Biblio

With the development of IoT, smart health has significantly improved the quality of people's life. A large amount of smart health monitoring system has been proposed, which provides an opportunity for timely and efficient diagnosis. Nevertheless, most of them ignored the impact of environment on patients' health. Due to the openness of the communication channel, data security and privacy preservation are crucial problems to be solved. In this work, an environment aware privacy-preserving authentication protocol based on the fuzzy extractor and elliptic curve cryptography (ecc) is designed for health monitoring system with mutual authentication and anonymity. Edge computing unit can authenticate all environmental sensors at one time. Fuzzy synthetic evaluation model is utilized to evaluate the environment equality with the patients' temporal health index (THI) as an assessment factor, which can help to predict the appropriate environment. The session key is established for secure communication based on the predicted result. Through security analysis, the proposed protocol can prevent common attacks. Moreover, performance analysis shows that the proposed protocol is applicable for resource-limited smart devices in edge computing health monitoring system.

In this paper, a merged convolution neural network (MCNN) is proposed to improve the accuracy and robustness of real-time facial expression recognition (FER). Although there are many ways to improve the performance of facial expression recognition, a revamp of the training framework and image preprocessing renders better results in applications. When the camera is capturing images at high speed, however, changes in image characteristics may occur at certain moments due to the influence of light and other factors. Such changes can result in incorrect recognition of human facial expression. To solve this problem, we propose a statistical method for recognition results obtained from previous images, instead of using the current recognition output. Experimental results show that the proposed method can satisfactorily recognize seven basic facial expressions in real time.

With more than a trillion web pages, there is a plethora of content available for consumption. Search Engine queries invariably lead to overwhelming information, parts of it relevant and some others irrelevant. Often the information provided can be conflicting, ambiguous, and inconsistent contributing to the loss of credibility of the content. In the past, researchers have proposed approaches for credibility assessment and enumerated factors influencing the credibility of web pages. In this work, we detailed a WEBCred framework for automated genre-aware credibility assessment of web pages. We developed a tool based on the proposed framework to extract web page features instances and identify genre a web page belongs to while assessing it's Genre Credibility Score ( GCS). We validated our approach on `Information Security' dataset of 8,550 URLs with 171 features across 7 genres. The supervised learning algorithm, Gradient Boosted Decision Tree classified genres with 88.75% testing accuracy over 10 fold cross-validation, an improvement over the current benchmark. We also examined our approach on `Health' domain web pages and had comparable results. The calculated GCS correlated 69% with crowdsourced Web Of Trust ( WOT) score and 13% with algorithm based Alexa ranking across 5 Information security groups. This variance in correlation states that our GCS approach aligns with human way ( WOT) as compared to algorithmic way (Alexa) of web assessment in both the experiments.

The integration of Internet-of-Things and pervasive computing in medical devices have made the modern healthcare system “smart.” Today, the function of the healthcare system is not limited to treat the patients only. With the help of implantable medical devices and wearables, Smart Healthcare System (SHS) can continuously monitor different vital signs of a patient and automatically detect and prevent critical medical conditions. However, these increasing functionalities of SHS raise several security concerns and attackers can exploit the SHS in numerous ways: they can impede normal function of the SHS, inject false data to change vital signs, and tamper a medical device to change the outcome of a medical emergency. In this paper, we propose HealthGuard, a novel machine learning-based security framework to detect malicious activities in a SHS. HealthGuard observes the vital signs of different connected devices of a SHS and correlates the vitals to understand the changes in body functions of the patient to distinguish benign and malicious activities. HealthGuard utilizes four different machine learning-based detection techniques (Artificial Neural Network, Decision Tree, Random Forest, k-Nearest Neighbor) to detect malicious activities in a SHS. We trained HealthGuard with data collected for eight different smart medical devices for twelve benign events including seven normal user activities and five disease-affected events. Furthermore, we evaluated the performance of HealthGuard against three different malicious threats. Our extensive evaluation shows that HealthGuard is an effective security framework for SHS with an accuracy of 91 % and an F1 score of 90 %.

