International Conferences: Conference on Information Science and Control Engineering (ICISCE), Shanghai, China

 

	International Conferences: Conference on Information Science and Control Engineering (ICISCE)  Shanghai, China

The 2nd International Conference on Information Science and Control Engineering (ICISCE) was held in Shanghai, China on 24-26 April 2015.  While the conference covered a wide range of topics in computing and control systems, the works cited here focused specifically on security topics likely to be of interest to the Science of Security community.  

Zheng-Qi Kang; Ke-Wei Lv, "New Results on the Hardness of ElGamal and RSA Bits Based on Binary Expansions," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp.336,340, 24-26 April 2015. doi:10.1109/ICISCE.2015.81
Abstract: González Vasco et al. extend the area of application of algorithms for the hidden number problem in 2004. Using this extension and relations among the bits in and binary fraction expansion of x mod p/p, we present a probabilistic algorithm for some trapdoor functions to recover a hidden message when an imperfect oracle is given of predicting most significant bits in hidden message. We show that computing the most significant bit in message encrypted by ElGmal encryption function is as hard as computing the entire plaintext, and so is RSA.
Keywords: public key cryptography; ElGamal bits; ElGamal encryption function; RSA bits; binary expansions; imperfect oracle; probabilistic algorithm; trapdoor functions; Monte Carlo methods; Polynomials; Prediction algorithms; Probabilistic logic; Public key; ElGamal; Hidden Number Problem; Most Significant Bit; RSA (ID#: 15-6277)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120621&isnumber=7120439

Kai Guo; Pengyan Shen; Mingzhong Xiao; Quanqing Xu, "UBackup-II: A QoS-Aware Anonymous Multi-cloud Storage System," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp. 522, 527, 24-26 April 2015. doi:10.1109/ICISCE.2015.122
Abstract: We present UBackup-II, an anonymous storage overlay network based on personal multi-cloud storages, with flexible QoS awareness. We reform the original Tor protocol by extending the command set and adding a tail part to the Tor cell, which makes it possible for coordination among proxy servers and still keeps the anonymity. Thus, users can upload and download files secretly under the cover of several proxy servers. Moreover, users can develop a personalized QoS policy leading different hidden access patterns according to their own QoS requirement. We presented the design of UBackup-II in detail, analyzed the security policy and showed how different QoS policies works by conducting a simulating experiment.
Keywords: cloud computing; file servers; protocols; quality of service; security of data; storage management; QoS-aware anonymous multicloud storage system; Tor cell; Tor protocol; UBackup-II; anonymous storage overlay network; hidden access patterns; personal multicloud storage; personalized QoS policy; proxy servers; security policy; Cloud computing; Cryptography; Protocols; Quality of service; Servers; Writing; Personal Cloud Storage; Privacy Preserving; QoS (ID#: 15-6278)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120662&isnumber=7120439

Xiaoqi Ma, "Managing Identities in Cloud Computing Environments," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp. 290, 292, 24-26 April 2015. doi:10.1109/ICISCE.2015.71
Abstract: As cloud computing becomes a hot spot of research, the security issues of clouds raise concerns and attention from academic research community. A key area of cloud security is managing users' identities, which is fundamental and important to other aspects of cloud computing. A number of identity management frameworks and systems are introduced and analysed. Issues remaining in them are discussed and potential solutions and countermeasures are proposed.
Keywords: cloud computing; security of data; academic research community; cloud computing environments; cloud security; Authentication; Cloud computing; Computational modeling; Computer architecture; Identity management systems; Servers; Cloud computing; identity management; security (ID#: 15-6279)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120611&isnumber=7120439

