiality, authenticity, integrity with reduced latency. Finally, through security analysis, we prove that basic security is maintained and above-mentioned attacks are also prevented. We also compute storage, computation and communication overheads which show that SDD performs at least 2.6 times better in terms of storage overhead and at least 1.3 times better in terms of communication overhead over the other state-of-the-art competing schemes for attack preventions in WSN domain.

Secure group-oriented communication is crucial to a wide range of applications in Internet of Things (IoT). Security problems related to group-oriented communications in IoT-based applications placed in a privacy-sensitive environment have become a major concern along with the development of the technology. Unfortunately, many IoT devices are designed to be portable and light-weight; thus, their functionalities, including security modules, are heavily constrained by the limited energy resources (e.g., battery capacity). To address these problems, we propose a group key management scheme based on a novel physically unclonable function (PUF) design: multistage interconnected PUF (MIPUF) to secure group communications in an energy-constrained environment. Our design is capable of performing key management tasks such as key distribution, key storage and rekeying securely and efficiently. We show that our design is secure against multiple attack methods and our experimental results show that our design saves 47.33% of energy globally comparing to state-of-the-art Elliptic-curve cryptography (ECC)-based key management scheme on average.

Sky surveys represent a fundamental data source in astronomy. Today, these surveys are moving into a petascale regime produced by modern telescopes. Due to the exponential growth of astronomical data, there is a pressing need to provide efficient astronomical query processing. Our goal is to bridge the gap between existing distributed systems and high-level languages for astronomers. In this paper, we present efficient techniques for query processing of astronomical data using ASTROIDE. Our framework helps astronomers to take advantage of the richness of the astronomical data. The proposed model supports complex astronomical operators expressed using ADQL (Astronomical Data Query Language), an extension of SQL commonly used by astronomers. ASTROIDE proposes spatial indexing and partitioning techniques to better filter the data access. It also implements a query optimizer that injects spatial-aware optimization rules and strategies. Experimental evaluation based on real datasets demonstrates that the present framework is scalable and efficient.

Inner-product encryption (IPE) is a well-known functional encryption primitive that allows decryption when the inner-product of the attribute vectors, upon which the encrypted data and the decryption key depend, is equal to zero. Using IPE, it is possible to define fine-grained access policies over encrypted data whose enforcement can be outsourced to the cloud where the data are stored. However, current IPE schemes do not support efficient access policy changes. In this paper, we propose an efficient inner-product proxy re-encryption (E-IPPRE) scheme that provides the proxy server with a transformation key, with which a ciphertext associated with an attribute vector can be transformed to a new ciphertext associated with a different attribute vector, providing a policy update mechanism with a performance suitable for many practical applications. We experimentally assess the efficiency of our protocol and show that it is selective attribute-secure against chosen-plaintext attacks in the standard model under the Asymmetric Decisional Bilinear Diffie-Hellman assumption.

Algorithms are used to develop, analyzing, and applying in the computer field and used for developing new application. It is used for finding solutions to any problems in different condition. It transforms the problems into algorithmic ones on which standard algorithms are applied. Day by day Scholarly Digital documents are increasing. AlgorithmSeer is a search engine used for searching algorithms. The main aim of it provides a large algorithm database. It is used to automatically encountering and take these algorithms in this big collection of documents that enable algorithm indexing, searching, discovery, and analysis. An original set to identify and pull out algorithm representations in a big collection of scholarly documents is proposed, of scale able techniques used by AlgorithmSeer. Along with this, particularly important and relevant textual content can be accessed the platform and highlight portions by anyone with different levels of knowledge. In support of lectures and self-learning, the highlighted documents can be shared with others. But different levels of learners cannot use the highlighted part of text at same understanding level. The problem of guessing new highlights of partially highlighted documents can be solved by us.

Elliptic Curve Cryptography (ECC) provides high security levels with shorter keys than other public-key cryptosystems such as RSA. Usually modular inversion operation is a choke point in realizing the public-key cryptosystem. Based on the Extended Euclidean Algorithm, this work proposes an efficient FPGA implementation of ECC modular inversion over F256. According to this proposed algorithm, one modular inversion requires 320 clock cycles with a maximum clock frequency of 144.011MHz on a Xilinx Virtex-7 FPGA device which gives a computation time of 2.22μs. On the other words, our scenario can perform 450 thousand times division operations in one second approximately. Compared to other available literature, our scheme presented in this paper provides a high performance FPGA implementation of 256-bit modular inversion over F256. This makes the elliptic curve cryptography have important practical value in hardware implementation.

In this paper, a new image encryption algorithm is presented with one chaotic map and one group of secret keys. Double permutations for pixel positions are designed followed by a function of diffusion to alter gray distribution in the plain-image. In the proposed algorithm, the keystream is produced and dependent on the plain-image. As a result, the method can frustrate the known plaintext attack and chosen plaintext attack. Moreover, diffusion encryption by row-only is applied to the permuted image to save time consumption. Then, the experimental results show that our method can perform high security and is suitable for both gray and color images.

