Biblio

Attribute Based Encryption that solely decrypts the cipher text's secret key attribute. Patient information is maintained on trusted third party servers in medical applications. Before sending health records to other third party servers, it is essential to protect them. Even if data are encrypted, there is always a danger of privacy violation. Scalability problems, access flexibility, and account revocation are the main security challenges. In this study, individual patient health records are encrypted utilizing a multi-authority ABE method that permits a multiple number of authorities to govern the attributes. A strong key generation approach in the classic Attribute Based Encryption is proposed in this work, which assures the robust protection of health records while also demonstrating its effectiveness. Simulation is done by using CloudSim Simulator and Statistical reports were generated using Cloud Reports. Efficiency, computation time and security of our proposed scheme are evaluated. The simulation results reveal that the proposed key generation technique is more secure and scalable.

Encryption is essential for protecting sensitive data, especially images, against unauthorized access and exploitation. The goal of this work is to develop a more secure image encryption technique for image-based communication. The approach uses particle swarm optimization, chaotic map and magic square to offer an ideal encryption effect. This work introduces a novel encryption algorithm based on magic square. The image is first broken down into single-byte blocks, which are then replaced with the value of the magic square. The encrypted images are then utilized as particles and a starting assembly for the PSO optimization process. The correlation coefficient applied to neighboring pixels is used to define the ideal encrypted image as a fitness function. The results of the experiments reveal that the proposed approach can effectively encrypt images with various secret keys and has a decent encryption effect. As a result of the proposed work improves the public key method's security while simultaneously increasing memory economy.

Satisfying the growing demand for electricity is a huge challenge for electricity providers without a robust and good infrastructure. For effective electricity management, the infrastructure has to be strengthened from the generation stage to the transmission and distribution stages. In the current electrical infrastructure, the evolution of smart grids provides a significant solution to the problems that exist in the conventional system. Enhanced management visibility and better monitoring and control are achieved by the integration of wireless sensor network technology in communication systems. However, to implement these solutions in the existing grids, the infrastructural constraints impose a major challenge. Along with the choice of technology, it is also crucial to avoid exorbitant implementation costs. This paper presents a self-stabilizing hierarchical algorithm for the existing electrical network. Neighborhood Area Networks (NAN) and Home Area Networks (HAN) layers are used in the proposed architecture. The Home Node (HN), Simple Node (SN) and Cluster Head (CH) are the three types of nodes used in the model. Fraudulent users in the system are identified efficiently using the proposed model based on the observations made through simulation on OMNeT++ simulator.

Thousands of crowded events take place every year. Often, management does not properly implement and manage privacy and security of data of the participants and personnel of the events. Crowds are also prone to significant security issues and become vulnerable to terrorist attacks. The aim of this paper is to propose a privacy and security framework for large, crowded events like the Hajj, Kumbh, Arba'een, and many sporting events and musical concerts. The proposed framework uses the latest technologies including Internet of Things, and Fog computing, especially in the Location based Services environments. The proposed framework can also be adapted for many other scenarios and situations.

In the deep nano-scale regime, reliability has emerged as one of the major design issues for high-density integrated systems. Among others, key reliability-related issues are soft errors, high temperature, and aging effects (e.g., NBTI-Negative Bias Temperature Instability), which jeopardize the correct applications' execution. Tremendous amount of research effort has been invested at individual system layers. Moreover, in the era of growing cyber-security threats, modern computing systems experience a wide range of security threats at different layers of the software and hardware stacks. However, considering the escalating reliability and security costs, designing a highly reliable and secure system would require engaging multiple system layers (i.e. both hardware and software) to achieve cost-effective robustness. This talk provides an overview of important reliability issues, prominent state-of-the-art techniques, and various hardwaresoftware collaborative reliability modeling and optimization techniques developed at our lab, with a focus on the recent works on ML-based reliability techniques. Afterwards, this talk will also discuss how advanced ML techniques can be leveraged to devise new types of hardware security attacks, for instance on logic locked circuits. Towards the end of the talk, I will also give a quick pitch on the reliability and security challenges for the embedded machine learning (ML) on resource/energy-constrained devices subjected to unpredictable and harsh scenarios.