The performance of many data security and reliability applications depends on computations in finite fields \$\textbackslashtextGF (2ˆm)\$. In finite field arithmetic, field multiplication is a complex operation and is also used in other operations such as inversion and exponentiation. By considering the application domain needs, a variety of efficient algorithms and architectures are proposed in the literature for field \$\textbackslashtextGF (2ˆm)\$ multiplier. With the rapid emergence of Internet of Things (IoT) and Wireless Sensor Networks (WSN), many resource-constrained devices such as IoT edge devices and WSN end nodes came into existence. The data bus width of these constrained devices is typically smaller. Digit-level architectures which can make use of the full data bus are suitable for these devices. In this paper, we propose a new fully digit-serial polynomial basis finite field \$\textbackslashtextGF (2ˆm)\$ multiplier where both the operands enter the architecture concurrently at digit-level. Though there are many digit-level multipliers available for polynomial basis multiplication in the literature, it is for the first time to propose a fully digit-serial polynomial basis multiplier. The proposed multiplication scheme is based on the multiplication scheme presented in the literature for a redundant basis multiplication. The proposed polynomial basis multiplication results in a high-throughput architecture. This multiplier is applicable for a class of trinomials, and this class of irreducible polynomials is highly desirable for IoT edge devices since it allows the least area and time complexities. The proposed multiplier achieves better throughput when compared with previous digit-level architectures.

In this article the combination of secret sharing schemes and the requirement of discretionary security policy is considered. Secret sharing schemes of Shamir and Blakley are investigated. Conditions for parameters of schemes the providing forbidden information channels are received. Ways for concealment of the forbidden channels are suggested. Three modifications of the Shamir's scheme and two modifications of the Blakley's scheme are suggested. Transition from polynoms to exponential functions for formation the parts of a secret is carried out. The problem of masking the presence of the forbidden information channels is solved. Several approaches with the complete and partial concealment are suggested.

Trust mechanisms are considered the logical protection of software systems, preventing malicious people from taking advantage or cheating others. Although these concepts are widely used, most applications in this field do not consider affective aspects to aid in trust computation. Researchers of Psychology, Neurology, Anthropology, and Computer Science argue that affective aspects are essential to human's decision-making processes. So far, there is a lack of understanding about how these aspects impact user's trust, particularly when they are inserted in an evaluation system. In this paper, we propose a trust model that accounts for personality using three personality models: Big Five, Needs, and Values. We tested our approach by extracting personality aspects from texts provided by two online human-fed evaluation systems and correlating them to reputation values. The empirical experiments show statistically significant better results in comparison to non-personality-wise approaches.

The paper presents the results of load testing of embedded hardware platforms for Internet of Things solutions. Analyzed the available hardware. The operating systems from different manufacturers were consolidated into a single classification, and for the two most popular, load testing was performed by an external and internal wireless network adapter. Developed its own software solution based on the Python programming language. The number of wireless subscribers ranged from 7 to 14. Experimental results will be useful in deploying wireless infrastructure for small commercial and scientific wireless networks.

Trajectory data in the Internet of Things contains many behavioral information of users, and the method of Mix-zone can be used to separate the association among the user's movement trajectories. In this paper, the weighted undirected graph is used to establish a mathematical model for the Mix-zone, and a user flow-based algorithm is proposed to estimate the probability of migration between nodes in the graph. In response to the attack method basing on the migration probability, the traditional Mix-zone is improved. Finally, an algorithms for adaptively building enhanced Mix-zone is proposed and the simulation using real data sets shows the superiority of the algorithm.

User Authentication is a difficult problem yet to be addressed accurately. Little or no work is reported in literature dealing with clustering-based anomaly detection techniques for user authentication for keystroke data. Therefore, in this paper, Modified Differential Evolution (MDE) based subspace anomaly detection technique is proposed for user authentication in the context of behavioral biometrics using keystroke dynamics features. Thus, user authentication is posed as an anomaly detection problem. Anomalies in CMU's keystroke dynamics dataset are identified using subspace-based and distance-based techniques. It is observed that, among the proposed techniques, MDE based subspace anomaly detection technique yielded the highest Area Under ROC Curve (AUC) for user authentication problem. We also performed a Wilcoxon Signed Rank statistical test to corroborate our results statistically.

