Biblio

With evolution of the communication technology remote monitoring has rooted into many applications. Swift innovation in Internet of Things (IoT) technology led to development of electronics embedded devices capable of sensing into the remote location and transferring the data through internet across the globe. Such devices transfers the sensitive data, which are susceptible to security attacks by the intruder and network hacker. Paper studies the existing security solutions and limitations for IoT environment and provides a pragmatic lightweight security scheme on Transmission Control Protocol (TCP) network for Remote Monitoring System devices over internet. This security scheme will aid Original Equipment Manufacturer (OEM) developing massive IoT products for remote monitoring. Real time evaluation of this scheme has been analyzed.

Techniques applied in response to detrimental digital incidents vary in many respects according to their attributes. Models of techniques exist in current research but are typically restricted to some subset with regards to the discipline of the incident. An enormous collection of techniques is actually available for use. There is no single model representing all these techniques. There is no current categorisation of digital forensics reactive techniques that classify techniques according to the attribute of function and nor is there an attempt to classify techniques in a means that goes beyond a subset. In this paper, an ontology that depicts digital forensic reactive techniques classified by function is presented. The ontology itself contains additional information for each technique useful for merging into a cognate system where the relationship between techniques and other facets of the digital investigative process can be defined. A number of existing techniques were collected and described according to their function - a verb. The function then guided the placement and classification of the techniques in the ontology according to the ontology development process. The ontology contributes to a knowledge base for digital forensics - essentially useful as a resource for the various people operating in the field of digital forensics. The benefit of this that the information can be queried, assumptions can be made explicit, and there is a one-stop-shop for digital forensics reactive techniques with their place in the investigation detailed.

Several assessment techniques and methodologies exist to analyze the security of an application dynamically. However, they either are focused on a particular product or are mainly concerned about the assessment process rather than the product's security confidence. Most crucially, they tend to assess the security of a target application as a standalone artifact without assessing its host infrastructure. Such attempts can undervalue the overall security posture since the infrastructure becomes crucial when it hosts a critical application. We present an ontology-based security model that aims to provide the necessary knowledge, including network settings, application configurations, testing techniques and tools, and security metrics to evaluate the security aptitude of a critical application in the context of its hosting infrastructure. The objective is to integrate the current good practices and standards in security testing and virtualization to furnish an on-demand and test-ready virtual target infrastructure to execute the critical application and to initiate a context-aware and quantifiable security assessment process in an automated manner. Furthermore, we present a security assessment architecture to reflect on how the ontology can be integrated into a standard process.

A wide variety of security software systems need to be integrated into a Security Orchestration Platform (SecOrP) to streamline the processes of defending against and responding to cybersecurity attacks. Lack of interpretability and interoperability among security systems are considered the key challenges to fully leverage the potential of the collective capabilities of different security systems. The processes of integrating security systems are repetitive, time-consuming and error-prone; these processes are carried out manually by human experts or using ad-hoc methods. To help automate security systems integration processes, we propose an Ontology-driven approach for Security OrchestrAtion Platform (OnSOAP). The developed solution enables interpretability, and interoperability among security systems, which may exist in operational silos. We demonstrate OnSOAP's support for automated integration of security systems to execute the incident response process with three security systems (Splunk, Limacharlie, and Snort) for a Distributed Denial of Service (DDoS) attack. The evaluation results show that OnSOAP enables SecOrP to interpret the input and output of different security systems, produce error-free integration details, and make security systems interoperable with each other to automate and accelerate an incident response process.