Recently, unmanned aerial vehicle (UAV) swarm has been advocated to provide diverse data-centric services including data relay, content caching and computing task offloading in vehicular networks due to their flexibility and conveniences. Since only offloading computing tasks to edge computing devices (ECDs) can not meet the real-time demand of vehicles in peak traffic flow, this paper proposes to combine edge computing and UAV swarm for cooperative task offloading in vehicular networks. Specifically, we first design a cooperative task offloading framework that vehicles' computing tasks can be executed locally, offloaded to UAV swarm, or offloaded to ECDs. Then, the selection of offloading strategy is formulated as a mixed integer nonlinear programming problem, the object of which is to maximize the utility of the vehicle. To solve the problem, we further decompose the original problem into two subproblems: minimizing the completion time when offloading to UAV swarm and optimizing the computing resources when offloading to ECD. For offloading to UAV swarm, the computing task will be split into multiple subtasks that are offloaded to different UAVs simultaneously for parallel computing. A Q-learning based iterative algorithm is proposed to minimize the computing task's completion time by equalizing the completion time of its subtasks assigned to each UAV. For offloading to ECDs, a gradient descent algorithm is used to optimally allocate computing resources for offloaded tasks. Extensive simulations are lastly conducted to demonstrate that the proposed scheme can significantly improve the utility of vehicles compared with conventional schemes.

With the development of social networks, traditional covert communication requires more consideration of lossy processes of Social Network Platforms (SNPs), which is called robust steganography. Since JPEG compression is a universal processing of SNPs, a method using repeated JPEG compression to fit transport channel matching is recently proposed and shows strong compression-resist performance. However, the repeated JPEG compression will inevitably introduce other artifacts into the stego image. Using only traditional steganalysis methods does not work well towards such robust steganography under low payload. In this paper, we propose a simple and effective method to detect the mentioned steganography by chasing both steganographic perturbations as well as continuous compression artifacts. We introduce compression-forensic features as a complement to steganalysis features, and then use the ensemble classifier for detection. Experiments demonstrate that this method owns a similar and better performance with respect to both traditional and neural-network-based steganalysis.

In recent years, the use of the Internet of Things (IoT) has increased rapidly in different areas. Due to many IoT applications, many limitations have emerged such as power consumption and limited resources. The security of connected devices is becoming more and more a primary need for the reliability of systems. Among other things, power consumption remains an essential constraint with a major impact on the quality of the encryption system. For these, several lightweight cryptography algorithms were proposed and developed. The PRESENT algorithm is one of the lightweight block cipher algorithms that has been proposed for a highly restrictive application. In this paper, we have proposed an efficient hardware serial architecture that uses 16 bits for data path encryption. It uses fewer FPGA resources and achieves higher throughput compared to other existing hardware applications.

The concept of a connected vehicle refers to the linking of vehicles to each other and to other things. Today, developments in the Internet of Things (IoT) and 5G have made a significant contribution to connected vehicle technology. In addition to many positive contributions, connected vehicle technology also brings with it many security-related problems. In this study, a digital signature algorithm based on elliptic curve cryptography is proposed to verify the message and identity sent to the vehicles. In the proposed model, with the anonymous identification given to the vehicle by the central unit, the vehicle is prevented from being detected by other vehicles and third parties. Thus, even if the personal data produced in the vehicles is shared, it cannot be found which vehicle it belongs to.

Smart contracts are usually financial-related, which makes them attractive attack targets. Many static analysis tools have been developed to facilitate the contract audit process, but not all of them take account of two special features of smart contracts: (1) The external variables, like time, are constrained by real-world factors; (2) The internal variables persist between executions. Since these features import implicit constraints into contracts, they significantly affect the performance of static tools, such as causing errors in reachability analysis and resulting in false positives. In this paper, we conduct a systematic study on implicit constraints from three aspects. First, we summarize the implicit constraints in smart contracts. Second, we evaluate the impact of such constraints on the state-of-the-art static tools. Third, we propose a lightweight but effective mitigation method named ConSym to deal with such constraints and integrate it into OSIRIS. The evaluation result shows that ConSym can filter out 96% of false positives and reduce false negatives by two-thirds.

