Biblio

Latest forecasts show that 50 billion devices will be connected to the Internet by 2020. These devices will provide ubiquitous data access and enable smarter interactions in all aspects of our everyday life, including vital domains such as healthcare and battlefields, where privacy is a key requirement. With the increasing adoption of IoT and the explosion of these resource-constrained devices, manual discovery and configuration become significantly challenging. Despite there is a number of resource discovery protocols that can be efficiently used in IoT deployments, none of these protocols provides any privacy consideration. This paper presents LPA-SDT, a novel technique for service discovery that builds privacy into the design from the ground up. Performance evaluation demonstrates that LPA-SDT outperforms state-of-the-art discovery techniques for resource-constrained environments while preserving user and data privacy.

Though currently a “hot topic”, over the past fifteen years [1][2], there has been significant work on the use of machine learning to design large scale computer-communication networks, motivated by the complexity of the systems that are being considered and the unpredictability of their workloads. A topic of great concern has been security [3] and novel techniques for detecting network attacks have been developed based on Machine Learning [8]. However the main challenge with Machine Learning methods in networks has concerned their compatibility with the Internet Protocol and with legacy systems, and a major step forward has come from the establishment of Software Defined Networks (SDN) [4] which delegate network routing to specific SDN routers [4]. SDN has become an industry standard for concentrating network management and routing decisions within specific SDN routers that download the selected paths periodically to network routers, which operate otherwise under the IP protocol. In this paper we describe our work on real-time control of Security and Privacy [7], Energy Consumption and QoS [6] of packet networks using Machine Learning based on the Cognitive Packet Network [9] principles and their application to the H2020 SerIoT Project [5].

As massive research efforts are poured into server-side DNS security enhancement in online cloud service platforms, sophisticated APTs tend to develop client-side DNS attacks, where defenders only have limited resources and abilities. The collaborative DNS attack is a representative newest client-side paradigm to stealthily undermine user cache by falsifying DNS responses. Different from existing static methods, in this paper, we propose a moving target defense solution named multi-vNIC intelligent mutation to free defenders from arduous work and thwart elusive client-side DNS attack in the meantime. Multiple virtual network interface cards are created and switched in a mutating manner. Thus attackers have to blindly guess the actual NIC with a high risk of exposure. Firstly, we construct a dynamic game-theoretic model to capture the main characteristics of both attacker and defender. Secondly, a reinforcement learning mechanism is developed to generate adaptive optimal defense strategy. Experiment results also highlight the security performance of our defense method compared to several state-of-the-art technologies.

Online social media plays an important role during real world events such as natural calamities, elections, social movements etc. Since the social media usage has increased, fake news has grown. The social media is often used by modifying true news or creating fake news to spread misinformation. The creation and distribution of fake news poses major threats in several respects from a national security point of view. Hence Fake news identification becomes an essential goal for enhancing the trustworthiness of the information shared on online social network. Over the period of time many researcher has used different methods, algorithms, tools and techniques to identify fake news content from online social networks. The aim of this paper is to review and examine these methodologies, different tools, browser extensions and analyze the degree of output in question. In addition, this paper discuss the general approach of fake news detection as well as taxonomy of feature extraction which plays an important role to achieve maximum accuracy with the help of different Machine Learning and Natural Language Processing algorithms.

Detection of multi-stage threats such as Advanced Persistent Threats (APT) is extremely challenging due to their deceptive approaches. Sequential events of threats might look benign when performed individually or from different addresses. We propose a new unsupervised framework to identify patterns and correlations of malicious behaviours by analysing heterogeneous log-files. The framework consists of two main phases of data analysis to extract inner-behaviours of log-files and then the patterns of those behaviours over analysed files. To evaluate the framework we have produced a (publicly available) labelled version of the SotM43 dataset. Our results demonstrate that the framework can (i) efficiently cluster inner-behaviours of log-files with high accuracy and (ii) extract patterns of malicious behaviour and correlations between those patterns from real-world data.

Today, the online review system cannot fully support the business since there are fraudulent activities inside. The companies that get low score reviews are induced to raise their score for the market competition capability by paying to the platform for deleting or editing the posted reviews. Moreover, the automatic filtration system of a platform removes some reviews without the awareness of the users. The low transparency platform causes low credibility toward the reviews. Blockchain technology provides exceptionally high transparency since every action can be traced publicly. However, there are some tradeoffs that need to be considered, such as cost and response time. This work tends to find the potential of using Blockchain technology in the online review system by testing four implementation approaches of the Ethereum Smart Contract. The result illustrates that using IPFS to store the data is a practical way of reducing transaction costs. Besides, preventing using Smart Contract states can significantly reduce costs too. The response time for using the Blockchain and IPFS system is slower than the centralized system. However, posting a review does not need a fast response. Thus, it is worthy of trading response time with transparency and cost. In the business view, the review posting with cost causes more difficulty to generate fake reviews. Moreover, there are other advantages over the centralized system, such as the reward system, bogus review voting, and global database. Thus, credibility improvement for a consumer online review system is a potential application of Blockchain technology.

