Biblio

In many scenarios, Internet connectivity may not be available. In such situations, device-to-device (D2D) communication may be utilized to establish a peer-to-peer (P2P) network among mobile users in the vicinity. However, this raises a fundamental question as is how to ensure secure communication in such an infrastructure-less network. In this paper, we present an approach that enables connectivity between mobile devices in the vicinity and supports secure communication between users in Internet-isolated locations. Specifically, the proposed solution uses Wi-Fi Aware for establishing a P2P network and the mTLS (mutual Transport Layer Security) protocol to provide mutually authenticated and encrypted message transfer. Besides, a novel decentralized peer authentication (DPA) scheme compatible with Wi-Fi Aware and TLS is proposed, which enables peers to verify other peers to join the network. A proof-of-concept instant messaging application has been developed to test the proposed DPA scheme and to evaluate the performance of the proposed overall approach. Experimental results, which validate the proposed solution, are presented with findings and limitations discussed.

This article describes an analysis of the key technologies currently applied to improve the quality, efficiency, safety and sustainability of Smart Grid systems and identifies the tools to optimize them and possible gaps in this area, considering the different energy sources, distributed generation, microgrids and energy consumption and production capacity. The research was conducted with a qualitative methodological approach, where the literature review was carried out with studies published from 2019 to 2022, in five (5) databases following the selection of studies recommended by the PRISMA guide. Of the five hundred and four (504) publications identified, ten (10) studies provided insight into the technological trends that are impacting this scenario, namely: Internet of Things, Big Data, Edge Computing, Artificial Intelligence and Blockchain. It is concluded that to obtain the best performance within Smart Grids, it is necessary to have the maximum synergy between these technologies, since this union will enable the application of advanced smart digital technology solutions to energy generation and distribution operations, thus allowing to conquer a new level of optimization.

The emergence of smart cars has revolutionized the automotive industry. Today's vehicles are equipped with different types of electronic control units (ECUs) that enable autonomous functionalities like self-driving, self-parking, lane keeping, and collision avoidance. The ECUs are connected to each other through an in-vehicle network, named Controller Area Network. In this talk, we will present the different cyber attacks that target autonomous vehicles and explain how an intrusion detection system (IDS) using machine learning can play a role in securing the Controller Area Network. We will also discuss the main research contributions for the security of autonomous vehicles. Specifically, we will describe our IDS, named Histogram-based Intrusion Detection and Filtering framework. Next, we will talk about the machine learning explainability issue that limits the acceptability of machine learning in autonomous vehicles, and how it can be addressed using our novel intrusion detection system based on rule extraction methods from Deep Neural Networks.

Keystroke dynamics is one solution to enhance the security of password authentication without adding any disruptive handling for users. Industries are looking for more security without impacting too much user experience. Considered as a friction-less solution, keystroke dynamics is a powerful solution to increase trust during user authentication without adding charge to the user. In this paper, we address the problem of user authentication considering the keystroke dynamics modality. We proposed a new approach based on the conversion of behavioral biometrics data (time series) into a 3D image. This transformation process keeps all the characteristics of the behavioral signal. The time series do not receive any filtering operation with this transformation and the method is bijective. This transformation allows us to train images based on convolutional neural networks. We evaluate the performance of the authentication system in terms of Equal Error Rate (EER) on a significant dataset and we show the efficiency of the proposed approach on a multi-instance system.

In the process of compiling the power-cut window period of the power grid equipment maintenance plan, problems such as omission of constraints are prone to occur due to excessive reliance on manual experience. In response to these problems, this paper proposes a method for mining key features of the power-cut window based on grey relational analysis. Through mining and analysis of the historical operation data of the power grid, the operation data of new energy, and the historical power-cut information of equipment, the indicators that play a key role in the arrangement of the outage window period of the equipment maintenance plan are found. Then use the key indicator information to formulate the window period. By mining the relationship between power grid operation data and equipment power outages, this paper can give full play to the big data advantages of the power grid, improve the accuracy and efficiency of the power-cut window period.

With their variety of application verticals, smart cities represent a killer scenario for Cloud-IoT computing, e.g. fog computing. Such applications require a management capable of satisfying all their requirements through suitable service placements, and of balancing among QoS-assurance, operational costs, deployment security and, last but not least, energy consumption and carbon emissions. This keynote discusses these aspects over a motivating use case and points to some open challenges.

