Biblio

The high mobility of Army tactical networks, combined with their close proximity to hostile actors, elevates the risks associated with short-range network attacks. The connectivity model for such short range connections under active operations is extremely fluid, and highly dependent upon the physical space within which the element is operating, as well as the patterns of movement within that space. To handle these dependencies, we introduce the notion of "key cyber-physical terrain": locations within an area of operations that allow for effective control over the spread of proximity-dependent malware in a mobile tactical network, even as the elements of that network are in constant motion with an unpredictable pattern of node-to-node connectivity. We provide an analysis of movement models and approximation strategies for finding such critical nodes, and demonstrate via simulation that we can identify such key cyber-physical terrain quickly and effectively.

With millions of apps available to users, the mobile app market is rapidly becoming very crowded. Given the intense competition, the time to market is a critical factor for the success and profitability of an app. In order to shorten the development cycle, developers often focus their efforts on the unique features and workflows of their apps and rely on third-party Open Source Software (OSS) for the common features. Unfortunately, despite their benefits, careless use of OSS can introduce significant legal and security risks, which if ignored can not only jeopardize security and privacy of end users, but can also cause app developers high financial loss. However, tracking OSS components, their versions, and interdependencies can be very tedious and error-prone, particularly if an OSS is imported with little to no knowledge of its provenance. We therefore propose OSSPolice, a scalable and fully-automated tool for mobile app developers to quickly analyze their apps and identify free software license violations as well as usage of known vulnerable versions of OSS. OSSPolice introduces a novel hierarchical indexing scheme to achieve both high scalability and accuracy, and is capable of efficiently comparing similarities of app binaries against a database of hundreds of thousands of OSS sources (billions of lines of code). We populated OSSPolice with 60K C/C++ and 77K Java OSS sources and analyzed 1.6M free Google Play Store apps. Our results show that 1) over 40K apps potentially violate GPL/AGPL licensing terms, and 2) over 100K of apps use known vulnerable versions of OSS. Further analysis shows that developers violate GPL/AGPL licensing terms due to lack of alternatives, and use vulnerable versions of OSS despite efforts from companies like Google to improve app security. OSSPolice is available on GitHub.

Since the first whole-genome sequencing, the biomedical research community has made significant steps towards a more precise, predictive and personalized medicine. Genomic data is nowadays widely considered privacy-sensitive and consequently protected by strict regulations and released only after careful consideration. Various additional types of biomedical data, however, are not shielded by any dedicated legal means and consequently disseminated much less thoughtfully. This in particular holds true for DNA methylation data as one of the most important and well-understood epigenetic element influencing human health. In this paper, we show that, in contrast to the aforementioned belief, releasing one's DNA methylation data causes privacy issues akin to releasing one's actual genome. We show that already a small subset of methylation regions influenced by genomic variants are sufficient to infer parts of someone's genome, and to further map this DNA methylation profile to the corresponding genome. Notably, we show that such re-identification is possible with 97.5% accuracy, relying on a dataset of more than 2500 genomes, and that we can reject all wrongly matched genomes using an appropriate statistical test. We provide means for countering this threat by proposing a novel cryptographic scheme for privately classifying tumors that enables a privacy-respecting medical diagnosis in a common clinical setting. The scheme relies on a combination of random forests and homomorphic encryption, and it is proven secure in the honest-but-curious model. We evaluate this scheme on real DNA methylation data, and show that we can keep the computational overhead to acceptable values for our application scenario.

Reversible circuits are vulnerable to intellectual property and integrated circuit piracy. To show these vulnerabilities, a detailed understanding on how to identify the function embedded in a reversible circuit is crucial. To obtain the embedded function, one needs to know the synthesis approach used to generate the reversible circuit in the first place. We present a machine learning based scheme to identify the synthesis approach using telltale signs in the design.

Transparent environments and social-coding platforms as GitHub help developers to stay abreast of changes during the development and maintenance phase of a project. Especially, notification feeds can help developers to learn about relevant changes in other projects. Unfortunately, transparent environments can quickly overwhelm developers with too many notifications, such that they loose the important ones in a sea of noise. Complementing existing prioritization and filtering strategies based on binary compatibility and code ownership, we develop an anomaly-detection mechanism to identify unusual commits in a repository, that stand out with respect to other changes in the same repository or by the same developer. Among others, we detect exceptionally large commits, commits at unusual times, and commits touching rarely changed file types given the characteristics of a particular repository or developer. We automatically flag unusual commits on GitHub through a browser plugin. In an interactive survey with 173 active GitHub users, rating commits in a project of their interest, we found that, though our unusual score is only a weak predictor of whether developers want to be notified about a commit, information about unusual characteristics of a commit change how developers regard commits. Our anomaly-detection mechanism is a building block for scaling transparent environments.

