Biblio

Software-Defined Networking (SDN) introduces a centralized network control and management by separating the data plane from the control plane which facilitates traffic flow monitoring, security analysis and policy formulation. However, it is challenging to choose a proper degree of traffic flow handling granularity while proactively protecting forwarding devices from getting overloaded. In this paper, we propose a novel traffic flow matching control framework called Q-DATA that applies reinforcement learning in order to enhance the traffic flow monitoring performance in SDN based networks and prevent traffic forwarding performance degradation. We first describe and analyse an SDN-based traffic flow matching control system that applies a reinforcement learning approach based on Q-learning algorithm in order to maximize the traffic flow granularity. It also considers the forwarding performance status of the SDN switches derived from a Support Vector Machine based algorithm. Next, we outline the Q-DATA framework that incorporates the optimal traffic flow matching policy derived from the traffic flow matching control system to efficiently provide the most detailed traffic flow information that other mechanisms require. Our novel approach is realized as a REST SDN application and evaluated in an SDN environment. Through comprehensive experiments, the results show that-compared to the default behavior of common SDN controllers and to our previous DATA mechanism-the new Q-DATA framework yields a remarkable improvement in terms of traffic forwarding performance degradation protection of SDN switches while still providing the most detailed traffic flow information on demand.

In the past, researchers have developed a number of popular taint-analysis approaches, particularly in the context of Android applications. Numerous studies have shown that automated code analyses are adopted by developers only if they yield a good "signal to noise ratio", i.e., high precision. Many previous studies have reported analysis precision quantitatively, but this gives little insight into what can and should be done to increase precision further. To guide future research on increasing precision, we present a comprehensive study that evaluates static Android taint-analysis results on a qualitative level. To unravel the exact nature of taint flows, we have designed COVA, an analysis tool to compute partial path constraints that inform about the circumstances under which taint flows may actually occur in practice. We have conducted a qualitative study on the taint flows reported by FlowDroid in 1,022 real-world Android applications. Our results reveal several key findings: Many taint flows occur only under specific conditions, e.g., environment settings, user interaction, I/O. Taint analyses should consider the application context to discern such situations. COVA shows that few taint flows are guarded by multiple different kinds of conditions simultaneously, so tools that seek to confirm true positives dynamically can concentrate on one kind at a time, e.g., only simulating user interactions. Lastly, many false positives arise due to a too liberal source/sink configuration. Taint analyses must be more carefully configured, and their configuration could benefit from better tool assistance.

In order to protect user data while maintaining application functionality, encrypted databases can use specialized cryptography such as property-revealing encryption, which allows a property of the underlying plaintext values to be computed from the ciphertext. One example is deterministic encryption which ensures that the same plaintext encrypted under the same key will produce the same ciphertext. This technology enables clients to make queries on sensitive data hosted in a cloud server and has considerable potential to protect data. However, the security implications of deterministic encryption are not well understood. We provide a leakage analysis of deterministic encryption through the application of the framework of quantitative information flow. A key insight from this framework is that there is no single "right'' measure by which leakage can be quantified: information flow depends on the operational scenario and different operational scenarios require different leakage measures. We evaluate leakage under three operational scenarios, modeled using three different gain functions, under a variety of prior distributions in order to bring clarity to this problem.

Measures and methods used in financial sector to quantify risk, have been recently applied to cyber world. The aim is to help organizations to improve risk management strategies and to wisely plan investments in cyber security. On the other hand, they are useful instruments for insurance companies in pricing cyber insurance contracts and setting the minimum capital requirements defined by the regulators. In this paper we propose an estimation of Value at Risk (VaR), referred to as Cyber Value at Risk in cyber security domain, and Tail Value at risk (TVaR). The data breach information we use is obtained from the “Chronology of data breaches” compiled by the Privacy Rights Clearinghouse.

Grid modernization efforts with the latest information and communication technologies will significantly benefit smart grids in the coming years. More optical fibre communications between consumers and the control center will promise better demand response and customer engagement, yet the increasing attack surface and man-in-the-middle (MITM) threats can result in security and privacy challenges. Among the studies for more secure smart grid communications, quantum key distribution protocols (QKD) have emerged as a promising option. To bridge the theoretical advantages of quantum communication to its practical utilization, however, comprehensive investigations have to be conducted with realistic cyber-physical smart grid structures and scenarios. To facilitate research in this direction, this paper proposes an open-source, research-oriented co-simulation platform that orchestrates cyber and power simulators under the MOSAIK framework. The proposed platform allows flexible and realistic power flow-based co-simulation of quantum communications and electrical grids, where different cyber and power topologies, QKD protocols, and attack threats can be investigated. Using quantum-based communication under MITM attacks, the paper presented detailed case studies to demonstrate how the platform enables quick setup of a lowvoltage distribution grid, implementation of different protocols and cryptosystems, as well as evaluations of both communication efficiency and security against MITM attacks. The platform has been made available online to empower researchers in the modelling of quantum-based cyber-physical systems, pilot studies on quantum communications in smart grid, as well as improved attack resilience against malicious intruders.