In 2020, Omar and abed proposed a new noise-free fully homomorphic encryption scheme that allows arbitrary computations on encrypted data without decryption. However, they did not provide a sufficient security analysis of the proposed scheme and just stated that it is secure under the integer factorization assumption. In this paper, we present known plaintext attacks on their scheme and illustrate them with toy examples. Our attack algorithms are quite simple: They require several times of greatest common divisor (GCD) computations using only a few pair of message and ciphertext.

Polar codes have been shown to provide an effective mechanism for achieving physical-layer security over various wiretap channels. A majority of these schemes require channel state information (CSI) at the encoder for both intended receivers and eavesdroppers. In this paper, we consider a polar coding scheme for secrecy over a Gaussian wiretap channel when no CSI is available. We show that the availability of a shared keystream between friendly parties allows polar codes to be used for both secure and reliable communications, even when the eavesdropper knows a large fraction of the keystream. The scheme relies on a predetermined strategy for partitioning the bits to be encoded into a set of frozen bits and a set of information bits. The frozen bits are filled with bits from the keystream, and we evaluate the security gap when the cyclic redundancy check-aided successive cancellation list decoder is used at both receivers in the wiretap channel model.

To improve efficiency of stegosystem on blockchain and balance the time consumption of Encode and Decode operations, we propose a new blockchain-based steganography scheme, called Keys as Secret Messages (KASM), where a codebook of mappings between bitstrings and public keys can be pre-calculated by both sides with some secret parameters pre-negotiated before covert communication. By applying properties of elliptic curves and pseudorandom number generators, we realize key derivation of codebook item, and we construct the stegosystem with provable security under chosen hiddentext attack. By comparing KASM with Blockchain Covert Channel (BLOCCE) and testing on Bitcoin protocol, we conclude that our proposed stegosystem encodes hiddentexts faster than BLOCCE does and can decode stegotexts in highly acceptable time. The balanced time consumption of Encode and Decode operations of KASM make it applicable in the scene of duplex communication. At the same time, KASM does not leak sender’s private keys, so sender’s digital currencies can be protected.

Currently, one method to deal with the storage and computation of multimedia retrieval applications is an approximate nearest neighbor (ANN) search. Hashing algorithms and Vector quantization (VQ) are widely used in ANN search. So, K-mean clustering is a method of VQ that can solve those problems. With the increasing growth of multimedia data such as text view, image view, video view, audio view, and 3D view. Thus, it is a reason that why multimedia retrieval is very important. We can retrieve the results of each media type by inputting a query of that type. Even though many hashing algorithms and VQ techniques are proposed to produce a compact or short binary codes. In the real-time purposes the exhaustive search is impractical, and Hamming distance computation in the Hamming space suffers inaccurate results. The challenge of this paper is focusing on how to learn multimedia raw data or features representation to search on each media type for multimedia retrieval. So we propose a new search method that utilizes K-mean hash codes by computing the probability of a cluster in the index code. The proposed employs the index code from the K-mean cluster number that is converted to hash code. The inverted index table is constructed basing on the K-mean hash code. Then we can improve the original K-mean index accuracy and efficiency by learning a deep neural network (DNN). We performed the experiments on four benchmark multimedia datasets to retrieve each view such as 3D, image, video, text, and audio, where hash codes are produced by K-mean clustering methods. Our results show the effectiveness boost the performance on the baseline (exhaustive search).

The traditional KNN algorithm takes insufficient consideration of the spatial distribution of training samples, which leads to low accuracy in processing high-dimensional data sets. Moreover, the generation of k nearest neighbors requires all known samples to participate in the distance calculation, resulting in high time overhead. To solve these problems, a feature subspace based KNN algorithm (Feature Subspace KNN, FSS-KNN) is proposed in this paper. First, the FSS-KNN algorithm solves all the feature subspaces according to the distribution of the training samples in the feature space, so as to ensure that the samples in the same subspace have higher similarity. Second, the corresponding feature subspace is matched for the test set samples. On this basis, the search of k nearest neighbors is carried out in the corresponding subspace first, thus improving the accuracy and efficiency of the algorithm. Experimental results show that compared with the traditional KNN algorithm, FSS-KNN algorithm improves the accuracy and efficiency on Kaggle data set and UCI data set. Compared with the other four classical machine learning algorithms, FSS-KNN algorithm can significantly improve the accuracy.