Deep Learning (DL), in spite of its huge success in many new fields, is extremely vulnerable to adversarial attacks. We demonstrate how an attacker applies physical white-box and black-box adversarial attacks to Channel decoding systems based on DL. We show that these attacks can affect the systems and decrease performance. We uncover that these attacks are more effective than conventional jamming attacks. Additionally, we show that classical decoding schemes are more robust than the deep learning channel decoding systems in the presence of both adversarial and jamming attacks.

The Precision Time Protocol is essential for many time-sensitive and time-aware applications. However, it was never designed for security, and despite various approaches to harden this protocol against manipulation, it is still prone to cyber-attacks. Here Advanced Persistent Threats (APT) are of particular concern, as they may stealthily and over extended periods of time manipulate computer clocks that rely on the accurate functioning of this protocol. Simulating such attacks is difficult, as it requires firmware manipulation of network and PTP infrastructure components. Therefore, this paper proposes and demonstrates a programmable Man-in-the-Middle (pMitM) and a programmable injector (pInj) device that allow the implementation of a variety of attacks, enabling security researchers to quantify the impact of APTs on time synchronisation.

The internet of things (IoT) is consisting of many complementary elements which have their own specificities and capacities. These elements are gaining new application and use cases in our lives. Nevertheless, they open a negative horizon of security and privacy issues which must be treated delicately before the deployment of any IoT. Recently, different works emerged dealing with the same branch of issues, like the work of Yuwen Chen et al. that is called LightPriAuth. LightPriAuth has several drawbacks and weakness against various popular attacks such as Insider attack and stolen smart card. Our objective in this paper is to propose a novel solution which is “authentication scheme with three factor using ECC and fuzzy extractor” to ensure security and privacy. The obtained results had proven the superiority of our scheme's performances compared to that of LightPriAuth which, additionally, had defeated the weaknesses left by LightPriAuth.

The major energy-hungry components in today's battery-operated embedded devices are mostly peripheral modules like LTE, WiFi, GPS, etc. Inefficient use of these modules causes energy hotspots, namely segments of the embedded software in which the module wastes energy. We study two such hotspots in the current paper, and provide the corresponding detection and removal algorithms based on static analysis techniques. The program code hotspots occur due to unnecessary releasing and re-acquiring of a module (which puts the module in power saving mode for a while) and misplaced acquiring of the module (which makes the module or processor to waste energy in idle mode). The detections are performed according to some relation between extreme (worst-case/best-case) execution times of some program segments and time/energy specifications of the module. The experimental results on our benchmarks show about 28 percent of energy reduction after the hotspot removals.

This paper examines the influence of quantization on the compressive sensing theory applied to the nonuniformly sampled nonsparse signals with reduced set of randomly positioned measurements. The error of the reconstruction will be generalized to exact expected squared error expression. The aim is to connect the generalized random sampling strategy with the quantization effect, finding the resulting error of the reconstruction. Small sampling deviations correspond to the imprecisions of the sampling strategy, while completely random sampling schemes causes large sampling deviations. Numerical examples provide an agreement between the statistical results and theoretical values.

Homomorphic encryption enables computation on encrypted data while maintaining secrecy. This leads to an important open question whether quantum computation can be delegated and verified in a non-interactive manner or not. In this paper, we affirmatively answer this question by constructing the quantum homomorphic encryption scheme with quantum obfuscation. It takes advantage of the interchangeability of the unitary operator, and exchanges the evaluation operator and the encryption operator by means of equivalent multiplication to complete homomorphic encryption. The correctness of the proposed scheme is proved theoretically. The evaluator does not know the decryption key and does not require a regular interaction with a user. Because of key transmission after quantum obfuscation, the encrypting party and the decrypting party can be different users. The output state has the property of complete mixture, which guarantees the scheme security. Moreover, the security level of the quantum homomorphic encryption scheme depends on quantum obfuscation and encryption operators.