This tutorial provides a thorough review of the main research directions in the field of identity management and identity related security threats in Online Social Networks (OSNs). The continuous increase in the numbers and sophistication levels of fake accounts constitutes a big threat to the privacy and to the security of honest OSN users. Uninformed OSN users could be easily fooled into accepting friendship links with fake accounts, giving them by that access to personal information they intend to exclusively share with their real friends. Moreover, these fake accounts subvert the security of the system by spreading malware, connecting with honest users for nefarious goals such as sexual harassment or child abuse, and make the social computing environment mostly untrustworthy. The tutorial introduces the main available research results available in this area, and presents our work on collaborative identity validation techniques to estimate OSN profiles trustworthiness.

Often considered as the brain of an industrial process, Industrial control systems are presented as the vital part of today's critical infrastructure due to their crucial role in process control and monitoring. Any failure or error in the system will have a considerable damage. Their openness to the internet world raises the risk related to cyber-attacks. Therefore, it's necessary to consider cyber security challenges while designing an ICS in order to provide security services such as authentication, integrity, access control and secure communication channels. To implement such services, it's necessary to provide an efficient key management system (KMS) as an infrastructure for all cryptographic operations, while preserving the functional characteristics of ICS. In this paper we will analyze existing KMS and their suitability for ICS, then we propose a new KMS based on Identity Based Cryptography (IBC) as a better alternative to traditional KMS. In our proposal, we consider solving two security problems in IBC which brings it up to be more suitable for ICS.

Personalization, recommendations, and user modeling can be pow- erful tools to improve people?s experiences with technology and to help them nd information. However, we also know that people underestimate how much of their personal information is used by our technology and they generally do not understand how much algorithms can discover about them. Both privacy and ethical tech- nology have issues of consent at their heart. This talk will look at how to consider issues of privacy and consent when users cannot explicitly state their preferences, The Creepy Factor, and how to balance users? concerns with the bene ts personalized technology can o er.

With the amount of user-contributed image data increasing, it is a potential threat for users that everyone may have the access to gain privacy information. To reduce the possibility of the loss of real information, this paper combines homomorphic encryption scheme and image feature extraction to provide a guarantee for users' privacy. In this paper, the whole system model mainly consists of three parts, including social network service providers (SP), the Interested party (IP) and the applications. Except for the image preprocessing phase, the main operations of feature extraction are conducted in ciphertext domain, which means only SP has the access to the privacy of the users. The extraction algorithm is used to obtain a multi-dimensional histogram descriptor as image feature for each image. As a result, the histogram descriptor can be extracted correctly in encrypted domain in an acceptable time. Besides, the extracted feature can represent the image effectively because of relatively high accuracy. Additionally, many different applications can be conducted by using the encrypted features because of the support of our encryption scheme.

There have been a growing number of interests in using the convolutional neural network(CNN) in image forensics, where some excellent methods have been proposed. Training the randomly initialized model from scratch needs a big amount of training data and computational time. To solve this issue, we present a new method of training an image forensic model using prior knowledge transferred from the existing steganalysis model. We also find out that CNN models tend to show poor performance when tested on a different database. With knowledge transfer, we are able to easily train an excellent model for a new database with a small amount of training data from the new database. Performance of our models are evaluated on Bossbase and BOW by detecting five forensic types, including median filtering, resampling, JPEG compression, contrast enhancement and additive Gaussian noise. Through a series of experiments, we demonstrate that our proposed method is very effective in two scenario mentioned above, and our method based on transfer learning can greatly accelerate the convergence of CNN model. The results of these experiments show that our proposed method can detect five different manipulations with an average accuracy of 97.36%.