Deep reinforcement learning has recently been adopted for robot behavior learning, where robot skills are acquired and adapted from data generated by the robot while interacting with its environment through a trial-and-error process. Despite this success, most model-free deep reinforcement learning algorithms learn a task-specific policy from a clean slate and thus suffer from high sample complexity (i.e., they require a significant amount of interaction with the environment to learn reasonable policies and even more to reach convergence). They also suffer from poor initial performance due to executing a randomly initialized policy in the early stages of learning to obtain experience used to train a policy or value function. Model based deep reinforcement learning mitigates these shortcomings. However, it suffers from poor asymptotic performance in contrast to a model-free approach. In this work, we investigate knowledge transfer from a model-based teacher to a task-specific model-free learner to alleviate executing a randomly initialized policy in the early stages of learning. Our experiments show that this approach results in better asymptotic performance, enhanced initial performance, improved safety, better action effectiveness, and reduced sample complexity.

Many recent data breaches have been linked to supply chain risks. For example, a recent high- profile attack that took place in the second half of 2018, Operation ShadowHammer, compromised an update utility used by a global computer manufacturer.1 The compromised software was served to users through the manufacturer’s official website and is estimated to have impacted up to a million users before it was discovered. This is reminiscent of the attack by the Dragonfly group, which started in 2013 and targeted industrial control systems.2 This group successfully inserted malware into software that was available for download through the manufacturers’ websites, which resulted in companies in critical industries such as energy being impacted by this malware. These incidents are not isolated events. Many recent reports suggest these attacks are increasing in frequency. An Incident Response Threat Report published in April 2019 by Carbon Black highlighted the use of “island hopping” by 50 % of attacks.3 Island hopping is an attack that focuses on impacting not only the victim but its customers and partners, especially if these partners have network interconnections. Symantec’s 2019 Security Threat Report found supply chain attacks increased by 78 % in 2018.4 Perhaps more worrying is that a large number of these attacks appear to be successful and cause significant damage. A November 2018 study, Data Risk in the Third-Party Ecosystem, conducted by the Ponemon Institute found that 59 % of companies surveyed experienced a data breach caused by one of their third parties.5 A July 2018 survey conducted by Crowdstrike found software supply chains even more vulnerable with 66 % of respondents reporting a software supply chain attack, 90 % of whom faced financial impacts as a result of the attack.

Modern commercial software development organizations frequently prescribe to a development and deployment pattern for releases known as continuous integration / continuous deployment (CI/CD). Kubernetes, a cluster-based distributed application platform, is often used to implement this pattern. While the abstract concept is fairly well understood, CI/CD implementations vary widely. Resources are scattered across on-premise and cloud-based services, and systems may not be fully automated. Additionally, while a development pipeline may aim to ensure the security of the finished artifact, said artifact may not be protected from outside observers or cloud providers during execution. This paper describes a complete CI/CD pipeline running on Kubernetes that addresses four gaps in existing implementations. First, the pipeline supports strong separation-of-duties, partitioning development, security, and operations (i.e., DevSecOps) roles. Second, automation reduces the need for a human interface. Third, resources are scoped to a Kubernetes cluster for portability across environments (e.g., public cloud providers). Fourth, deployment artifacts are secured with Asylo, a development framework for trusted execution environments (TEEs).

Securing various data types such as text, image, and video is needed in real-time communications. The transmission of data over an insecure channel is a permanent challenge, especially in mass Internet applications. Preserving confidentiality and integrity of data toward malicious attacks, accidental devastation, change during transfer, or while in storage must be improved. Data Encryption Standard (DES) is considered as a symmetric-key algorithm that is most widely used for various security purposes. In this work, a Key-based Enhancement of the DES (KE-DES) technique for securing text is proposed. The KEDES is implemented by the application of two steps: the first is merging the Odd/Even bit transformation of every key bit in the DES algorithm. The second step is replacing the right-side expansion of the original DES by using Key-Distribution (K-D) function. The K-D allocation consists of 8-bits from Permutation Choice-1 (PC-1) key outcome. The next 32-bits outcomes from the right-side of data, there is also 8-bits outcome from Permutation Choice-2 (PC-2) in each round. The key and data created randomly, in this case, provide adequate security and the KEDES model is considered more efficient for text encryption.

