Biblio

Data tampering threatens data integrity in emerging non-volatile memories (NVMs). Whereas Merkle Tree (MT) memory authentication is effective in thwarting data tampering attacks, it drastically increases cell writes and memory accesses, adversely impacting NVM energy, lifetime, and system performance (instructions per cycle (IPC)). We propose ASSURE, a low overhead, high performance Authentication Scheme for SecURE energy efficient (ASSURE) NVMs. ASSURE synergistically integrates (i) smart message authentication codes (SMACs), which eliminate redundant cell writes by enabling MAC computation of only modified words on memory writes, with (ii) multi-root MTs (MMTs), which reduce MT reads/writes by constructing either high performance static MMTs (SMMTs) or low overhead dynamic MMTs (DMMTs) over frequently accessed memory regions. Our full-system simulations of the SPEC CPU2006 benchmarks on a triple-level cell (TLC) resistive RAM (RRAM) architecture show that on average, SMMT ASSURE (DMMT ASSURE) reduces NVM energy by 59% (55%), increases memory lifetime by 2.36x (2.11x), and improves IPC by 11% (10%), over state-of-the-art MT memory authentication.

This paper presents the results of a cryptographic analysis of the protocols used by the European Rail Traffic Management System (ERTMS). A stack of three protocols secures the communication between trains and trackside equipment; encrypted radio communication is provided by the GSM-R protocol, on top of this the EuroRadio protocol provides authentication for a train control application-level protocol. We present an attack which exploits weaknesses in all three protocols: GSM-R has the same well known weaknesses as the GSM protocol, and we present a new collision attack against the EuroRadio protocol. Combined with design weaknesses in the application-level protocol, these vulnerabilities allow an attacker, who observes a MAC collision, to forge train control messages. We demonstrate this attack with a proof of concept using train control messages we have generated ourselves. Currently, ERTMS is only used to send small amounts of data for short sessions, therefore this attack does not present an immediate danger. However, if EuroRadio was to be used to transfer larger amounts of data trains would become vulnerable to this attack. Additionally, we calculate that, under reasonable assumptions, an attacker who could monitor all backend control centres in a country the size of the UK for 45 days would have a 1% chance of being able to take control of a train.

Smart Grids (SGs) are Critical Infrastructures (CI), which are responsible for controlling and maintaining the distribution of electricity. To manage this task, modern SGs integrate an Information and Communication Infrastructure (ICT) beside the electrical power grid. Aside from the benefits derived from the increasing control and management capabilities offered by the ICT, unfortunately the introduction of this cyber layer provides an attractive attack surface for hackers. As a consequence, security becomes a fundamental prerequisite to be fulfilled. In this context, the adoption of Systems Engineering (SE) tools combined with Modeling and Simulation (M&S) techniques represent a promising solution to support the evaluation process of a SG during early design stages. In particular, the paper investigates on the identification, modeling and assessment of attacks in SG environments, by proposing a model for representing attack scenarios as a combination of attack types, attack schema and their temporal occurrence. Simulation techniques are exploited to enable the execution of such attack combinations in the SG domain. Specifically, a simulator, which allows to assess the SG behaviour to identify possible flaws and provide preventive actions before its realization, is developed on the basis of the proposed model and exemplified through a case study.

Various communication protocols are currently used in the Internet of Things (IoT) devices. One of the protocols that are already standardized by ISO is MQTT protocol (ISO / IEC 20922: 2016). Many IoT developers use this protocol because of its minimal bandwidth requirement and low memory consumption. Sometimes, IoT device sends confidential data that should only be accessed by authorized people or devices. Unfortunately, the MQTT protocol only provides authentication for the security mechanism which, by default, does not encrypt the data in transit thus data privacy, authentication, and data integrity become problems in MQTT implementation. This paper discusses several reasons on why there are many IoT system that does not implement adequate security mechanism. Next, it also demonstrates and analyzes how we can attack this protocol easily using several attack scenarios. Finally, after the vulnerabilities of this protocol have been examined, we can improve our security awareness especially in MQTT protocol and then implement security mechanism in our MQTT system to prevent such attack.