Big Data Cyber Security Analytics (BDCA) leverages big data technologies for collecting, storing, and analyzing a large volume of security events data to detect cyber-attacks. Accuracy and response time, being the most important quality concerns for BDCA, are impacted by changes in security events data. Whilst it is promising to adapt a BDCA system's architecture to the changes in security events data for optimizing accuracy and response time, it is important to consider large search space of architectural configurations. Searching a large space of configurations for potential adaptation incurs an overwhelming adaptation time, which may cancel the benefits of adaptation. We present an adaptation approach, QuickAdapt, to enable quick adaptation of a BDCA system. QuickAdapt uses descriptive statistics (e.g., mean and variance) of security events data and fuzzy rules to (re) compose a system with a set of components to ensure optimal accuracy and response time. We have evaluated QuickAdapt for a distributed BDCA system using four datasets. Our evaluation shows that on average QuickAdapt reduces adaptation time by 105× with a competitive adaptation accuracy of 70% as compared to an existing solution.

Intrusion Detection system (IDS) was an application which was aimed to monitor network activity or system and it could find if there was a dangerous operation. Implementation of IDS on Software Define Network architecture (SDN) has drawbacks. IDS on SDN architecture might decreasing network Quality of Service (QoS). So the network could not provide services to the existing network traffic. Throughput, delay and packet loss were important parameters of QoS measurement. Snort IDS and bro IDS were tools in the application of IDS on the network. Both had differences, one of which was found in the detection method. Snort IDS used a signature based detection method while bro IDS used an anomaly based detection method. The difference between them had effects in handling the network traffic through it. In this research, we compared both tools. This comparison are done with testing parameters such as throughput, delay, packet loss, CPU usage, and memory usage. From this test, it was found that bro outperform snort IDS for throughput, delay , and packet loss parameters. However, CPU usage and memory usage on bro requires higher resource than snort.

In this paper, we develop a statistical framework for image steganography in which the cover and stego messages are modeled as multivariate Gaussian random variables. By minimizing the detection error of an optimal detector within the generalized adopted statistical model, we propose a novel Gaussian embedding method. Furthermore, we extend the formulation to cost-based steganography, resulting in a universal embedding scheme that works with embedding costs as well as variance estimators. Experimental results show that the proposed approach avoids embedding in smooth regions and significantly improves the security of the state-of-the-art methods, such as HILL, MiPOD, and S-UNIWARD.

The effects of quantum confinement on the charge distribution in planar Double-Gate (DG) SOI (Siliconon-Insulator) MOSFETs were examined, for sub-10 nm SOI film thicknesses (tsi $łeq$ 10 nm), by modeling the potential experienced by the charge carriers as that of an an-harmonic oscillator potential, consistent with the inherent structural symmetry of nanoscale symmetric DGSOI MOSFETs. By solving the 1-D Poisson's equation using this potential, the results obtained were validated through comparisons with TCAD simulations. The present model satisfactorily predicted the electron density and channel charge density for a wide range of SOI channel thicknesses and gate voltages.

Due to the importance of securing electronic transactions, many cryptographic protocols have been employed, that mainly depend on distributed keys between the intended parties. In classical computers, the security of these protocols depends on the mathematical complexity of the encoding functions and on the length of the key. However, the existing classical algorithms 100% breakable with enough computational power, which can be provided by quantum machines. Moving to quantum computation, the field of security shifts into a new area of cryptographic solutions which is now the field of quantum cryptography. The era of quantum computers is at its beginning. There are few practical implementations and evaluations of quantum protocols. Therefore, the paper defines a well-known quantum key distribution protocol which is BB84 then provides a practical implementation of it on IBM QX software. The practical implementations showed that there were differences between BB84 theoretical expected results and the practical implementation results. Due to this, the paper provides a statistical analysis of the experiments by comparing the standard deviation of the results. Using the BB84 protocol the existence of a third-party eavesdropper can be detected. Thus, calculations of the probability of detecting/not detecting a third-party eavesdropping have been provided. These values are again compared to the theoretical expectation. The calculations showed that with the greater number of qubits, the percentage of detecting eavesdropper will be higher.