The single most important scientific question in fusion research may be confinement in a fusion plasma [1] . A recently-developed theoretical model [2] is reviewed for the confinement time of ion kinetic energy in a material where fusion reactions occur. In the theoretical model where ion stopping was considered as a key mechanism for ion kinetic energy loss, an estimate was obtained for the confinement time of ion kinetic energy in a D-T plasma - and found to be orders of magnitude lower than required in the Lawson criterion. As ions transfer their kinetic energies to electrons via ion stopping and thermalization between the ions and the electrons takes place, spontaneous electron cyclotron radiation is identified as a key mechanism for electron kinetic energy loss in a magnetically confined plasma. The energy confinement time is obtained and found in agreement with measurements from TFTR [1] and Wendelstein 7-X [3] . An advanced Lawson criterion is obtained for a magnetically confined thermonuclear fusion reactor.

Cyber-Physical Systems (CPS) are systems that contain digital embedded devices while depending on environmental influences or external configurations. Identifying relevant influences of a CPS as well as modeling dependencies on external influences is difficult. We propose to learn these dependencies with decision trees in combination with clustering. The approach allows to automatically identify relevant influences and receive a data-related explanation of system behavior involving the system's use-case. Our paper presents a case study of our method for a Real-Time Localization System (RTLS) proving the usefulness of our approach, and discusses further applications of a learned decision tree.

When we setup a computer network, we need to know if an attacker can get into the system. We need to do a series of test that shows the vulnerabilities of the network setup. These series of tests are commonly known Penetration Test. The need for penetration testing was not well known before. This paper highlights how penetration started and how it became as popular as it has today. The internet played a big part into the push to getting the idea of penetration testing started. The styles of penetration testing can vary from physical to network or virtual based testing which either can be a benefit to how a company becomes more secure. This paper presents the steps of penetration testing that a company or organization needs to carry out, to find out their own security flaws.

Web services use server-side input sanitization to guard against harmful input. Some web services publish their sanitization logic to make their client interface more usable, e.g., allowing clients to debug invalid requests locally. However, this usability practice poses a security risk. Specifically, services may share the regexes they use to sanitize input strings - and regex-based denial of service (ReDoS) is an emerging threat. Although prominent service outages caused by ReDoS have spurred interest in this topic, we know little about the degree to which live web services are vulnerable to ReDoS. In this paper, we conduct the first black-box study measuring the extent of ReDoS vulnerabilities in live web services. We apply the Consistent Sanitization Assumption: that client-side sanitization logic, including regexes, is consistent with the sanitization logic on the server-side. We identify a service's regex-based input sanitization in its HTML forms or its API, find vulnerable regexes among these regexes, craft ReDoS probes, and pinpoint vulnerabilities. We analyzed the HTML forms of 1,000 services and the APIs of 475 services. Of these, 355 services publish regexes; 17 services publish unsafe regexes; and 6 services are vulnerable to ReDoS through their APIs (6 domains; 15 subdomains). Both Microsoft and Amazon Web Services patched their web services as a result of our disclosure. Since these vulnerabilities were from API specifications, not HTML forms, we proposed a ReDoS defense for a popular API validation library, and our patch has been merged. To summarize: in client-visible sanitization logic, some web services advertise Re-DoS vulnerabilities in plain sight. Our results motivate short-term patches and long-term fundamental solutions. “Make measurable what cannot be measured.” -Galileo Galilei

Physical layer secret key exploits the random but reciprocal channel features between legitimate users to encrypt their data against fiber-tapping. We propose a novel tapping-based eavesdropper scheme, leveraging its tapped signals from legitimate users to reconstruct their common features and the secret key.

A methodology for studying the level of security for various types of CPS through the analysis of the consequences was developed during the research process. An analysis of the architecture of cyber-physical systems was carried out, vulnerabilities and threats of specific devices were identified, a list of possible information attacks and their consequences after the exploitation of vulnerabilities was identified. The object of research is models of cyber-physical systems, including IoT devices, microcomputers, various sensors that function through communication channels, organized by cyber-physical objects. The main subjects of this investigation are methods and means of security testing of cyber-physical systems (CPS). The main objective of this investigation is to update the problem of security in cyber-physical systems, to analyze the security of these systems. In practice, the testing methodology for the cyber-physical system “Smart Factory” was implemented, which simulates the operation of a real CPS, with different types of links and protocols used.