In the context of a rapidly changing and increasingly complex (industrial) production landscape, securing the (communication) infrastructure is becoming an ever more important but also more challenging task - accompanied by the application of radio communication. A worthwhile and promising approach to overcome the arising attack vectors, and to keep private networks private, are Physical Layer Security (PhySec) implementations. The paper focuses on the transfer of the IEEE802.11 (WLAN) PhySec - Secret Key Generation (SKG) algorithms to Next Generation Mobile Networks (NGMNs), as they are the driving forces and key enabler of future industrial networks. Based on a real world Long Term Evolution (LTE) testbed, improvements of the SKG algorithms are validated. The paper presents and evaluates significant improvements in the establishment of channel profiles, whereby especially the Bit Disagreement Rate (BDR) can be improved substantially. The combination of the Discrete Cosine Transformation (DCT) and the supervised Machine Learning (ML) algorithm - Linear Regression (LR) - provides outstanding results, which can be used beyond the SKG application. The evaluation also emphasizes the appropriateness of PhySec for securing private networks.

Some of the key challenges in steganography are imperceptibility and resistance to detection of steganalysis algorithms. Zero steganography is an approach to data hiding such that the cover image is not modified. This paper focuses on the generation of stego-key, which is an essential component of this steganographic approach. This approach utilizes DNA sequences and shifting and flipping operations in its binary code representation. Experimental results show that the key generation algorithm has a low cracking probability. The algorithm satisfies the avalanche criterion.

Wireless security is confronted with the complexity of the secret key distribution process, which is difficult to implement on an Ad Hoc network without a key management infrastructure. The symmetric key extraction mechanism from a response channel in a wireless environment is a very promising alternative solution with the simplicity of the key distribution process. Various mechanisms have been proposed for extracting the symmetric key, but many mechanisms produce low rates of the symmetric key due to the high bit differences that occur. This led to the fact that the reconciliation phase was unable to make corrections, as a result of which many key bits were lost, and the time required to obtain a symmetric key was increased. In this paper, we propose the use of an interval approach that divides the response channel into segments at specific intervals to reduce the key bit difference and increase the key rates. The results of tests conducted in the wireless environment show that the use of these mechanisms can increase the rate of the keys up to 35% compared to existing mechanisms.

Side-channel analysis (SCA) is a big threat to the security of connected embedded devices. Over the last few years, physical non-invasive SCA attacks utilizing the electromagnetic (EM) radiation (EM side-channel `leakage') from a crypto IC has gained huge momentum owing to the availability of the low-cost EM probes and development of the deep-learning (DL) based profiling attacks. In this paper, our goal is to understand the source of the EM leakage by analyzing a white-box modeling of the EM leakage from the crypto IC, leading towards a low-overhead generic countermeasure. To kill this EM leakage from its source, the solution utilizes a signature attenuation hardware (SAH) encapsulating the crypto core locally within the lower metal layers such that the critical correlated crypto current signature is significantly attenuated before it passes through the higher metal layers to connect to the external pin. The protection circuit utilizing AES256 as the crypto core is fabricated in 65nm process and shows for the first time the effects of metal routing on the EM leakage. The \textbackslashtextgreater 350× signature attenuation of the SAH together with the local lower metal routing ensured that the protected AES remains secure even after 1B measurements for both EM and power SCA, which is an 100× improvement over the state-of-the-art with comparable overheads. Overall, with the combination of the 2 techniques - signature suppression and local lower metal routing, we are able to kill the EM side-channel leakage at its source such that the correlated signature is not passed through the top-level metals, MIM capacitors, or on-board inductors, which are the primary sources of EM leakage, thereby preventing EM SCA attacks.