The article proposes an enhanced behavior model using graphs of state transitions. The properties and advantages of the proposed model are discussed, UML-based Cooperative Interaction of Automata Objects (CIAO) language is described, attribute approach on its parsing mechanism is introduced. The proposed model for describing behavior is aimed at achieving higher reliability and productivity indicators when designing the secure architecture and implementing reactive and distributed systems in comparison with traditional methods. A side-by-side goal is to create a convenient publication language for describing parallel algorithms and distributed reactive systems. The offered model has advantages under certain conditions in comparison with other models of behavior description in the field of the description of asynchronous distributed reacting systems.

Audio-CAPTCHA prevents malicious bots from attacking Web services and provides Web accessibility for visually-impaired persons. Most of the conventional methods employ statistical noise to distort sounds and let users remember and spell the words, which are difficult and laborious work for humans. In this paper, we utilize the difficulty on speaker-independent recognition for ASR machines instead of distortion with statistical noise. Our scheme synthesizes various voices by changing voice speed, pitch and native language of speakers. Moreover, we employ semantic identification problems between random phoneme sequences and meaningful words to release users from remembering and spelling words, so it improves the accuracy of humans and usability. We also evaluated our scheme in several experiments.

Recent increases in the field of infrastructure has led to the emerging of cloud computing a virtualized computing platform. This technology provides a lot of pros like rapid elasticity, ubiquitous network access and on-demand access etc. Compare to other technologies cloud computing provides many essential services. As the elasticity and scalability increases the chance for vulnerability of the system is also high. There are many known and unknown security risks and challenges present in this environment. In this research an environment is proposed which can handle security issues and deploys various security levels. The system handles the security of various infrastructure like VM and also handles the Dynamic infrastructure request control. One of the key feature of proposed approach is Dual authorization in which all account related data will be authorized by two privileged administrators of the cloud. The auto scalability feature of the cloud is be made secure for on-demand service request handling by providing an on-demand scheduler who will process the on-demand request and assign the required infrastructure. Combining these two approaches provides a secure environment for cloud users as well as handle On-demand Infrastructure request.

Software-defined networks provide new facilities for deploying security mechanisms dynamically. In particular, it is possible to build and adjust security chains to protect the infrastructures, by combining different security functions, such as firewalls, intrusion detection systems and services for preventing data leakage. It is important to ensure that these security chains, in view of their complexity and dynamics, are consistent and do not include security violations. We propose in this paper an automated strategy for supporting the verification of security chains in software-defined networks. It relies on an architecture integrating formal verification methods for checking both the control and data planes of these chains, before their deployment. We describe algorithms for translating specifications of security chains into formal models that can then be verified by SMT1 solving or model checking. Our solution is prototyped as a package, named Synaptic, built as an extension of the Frenetic family of SDN programming languages. The performances of our approach are evaluated through extensive experimentations based on the CVC4, veriT, and nuXmv checkers.

Quantum Key Distribution (QKD) allows two parties to establish a shared secret key secure against an all-powerful adversary. Typically, one designs new QKD protocols and then analyzes their maximal tolerated noise mathematically. If the noise in the quantum channel connecting the two parties is higher than this threshold value, they must abort. In this paper we design and evaluate a new real-coded Genetic Algorithm which takes as input statistics on a particular quantum channel (found using standard channel estimation procedures) and outputs a QKD protocol optimized for the specific given channel. We show how this method can be used to find QKD protocols for channels where standard protocols would fail.