Nowadays, video streaming over HTTP is one of the most dominant Internet applications, using adaptive video techniques. Network assisted approaches have been proposed and are being standardized in order to provide high QoE for the end-users of such applications. SAND is a recent MPEG standard where DASH Aware Network Elements (DANEs) are introduced for this purpose. As web-caches are one of the main components of the SAND architecture, the location and the connectivity of these web-caches plays an important role in the user's QoE. The nature of SAND and DANE provides a good foundation for software controlled virtualized DASH environments, and in this paper, we propose a cache location algorithm and a cache migration algorithm for virtualized SAND deployments. The optimal locations for the virtualized DANEs is determined by an SDN controller and migrates it based on gathered statistics. The performance of the resulting system shows that, when SDN and NFV technologies are leveraged in such systems, software controlled virtualized approaches can provide an increase in QoE.

Motivated by the transformative impact of deep neural networks (DNNs) on different areas (e.g., image and speech recognition), researchers and anti-virus vendors are proposing end-to-end DNNs for malware detection from raw bytes that do not require manual feature engineering. Given the security sensitivity of the task that these DNNs aim to solve, it is important to assess their susceptibility to evasion.
In this work, we propose an attack that guides binary-diversification tools via optimization to mislead DNNs for malware detection while preserving the functionality of binaries. Unlike previous attacks on such DNNs, ours manipulates instructions that are a functional part of the binary, which makes it particularly challenging to defend against. We evaluated our attack against three DNNs in white-box and black-box settings, and found that it can often achieve success rates near 100%. Moreover, we found that our attack can fool some commercial anti-viruses, in certain cases with a success rate of 85%. We explored several defenses, both new and old, and identified some that can successfully prevent over 80% of our evasion attempts. However, these defenses may still be susceptible to evasion by adaptive attackers, and so we advocate for augmenting malware-detection systems with methods that do not rely on machine learning.

Today's rapid progress in the physical implementation of quantum computers demands scalable synthesis methods to map practical logic designs to quantum architectures. There exist many quantum algorithms which use classical functions with superposition of states. Motivated by recent trends, in this paper, we show the design of quantum circuit to perform modular exponentiation functions using two different approaches. In the design phase, first we generate quantum circuit from a verilog implementation of exponentiation functions using synthesis tools and then apply two different Quantum Error Correction techniques. Finally the circuit is further optimized using the Linear Nearest Neighbor (LNN) Property. We demonstrate the effectiveness of our approach by generating a set of networks for the reversible modular exponentiation function for a set of input values. At the end of the work, we have summarized the obtained results, where a cost analysis over our developed approaches has been made. Experimental results show that depending on the choice of different QECC methods the performance figures can vary by up to 11%, 10%, 8% in T-count, number of qubits, number of gates respectively.

We present Ouroboros Crypsinous, the first formally analyzed privacy-preserving proof-of-stake blockchain protocol. To model its security we give a thorough treatment of private ledgers in the (G)UC setting that might be of independent interest. To prove our protocol secure against adaptive attacks, we introduce a new coin evolution technique relying on SNARKs and key-private forward secure encryption. The latter primitive-and the associated construction-can be of independent interest. We stress that existing approaches to private blockchain, such as the proof-of-work-based Zerocash are analyzed only against static corruptions.

A study done by researchers at Ohio University calls for the improvement of information literacy as it was found that most people do not take time to verify whether information is accurate or not before sharing it on social media. The study uses information literacy factors and a theoretical lens to help develop an understanding of why people share "fake news" on social media.

Researchers at the NYU Tandon School of Engineering developed a technique to prevent sophisticated methods of altering photos and videos to produce deep fakes, which are often weaponized to influence people. The technique developed by researchers involves the use of artificial intelligence (AI) to determine the authenticity of images and videos.

Cloud Management Platforms (CMP) have been developed in recent years to set up cloud computing architecture. Infrastructure-as-a-Service (IaaS) is a cloud-delivered model designed by the provider to gather a set of IT resources which are furnished as services for user Virtual Machine Image (VMI) provisioning and management. Openstack is one of the most useful CMP which has been developed for industry and academic researches to simulate IaaS classical processes such as launch and store user VMI instance. In this paper, the main purpose is to adopt a security policy for a secure launch user VMI across a trust cloud environment founded on a combination of enhanced TPM remote attestation and cryptographic techniques to ensure confidentiality and integrity of user VMI requirements.