Conducted emission of motors is a domain of interest for EMC as it may introduce disturbances in the system in which they are integrated. Nevertheless few publications deal with the susceptibility of motors, and especially, servomotors despite this devices are more and more used in automated production lines as well as for robotics. Recent papers have been released devoted to the possibility of compromising such systems by cyber-attacks. One could imagine the use of smart intentional electromagnetic interference to modify their behavior or damage them leading in the modification of the industrial process. This paper aims to identify the disturbances that may affect the behavior of a Commercial Off-The-Shelf servomotor when exposed to an electromagnetic field and the criticality of the effects with regards to its application. Experiments have shown that a train of radio frequency pulses may induce an erroneous reading of the position value of the servomotor and modify in an unpredictable way the movement of the motor's axis.

Caching query results is an efficient technique for Web search engines. A state-of-the-art approach named Static-Dynamic Cache (SDC) is widely used in practice. Replacement policy is the key factor on the performance of cache system, and has been widely studied such as LIRS, ARC, CLOCK, SKLRU and RANDOM in different research areas. In this paper, we discussed replacement policies for static-dynamic cache and conducted the experiments on real large scale query logs from two famous commercial Web search engine companies. The experimental results show that ARC replacement policy could work well with static-dynamic cache, especially for large scale query results cache.

Human activity recognition is one of the important research topics in computer vision and video understanding. It is often assumed that high quality video sequences are available for recognition. However, relaxing such a requirement and implementing robust recognition using videos having reduced data rates can achieve efficiency in storing and transmitting video data. Three-dimensional video scalability, which refers to the possibility of reducing spatial, temporal, and quality resolutions of videos, is an effective way for flexible representation and management of video data. In this paper, we investigate the impact of the video scalability on multi-view activity recognition. We employ both a spatiotemporal feature extraction-based method and a deep learning-based method using convolutional and recurrent neural networks. The recognition performance of the two methods is examined, along with in-depth analysis regarding how their performance vary with respect to various scalability combinations. In particular, we demonstrate that the deep learning-based method can achieve significantly improved robustness in comparison to the feature-based method. Furthermore, we investigate optimal scalability combinations with respect to bitrate in order to provide useful guidelines for an optimal operation policy in resource-constrained activity recognition systems.

MANETs have been focusing the interest of researchers for several years. The new scenarios where MANETs are being deployed make that several challenging issues remain open: node scalability, energy efficiency, network lifetime, Quality of Service (QoS), network overhead, data privacy and security, and effective routing. This latter is often seen as key since it frequently constrains the performance of the overall network. Location-based routing protocols provide a good solution for scalable MANETs. Although several location-based routing protocols have been proposed, most of them rely on error-free positions. Only few studies have focused so far on how positioning error affects the routing performance; also, most of them consider outdated solutions. This paper is aimed at filling this gap, by studying the impact of the error in the position of the nodes of two location-based routing protocols: DYMOselfwd and AODV-Line. These protocols were selected as they both aim at reducing the routing overhead. Simulations considering different mobility patterns in a dense network were conducted, so that the performance of these protocols can be assessed under ideal (i.e. error-less) and realistic (i.e. with error) conditions. The results show that AODV-Line builds less reliable routes than DYMOselfwd in case of error in the position information, thus increasing the routing overhead.

The protection of confidential information has become very important with the increase of data sharing and storage on public domains. Data confidentiality is accomplished through the use of ciphers that encrypt and decrypt the data to impede unauthorized access. Emerging heterogeneous platforms provide an ideal environment to use hardware acceleration to improve application performance. In this paper, we explore the performance benefits of an AES hardware accelerator versus the software implementation for multiple cipher modes on the Zynq 7000 All-Programmable System-on-a-Chip (SoC). The accelerator is implemented on the FPGA fabric of the SoC and utilizes DMA for interfacing to the CPU. File encryption and decryption of varying file sizes are used as the workload, with execution time and throughput as the metrics for comparing the performance of the hardware and software implementations. The performance evaluations show that the accelerated AES operations achieve a speedup of 7 times relative to its software implementation and throughput upwards of 350 MB/s for the counter cipher mode, and modest improvements for other cipher modes.

In the field of communication, the need for cryptography is growing faster, so it is very difficult to achieve the objectives of cryptography such as confidentiality, data integrity, non-repudiation. To ensure data security, key scheduling and key management are the factors which the algorithm depends. In this paper, the enciphering and deciphering process of the SERPENT algorithm is done using the graphical programming tool. It is an algorithm which uses substitution permutation network procedure which contains round function including key scheduling, s-box and linear mixing stages. It is fast and easy to actualize and it requires little memory.