The process of digitalisation has an advanced impact on social lives, state affairs, and the industrial automation domain. Ubiquitous networks and the increased requirements in terms of Quality of Service (QoS) create the demand for future-proof network management. Therefore, new technological approaches, such as Software-Defined Networks (SDN) or the 5G Network Slicing concept, are considered. However, the important topic of cyber security has mainly been ignored in the past. Recently, this topic has gained a lot of attention due to frequently reported security related incidents, such as industrial espionage, or production system manipulations. Hence, this work proposes a concept for adding cyber security requirements to future network management paradigms. For this purpose, various security related standards and guidelines are available. However, these approaches are mainly static, require a high amount of manual efforts by experts, and need to be performed in a steady manner. Therefore, the proposed solution contains a dynamic, machine-readable, automatic, continuous, and future-proof approach to model and describe cyber security QoS requirements for the next generation network management.

The process of digitalisation has an advanced impact on social lives, state affairs, and the industrial automation domain. Ubiquitous networks and the increased requirements in terms of Quality of Service (QoS) create the demand for future-proof network management. Therefore, new technological approaches, such as Software-Defined Networks (SDN) or the 5G Network Slicing concept, are considered. However, the important topic of cyber security has mainly been ignored in the past. Recently, this topic has gained a lot of attention due to frequently reported security related incidents, such as industrial espionage, or production system manipulations. Hence, this work proposes a concept for adding cyber security requirements to future network management paradigms. For this purpose, various security related standards and guidelines are available. However, these approaches are mainly static, require a high amount of manual efforts by experts, and need to be performed in a steady manner. Therefore, the proposed solution contains a dynamic, machine-readable, automatic, continuous, and future-proof approach to model and describe cyber security QoS requirements for the next generation network management.

Although anti-virus software has significantly evolved over the last decade, classic signature matching based on byte patterns is still a prevalent concept for identifying security threats. Anti-virus signatures are a simple and fast detection mechanism that can complement more sophisticated analysis strategies. However, if signatures are not designed with care, they can turn from a defensive mechanism into an instrument of attack. In this paper, we present a novel method for automatically deriving signatures from anti-virus software and discuss how the extracted signatures can be used to attack sensible data with the aid of the virus scanner itself. To this end, we study the practicability of our approach using four commercial products and exemplary demonstrate anti-virus assisted attacks in three different scenarios.

Cloud computing has become an irreversible trend. Together comes the pressing need for verifiability, to assure the client the correctness of computation outsourced to the cloud. Existing verifiable computation techniques all have a high overhead, thus if being deployed in the clouds, would render cloud computing more expensive than the on-premises counterpart. To achieve verifiability at a reasonable cost, we leverage game theory and propose a smart contract based solution. In a nutshell, a client lets two clouds compute the same task, and uses smart contracts to stimulate tension, betrayal and distrust between the clouds, so that rational clouds will not collude and cheat. In the absence of collusion, verification of correctness can be done easily by crosschecking the results from the two clouds. We provide a formal analysis of the games induced by the contracts, and prove that the contracts will be effective under certain reasonable assumptions. By resorting to game theory and smart contracts, we are able to avoid heavy cryptographic protocols. The client only needs to pay two clouds to compute in the clear, and a small transaction fee to use the smart contracts. We also conducted a feasibility study that involves implementing the contracts in Solidity and running them on the official Ethereum network.

Organizations develop technical and procedural measures to protect information systems. Relying only on technical based security solutions is not enough. Organizations must consider technical security solutions along with social, human, and organizational factors. The human element represents the employees (insiders) who use the information systems and other technology resources in their day-to-day operations. ISP awareness is essential to protect organizational information systems. This study adapts the Innovation Diffusion Theory to examine the antecedents of ISP awareness and its impact on the satisfaction with ISP and security practices. A sample of 236 employees in universities in the United States is collected to evaluate the research model. Results indicated that ISP quality, self-efficacy, and technology security awareness significantly impact ISP awareness. The current study presents significant contributions toward understanding the antecedents of ISP awareness and provides a starting point toward including satisfaction aspect in information security behavioral domain.