Static analysis tools generate a large number of alarms that require manual inspection. In prior work, repositioning of alarms is proposed to (1) merge multiple similar alarms together and replace them by a fewer alarms, and (2) report alarms as close as possible to the causes for their generation. The premise is that the proposed merging and repositioning of alarms will reduce the manual inspection effort. To evaluate the premise, this paper presents an empirical study with 249 developers on the proposed merging and repositioning of static alarms. The study is conducted using static analysis alarms generated on \$C\$ programs, where the alarms are representative of the merging vs. non-merging and repositioning vs. non-repositioning situations in real-life code. Developers were asked to manually inspect and determine whether assertions added corresponding to alarms in \$C\$ code hold. Additionally, two spatial cognitive tests are also done to determine relationship in performance. The empirical evaluation results indicate that, in contrast to expectations, there was no evidence that merging and repositioning of alarms reduces manual inspection effort or improves the inspection accuracy (at times a negative impact was found). Results on cognitive abilities correlated with comprehension and alarm inspection accuracy.

Software-Defined Networking (SDN) can be a good option to support Industry 4.0 (4IR) and 5G wireless networks. SDN can also be a secure networking solution that improves the security, capability, and programmability in the networks. In this paper, we present and analyze an SDN-based security architecture for 4IR with 5G. SDN is used for increasing the level of security and reliability of the network by suitably dividing the whole network into data, control, and applications planes. The SDN control layer plays a beneficial role in 4IR with 5G scenarios by managing the data flow properly. We also evaluate the performance of the proposed architecture in terms of key parameters such as data transmission rate and response time.

Benchmark datasets are heavily depended upon by the research community to validate theoretical findings and track progression in the state-of-the-art. NIDS dataset creation presents numerous challenges on account of the volume, heterogeneity, and complexity of network traffic, making the process labor intensive, and thus, prone to error. This paper provides a critical review of CIC-IDS-2017 and CIC-CSE-IDS-2018, datasets which have seen extensive usage in the NIDS literature, and are currently considered primary benchmarking datasets for NIDS. We report a large number of previously undocumented errors throughout the dataset creation lifecycle, including in attack orchestration, feature generation, documentation, and labeling. The errors destabilize the results and challenge the findings of numerous publications that have relied on it as a benchmark. We demonstrate the implications of these errors through several experiments. We provide comprehensive documentation to summarize the discovery of these issues, as well as a fully-recreated dataset, with labeling logic that has been reverse-engineered, corrected, and made publicly available for the first time. We demonstrate the implications of dataset errors through a series of experiments. The findings serve to remind the research community of common pitfalls with dataset creation processes, and of the need to be vigilant when adopting new datasets. Lastly, we strongly recommend the release of labeling logic for any dataset released, to ensure full transparency.

Electrical substations in power grid act as the critical interface points for the transmission and distribution networks. Over the years, digital technology has been integrated into the substations for remote control and automation. As a result, substations are more prone to cyber attacks and exposed to digital vulnerabilities. One of the notable cyber attack vectors is the malicious command injection, which can lead to shutting down of substations and subsequently power outages as demonstrated in Ukraine Power Plant Attack in 2015. Prevailing measures based on cyber rules (e.g., firewalls and intrusion detection systems) are often inadequate to detect advanced and stealthy attacks that use legitimate-looking measurements or control messages to cause physical damage. Additionally, defenses that use physics-based approaches (e.g., power flow simulation, state estimation, etc.) to detect malicious commands suffer from high latency. Machine learning serves as a potential solution in detecting command injection attacks with high accuracy and low latency. However, sufficient datasets are not readily available to train and evaluate the machine learning models. In this paper, focusing on this particular challenge, we discuss various approaches for the generation of synthetic data that can be used to train the machine learning models. Further, we evaluate the models trained with the synthetic data against attack datasets that simulates malicious commands injections with different levels of sophistication. Our findings show that synthetic data generated with some level of power grid domain knowledge helps train robust machine learning models against different types of attacks.