We present Copland, a language for specifying layered attestations. Layered attestations provide a remote appraiser with structured evidence of the integrity of a target system to support a trust decision. The language is designed to bridge the gap between formal analysis of attestation security guarantees and concrete implementations. We therefore provide two semantic interpretations of terms in our language. The first is a denotational semantics in terms of partially ordered sets of events. This directly connects Copland to prior work on layered attestation. The second is an operational semantics detailing how the data and control flow are executed. This gives explicit implementation guidance for attestation frameworks. We show a formal connection between the two semantics ensuring that any execution according to the operational semantics is consistent with the denotational event semantics. This ensures that formal guarantees resulting from analyzing the event semantics will hold for executions respecting the operational semantics. All results have been formally verified with the Coq proof assistant.

Fingerprinting the malware by its behavioural signature has been an attractive approach for malware detection due to the homogeneity of dynamic execution patterns across different variants of similar families. Although previous researches show reasonably good performance in dynamic detection using machine learning techniques on a large corpus of training set, decisions must be undertaken based upon a scarce number of observable samples in many practical defence scenarios. This paper demonstrates the effectiveness of generative adversarial autoencoder for dynamic malware detection under outbreak situations where in most cases a single sample is available for training the machine learning algorithm to detect similar samples that are in the wild.

IoT based technology are drastically accelerating the informationization development of the power grid system of China that consists of a huge number of power terminal devices interconnected by the network of electric power IoT. However, the networked power terminal equipment oriented cyberspace security has continually become a challenging problem as network attack is continually varying and evolving. In this paper, we concentrate on the security risk of power terminal equipment and their vulnerability based on ATP attack detection and defense. We first analyze the attack mechanism of APT security attack based on power terminal equipment. Based on the analysis of the security and attack of power IoT terminal device, an ontology-based knowledge representation method of power terminal device and its vulnerability is proposed.

Trusted Execution Environments (TEEs) provide hardware support to isolate the execution of sensitive operations on mobile phones for improved security. However, they are not always available to use for application developers. To provide a consistent user experience to those who have and do not have a TEE-enabled device, we could get help from Open-TEE, an open-source GlobalPlatform (GP)-compliant software TEE emulator. However, Open-TEE does not offer any of the security properties hardware TEEs have. In this paper, we propose WhiteBox-TEE which integrates white-box cryptography with Open-TEE to provide better security while still remaining complaint with GP TEE specifications. We discuss the architecture, provisioning mechanism, implementation highlights, security properties and performance issues of WhiteBox-TEE and propose possible revisions to TEE specifications to have better use of white-box cryptography in software-only TEEs.

Investigation of hash join algorithm on multi-core and many-core platforms showed that carefully tuned hash join implementations could outperform simple hash joins on most multi-core servers. However, hardware-oblivious hash join has shown competitive performance on many-core platforms. Knights Landing (KNL) has received attention in the field of parallel computing for its massively data-parallel nature and high memory bandwidth, but both hardware-oblivious and hardware-conscious hash join algorithms have not been systematically discussed and evaluated for KNL's characteristics (high bandwidth, cluster mode, etc.). In this paper, we present the design and implementation of the state-of-the-art hardware-oblivious and hardware-conscious hash joins that are tuned to exploit various KNL hardware characteristics. Using a thorough evaluation, we show that:1) Memory allocation strategies based on KNL's architecture are effective for both hardware-oblivious and hardware-conscious hash join algorithms; 2) In order to improve the efficiency of the hash join algorithms, hardware architecture features are still non-negligible factors.