Motivated by recent attacks like the Australian census website meltdown in 2016, this paper proposes a system for high-level specification and synthesis of intents for Geo-Blocking and IP Spoofing protection at a Software Defined Interconnect. In contrast to todays methods that use expensive custom hardware and/or manual configuration, our solution allows the operator to specify high-level intents, which are automatically compiled to flow-level rules and pushed into the interconnect fabric. We define a grammar for specifying the security policies, and a compiler for converting these to connectivity rules. We prototype our system on the open-source ONOS Controller platform, demonstrate its functionality in a multi-domain SDN fabric interconnecting legacy border routers, and evaluate its performance and scalability in blocking DDoS attacks.

Recent studies have shown that adding explicit social trust information to social recommendation significantly improves the prediction accuracy of ratings, but it is difficult to obtain a clear trust data among users in real life. Scholars have studied and proposed some trust measure methods to calculate and predict the interaction and trust between users. In this article, a method of social trust relationship extraction based on hellinger distance is proposed, and user similarity is calculated by describing the f-divergence of one side node in user-item bipartite networks. Then, a new matrix factorization model based on implicit social relationship is proposed by adding the extracted implicit social relations into the improved matrix factorization. The experimental results support that the effect of using implicit social trust to recommend is almost the same as that of using actual explicit user trust ratings, and when the explicit trust data cannot be extracted, our method has a better effect than the other traditional algorithms.

In the present time, there has been a huge increase in large data repositories by corporations, governments, and healthcare organizations. These repositories provide opportunities to design/improve decision-making systems by mining trends and patterns from the data set (that can provide credible information) to improve customer service (e.g., in healthcare). As a result, while data sharing is essential, it is an obligation to maintaining the privacy of the data donors as data custodians have legal and ethical responsibilities to secure confidentiality. This research proposes a 2-layer privacy preserving (2-LPP) data sanitization algorithm that satisfies ε-differential privacy for publishing sanitized data. The proposed algorithm also reduces the re-identification risk of the sanitized data. The proposed algorithm has been implemented, and tested with two different data sets. Compared to other existing works, the results obtained from the proposed algorithm show promising performance.

The Radio Frequency Identification (RFID), as one of the key technologies in sensing layer of the Internet of Things (IoT) framework, has increasingly been deployed in a wide variety of application domains. But the reliability of RFID is still a great concern. This article introduces the group management of RFID passwords method, come up with by YUICHI KOBAYASHI and other researchers, which aimed to reduce the risk of privacy disclosure. But for reason that the password and pass key in the method, which are set to protect the ID, doesn't change and the ID is transmitted directly in the unsafe channel, it causes serious vulnerabilities that may be used by resourceful adversary. Thus, we proposed an improved method by using the random number to encrypt the password and switching the password into the temporally valid information. Besides, the protocol encrypts the ID during to avoid the direct transmission situation significantly increases the reliability.

There is widening chasm between the ease of creating software and difficulty of "building security in". This paper reviews the approach, the findings and recent experiments from a seven-year effort to enable consistency across a large, diverse development organization and software portfolio via policies, guidance, automated tools and services. Experience shows that developing secure software is an elusive goal for most. It requires every team to know and apply a wide range of security knowledge in the context of what software is being built, how the software will be used, and the projected threats in the environment where the software will operate. The drive for better outcomes for secure development and increased developer productivity led to experiments to augment developer knowledge and eventually realize the goal of "building the right security in".

Power is increasingly the limiting factor in High Performance Computing (HPC) at Exascale and will continue to influence future advancements in supercomputing. Recent processors equipped with on-board hardware counters allow real time monitoring of operating conditions such as energy and temperature, in addition to performance measures such as instructions retired and memory accesses. An experimental memory study presented on modern CPU architectures, Intel Sandybridge and Haswell, identifies a metric, TORo\_core, that detects bandwidth saturation and increased latency. TORo-Core is used to construct a dynamic policy applied at coarse and fine-grained levels to modulate per-core power controls on Haswell machines. The coarse and fine-grained application of dynamic policy shows best energy savings of 32.1% and 19.5% with a 2% slowdown in both cases. On average for six MPI applications, the fine-grained dynamic policy speeds execution by 1% while the coarse-grained application results in a 3% slowdown. Energy savings through frequency reduction not only provide cost advantages, they also reduce resource contention and create additional thermal headroom for non-throttled cores improving performance.