Originally implemented by Google, QUIC gathers a growing interest by providing, on top of UDP, the same service as the classical TCP/TLS/HTTP/2 stack. The IETF will finalise the QUIC specification in 2019. A key feature of QUIC is that almost all its packets, including most of its headers, are fully encrypted. This prevents eavesdropping and interferences caused by middleboxes. Thanks to this feature and its clean design, QUIC is easier to extend than TCP. In this paper, we revisit the reliable transmission mechanisms that are included in QUIC. More specifically, we design, implement and evaluate Forward Erasure Correction (FEC) extensions to QUIC. These extensions are mainly intended for high-delays and lossy communications such as In-Flight Communications. Our design includes a generic FEC frame and our implementation supports the XOR, Reed-Solomon and Convolutional RLC error-correcting codes. We also conservatively avoid hindering the loss-based congestion signal by distinguishing the packets that have been received from the packets that have been recovered by the FEC. We evaluate its performance by applying an experimental design covering a wide range of delay and packet loss conditions with reproducible experiments. These confirm that our modular design allows the protocol to adapt to the network conditions. For long data transfers or when the loss rate and delay are small, the FEC overhead negatively impacts the download completion time. However, with high packet loss rates and long delays or smaller files, FEC allows drastically reducing the download completion time by avoiding costly retransmission timeouts. These results show that there is a need to use FEC adaptively to the network conditions.

Current procedures for anomaly detection in self-organizing mobile communication networks use network-centric approaches to identify dysfunctional serving nodes. In this paper, a user-centric approach and a novel methodology for anomaly detection is proposed, where the Quality of Experience (QoE) metric is used to evaluate the end-user experience. The system model demonstrates how dysfunctional serving eNodeBs are successfully detected by implementing a parametric QoE model using machine learning for prediction of user QoE in a network scenario created by the ns-3 network simulator. This approach can play a vital role in the future ultra-dense and green mobile communication networks that are expected to be both self- organizing and self-healing.

With the proliferation of smartphones, a novel sensing paradigm called Mobile Crowd Sensing (MCS) has emerged very recently. However, the attacks and faults in MCS cause a serious false data problem. Observing the intrinsic low dimensionality of general monitoring data and the sparsity of false data, false data detection can be performed based on the separation of normal data and anomalies. Although the existing separation algorithm based on Direct Robust Matrix Factorization (DRMF) is proven to be effective, requiring iteratively performing Singular Value Decomposition (SVD) for low-rank matrix approximation would result in a prohibitively high accumulated computation cost when the data matrix is large. In this work, we observe the quick false data location feature from our empirical study of DRMF, based on which we propose an intelligent Light weight Low Rank and False Matrix Separation algorithm (LightLRFMS) that can reuse the previous result of the matrix decomposition to deduce the one for the current iteration step. Our algorithm can largely speed up the whole iteration process. From a theoretical perspective, we validate that LightLRFMS only requires one round of SVD computation and thus has very low computation cost. We have done extensive experiments using a PM 2.5 air condition trace and a road traffic trace. Our results demonstrate that LightLRFMS can achieve very good false data detection performance with the same highest detection accuracy as DRMF but with up to 10 times faster speed thanks to its lower computation cost.

Vehicular Named Data Network (VNDN) uses Named Data Network (NDN) as a communication enabler. The communication is achieved using the content name instead of the host address. NDN integrates content caching at the network level rather than the application level. Hence, the network becomes aware of content caching and delivering. The content caching is a fundamental element in VNDN communication. However, due to the limitations of the cache store, only the most used content should be cached while the less used should be evicted. Traditional caching replacement policies may not work efficiently in VNDN due to the large and diverse exchanged content. To solve this issue, we propose an efficient cache replacement policy that takes the quality of service into consideration. The idea consists of classifying the traffic into different classes, and split the cache store into a set of sub-cache stores according to the defined traffic classes with different storage capacities according to the network requirements. Each content is assigned a popularity-density value that balances the content popularity with its size. Content with the highest popularity-density value is cached while the lowest is evicted. Simulation results prove the efficiency of the proposed solution to enhance the overall network quality of service.