The Internet of Things (IoT) technology has a potential to bring the benefits of intelligently interconnecting not just computers and humans, but most of everyday things. IoT has a promise of opening significant business process improvement opportunities leading to economic growth and cost reductions. However, there are many challenges facing IoT, including significant scalability and security challenges due to the integration of potentially huge number of things into the network. Many of scalability and security issues stem from a centralized, primarily client/server, architecture of IoT systems and frameworks. Blockchain technology, as a relativelly new approach to decentralized computation and assets management and transfer, has a potential to help solve a number of scalability and security issues that IoT is facing, primarilly through the removal of centralized points of failure for such systems. As such, blockchain technology and IoT integration provides a promising direction and it has recently generated significant research interest, e.g., [4]. In this talk, we present our experiences based on our recent project in enhancing security and privacy in decentralized energy trading in smart grids using blockchain, multi-signatures and anonymous messaging streams [1], that has built upon our previous work on Bitcoin-based decentralized carbon emissions trading infrastructure model [2]. In particular, we present the blockchain systems security issues within the context of IoT security and privacy requirements [3]. This is done with the intention of producing an early integrated security model for blockchain-powered IoT systems [5]. The presentation is constrained to the discussion of the architecture-level requirements [6]. Finally, we will present the main opportunity loss if the integration ignores the full realization of the real-world asset transaction paradigm.

Neural networks (NNs) are currently a very popular topic in machine learning for both research and practice. GPUs are the dominant computing platform for research efforts and are also gaining popularity as a deployment platform for applications such as autonomous vehicles. As a result, GPU vendors such as NVIDIA have spent enormous effort to write special-purpose NN libraries. On other hardware targets, especially mobile GPUs, such vendor libraries are not generally available. Thus, the development of portable, open, high-performance, energy-efficient GPU code for NN operations would enable broader deployment of NN-based algorithms. A root problem is that high efficiency GPU programming suffers from high complexity, low productivity, and low portability. To address this, this work presents a framework to enable productive, high-efficiency GPU programming for NN computations across hardware platforms and programming models. In particular, the framework provides specific support for metaprogramming and autotuning of operations over ND-Arrays. To show the correctness and value of our framework and approach, we implement a selection of NN operations, covering the core operations needed for deploying three common image-processing neural networks. We target three different hardware platforms: NVIDIA, AMD, and Qualcomm GPUs. On NVIDIA GPUs, we show both portability between OpenCL and CUDA as well competitive performance compared to the vendor library. On Qualcomm GPUs, we show that our framework enables productive development of target-specific optimizations, and achieves reasonable absolute performance. Finally, On AMD GPUs, we show initial results that indicate our framework can yield reasonable performance on a new platform with minimal effort.

Bitcoin owes its success to the fact that transactions are transparently recorded in the blockchain, a global public ledger that removes the need for trusted parties. Unfortunately, recording every transaction in the blockchain causes privacy, latency, and scalability issues. Building on recent proposals for "micropayment channels" — two party associations that use the ledger only for dispute resolution — we introduce techniques for constructing anonymous payment channels. Our proposals allow for secure, instantaneous and private payments that substantially reduce the storage burden on the payment network. Specifically, we introduce three channel proposals, including a technique that allows payments via untrusted intermediaries. We build a concrete implementation of our scheme and show that it can be deployed via a soft fork to existing anonymous currencies such as ZCash.

Android allows 20 consecutive fail attempts on unlocking a device. This makes it difficult for pure guessing attacks to crack user patterns on a stolen device before it permanently locks itself. We investigate the effectiveness of combining Markov model-based guessing attacks with smudge attacks on unlocking Android devices within 20 attempts. Detected smudges are used to pre-compute all the possible segments and patterns, significantly reducing the pattern space that needs to be brute-forced. Our Markov-model was trained using 70% of a real-world pattern dataset that consists of 312 patterns. We recruited 12 participants to draw the remaining 30% on Samsung Galaxy S4, and used smudges they left behind to analyze the performance of the combined attack. Our results show that this combined method can significantly improve the performance of pure guessing attacks, cracking 74.17% of patterns compared to just 13.33% when the Markov model-based guessing attack was performed alone—those results were collected from a naive usage scenario where the participants were merely asked to unlock a given device. Even under a more complex scenario that asked the participants to use the Facebook app for a few minutes—obscuring smudges were added as a result—our combined attack, at 31.94%, still outperformed the pure guessing attack at 13.33%. Obscuring smudges can significantly affect the performance of smudge-based attacks. Based on this finding, we recommend that a mitigation technique should be designed to help users add obscurity, e.g., by asking users to draw a second random pattern upon unlocking a device.