Cloud Native, the emerging computing infrastructure has become a new trend for cloud computing, especially after the development of containerization technology such as docker and LXD, and the orchestration system for them like Kubernetes and Swarm. With the growing popularity of Cloud Native, the following problems have been raised: (i) most Cloud Native applications were designed for making full use of the cloud platform, but their file storage has not been completely optimized for adapting it. (ii) the traditional file system is designed as a utility for storing and retrieving files, usually built into the kernel of the operating systems. But when placing it to a large-scale condition, like a network storage server shared by thousands of computing instances, and stores millions of files, it will be slow and even unstable. (iii) most storage solutions use metadata for faster tracking of files, but the metadata itself will take up a lot of space, and the capacity of it is usually limited. If the file system store metadata directly into hard disk without caching, the tracking of massive small files will be a lot slower. (iv) The traditional object storage solution can't provide enough features to make itself more practical on the cloud such as caching and auto replication. This paper proposes a new storage engine based on the well-known Haystack storage engine, optimized in terms of service discovery and Automated fault tolerance, make it more suitable for Cloud Native infrastructure, deployment and applications. We use the object storage model to solve the large and high-frequency file storage needs, offering a simple and unified set of APIs for application to access. We also take advantage of Kubernetes' sophisticated and automated toolchains to make cloud storage easier to deploy, more flexible to scale, and more stable to run.

A number of solutions have been proposed to tackle the user privacy-preserving issue. Most of existing schemes, however, focus on methodology and techniques from the perspective of data processing. In this paper, we propose a lightweight privacy-preserving scheme for user identity from the perspective of data user and applied cryptography. The basic idea is to break the association relationships between User identity and his behaviors and ensure that User can access data or services as usual while the real identity will not be revealed. To this end, an interactive zero-knowledge proof protocol of identity is executed between CSP and User. Besides, a trusted third-party is introduced to manage user information, help CSP to validate User identity and establish secure channel between CSP and User via random shared key. After passing identity validation, User can log into cloud platform as usual without changing existing business process using random temporary account and password generated by CSP and sent to User by the secure channel which can further obscure the association relationships between identity and behaviors. Formal security analysis and theoretic and experimental evaluations are conducted, showing that the proposal is efficient and practical.

Context-based zero-interaction has become the trend for smart IoT device pairing. In this paper, we propose a secure and usable mechanism to authenticate devices co-located in smart home scenario, and build a secure communication channel between legitimate devices by utilizing on-board microphones to capture a common audio context. After receiving randomly generated sound signals, smart IoT device uses the time intervals between salient sound signals to derive audio fingerprint which can be matched among co-present devices and then be used to bootstrap trust of the devices. The protocol is based on the idea that devices co-located within a physical security boundary (e.g., single family house) can hear similar sounds, and the devices outside would miss parts of sound signals due to the attenuation when sounds pass through the wall. To accelerate the generation rate of audio fingerprint, an extra sound source is introduced. We implement our protocol on Android devices, and the experiment results show that the protocol can distinguish the malicious devices outside from the legitimate devices located inside a security boundary and can quickly establish a strong secret-key between legitimate devices.

With the widespread use of location-based services and the development of localization systems, user's locations and even sensitive information can be easily accessed by some untrusted entities, which means privacy concerns should be taken seriously. In this paper, we propose a differential privacy framework to preserve users' location privacy and provide location-based services. We propose the metrics of location privacy, service quality and differential privacy to introduce a location privacy preserving mechanism, which can help users find the tradeoff or optimal strategy between location privacy and service quality. In addition, we design an adversary model to infer users' true locations, which can be used by application service providers to improve service quality. Finally, we present simulation results and analyze the performance of our proposed system.

Technological advancements have made smartphones to provide wide range of applications that enable users to perform many of their tasks easily and conveniently, anytime and anywhere. For this reason, many users are tend to store their private data in their smart phones. Since conventional methods for security of smartphones, such as passwords, personal identification numbers, and pattern locks are prone to many attacks, this research paper proposes a novel method for authenticating smartphone users based on performing seven different daily physical activity as behavioral biometrics, using smartphone embedded sensor data. This authentication scheme builds a machine learning model which recognizes users by performing those daily activities. Experimental results demonstrate the effectiveness of the proposed framework.