In order to solve the problem that the Nearest Neighbor Data Association (NNDA) algorithm cannot detect the “dynamic” change of the target, this paper proposes the nearest neighbor data association algorithm based on the Targets “Dynamic” Monitoring Model (TDMM). Firstly, the gate searching and updating of targets are completed based on TDMM, then the NNDA algorithm is utilized to achieve the data association of targets to realize track updating. Finally, the NNDA algorithm based on TDMM is realized by simulation. The experimental results show that the algorithm proposed can achieve “dynamic” monitoring in multi-target data association, and have more obvious advantages than Multiple Hypothesis Tracking (MHT) in timeliness and association performance.

This paper combines the common ideas and methods in offensive and defensive confrontation in recent years, and uses artificial intelligence technology-based network asset automatic mining technology and artificial intelligence technology-based vulnerability automatic exploitation technology, carries out research and specific practices in discovering and using system vulnerability based on artificial intelligence technology, designs and implemented automatic binary vulnerability discovering and exploitation system, which improves improves the efficiency and success rate of vulnerability discovering and exploitation.

This study investigates how risk influences users' trust before and after interactions with technologies such as autonomous vehicles (AVs'). Also, the psychophysiological correlates of users' trust from users” eletrodermal activity responses. Eighteen (18) carefully selected participants embark on a hypothetical trip playing an autonomous vehicle driving game. In order to stay safe, throughout the drive experience under four risk conditions (very high risk, high risk, low risk and no risk) that are based on automotive safety and integrity levels (ASIL D, C, B, A), participants exhibit either high or low trust by evaluating the AVs' to be highly or less trustworthy and consequently relying on the Artificial intelligence or the joystick to control the vehicle. The result of the experiment shows that there is significant increase in users' trust and user's delegation of controls to AVs' as risk decreases and vice-versa. In addition, there was a significant difference between user's initial trust before and after interacting with AVs' under varying risk conditions. Finally, there was a significant correlation in users' psychophysiological responses (electrodermal activity) when exhibiting higher and lower trust levels towards AVs'. The implications of these results and future research opportunities are discussed.

Packet classification is used to determine the behavior of incoming packets to network devices. Because it is achieved using a linear search on a classification rule list, a larger number of rules leads to a longer communication latency. To decrease this latency, the problem is generalized as Optimal Rule Ordering (ORO), which aims to identify the order of rules that minimizes the classification latency caused by packet classification while preserving the classification policy. Because ORO is known to be NP-complete by Hamed and Al-Shaer [Dynamic rule-ordering optimization for high-speed firewall filtering, ASIACCS (2006) 332-342], various heuristics for ORO have been proposed. Sub-graph merging (SGM) by Tapdiya and Fulp [Towards optimal firewall rule ordering utilizing directed acyclical graphs, ICCCN (2009) 1-6] is the state of the art heuristic algorithm for ORO. In this paper, we propose a novel heuristic method for ORO. Although most heuristics try to recursively determine the maximum-weight rule and move it as far as possible to an upper position, our algorithm pairs rules that cause policy violations until there are no such rules to simply sort the rules by these weights. Our algorithm markedly decreases the classification latency and reordering time compared with SGM in experiments. The sets consisting of thousands of rules that require one or more hours for reordering by SGM can be reordered by the proposed method within one minute.

Attribution methods can provide powerful insights into the reasons for a classifier's decision. We argue that a key desideratum of an explanation method is its robustness to input hyperparameters which are often randomly set or empirically tuned. High sensitivity to arbitrary hyperparameter choices does not only impede reproducibility but also questions the correctness of an explanation and impairs the trust of end-users. In this paper, we provide a thorough empirical study on the sensitivity of existing attribution methods. We found an alarming trend that many methods are highly sensitive to changes in their common hyperparameters e.g. even changing a random seed can yield a different explanation! Interestingly, such sensitivity is not reflected in the average explanation accuracy scores over the dataset as commonly reported in the literature. In addition, explanations generated for robust classifiers (i.e. which are trained to be invariant to pixel-wise perturbations) are surprisingly more robust than those generated for regular classifiers.

With the explosive development of big data, it is necessary to sort the data according to their importance or priorities. The sources with different importance levels can be modeled by the multilevel diversity coding systems (MDCS). Another trend in future communication networks, say 5G wireless networks and Internet of Things, is that users may obtain their data from all available sources, even from devices belonging to other users. Then, the privacy of data becomes a crucial issue. In a recent work by Li et al., the secure asymmetric MDCS (S-AMDCS) with wiretap channels was investigated, where the wiretapped messages do not leak any information about the sources (i.e. perfect secrecy). It was shown that superposition (source-separate coding) is not optimal for the general S-AMDCS and the exact full secure rate region was proved for a class of S-AMDCS. In addition, a bound on the key size of the secure rate region was provided as well. As a further step on the SAMDCS problem, this paper mainly focuses on the key size characterization. Specifically, the constraints on the key size of superposition secure rate region are proved and a counterexample is found to show that the bound on the key size of the exact secure rate region provided by Li et al. is not tight. In contrast, tight necessary and sufficient constraints on the secrecy key size of the counterexample, which is the four-encoder S-AMDCS, are proved.