Yuangang Yao; Jin Yi; Yanzhao Liu; Xianghui Zhao; Chenghao Sun, "Query Processing Based on Associated Semantic Context Inference," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp. 395, 399, 24-26 April 2015. doi:10.1109/ICISCE.2015.93
Abstract: Context-based query processing methods are used to capture user intents behind query inputs. General context models are not flexible or explicable enough for inference, because they are either static or implicit. This paper improves current context model and proposes a novel query processing approach based on associated semantic context inference. In our approach, the formal defined context is explicit, which is convenient to explore potential information during query processing. Furthermore, the context is dynamically constructed and further modified according to specific query tasks, which ensures the precision of context inference. For given query inputs, the approach builds concrete context models and refines queries based on semantic context inference. Finally, queries are translated into SPARQL for query engine. The experiment shows that the proposed approach can further improve query intents understanding to guarantee precision and recall in retrieval.
Keywords: SQL; inference mechanisms; query processing; SPARQL; context-based query processing methods; dynamically constructed context; explicit formal defined context; information retrieval; precision value; query engine; query inputs; query intent improvement; query refining; query tasks; recall value; semantic context inference; user intent capture; Biological system modeling; Context; Context modeling; Knowledge engineering; Query processing; Semantic Web; Semantics; Context inference; Query processing; Semantic context (ID#: 15-6280)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120633&isnumber=7120439

Guifen Zhao; Ying Li; Liping Du; Xin Zhao, "Asynchronous Challenge-Response Authentication Solution Based on Smart Card in Cloud Environment," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp. 156, 159, 24-26 April 2015. doi:10.1109/ICISCE.2015.42
Abstract: In order to achieve secure authentication, an asynchronous challenge-response authentication solution is proposed. SD key, encryption cards or encryption machine provide encryption service. Hash function, symmetric algorithm and combined secret key method are adopted while authenticating. The authentication security is guaranteed due to the properties of hash function, combined secret key method and one-time authentication token generation method. Generate random numbers, one-time combined secret key and one-time token on the basis of smart card, encryption cards and cryptographic technique, which can avoid guessing attack. Moreover, the replay attack is avoided because of the time factor. The authentication solution is applicable for cloud application systems to realize multi-factor authentication and enhance the security of authentication.
Keywords: cloud computing; message authentication; private key cryptography; smart cards; SD key; asynchronous challenge-response authentication solution; authentication security; cloud application systems; combined secret key method; cryptographic technique; encryption cards; encryption machine; encryption service; hash function; multifactor authentication; one-time authentication token generation method; one-time combined secret key; random number generation; replay attack; smart card; symmetric algorithm; time factor; Authentication; Encryption; Servers; Smart cards; Time factors; One-time password; asynchronous challenge-response authentication; multi-factor authentication; smart card (ID#: 15-6281)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120582&isnumber=7120439

Jinglong Zuo; Delong Cui; Yunfeng Gong; Mei Liu, "A Novel Image Encryption Algorithm Based on Lifting-Based Wavelet Transform," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp.33,36, 24-26 April 2015. doi:10.1109/ICISCE.2015.16
Abstract: In order to trade-off between computational effects and computational cost of present image encryption algorithm, a novel image encryption algorithm based on lifting-based wavelet transform is proposed in this paper. The image encryption process includes three steps: first the original image was divided into blocks, which were transformed by lifting based wavelet, secondly the wavelet domain coefficients were encryption by random mask which generated by user key, and finally employing Arnold scrambling to encrypt the coefficients. The security of proposed scheme is depended on the levels of wavelet transform, user key, and the times of Arnold scrambling. Theoretical analysis and experimental results demonstrate that the algorithm is favourable.
Keywords: cryptography; image processing; random processes; wavelet transforms; Arnold scrambling; computational cost; computational effects; image encryption algorithm; lifting-based wavelet transform; random mask; user key; wavelet domain coefficients; Correlation; Encryption; Entropy; Filter banks; Wavelet transforms; block-based transformation; fractional Fourier transform; image encryption; information security; random phase mask (ID#: 15-6282)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120556&isnumber=7120439

Min Yu; Chao Liu; Xinliang Qiu; Shuang Zhao; Kunying Liu; Bo Hu, "Modeling and Analysis of Information Theft Trojan Based on Stochastic Game Nets," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp. 318, 322, 24-26 April 2015. doi:10.1109/ICISCE.2015.77
Abstract: In the paper, we modelling for information theft Trojan based on Stochastic Game Nets (SGN), a novel modelling method which good at multirole game problem described, and has been applied in many fields of networks with interactive behaviors. Combination the SGN and practical problem, we present an algorithm for solving the equilibrium strategy to computer the model of SGN. Finally we analyse our research paper with some indicators, such as the probability of a successful theft and the average time of a successful theft. The results of the paper can also offer some consultations for user.
Keywords: invasive software; probability; stochastic games; SGN; information theft Trojan analysis; information theft Trojan modeling; interactive behaviors; multirole game problem; stochastic game nets; Analytical models; Games; Monitoring; Ports (Computers); Stochastic processes; Trojan horses; Information Theft Trojan; Nash Equilibrium; Security Analysis; Stochastic Game Nets (ID#: 15-6283)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120617&isnumber=7120439