The globalization of supply chain makes semiconductor chips susceptible to various security threats. Design obfuscation techniques have been widely investigated to thwart intellectual property (IP) piracy attacks. Key distribution among IP providers, system integration team, and end users remains as a challenging problem. This work proposes an orthogonal obfuscation method, which utilizes an orthogonal matrix to authenticate obfuscation keys, rather than directly examining each activation key. The proposed method hides the keys by using an orthogonal obfuscation algorithm to increasing the key retrieval time, such that the primary keys for IP cores will not be leaked. The simulation results show that the proposed method reduces the key retrieval time by 36.3% over the baseline. The proposed obfuscation methods have been successfully applied to ISCAS'89 benchmark circuits. Experimental results indicate that the orthogonal obfuscation only increases the area by 3.4% and consumes 4.7% more power than the baseline1.

In this paper, we consider the problem of designing system parameters to improve detection of attacks in control systems. Specifically, we study control systems which are vulnerable to integrity attacks on sensors and actuators. We aim to defend against strong model aware adversaries that can read and modify all sensors and actuators. Previous work has proposed a moving target defense for detecting integrity attacks on control systems. Here, an authenticating subsystem with time-varying dynamics coupled to the original plant is introduced. Due to this coupling, an attack on the original system will affect the authenticating subsystem and in turn be revealed by a set of sensors measuring the extended plant. Moreover, the time-varying dynamics of the extended plant act as a moving target, preventing an adversary from developing an effective adaptive attack strategy. Previous work has failed to consider the design of the time-varying system matrices and as such provides little in terms of guidelines for implementation in real systems. This paper proposes two optimization problems for designing these matrices. The first designs the auxiliary actuators to maximize detection performance while the second designs the coupling matrices to maximize system estimation performance. Numerical examples are presented that validate our approach.

Cyber breaches can result in disruption to business operations, reputation damage as well as directly affecting the financial stability of the targeted corporations, with potential impacts on future profits and stock values. Automatic network-stream monitoring becomes necessary for cyber situation awareness, and time-series anomaly detection plays an important role in network stream monitoring. This study surveyed recent research on time-series analysis methods in respect of parametric and non-parametric techniques, and popular machine learning platforms for data analysis on streaming data on both single server and cloud computing environments. We believe it provides a good reference for researchers in both academia and industry to select suitable (time series) data analysis techniques, and computing platforms, dependent on the data scale and real-time requirements.

A Unique Object (UNO) is a physical object with unique characteristics that can be measured externally. The usually analogue measurement can be converted into a digital representation - a fingerprint - which uniquely identifies the object. For practical applications it is necessary that measurements can be performed without the need of specialist equipment or complex measurement setup. Furthermore, a UNO should be able to defeat simulation attacks; an attacker may replace the UNO with a device or system that produces the expected measurement. Recently a novel type of UNOs based on Quantum Dots (QDs) and exhibiting unique photo-luminescence properties has been proposed. The uniqueness of these UNOs is based on quantum effects that can be interrogated using a light source and a camera. The so called Quantum Confinement UNO (QCUNO) responds uniquely to different light excitation levels which is exploited for simulation attack protection, as opposed to focusing on features too small to reproduce and therefore difficult to measure. In this paper we describe methods for extraction of fingerprints from the QCUNO. We evaluate our proposed methods using 46 UNOs in a controlled setup. Focus of the evaluation are entropy, error resilience and the ability to detect simulation attacks.

Attacks by Jamming on wireless communication network can provoke Denial of Services. According to the communication system which is affected, the consequences can be more or less critical. In this paper, we propose to develop an algorithm which could be implemented at the reception stage of a communication terminal in order to detect the presence of jamming signals. The work is performed on Wi-Fi communication signals and demonstrates the necessity to have a specific signal processing at the reception stage to be able to detect the presence of jamming signals.