Fractional hedonic games (FHGs) are extensively studied in game theory and explain the formation of coalitions among individuals in a group. This paper investigates the coalition generation problem, namely, finding a coalition structure whose social welfare, i.e., the sum of the players' payoffs, is maximized. We focus on agent-based methods which set the decision rules for each player in the game. Through repeated interactions the players arrive at a coalition structure. In particular, we propose CFSV, namely, coalition formation with Shapley value-based welfare distribution scheme. To evaluate CFSV, we theoretically demonstrate that this algorithm achieves optimal coalition structure over certain standard graph classes and empirically compare the algorithm against other existing benchmarks on real-world and synthetic graphs. The results show that CFSV is able to achieve superior performance.

Cyber attacks on transmission lines are one of the main challenges in security of smart grids. These targeted attacks, if not detected, might cause cascading problems in power systems. This paper proposes a bi-level mixed integer linear programming (MILP) optimization model for false data injection on targeted buses in a power system to overflow targeted transmission lines. The upper level optimization problem outputs the optimized false data injections on targeted load buses to overflow a targeted transmission line without violating bad data detection constraints. The lower level problem integrates the false data injections into the optimal power flow problem without violating the optimal power flow constraints. A few case studies are designed to validate the proposed attack model on IEEE 118-bus power system.

Mitigating the effect of Distributed Denial of Service (DDoS) attacks in wired/wireless networks is a problem of extreme importance. The present paper investigates this problem and proposes a secure AQM to encounter the effects of DDoS attacks on queue's router. The employed method relies on modelling the TCP/AQM system subjected to different DoS attack rate where the resulting closed-loop system is expressed as new Markovian Jump Linear System (MJLS). Sufficient delay-dependent conditions which guarantee the syntheses of a stabilizing control for the closed-loop system with a guaranteed cost J* are derived. Finally, a numerical example is displayed.

This work proposes a moving target defense (MTD) strategy to detect coordinated cyber-physical attacks (CCPAs) against power grids. A CCPA consists of a physical attack, such as disconnecting a transmission line, followed by a coordinated cyber attack that injects false data into the sensor measurements to mask the effects of the physical attack. Such attacks can lead to undetectable line outages and cause significant damage to the grid. The main idea of the proposed approach is to invalidate the knowledge that the attackers use to mask the effects of the physical attack by actively perturbing the grid's transmission line reactances using distributed flexible AC transmission system (D-FACTS) devices. We identify the MTD design criteria in this context to thwart CCPAs. The proposed MTD design consists of two parts. First, we identify the subset of links for D-FACTS device deployment that enables the defender to detect CCPAs against any link in the system. Then, in order to minimize the defense cost during the system's operational time, we use a game-theoretic approach to identify the best subset of links (within the D-FACTS deployment set) to perturb which will provide adequate protection. Extensive simulations performed using the MATPOWER simulator on IEEE bus systems verify the effectiveness of our approach in detecting CCPAs and reducing the operator's defense cost.

Smart grid has evolved as the next generation power grid paradigm which enables the transfer of real time information between the utility company and the consumer via smart meter and advanced metering infrastructure (AMI). These information facilitate many services for both, such as automatic meter reading, demand side management, and time-of-use (TOU) pricing. However, there have been growing security and privacy concerns over smart grid systems, which are built with both smart and legacy information and operational technologies. Intrusion detection is a critical security service for smart grid systems, alerting the system operator for the presence of ongoing attacks. Hence, there has been lots of research conducted on intrusion detection in the past, especially anomaly-based intrusion detection. Problems emerge when common approaches of pattern recognition are used for imbalanced data which represent much more data instances belonging to normal behaviors than to attack ones, and these approaches cause low detection rates for minority classes. In this paper, we study various machine learning models to overcome this drawback by using CIC-IDS2018 dataset [1].

The need for performing deep neural network inferences on resource-constrained embedded devices (e.g., Internet of Things nodes) requires specialized architectures to achieve the best trade-off among performance, energy, and cost. One of the most promising architectures in this context is based on massive parallel and specialized cores interconnected by means of a Network-on-Chip (NoC). In this paper, we extensively evaluate NoC-based deep neural network accelerators by exploring the design space spanned by several architectural parameters including, network size, routing algorithm, local memory size, link width, and number of memory interfaces. We show how latency is mainly dominated by the on-chip communication whereas energy consumption is mainly accounted by memory (both on-chip and off-chip). The outcome of the analysis, thus, pushes toward a research line devoted to the optimization of the on-chip communication fabric and the memory subsystem for performance improvement and energy efficiency, respectively.