Liu Yong-lei, "Defense of WPA/WPA2-PSK Brute Forcer," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp. 185, 188, 24-26 April 2015. doi:10.1109/ICISCE.2015.48
Abstract: With the appearance of high speed WPA/WPA-PSK brute forcer, the security of WLAN faces serious threats. The attackers can acquire PSK easily so as to decrypt all the traffics. To solve this problem, a series of defence schemes are proposed, including defence schemes for passive and active brute forcers. The schemes adopt active jammer and wireless packet injection. And then the theoretical analysis is processed and the implementation methods are given. In the last past, the conclusions are reached.
Keywords: computer network security; jamming; phase shift keying; telecommunication traffic; wireless LAN; WLAN security; WPA-WPA2-PSK brute forcer defense; active jammer; traffic decryption; wireless packet injection; Jamming; Microwave integrated circuits; Monitoring; Phase shift keying; Protocols; Wireless LAN; Wireless communication; PSK; WLAN; WPA; brute forcer (ID#: 15-6285)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120588&isnumber=7120439

Yangqing Zhu; Jun Zuo, "Research on Data Security Access Model of Cloud Computing Platform," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp. 424, 428, 24-26 April 2015. doi:10.1109/ICISCE.2015.99
Abstract: Cloud computing is a new Internet application mode, has very large scale, virtualization, high reliability, versatility and low cost characteristics. Cloud computing technologies can dynamically manage millions of the computer resources, and on demand assign to a global user. It appears to completely change the old Internet application mode. Since the data was stored in the remote cloud computing platform, thus brought new challenges to information security, for example, disclosure of data, hacker attacks, Trojans and viruses seriously threat user data security. A strict information security scheme must be established, then users can use cloud computing technologies. From based on USB key user authentication, based on attributes access control and data detection, the data security access of cloud computing platform was studied, to provide a secure solution for the user.
Keywords: authorisation; cloud computing; computer viruses; public key cryptography; virtualisation; Internet application mode; Trojans; USB key user authentication; access control; computer viruses; data detection; data disclosure; data security access model; data storage; dynamic computer resource management; hacker attacks; information security; remote cloud computing platform; strict-information security scheme; virtualization; Authentication; Certification; Cloud computing; Public key; Servers; Universal Serial Bus; Authentication; Cloud Computing; Model; Public Key Infrastructure; USB Key (ID#: 15-6286)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120639&isnumber=7120439

Ji-Li Luo; Meng-Jun Li; Jiang Jiang; Han-Lin You; Yin-Ye Li; Fang-Zhou Chen, "Combat Capability Assessment Approach of Strategic Missile Systems Based on Evidential Reasoning," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp. 665, 669, 24-26 April 2015. doi:10.1109/ICISCE.2015.153
Abstract: Combat capability assessment of strategic missiles systems is an important component of national security strategic decision-making. In view of the drawbacks existing in current system modelling methods, assessment indicators and assessment approaches, a model of combat system based on the operation loops is constructed. According to the system model and weapon properties, this paper proposes the system assessment indicators, calculates the weight value and devises the assignments of the indicators based on evidential reasoning and the assessment algorithm of systematic combat capability. The approach is proved to be effective by the examples of the typical equipment systems in the US Strategic Missile Force and in Russia's Strategic Missile Force.
Keywords: decision making; inference mechanisms; military aircraft; military computing; missiles; national security; Russia Strategic Missile Force; US Strategic Missile Force; combat capability assessment approach; evidential reasoning; national security strategic decision-making; operation loops; strategic missile systems; system assessment indicators; systematic combat capability; Cognition; Force; Missiles; Modeling; Peer-to-peer computing; Reliability; Strategic Missile Systems; combat capability assessment; evidential reasoning; operation loops (ID#: 15-6287)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120693&isnumber=7120439