Millimeter wave imaging radar is indispensible for collision avoidance of self-driving system, especially in optically blurred visions. The range points migration (RPM) is one of the most promising imaging algorithms, which provides a number of advantages from synthetic aperture radar (SAR), in terms of accuracy, computational complexity, and potential for multifunctional imaging. The inherent problem in the RPM is that it suffers from lower angular resolution in narrower frequency band even if higher frequency e.g. millimeter wave, signal is exploited. To address this problem, the k-space decomposition based RPM has been developed. This paper focuses on the experimental validation of this method using the X-band or millimeter wave radar system, and demonstrated that our method significantly enhances the reconstruction accuracy in three-dimensional images for the two simple spheres and realistic vehicle targets.

We consider the problem of covert communication when Channel State Information (CSI) is available non-causally, causally, and strictly causally at both transmitter and receiver, as well as the case when channel state information is only available at the transmitter. Covert communication with respect to an adversary referred to as the "warden", is one in which the distribution induced during communication at the channel output observed by the warden is identical to the output distribution conditioned on an innocent channel-input symbol. In contrast to previous work, we do not assume the availability of a shared key at the transmitter and legitimate receiver; instead shared randomness is extracted from the channel state, in a manner that keeps it secret from the warden despite the influence of the channel state on the warden's output. When CSI is available at both transmitter and receiver, we derive the covert capacity region; when CSI is only available at the transmitter, we derive inner and outer bounds on the covert capacity. We also derive the covert capacity when the warden's channel is less noisy with respect to the legitimate receiver. We provide examples for which covert capacity is zero without channel state information, but is positive in the presence of channel state information.

Data races occur when two threads fail to use proper synchronization when accessing shared data. In kernel file systems, which are highly concurrent by design, data races are common mistakes and often wreak havoc on the users, causing inconsistent states or data losses. Prior fuzzing practices on file systems have been effective in uncovering hundreds of bugs, but they mostly focus on the sequential aspect of file system execution and do not comprehensively explore the concurrency dimension and hence, forgo the opportunity to catch data races.In this paper, we bring coverage-guided fuzzing to the concurrency dimension with three new constructs: 1) a new coverage tracking metric, alias coverage, specially designed to capture the exploration progress in the concurrency dimension; 2) an evolution algorithm for generating, mutating, and merging multi-threaded syscall sequences as inputs for concurrency fuzzing; and 3) a comprehensive lockset and happens-before modeling for kernel synchronization primitives for precise data race detection. These components are integrated into Krace, an end-to-end fuzzing framework that has discovered 23 data races in ext4, btrfs, and the VFS layer so far, and 9 are confirmed to be harmful.

Cybersecurity is a major issue today. It is predicted that cybercrime will cost the world \$6 trillion annually by 2021. It is important to make logins secure as well as to make advances in security in order to catch cybercriminals. This paper will design and create a device that will use Fuzzy logic to identify a person by the rhythm and frequency of their typing. The device will take data from a user from a normal password entry session. This data will be used to make a Fuzzy system that will be able to identify the user by their typing speed. An application of this project could be used to make a more secure log-in system for a user. The log-in system would not only check that the correct password was entered but also that the rhythm of how the password was typed matched the user. Another application of this system could be used to help catch cybercriminals. A cybercriminal may have a certain rhythm at which they type at and this could be used like a fingerprint to help officials locate cybercriminals.

The readout of large pixellated detectors with good spectroscopic quality represents a challenge for both front-end and back-end electronics. The TRISTAN project for the search of the Sterile neutrino in the keV-scale, envisions the operation of 21 detection modules equipped with a monolithic array of 166 SDDs each, for β-decay spectroscopy in the KATRIN experiment's spectrometer. Since the trace of the sterile neutrino existence would manifest as a kink of \textbackslashtextless; 1ppm in the continuous spectrum, high accuracy in the acquisition is required. Within this framework, we present the design of a multichannel scalable analog processing and DAQ system named Kerberos, aimed to provide a simple and low-cost multichannel readout option in the early phase of the TRISTAN detector development. It is based on three 16-channel integrated programmable analog pulse processors (SFERA ASICs), high linearity ADCs, and an FPGA. The platform is able to acquire data from up to 48 pixels in parallel, providing also different readout and multiplexing strategies. The use of an analog ASIC-based solution instead of a Digital Pulse Processor, represents a viable and scalable processing solution at the price of slightly limited versatility and count rate.