Securing Internet of things is a major concern as it deals with data that are personal, needed to be reliable, can direct and manipulate device decisions in a harmful way. Also regarding data generation process is heterogeneous, data being immense in volume, complex management. Quantum Computing and Internet of Things (IoT) coined as Quantum IoT defines a concept of greater security design which harness the virtue of quantum mechanics laws in Internet of Things (IoT) security management. Also it ensures secured data storage, processing, communication, data dynamics. In this paper, an IoT security infrastructure is introduced which is a hybrid one, with an extra layer, which ensures quantum state. This state prevents any sort of harmful actions from the eavesdroppers in the communication channel and cyber side, by maintaining its state, protecting the key by quantum cryptography BB84 protocol. An adapted version is introduced specific to this IoT scenario. A classical cryptography system `One-Time pad (OTP)' is used in the hybrid management. The novelty of this paper lies with the integration of classical and quantum communication for Internet of Things (IoT) security.

With the increasing of health awareness, the users become more and more interested in their daily health information and healthcare activities results from healthcare organizations. They always try to collect them together for better usage. Traditionally, the healthcare data is always delivered by paper format from the healthcare organizations, and it is not easy and convenient for data usage and management. They would have to translate these data on paper to digital version which would probably introduce mistakes into the data. It would be necessary if there is a secure and convenient method for electronic health data transferring between the users and the healthcare organizations. However, for the security and privacy problems, almost no healthcare organization provides a stable and full service for health data delivery. In this paper, we propose a secure and convenient method, QRStream, which splits original health data and loads them onto QR code frame streaming for the data transferring. The results shows that QRStream can transfer text health data smoothly with an acceptable performance, for example, transferring 10K data in 10 seconds.

Quantum computing is posing new threats on our security infrastructure. This has triggered a new research field on quantum-safe methods, and those that rely on the application of quantum principles are commonly referred as quantum cryptography. The most mature development in the field of quantum cryptography is called Quantum Key Distribution (QKD). QKD is a key exchange primitive that can replace existing mechanisms that can become obsolete in the near future. Although QKD has reached a high level of maturity, there is still a long path for a mass market implementation. QKD shall overcome issues such as miniaturization, network integration and the reduction of production costs to make the technology affordable. In this direction, we foresee that QKD systems will evolve following the same path as other networking technologies, where systems will run on specific network cards, integrable in commodity chassis. This work describes part of our activity in the EU H2020 project CiViQ in which quantum technologies, as QKD systems or quantum random number generators (QRNG), will become a single network element that we define as Quantum Switch. This allows for quantum resources (keys or random numbers) to be provided as a service, while the different components are integrated to cooperate for providing the most random and secure bit streams. Furthermore, with the purpose of making our proposal closer to current networking technology, this work also proposes an abstraction logic for making our Quantum Switch suitable to become part of software-defined networking (SDN) architectures. The model fits in the architecture of the SDN quantum node architecture, that is being under standardization by the European Telecommunications Standards Institute. It permits to operate an entire quantum network using a logically centralized SDN controller, and quantum switches to generate and to forward key material and random numbers across the entire network. This scheme, demonstrated for the first time at the Madrid Quantum Network, will allow for a faster and seamless integration of quantum technologies in the telecommunications infrastructure.

This paper presents the results of a qualitative study on discussions about two major law enforcement interventions against Dark Net Market (DNM) users extracted from relevant Reddit forums. We assess the impact of Operation Hyperion and Operation Bayonet (combined with the closure of the site Hansa) by analyzing posts and comments made by users of two Reddit forums created for the discussion of Dark Net Markets. The operations are compared in terms of the size of the discussions, the consequences recorded, and the opinions shared by forum users. We find that Operation Bayonet generated a higher number of discussions on Reddit, and from the qualitative analysis of such discussions it appears that this operation also had a greater impact on the DNM ecosystem.

Hardware vulnerabilities are often due to design mistakes because the designer does not sufficiently consider potential security vulnerabilities at the design stage. As a result, various security solutions have been developed to protect ICs, among which the language-based hardware security verification serves as a promising solution. The verification process will be performed while compiling the HDL of the design. However, similar to other formal verification methods, the language-based approach also suffers from scalability issue. Furthermore, existing solutions either lead to hardware overhead or are not designed for vulnerable or malicious logic detection. To alleviate these challenges, we propose a new language based framework, QIF-Verilog, to evaluate the trustworthiness of a hardware system at register transfer level (RTL). This framework introduces a quantified information flow (QIF) model and extends Verilog type systems to provide more expressiveness in presenting security rules; QIF is capable of checking the security rules given by the hardware designer. Secrets are labeled by the new type and then parsed to data flow, to which a QIF model will be applied. To demonstrate our approach, we design a compiler for QIF-Verilog and perform vulnerability analysis on benchmarks from Trust-Hub and OpenCore. We show that Trojans or design faults that leak information from circuit outputs can be detected automatically, and that our method evaluates the security of the design correctly.