Development of information systems dealing with education and labour market using web and grid service architecture enables their modularity, expandability and interoperability. Application of ontologies to the web helps with collecting and selecting the knowledge about a certain field in a generic way, thus enabling different applications to understand, use, reuse and share the knowledge among them. A necessary step before publishing computer-interpretable data on the public web is the implementation of common standards that will ensure the exchange of information. Croatian Qualification Framework (CROQF) is a project of standardization of occupations for the labour market, as well as standardization of sets of qualifications, skills and competences and their mutual relations. This paper analysis a respectable amount of research dealing with application of ontologies to information systems in education during the last decade. The main goal is to compare achieved results according to: 1) phases of development/classifications of education-related ontologies; 2) areas of education and 3) standards and structures of metadata for educational systems. Collected information is used to provide insight into building blocks of CROQF, both the ones well supported by experience and best practices, and the ones that are not, together with guidelines for development of own standards using ontological structures.

The distribution of video contents generated by Content Providers (CPs) significantly contributes to increase the congestion within the networks of Internet Service Providers (ISPs). To alleviate this problem, CPs can serve a portion of their catalogues to the end users directly from servers (i.e., the caches) located inside the ISP network. Users served from caches perceive an increased QoS (e.g., average retrieval latency is reduced) and, for this reason, caching can be considered a form of traffic prioritization. Hence, since the storage of caches is limited, its subdivision among several CPs may lead to discrimination. A static subdivision that assignes to each CP the same portion of storage is a neutral but ineffective appraoch, because it does not consider the different popularities of the CPs' contents. A more effective strategy consists in dividing the cache among the CPs proportionally to the popularity of their contents. However, CPs consider this information sensitive and are reluctant to disclose it. In this work, we propose a protocol based on Shamir Secret Sharing (SSS) scheme that allows the ISP to calculate the portion of cache storage that a CP is entitled to receive while guaranteeing network neutrality and resource efficiency, but without violating its privacy. The protocol is executed by the ISP, the CPs and a Regulator Authority (RA) that guarantees the actual enforcement of a fair subdivision of the cache storage and the preservation of privacy. We perform extensive simulations and prove that our approach leads to higher hit-rates (i.e., percentage of requests served by the cache) with respect to the static one. The advantages are particularly significant when the cache storage is limited.

Modern operating systems are typical multitasking systems: Running multiple tasks at the same time. Therefore, a large number of system calls belonging to different processes are invoked at the same time. By associating these invocations, one can construct the system dependency graph. In rapidly evolving system dependency graphs, how to quickly find outliers is an urgent issue for intrusion detection. Clustering analysis based on graph similarity will help solve this problem. In this paper, an extended Weisfeiler-Lehman(WL) kernel is proposed. Firstly, an embedded vector with indefinite dimensions is constructed based on the original dependency graph. Then, the vector is compressed with Simhash to generate a fingerprint. Finally, anomaly detection based on clustering is carried out according to these fingerprints. Our scheme can achieve prominent detection with high efficiency. For validation, we choose StreamSpot, a relevant prior work, to act as benchmark, and use the same data set as it to carry out evaluations. Experiments show that our scheme can achieve the highest detection precision of 98% while maintaining a perfect recall performance. Moreover, both quantitative and visual comparisons demonstrate the outperforming clustering effect of our scheme than StreamSpot.

With the gradual progress of cloud computing, big data, network virtualization and other network technology. The traditional network architecture can no longer support this huge business. At this time, the clean slate team defined a new network architecture, SDN (Software Defined Network). It has brought about tremendous changes in the development of today's networks. The controller sends the flow table down to the switch, and the data flow is forwarded through matching flow table items. However, the current flow table resources of the SDN switch are very limited. Therefore, this paper studies the technology of the latest SDN Flow table optimization at home and abroad, proposes an efficient optimization scheme of Flow table item on the betweenness centrality through the main road selection algorithm, and realizes related applications by setting up experimental topology. Experiments show that this scheme can greatly reduce the number of flow table items of switches, especially the more hosts there are in the topology, the more obvious the experimental effect is. And the experiment proves that the optimization success rate is over 80%.