Just-in-time return-oriented programming (JIT-ROP) is a powerful memory corruption attack that bypasses various forms of code randomization. Execute-only memory (XOM) can potentially prevent these attacks, but requires source code. In contrast, destructive code reads (DCR) provide a trade-off between security and legacy compatibility. The common belief is that DCR provides strong protection if combined with a high-entropy code randomization. The contribution of this paper is twofold: first, we demonstrate that DCR can be bypassed regardless of the underlying code randomization scheme. To this end, we show novel, generic attacks that infer the code layout for highly randomized program code. Second, we present the design and implementation of BGDX (Byte-Granular DCR and XOM), a novel mitigation technique that protects legacy binaries against code inference attacks. BGDX enforces memory permissions on a byte-granular level allowing us to combine DCR and XOM for legacy, off-the-shelf binaries. Our evaluation shows that BGDX is not only effective, but highly efficient, imposing only a geometric mean performance overhead of 3.95 % on SPEC.

Bluetooth Low Energy (BLE) Beacons introduced a novel technology that enables devices to advertise their presence in an area by constantly broadcasting a static unique identifier. The aim was to enhance services with location and context awareness. Although the hardware components of typical BLE Beacons systems are able to support adequate cryptography, the design and implementation of most publicly available BLE Beacon protocols appears to render them vulnerable to a plethora of attacks. Indeed, in this paper, we were able to perform user tracking, user behavior monitoring, spoofing as well as denial of service (DoS) of many supported services. Our aim is to show that these attacks stem from design flaws of the underlying protocols and assumptions made for the BLE beacons protocols. Using a clearly defined threat model, we provide a formal analysis of the adversarial capabilities and requirements and the attack impact on security and privacy for the end-user. Contrary to popular belief, BLE technology can be exploited even by low-skilled adversaries leading to exposure of user information. To demonstrate our attacks in practice, we selected Apple's iBeacon technology, as a case study. However, our analysis can be easily generalized to other BLE Beacon technologies.

Logging mechanisms that capture detailed traces of user activity, including creating, reading, updating, and deleting (CRUD) data, facilitate meaningful forensic analysis following a security or privacy breach. However, software requirements often inadequately and inconsistently state “what” user actions should be logged, thus hindering meaningful forensic analysis. In this talk, we will explore a variety of techniques for building a software system that supports forensic analysis. We will discuss systematic heuristics-driven and patterns-driven processes for identifying log events that must be logged based on user actions and potential accidental and malicious use, as described in natural language software artifacts. We then discuss systematic process for creating a black-box test suite for verifying the identified log events are logged. Using the results of executing the black-box test suite, we propose and evaluate a security metric for measuring the forensic-ability of user activity logs.

