Biblio

Cybersecurity is a problem of growing relevance that impacts all facets of society. As a result, many researchers have become interested in studying cybercriminals and online hacker communities in order to develop more effective cyber defenses. In particular, analysis of hacker community contents may reveal existing and emerging threats that pose great risk to individuals, businesses, and government. Thus, we are interested in developing an automated methodology for identifying tangible and verifiable evidence of potential threats within hacker forums, IRC channels, and carding shops. To identify threats, we couple machine learning methodology with information retrieval techniques. Our approach allows us to distill potential threats from the entirety of collected hacker contents. We present several examples of identified threats found through our analysis techniques. Results suggest that hacker communities can be analyzed to aid in cyber threat detection, thus providing promising direction for future work.

The threats of reverse-engineering, IP piracy, and hardware Trojan insertion in the semiconductor supply chain are greater today than ever before. Split manufacturing has emerged as a viable approach to protect integrated circuits (ICs) fabricated in untrusted foundries, but has high cost and/or high performance overhead. Furthermore, split manufacturing cannot fully prevent untargeted hardware Trojan insertions. In this paper, we propose to insert additional functional circuitry called obfuscated built-in self-authentication (OBISA) in the chip layout with split manufacturing process, in order to prevent reverse-engineering and further prevent hardware Trojan insertion. Self-tests are performed to authenticate the trustworthiness of the OBISA circuitry. The OBISA circuit is connected to original design in order to increase the strength of obfuscation, thereby allowing a higher layer split and lower overall cost. Additional fan-outs are created in OBISA circuitry to improve obfuscation without losing testability. Our proposed gating mechanism and net selection method can ensure negligible overhead in terms of area, timing, and dynamic power. Experimental results demonstrate the effectiveness of the proposed technique in several benchmark circuits.

Detecting attacks that are based on unknown security vulnerabilities is a challenging problem. The timely detection of attacks based on hitherto unknown vulnerabilities is crucial for protecting other users and systems from being affected as well. To know the attributes of a novel attack's target system can support automated reconfiguration of firewalls and sending alerts to administrators of other vulnerable targets. We suggest a novel approach of post-incident intrusion detection by utilizing information gathered from real-time social media streams. To accomplish this we take advantage of social media users posting about incidents that affect their user accounts of attacked target systems or their observations about misbehaving online services. Combining knowledge of the attacked systems and reported incidents, we should be able to recognize patterns that define the attributes of vulnerable systems. By matching detected attribute sets with those attributes of well-known attacks, we furthermore should be able to link attacks to already existing entries in the Common Vulnerabilities and Exposures database. If a link to an existing entry is not found, we can assume to have detected an exploitation of an unknown vulnerability, i.e., a zero day exploit or the result of an advanced persistent threat. This finding could also be used to direct efforts of examining vulnerabilities of attacked systems and therefore lead to faster patch deployment.

(No abstract.)

Keystroke dynamics is a form of behavioral biometrics that can be used for continuous authentication of computer users. Many classifiers have been proposed for the analysis of acquired user patterns and verification of users at computer terminals. The underlying machine learning methods that use Gaussian density estimator for outlier detection typically assume that the digraph patterns in keystroke data are generated from a single Gaussian distribution. In this paper, we relax this assumption by allowing digraphs to fit more than one distribution via the Gaussian Mixture Model (GMM). We have conducted an experiment with a public data set collected in a controlled environment. Out of 30 users with dynamic text, we obtain 0.08% Equal Error Rate (EER) with 2 components by using GMM, while pure Gaussian yields 1.3% EER for the same data set (an improvement of EER by 93.8%). Our results show that GMM can recognize keystroke dynamics more precisely and authenticate users with higher confidence level.

With the pretty prompt growth in Internet content, the main usage pattern of internet is shifting from traditional host-to-host model to content dissemination model. To support content distribution, content delivery networks (CDNs) gives an ad-hoc solution and some of future internet projects suggest a clean-slate design. Web applications have become one of the fundamental internet services. How to effectively support the popular browser-based web application is one of keys to success for future internet projects. This paper proposes the IDNet-based web applications. IDNet consists of id/locator separation scheme and domain-insulated autonomous network architecture (DIANA) which redesign the future internet in the clean slate basis. We design and develop an IDNet Browser based on the open source Qt. IDNet browser enables ID fetching and rendering by both `idp:/' schemes URID (Universal Resource Identifier) and `http:/' schemes URI in HTML The experiment shows that it can well be applicable to the IDNet test topology.