Profiled DPA is a new method combined with machine learning method in side channel attack which is put forward by Whitnall in CHES 2015.[1]The most important part lies in effectiveness of extracting information. This paper introduces a new rule Explained Local Variance (ELV) to extract information in profiled stage for profiled DPA. It attracts information effectively and shields noise to get better accuracy than the original rule. The ELV enables an attacker to use less power traces to get the same result as before. It also leads to 94.6% space reduction and 29.2% time reduction for calculation. For security circuit implementation, a high order masking scheme in modelsim is implemented. A new exchange network is put forward. 96.9% hardware resource is saved due to the usage of this network.

Tensile residual stresses combined with an applied tensile stress can reduce the reliability of steel components. Nondestructive evaluation of residual stress is thus important to avoid unintended fatigue or cracking. Because magnetic hysteresis properties of ferromagnetic materials are sensitive to stress, nondestructive evaluation of residual stress through magnetic properties can be expected. The spatial mapping of local magnetic hysteresis properties becomes possible by using the acoustically stimulated electromagnetic (ASEM) method and the tensile stress dependence of the hysteresis properties has been investigated in steel. It is found that the coercivity Hc and the remanent magnetization signal Vr monotonically decrease with increasing the tensile stress. In this work, we verified the detection of residual stresses through the ASEM response in a welded steel plate. Tensile stresses are intentionally introduced on the opposite side of the partially welded face by controlling welding temperatures. We found that Hc and Vr clearly decrease in the welded region, suggesting that the presence of tensile residual stresses is well detected by the hysteresis parameters.

The traditional network used today is unable to meet the increasing needs of technology in terms of management, scaling, and performance criteria. Major developments in information and communication technologies show that the traditional network structure is quite lacking in meeting the current requirements. In order to solve these problems, Software Defined Network (SDN) is capable of responding as it, is flexible, easier to manage and offers a new structure. Software Defined Networks have many advantages over traditional network structure. However, it also brings along many security threats due to its new architecture. For example, the DoS attack, which overloads the controller's processing and communication capacity in the SDN structure, is a significant threat. Mobile Ad Hoc Network (MANET), which is one of the wireless network technologies, is different from SDN technology. MANET is exposed to various attacks such as DoS due to its security vulnerabilities. The aim of the study is to reveal the security problems in SDN structure presented with a new understanding. This is based on the currently used network structures such as MANET. The study consists of two parts. First, DoS attacks against the SDN controller were performed. Different SDN controllers were used for more accurate results. Second, MANET was established and DoS attacks against this network were performed. Different MANET routing protocols were used for more accurate results. According to the scenario, attacks were performed and the performance values of the networks were tested. The reason for using two different networks in this study is to compare the performance values of these networks at the time of attack. According to the test results, both networks were adversely affected by the attacks. It was observed that network performance decreased in MANET structure but there was no network interruption. The SDN controller becomes dysfunctional and collapses as a result of the attack. While the innovations offered by the SDN structure are expected to provide solutions to many problems in traditional networks, there are still many vulnerabilities for network security.

Mobile Ad-hoc NETwork (MANET) is a collection of mobile devices which interchange information without the use of predefined infrastructures or central administration. It is employed in many domains such as military and commercial sectors, data and sensors networks, low level applications, etc. The important constraints in this network are the limitation of bandwidth, processing capabilities and battery life. The choice of an effective routing protocol is primordial. From many routing protocols developed for MANET, OLSR protocol is a widely-used proactive routing protocol which diffuses topological information periodically. Thus, every node has a global vision of the entire network. The protocol assumes, like the other protocols, that the nodes cooperate in a trusted environment. So, all control messages are transmitted (HELLO messages) to all 1-hop neighbor nodes or broadcasted (TC and MID messages) to the entire network in clear. However, a node, which listens to OLSR control messages, can exploit this property to lead an attack. In this paper, we investigate on MultiPoint Relay (MPR) attack considered like one of the efficient OLSR attacks by using a simulation in progressive size gridMANET.