The coming generation of Internet-of-Things (IoT) applications will process massive amounts of incoming data while supporting data mining and online learning. In cases with demanding real-time requirements, such systems behave as smart memories: a high-bandwidth service that captures sensor input, processes it using machine-learning tools, replicates and stores "interesting" data (discarding uninteresting content), updates knowledge models, and triggers urgently-needed responses. Derecho is a high-throughput library for building smart memories and similar services. At its core Derecho implements atomic multicast (Vertical Paxos) and state machine replication (the classic durable Paxos). Derecho's replicated\textbackslashtextlessT\textbackslashtextgreater template defines a replicated type; the corresponding objects are associated with subgroups, which can be sharded into key-value structures. The persistent\textbackslashtextlessT\textbackslashtextgreater and volatile\textbackslashtextlessT\textbackslashtextgreater storage templates implement version vectors with optional NVM persistence. These support time-indexed access, offering lock-free snapshot isolation that blends temporal precision and causal consistency. Derecho automates application management, supporting multigroup structures and providing consistent knowledge of the current membership mapping. A query can access data from many shards or subgroups, and consistency is guaranteed without any form of distributed locking. Whereas many systems run consensus on the critical path, Derecho requires consensus only when updating membership. By leveraging an RDMA data plane and NVM storage, and adopting a novel receiver-side batching technique, Derecho can saturate a 12.5GB RDMA network, sending millions of events per second in each subgroup or shard. In a single subgroup with 2–16 members, through-put peaks at 16 GB/s for large (100MB or more) objects. While key-value subgroups would typically use 2 or 3-member shards, unsharded subgroups could be large. In tests with a 128-member group, Derecho's multicast and Paxos protocols were just 3–5x slower than for a small group, depending on the traffic pattern. With network contention, slow members, or overlapping groups that generate concurrent traffic, Derecho's protocols remain stable and adapt to the available bandwidth.

Defending against malware involves analysing large amounts of suspicious samples. To deal with such quantities we rely heavily on automatic approaches to determine whether a sample is malicious or not. Unfortunately, complete and precise automatic analysis of malware is far from an easy task. This is because malware is often designed to contain several techniques and countermeasures specifically to hinder analysis. One of these techniques is for the malware to propagate through the operating system so as to execute in the context of benign processes. The malware does this by writing memory to a given process and then proceeds to have this memory execute. In some cases these propagations are trivial to capture because they rely on well-known techniques. However, in the cases where malware deploys novel code injection techniques, rely on code-reuse attacks and potentially deploy dynamically generated code, the problem of capturing a complete and precise view of the malware execution is non-trivial. In this paper we present a unified approach to tracing malware propagations inside the host in the context of code injections and code-reuse attacks. We also present, to the knowledge of the authors, the first approach to identifying dynamically generated code based on information-flow analysis. We implement our techniques in a system called Tartarus and match Tartarus with both synthetic applications and real-world malware. We compare Tartarus to previous works and show that our techniques substantially improve the precision for collecting malware execution traces, and that our approach can capture intrinsic characteristics of novel code injection techniques.

Smartphones have become a prominent part of our technology driven world. When it comes to uncovering, analyzing and submitting evidence in today's criminal investigations, mobile phones play a more critical role. Thus, there is a strong need for software tools that can help investigators in the digital forensics field effectively analyze smart phone data to solve crimes. This paper will accentuate how digital forensic tools assist investigators in getting data acquisition, particularly messages, from applications on iOS smartphones. In addition, we will lay out the framework how to build a tool for verifying data integrity for any digital forensics tool.

In this paper we discuss building large scale virtual reality reconstructions of historical heritage sites and populating it with crowds of virtual agents. Such agents are capable of performing complex actions, while respecting the cultural and historical accuracy of agent behaviour. In many commercial video games such agents either have very limited range of actions (resulting primitive behaviour) or are manually designed (resulting high development costs). In contrast, we follow the principles of automatic goal generation and automatic planning. Automatic goal generation in our approach is achieved through simulating agent needs and then producing a goal in response to those needs that require satisfaction. Automatic planning refers to techniques that are concerned with producing sequences of actions that can successfully change the state of an agent to the state where its goals are satisfied. Classical planning algorithms are computationally costly and it is difficult to achieve real-time performance for our problem domain with those. We explain how real-time performance can be achieved with Case-Based Planning, where agents build plan libraries and learn how to reuse and combine existing plans to archive their dynamically changing goals. We illustrate the novelty of our approach, its complexity and associated performance gains through a case-study focused on developing a virtual reality reconstruction of an ancient Mesopotamian settlement in 5000 B.C.