In this paper, a new method for quantitative evaluation of the security of cyber-physical systems (CPSs) is proposed. The proposed method models the different classes of adversarial attacks against CPSs, including cross-domain attacks, i.e., cyber-to-cyber and cyber-to-physical attacks. It also takes the secondary consequences of attacks on CPSs into consideration. The intrusion process of attackers has been modeled using attack graph and the consequence estimation process of the attack has been investigated using process model. The security attributes and the special parameters involved in the security analysis of CPSs, have been identified and considered. The quantitative evaluation has been done using the probability of attacks, time-to-shutdown of the system and security risks. The validation phase of the proposed model is performed as a case study by applying it to a boiling water power plant and estimating the suitable security measures.

Security of secret data has been a major issue of concern from ancient time. Steganography and cryptography are the two techniques which are used to reduce the security threat. Cryptography is an art of converting secret message in other than human readable form. Steganography is an art of hiding the existence of secret message. These techniques are required to protect the data theft over rapidly growing network. To achieve this there is a need of such a system which is very less susceptible to human visual system. In this paper a new technique is going to be introducing for data transmission over an unsecure channel. In this paper secret data is compressed first using LZW algorithm before embedding it behind any cover media. Data is compressed to reduce its size. After compression data encryption is performed to increase the security. Encryption is performed with the help of a key which make it difficult to get the secret message even if the existence of the secret message is reveled. Now the edge of secret message is detected by using canny edge detector and then embedded secret data is stored there with the help of a hash function. Proposed technique is implemented in MATLAB and key strength of this project is its huge data hiding capacity and least distortion in Stego image. This technique is applied over various images and the results show least distortion in altered image.

Internet is facing many challenges that cannot be solved easily through ad hoc patches. To address these challenges, many research programs and projects have been initiated and many solutions are being proposed. However, before we have a new architecture that can motivate Internet service providers (ISPs) to deploy and evolve, we need to address two issues: 1) know the current status better by appropriately evaluating the existing Internet; and 2) find how various incentives and strategies will affect the deployment of the new architecture. For the first issue, we define a series of quantitative metrics that can potentially unify results from several measurement projects using different approaches and can be an intrinsic part of future Internet architecture (FIA) for monitoring and evaluation. Using these metrics, we systematically evaluate the current interdomain routing system and reveal many “autonomous-system-level” observations and key lessons for new Internet architectures. Particularly, the evaluation results reveal the imbalance underlying the interdomain routing system and how the deployment of FIAs can benefit from these findings. With these findings, for the second issue, appropriate deployment strategies of the future architecture changes can be formed with balanced incentives for both customers and ISPs. The results can be used to shape the short- and long-term goals for new architectures that are simple evolutions of the current Internet (so-called dirty-slate architectures) and to some extent to clean-slate architectures.

In the restructured electricity industry, electricity pooling markets are an oligopoly with strategic producers possessing private information (private production cost function). We focus on pooling markets where aggregate demand is represented by a non-strategic agent. We consider demand to be elastic. We propose a market mechanism that has the following features. (F1) It is individually rational. (F2) It is budget balanced. (F3) It is price efficient, that is, at equilibrium the price of electricity is equal to the marginal cost of production. (F4) The energy production profile corresponding to every nonzero Nash equilibrium of the game induced by the mechanism is a solution of the corresponding centralized problem where the objective is the maximization of the sum of the producers' and consumers' utilities. We identify some open problems associated with our approach to electricity pooling markets.

The security concerns of EDA tools have long been ignored because IC designers and integrators only focus on their functionality and performance. This lack of trusted EDA tools hampers hardware security researchers' efforts to design trusted integrated circuits. To address this concern, a novel EDA tools trust evaluation framework has been proposed to ensure the trustworthiness of EDA tools through its functional operation, rather than scrutinizing the software code. As a result, the newly proposed framework lowers the evaluation cost and is a better fit for hardware security researchers. To support the EDA tools evaluation framework, a new gate-level information assurance scheme is developed for security property checking on any gate-level netlist. Helped by the gate-level scheme, we expand the territory of proof-carrying based IP protection from RT-level designs to gate-level netlist, so that most of the commercially trading third-party IP cores are under the protection of proof-carrying based security properties. Using a sample AES encryption core, we successfully prove the trustworthiness of Synopsys Design Compiler in generating a synthesized netlist.