Shi-Wei Zhao; Ze-Wen Cao; Wen-Sen Liu, "OSIA: Open Source Intelligence Analysis System Based on Cloud Computing and Domestic Platform," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp. 371, 375, 24-26 April 2015. doi:10.1109/ICISCE.2015.89
Abstract: Information safety is significant for state security, especially for intelligence service. OSIA (open source intelligence analyzing) system based on cloud computing and domestic platform is designed and implemented in this paper. For the sake of the security and utility of OSIA, all of the middleware and involved OS are compatible with domestic software. OSIA system concentrates on analyzing open source text intelligence and adopts self-designed distributed crawler system so that a closed circle is formed from intelligence acquisition to analysis process and push service. This paper also illustrates some typical applications of anti-terrorist, such as the "organizational member discovery" based on Stanford parser and cluster algorithm, the "member relation exhibition" based on paralleled PageRank algorithm and the like. The results of experiences show that the OSIA system is suitable for large scale textual intelligence analysis.
Keywords: cloud computing; data mining; grammars; middleware; parallel algorithms; public domain software; security of data; text analysis; OS; OSIA system; Stanford parser; antiterrorist; cloud computing; cluster algorithm; domestic platform; domestic software; information safety; intelligence acquisition; intelligence service; large scale textual intelligence analysis; member relation exhibition; middleware; open source intelligence analysis system; open source text intelligence; organizational member discovery; paralleled PageRank algorithm; push service; self-designed distributed crawler system; Algorithm design and analysis; Artificial intelligence; Crawlers; Operating systems; Security; Servers; Text mining; cloud computing; domestic platform; intelligence analysis system; text mining (ID#: 15-6288)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120629&isnumber=7120439

Lei-fei Xuan; Pei-fei Wu, "The Optimization and Implementation of Iptables Rules Set on Linux," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp. 988, 991, 24-26 April 2015. doi:10.1109/ICISCE.2015.223
Abstract: Firewall, as a mechanism of compulsory access control between the network or system, is an important means to ensure the network security. Firewall can be a very simple filter, but also it can be a carefully targeted gateway. But the principle is the same, which is monitoring and filtering all the information exchanged in internal and external networks. Linux as an open source operating system, is famous for it's stability and security.netfilter/iptables is a firewall system based on Linux which has a great function. This thesis first analysed the working principle of pintables, then introduced pintables rule set, and last proposed an effective algorithm to optimize the rules set which is implemented based on Linux system. In the part of implementation, some key code of the algorithm are given.
Keywords: Linux; authorisation; firewalls; public domain software; Linux system; compulsory access control mechanism; external networks; firewall system; information exchange; internal networks; iptables rules set implementation; iptables rules set optimization; key code; netfilter; network security; open source operating system; Control engineering; Information science; firewall; iptables; linux; optimization; rules set (ID#: 15-6289)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120763&isnumber=7120439

Rong-Tsu Wang; Chin-Tsu Chen, "Framework Building and Application of the Performance Evaluation in Marine Logistics Information Platform in Taiwan," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp. 245, 249, 24-26 April 2015. doi:10.1109/ICISCE.2015.61
Abstract: This paper has conducted a trial in establishing a systematic instrument for evaluating the performance of the marine information systems. Analytic Network Process (ANP) was introduced for determining the relative importance of a set of interdependent criteria concerned by the stakeholders (shipper/consignee, customer broker, forwarder, and container yard). Three major information platforms (MTNet, TradeVan, and Nice Shipping) in Taiwan were evaluated according to the criteria derived from ANP. Results show that the performance of marine information system can be divided into three constructs, namely: Safety and Technology (3 items), Service (3 items), and Charge (3 items). The Safety and Technology is the most important construct of marine information system evaluation, whereas Charger is the least important construct. This study give insights to improve the performance of the existing marine information systems and serve as the useful reference for the future freight information platform.
Keywords: analytic hierarchy process; containerisation; information systems; logistics data processing; marine engineering; ANP; MTNet; NiceShipping; Taiwan; TradeVan; analytic network process; charge construct; consignee; container yard; customer broker; forwarder; freight information platform; interdependent criteria;marine information systems; marine logistics information platform; performance evaluation; safety-and-technology construct; service construct; shipper; systematic instrument; Decision making; Information systems; Performance evaluation; Safety; Security; Supply chains; Transportation; Analytic Network Process; Logistics Information Platform; Marine; Performance (ID#: 15-6290)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120601&isnumber=7120439