In the context of the Internet of Things (IoT), lightweight block ciphers are of vital importance. Due to the nature of the devices involved, traditional security solutions can add overhead and perhaps inhibit the application's objective due to resource limits. Lightweight cryptography is a novel suite of ciphers that aims to provide hardware-constrained devices with a high level of security while maintaining a low physical cost and high performance. In this paper, we are going to evaluate the performance of some of the recently proposed lightweight block ciphers (GIFT-COFB, Romulus, and TinyJAMBU) on the Arduino Due. We analyze data on each algorithm's performance using four metrics: average encryption and decryption execution time; throughput; power consumption; and memory utilization. Among our chosen ciphers, we find that TinyJAMBU and GIFT-COFB are excellent choices for resource-constrained IoT devices.

This paper provides an end-to-end solution to defend against known microarchitectural attacks such as speculative execution attacks, fault-injection attacks, covert and side channel attacks, and unknown or evasive versions of these attacks. Current defenses are attack specific and can have unacceptably high performance overhead. We propose an approach that reduces the overhead of state-of-art defenses by over 95%, by applying defenses only when attacks are detected. Many current proposed mitigations are not practical for deployment; for example, InvisiSpec has 27% overhead and Fencing has 74% overhead while protecting against only Spectre attacks. Other mitigations carry similar performance penalties. We reduce the overhead for InvisiSpec to 1.26% and for Fencing to 3.45% offering performance and security for not only spectre attacks but other known transient attacks as well, including the dangerous class of LVI and Rowhammer attacks, as well as covering a large set of future evasive and zero-day attacks. Critical to our approach is an accurate detector that is not fooled by evasive attacks and that can generalize to novel zero-day attacks. We use a novel Generative framework, Evasion Vaccination (EVAX) for training ML models and engineering new security-centric performance counters. EVAX significantly increases sensitivity to detect and classify attacks in time for mitigation to be deployed with low false positives (4 FPs in every 1M instructions in our experiments). Such performance enables efficient and timely mitigations, enabling the processor to automatically switch between performance and security as needed.

User authentication based on muscle tension manifested during password typing seems to be an interesting additional layer of security. It represents another way of verifying a person’s identity, for example in the context of continuous verification. In order to explore the possibilities of such authentication method, it was necessary to create a capturing software that records and stores data from EMG (electromyography) sensors, enabling a subsequent analysis of the recorded data to verify the relevance of the method. The work presented here is devoted to the design, implementation and evaluation of such a solution. The solution consists of a protocol and a software application for collecting multimodal data when typing on a keyboard. Myo armbands on both forearms are used to capture EMG and inertial data while additional modalities are collected from a keyboard and a camera. The user experience evaluation of the solution is presented, too.

Internet service providers (ISP) rely on network traffic classifiers to provide secure and reliable connectivity for their users. Encrypted traffic introduces a challenge as attacks are no longer viable using classic Deep Packet Inspection (DPI) techniques. Distinguishing encrypted from non-encrypted traffic is the first step in addressing this challenge. Several attempts have been conducted to identify encrypted traffic. In this work, we compare the detection performance of DPI, traffic pattern, and randomness tests to identify encrypted traffic in different levels of granularity. In an experimental study, we evaluate these candidates and show that a traffic pattern-based classifier outperforms others for encryption detection.

Nowadays, 5G has been widely used in various fields. People are starting to turn their attention to 6G. Therefore, at the beginning, this paper describes in detail the principle and performance of 6G, and introduces the key technologies of 6G, Cavity technology and THz technology. Based on the high-performance indicators of 6G, we then study the possible application changes brought by 6G, for example, 6G technology will make remote surgery and remote control possible. 6G technology will make remote surgery and remote control possible. 6G will speed up the interconnection of everything, allowing closer and faster connection between cars. Next, virtual reality is discussed. 6G technology will enable better development of virtual reality technology and enhance people's immersive experience. Finally, we present the issues that need to be addressed with 6G technology, such as cybersecurity issues and energy requirements. As well as the higher challenges facing 6G technology, such as connectivity and communication on a larger social plane.