The performance of indirect trust computation models (based on recommendations) can be easily compromised due to the subjective and social-based prejudice of the provided recommendations. Eradicating the influence of such recommendation remains an important and challenging issue in indirect trust computation models. An effective model for indirect trust computation is proposed which is capable of identifying dishonest recommendations. Dishonest recommendations are identified by using deviation based detecting technique. The concept of measuring the credibility of recommendation (rather than credibility of recommender) using fuzzy inference engine is also proposed to determine the influence of each honest recommendation. The proposed model has been compared with other existing evolutionary recommendation models in this field, and it is shown that the model is more accurate in measuring the trustworthiness of unknown entity.

As smart meters continue to be deployed around the world collecting unprecedented levels of fine-grained data about consumers, we need to find mechanisms that are fair to both, (1) the electric utility who needs the data to improve their operations, and (2) the consumer who has a valuation of privacy but at the same time benefits from sharing consumption data. In this paper we address this problem by proposing privacy contracts between electric utilities and consumers with the goal of maximizing the social welfare of both. Our mathematical model designs an optimization problem between a population of users that have different valuations on privacy and the costs of operation by the utility. We then show how contracts can change depending on the probability of a privacy breach. This line of research can help inform not only current but also future smart meter collection practices.

We argue that emergent behavior is inherent to cybersecurity.

The increased prevalence of attacks on Cyber-Physical Systems (CPS) as well as the safety-critical nature of these systems, has resulted in increased concerns regarding the security of CPS. In an effort towards the security of CPS, we consider the detection of attacks based on the fundamental notion of a system’s energy. We propose a discrete-time Energy-Based Attack Detection mech- anism for networked cyber-physical systems that are dissipative or passive in nature. We present analytical results to show that the de- tection mechanism is effective in detecting a class of attack models in networked control systems (NCS). Finally, using simulations we illustrate the effectiveness of the proposed approach in detecting attacks.

Educators and sponsors endorse competitions as a strong, positive influence on career choice. However, empirical studies of cybersecurity competitions are lacking, and evidence from computer science and mathematics competitions has been mixed. Here we report initial results from an ongoing study of the National Cyber League to provide a glimpse of the role of competitions in fostering cybersecurity career engagement. Preliminary results suggest that cyber competitions attract experienced individuals who will remain in the profession for the long-term, but future research is needed to understand how cyber competitions may engage women and those new to the field.

The concept of differential  privacy stems from the study of private query of datasets.  In  this work, we apply this concept  to metric spaces  to study a  mechanism  that randomizes a deterministic query by adding  mean-zero  noise to keep differential  privacy.

Healthcare professionals have unique motivations, goals, perceptions, training, tensions, and behaviors, which guide workflow and often lead to unprecedented workarounds that weaken the efficacy of security policies and mechanisms. Identifying and understanding these factors that contribute to circumvention, as well as the acts of circumvention themselves, is key to designing, implementing, and maintaining security subsystems that achieve security goals in healthcare settings. To this end, we present our research on workarounds to computer security in healthcare settings without compromising the fundamental health goals. We argue and demonstrate that understanding workarounds to computer security, especially in medical settings, requires not only analyses of computer rules and processes, but also interviews and observations with users and security personnel. In addition, we discuss the value of shadowing clinicians and conducting focus groups with them to understand their motivations and tradeoffs for circumvention. Ethnographic investigation of workflow is paramount to achieving security objectives.

Cloud federation is a future evolution of Cloud computing, where Cloud Service Providers (CSP) collaborate dynamically to share their virtual infrastructure for load balancing and meeting the Quality of Service during the demand spikes. Today, one of the major obstacles in adoption of federation is the lack of trust between Cloud providers participating in federation. In order to ensure the security of critical and sensitive data of customers, it is important to evaluate and establish the trust between Cloud providers, before redirecting the customer's requests from one provider to other provider. We are proposing a trust evaluation model and underlying protocol that will facilitate the cloud providers to evaluate the trustworthiness of each other and hence participate in federation to share their infrastructure in a trusted and reliable way.