Min Chen; Jie Xue, "Optimized Context Quantization for I-Ary Source," Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, pp. 367, 370, 24-26 April 2015. doi:10.1109/ICISCE.2015.88
Abstract: In this paper, the optimal Context quantization for the source is present. By considering correlations among values of source symbols, these conditional probability distributions are sorted by values of conditions firstly. Then the dynamic programming is used to implement the Context quantization. The description length of the Context model is used as the judgment parameter. Based on the criterion that the neighbourhood conditional probability distributions could be merged, our algorithm finds the optimal structure with minimum description length and the optimal Context quantization results could be achieved. The experiment results indicate that the proposed algorithm could achieve the similar result with other adaptive Context quantization algorithms with reasonable computational complexity.
Keywords: computational complexity; data compression; dynamic programming; image coding; probability; I-ary source; computational complexity; dynamic programming; neighbourhood conditional probability distribution; optimized context quantization; source symbol; Context; Context modeling; Dynamic programming; Heuristic algorithms; Image coding; Probability distribution; Quantization (signal); Context Quantization; Description Length; Dynamic Programming (ID#: 15-6291)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120628&isnumber=7120439

Patel, Subhash Chandra; Singh, Ravi Shankar; Jaiswal, Sumit, "Secure and Privacy Enhanced Authentication Framework for Cloud Computing," Electronics and Communication Systems (ICECS), 2015 2nd International Conference on, pp. 1631, 1634, 26-27 Feb. 2015. doi:10.1109/ECS.2015.7124863
Abstract: Cloud computing is a revolution in information technology. The cloud consumer outsources their sensitive data and personal information to cloud provider's servers which is not within the same trusted domain of data-owner so most challenging issues arises in cloud are data security users privacy and access control. In this paper we also have proposed a method to achieve fine grained security with combined approach of PGP and Kerberos in cloud computing. The proposed method provides authentication, confidentiality, integrity, and privacy features to Cloud Service Providers and Cloud Users.
Keywords: Access control; Authentication; Cloud computing; Cryptography; Privacy; Servers; Cloud computing; Kerberos; Pretty Good Privacy; access control; authentication; privacy; security (ID#: 15-6292)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7124863&isnumber=7124722

Kulkarni, S.A.; Patil, S.B., "A Robust Encryption Method for Speech Data Hiding in Digital Images for Optimized Security, " Pervasive Computing (ICPC), 2015 International Conference on, pp. 1, 5, 8-10 Jan. 2015. doi:10.1109/PERVASIVE.2015.7087134
Abstract: Steganography is a art of hiding information in a host signal. It is very important to hide the secret data efficiently, as many attacks made on the data communication. The host signal can be a still image, speech or video and the message signal that is hidden in the host signal can be a text, image or an audio signal. The cryptography concept is used for locking the secret message in the cover file. The cryptography makes the secret message not understood unless the decryption key is available. It is related with constructing and analyzing various methods that overcome the influence of third parties. Modern cryptography works on the disciplines like mathematics, computer science and electrical engineering. In this paper a symmetric key is developed which consists of reshuffling and secret arrangement of secret signal data bits in cover signal data bits. In this paper the authors have performed the encryption process on secret speech signal data bits-level to achieve greater strength of encryption which is hidden inside the cover image. The encryption algorithm applied with embedding method is the robust secure method for data hiding.
Keywords: cryptography; image coding; speech coding; steganography; cover image; cryptography concept; data communication; decryption key; digital images; embedding method; host signal; optimized security; robust encryption method; secret signal data bit reshuffling; secret signal data bit secret arrangement; speech data hiding; steganography; symmetric key; Encryption; Noise; Receivers; Robustness; Speech; Transmitters; Cover signal; Cryptography; Encryption; Secret key; Secret signal (ID#: 15-6293)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7087134&isnumber=7086957
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

International Conferences: Cyber and Information Security Research, Oak Ridge, TN

 

	International Conferences: Cyber and Information Security Research Oak Ridge, Tennessee

 

The 10th Annual Cyber and Information Security Research (CISR) Conference was held at Oak Ridge, Tennessee on April 7-9, 2015. The conference themes focused on Resilience: theory, practice, and tools for rapidly resuming critical functionality following a cyber disruption, or maintaining critical functionality during an ongoing attack; Situational Awareness (SA): tools and practice for providing SA for cyber defenders; Moving Target Defense: methods and tools for creating asymmetric uncertainty that favors defenders over attackers, or that increase the potential cost for attackers; and Cyber Physical Security: methods for protecting both national critical infrastructure and local embedded systems. The papers cited here were recovered on September 2, 2015.