ZUC stream cipher is the first stream cipher developed independently by Chinese cryptologists as an international standard. The fast implementation of encryption algorithm is an important issue in cryptography application. At present, the research on ZUC stream cipher is mainly based on hardware implementation, and there are many efficient hardware implementations of ZUC stream cipher, but there are few efficient software implementations at present. This paper presents an efficient software design and implementation of ZUC stream cipher. Firstly, we propose the delayed modular, sliding window, and S-box optimizations to reduce the computational cost without modifying the calculation result of ZUC stream cipher. Secondly, single instruction multiple data instructions, reducing the times of memory access, loop unrolling optimization and other code optimization methods can improve the speed of encryption and decryption. Finally, we design and implementation a genetic algorithm to find the optimal sequence of optimizations in compiler. Experiments show that compared with the implementation of ZUC stream cipher given in the official document, these methods can give 102% performance improvement.

We address the question of feasibility of tests to verify highly automated driving functions by optimizing the trade-off between virtual tests for verifying safety properties and physical tests for validating the models used for such verification. We follow a quantitative approach based on a probabilistic treatment of the different quantities in question. That is, we quantify the accuracy of a model in terms of its probabilistic prediction ability. Similarly, we quantify the compliance of a system with its requirements in terms of the probability of satisfying these requirements. Depending on the costs of an individual virtual and physical test we are then able to calculate an optimal trade-off between physical and virtual tests, yet guaranteeing a probability of satisfying all requirements.

Cloud computing is an assured progression inside the future of facts generation. It's far a sub-domain of network security. These days, many huge or small organizations are switching to cloud which will shop and arrange their facts. As a result, protection of cloud networks is the want of the hour. DDoS is a killer software for cloud computing environments on net today. It is a distributed denial of carrier. we will beat the ddos attacks if we have the enough assets. ddos attacks can be countered by means of dynamic allocation of the assets. In this paper the attack is detected as early as possible and prevention methods is done and also mitigation method is also implemented thus attack can be avoided before it may occur.

Soliciting answers from online users is an efficient and effective solution to many challenging tasks. Due to the variety in the quality of users, it is important to infer their ability to provide correct answers during aggregation. Therefore, truth discovery methods can be used to automatically capture the user quality and aggregate user-contributed answers via a weighted combination. Despite the fact that truth discovery is an effective tool for answer aggregation, existing work falls short of the protection towards the privacy of participating users. To fill this gap, we propose perturbation-based mechanisms that provide users with privacy guarantees and maintain the accuracy of aggregated answers. We first present a one-layer mechanism, in which all the users adopt the same probability to perturb their answers. Aggregation is then conducted on perturbed answers but the aggregation accuracy could drop accordingly. To improve the utility, a two-layer mechanism is proposed where users are allowed to sample their own probabilities from a hyper distribution. We theoretically compare the one-layer and two-layer mechanisms, and prove that they provide the same privacy guarantee while the two-layer mechanism delivers better utility. This advantage is brought by the fact that the two-layer mechanism can utilize the estimated user quality information from truth discovery to reduce the accuracy loss caused by perturbation, which is confirmed by experimental results on real-world datasets. Experimental results also demonstrate the effectiveness of the proposed two-layer mechanism in privacy protection with tolerable accuracy loss in aggregation.

The non-stationary nature of the human Electroencephalogram (EEG) has caused problems in EEG based biometrics. Stationary signals analysis is done simply with Discrete Fourier Transform (DFT), while it is not possible to analyze non-stationary signals with DFT, as it does not have the ability to show the occurrence time of different frequency components. The Fractional Fourier Transform (FrFT), as a generalization of Fourier Transform (FT), has the ability to exhibit the variable frequency nature of non-stationary signals. In this paper, Discrete Fractional Fourier Transform (DFrFT) with different fractional orders is proposed as a novel feature extraction technique for EEG based human verification with different number of channels. The proposed method in its' best performance achieved 0.22% Equal Error Rate (EER) with three EEG channels of 104 subjects.

In this paper, we propose an access control model featured with the efficient key update function in data outsourcing environment. Our access control is based on the combination of Ciphertext Policy - Attribute-based Encryption (CP-ABE) and Role-based Access Control (RBAC). The proposed scheme aims to improve the attribute and key update management of the original CP-ABE. In our scheme, a user's key is incorporated into the attribute certificate (AC) which will be used to decrypt the ciphertext encrypted with CP-ABE policy. If there is any change (update or revoke) of the attributes appearing in the key, the key in the AC will be updated upon the access request. This significantly reduces the overheads in updating and distributing keys of all users simultaneously compared to the existing CP-ABE based schemes. Finally, we conduct the experiment to evaluate the performance of our proposed scheme to show the efficiency of our proposed scheme.