Quantum low probability of intercept transmits ciphertext in a way that prevents an eavesdropper possessing the decryption key from recovering the plaintext. It is capable of Gbps communication rates on optical fiber over metropolitan-area distances.

Quickest detection of false data injection attacks (FDIAs) in dynamic smart grids is considered in this paper. The unknown time-varying state variables of the smart grid and the FDIAs impose a significant challenge for designing a computationally efficient detector. To address this challenge, we propose new Cumulative-Sum-type algorithms with computational complex scaling linearly with the number of meters. Moreover, for any constraint on the expected false alarm period, a lower bound on the threshold employed in the proposed algorithm is provided. For any given threshold employed in the proposed algorithm, an upper bound on the worstcase expected detection delay is also derived. The proposed algorithm is numerically investigated in the context of an IEEE standard power system under FDIAs, and is shown to outperform some representative algorithm in the test case.

The problems of random numbers application to the information security of data, communication lines, computer units and automated driving systems are considered. The possibilities for making up quantum generators of random numbers and existing solutions for acquiring of sufficiently random sequences are analyzed. The authors found out the method for the creation of quantum generators on the basis of semiconductor electronic components. The electron-quantum generator based on electrons tunneling is experimentally demonstrated. It is shown that it is able to create random sequences of high security level and satisfying known NIST statistical tests (P-Value\textbackslashtextgreater0.9). The generator created can be used for formation of both closed and open cryptographic keys in computer systems and other platforms and has great potential for realization of random walks and probabilistic computing on the basis of neural nets and other IT problems.

In most crowdsensing systems, the quality of the collected data is varied and difficult to evaluate while the existing crowdsensing quality control methods are mostly based on a central platform, which is not completely trusted in reality and results in fraud and other problems. To solve these questions, a novel crowdsensing quality control model is proposed in this paper. First, the idea of blockchain is introduced into this model. The credit-based verifier selection mechanism and twice consensuses are proposed to realize the non-repudiation and non-tampering of information in crowdsensing. Then, the quality grading evaluation (QGE) is put forward, in which the method of truth discovery and the idea of fuzzy theories are combined to evaluate the quality of sensing data, and the garbled circuit is used to ensure that evaluation criteria can not be leaked. Finally, the Experiments show that our model is feasible in time and effective in quality evaluation.

Deep neural network (DNN) as a popular machine learning model is found to be vulnerable to adversarial attack. This attack constructs adversarial examples by adding small perturbations to the raw input, while appearing unmodified to human eyes but will be misclassified by a well-trained classifier. In this paper, we focus on the black-box attack setting where attackers have almost no access to the underlying models. To conduct black-box attack, a popular approach aims to train a substitute model based on the information queried from the target DNN. The substitute model can then be attacked using existing white-box attack approaches, and the generated adversarial examples will be used to attack the target DNN. Despite its encouraging results, this approach suffers from poor query efficiency, i.e., attackers usually needs to query a huge amount of times to collect enough information for training an accurate substitute model. To this end, we first utilize state-of-the-art white-box attack methods to generate samples for querying, and then introduce an active learning strategy to significantly reduce the number of queries needed. Besides, we also propose a diversity criterion to avoid the sampling bias. Our extensive experimental results on MNIST and CIFAR-10 show that the proposed method can reduce more than 90% of queries while preserve attacking success rates and obtain an accurate substitute model which is more than 85% similar with the target oracle.

Massive amounts of videos are generated for entertainment, security, and science, powered by a growing supply of user-produced video hosting services. Unfortunately, searching for videos is difficult due to the lack of content annotations. Recent breakthroughs in image labeling with deep neural networks (DNNs) create a unique opportunity to address this problem. While many automated end-to-end solutions have been developed, such as natural language queries, we take on a different perspective: to leverage both the development of algorithms and human capabilities. To this end, we design a query language in tandem with a user interface to help users quickly identify segments of interest from the video based on labels and corresponding bounding boxes. We combine techniques from the database and information visualization communities to help the user make sense of the object labels in spite of errors and inconsistencies.