We address secure resource allocation for the energy harvesting (EH) based 5G cooperative cognitive radio networks (CRNs). To guarantee that the size-limited secondary users (SUs) can simultaneously send the primary user's and their own information, we assume that SUs are equipped with orthogonally dual-polarized antennas (ODPAs). In particular, we propose, develop, and analyze an efficient resource allocation scheme under a practical non-linear EH model, which can capture the nonlinear characteristics of the end-to-end wireless power transfer (WPT) for radio frequency (RF) based EH circuits. Our obtained numerical results validate that a substantial performance gain can be obtained by employing the non-linear EH model.

Smart grids are being continually adopted as a replacement of the traditional power grid systems to ensure safe, efficient, and cost-effective power distribution. The smart grid is a heterogeneous communication network made up of various devices such as smart meters, automation, and emerging technologies interacting with each other. As a result, the smart grid inherits most of the security vulnerabilities of cyber systems, putting the smart grid at risk of cyber-attacks. To secure the communication between smart grid entities, namely the smart meters and the utility, we propose in this paper a communication infrastructure built on top of a blockchain network, specifically Ethereum. All two-way communication between the smart meters and the utility is assumed to be transactions governed by smart contracts. Smart contracts are designed in such a way to ensure that each smart meter is authentic and each smart meter reading is reported securely and privately. We present a simulation of a sample smart grid and report all the costs incurred from building such a grid. The simulations illustrate the feasibility and security of the proposed architecture. They also point to weaknesses that must be addressed, such as scalability and cost.

In the new era of Internet of Things, the emerging of smart devices makes security and privacy the first requirements and the major challenges of a distributed network. Despite the implementation of security measures, as encryption mechanisms protecting sensor data, and cryptographic algorithms, various attacks seem to undermine the IoT devices security. This paper reports the preliminary results of a side-channel attack (scatter attack) addressed on an 8-bit IoT microcontroller protected by the Advanced Encryption Standard. The attack, based on an high-SNR data acquisition micro-system and a suitable statistical analysis, allows to discover part of the encryption key, demonstrating the security vulnerability of Internet of Things sensor networks protected by the AES.

File sharing applications using cloud storage are increasingly popular for personal and business use. Due to data protection concerns, end-to-end encryption is often a desired feature of these applications. Many attempts at designing cryptographic solutions fail to be adopted due to missing relevant features. We present SeGShare, a new architecture for end-to-end encrypted, group-based file sharing using trusted execution environments (TEE), e.g., Intel SGX. SeGShare is the first solution to protect the confidentiality and integrity of all data and management files; enforce immediate permission and membership revocations; support deduplication; and mitigate rollback attacks. Next to authentication, authorization and file system management, our implementation features an optimized TLS layer that enables high throughput and low latency. The encryption overhead of our implementation is extremely small in computation and storage resources. Our enclave code comprises less than 8500 lines of code enabling efficient mitigation of common pitfalls in deploying code to TEEs.

We determine the semantic security capacity for quantum wiretap channels. We extend methods for classical channels to quantum channels to demonstrate that a strongly secure code guarantees a semantically secure code with the same secrecy rate. Furthermore, we show how to transform a non-secure code into a semantically secure code by means of biregular irreducible functions (BRI functions). We analyze semantic security for classical-quantum channels and for quantum channels.

The Classification of devices involved in authentication and classification of authentication systems by type and combination of protocols used are proposed. The system architecture for soft multi-factor authentication designed and simulated.

Human action is naturally compositional: humans can easily recognize and perform actions with objects that are different from those used in training demonstrations. In this paper, we study the compositionality of action by looking into the dynamics of subject-object interactions. We propose a novel model which can explicitly reason about the geometric relations between constituent objects and an agent performing an action. To train our model, we collect dense object box annotations on the Something-Something dataset. We propose a novel compositional action recognition task where the training combinations of verbs and nouns do not overlap with the test set. The novel aspects of our model are applicable to activities with prominent object interaction dynamics and to objects which can be tracked using state-of-the-art approaches; for activities without clearly defined spatial object-agent interactions, we rely on baseline scene-level spatio-temporal representations. We show the effectiveness of our approach not only on the proposed compositional action recognition task but also in a few-shot compositional setting which requires the model to generalize across both object appearance and action category.