Robert K. Abercrombie, Frederick T. Sheldon, Bob G. Schlicher. “Risk and Vulnerability Assessment Using Cybernomic Computational Models: Tailored for Industrial Control Systems." CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 18. Doi: 10.1145/2746266.2746284
Abstract: In cybersecurity, there are many influencing economic factors to weigh. This paper considers the defender-practitioner stakeholder points-of-view that involve cost combined with development and deployment considerations. Some examples include the cost of countermeasures, training and maintenance as well as the lost opportunity cost and actual damages associated with a compromise. The return on investment (ROI) from countermeasures comes from saved impact costs (i.e., losses from violating availability, integrity, confidentiality or privacy requirements). A measured approach that informs cybersecurity practice is pursued toward maximizing ROI. To this end for example, ranking threats based on their potential impact focuses security mitigation and control investments on the highest value assets, which represent the greatest potential losses. The traditional approach uses risk exposure (calculated by multiplying risk probability by impact). To address this issue in terms of security economics, we introduce the notion of Cybernomics. Cybernomics considers the cost/benefits to the attacker/defender to estimate risk exposure. As the first step, we discuss the likelihood that a threat will emerge and whether it can be thwarted and if not what will be the cost (losses both tangible and intangible). This impact assessment can provide key information for ranking cybersecurity threats and managing risk.
Keywords: Availability, Dependability, Integrity, Security Measures/Metrics, Security Requirements, Threats and Vulnerabilities  (ID#: 15-6439)
URL: http://doi.acm.org/10.1145/2746266.2746284

Dan Du, Lu Yu, Richard R. Brooks. "Semantic Similarity Detection for Data Leak Prevention." CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 4. Doi: 10.1145/2746266.2746270
Abstract: To counter data breaches, we introduce a new data leak prevention (DLP) approach. Unlike regular expression methods, our approach extracts a small number of critical semantic features and requires a small training set. Existing tools concentrate mostly on data format where most defense and industry applications would be better served by monitoring the semantics of information in the enterprise. We demonstrate our approach by comparing its performance with other state-of-the-art methods, such as latent dirichlet allocation (LDA) and support vector machine (SVM). The experiment results suggest that the proposed approach have superior accuracy in terms of detection rate and false-positive (FP) rate.
Keywords: DLP, LDA, SVM, semantic similarity  (ID#: 15-6440)
URL: http://doi.acm.org/10.1145/2746266.2746270

Susan M. Bridges, Ken Keiser, Nathan Sissom, Sara J. Graves. “Cyber Security for Additive Manufacturing.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 14. Doi: 10.1145/2746266.2746280
Abstract: This paper describes the cyber security implications of additive manufacturing (also known as 3-D printing). Three-D printing has the potential to revolutionize manufacturing and there is substantial concern for the security of the storage, transfer and execution of 3-D models across digital networks and systems. While rapidly gaining in popularity and adoption by many entities, additive manufacturing is still in its infancy. Supporting the broadest possible applications the technology will demand the ability to demonstrate secure processes from ideas, design, prototyping, production and delivery. As with other technologies in the information revolution, additive manufacturing technology is at risk of outpacing a competent security infrastructure so research and solutions need to be tackled in concert with the 3-D boom.
Keywords: 3-D Printing, Additive Manufacturing, Cybersecurity (ID#: 15-6441)
URL: http://doi.acm.org/10.1145/2746266.2746280

Ryan Grandgenett, William Mahoney, Robin Gandhi. “Authentication Bypass and Remote Escalated I/O Command Attacks.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 2. Doi: 10.1145/2746266.2746268
Abstract: The Common Industrial Protocol (CIP) is a widely used Open DeviceNet Vendors Association (ODVA) standard [14]. CIP is an application-level protocol for communication between components in an industrial control setting such as a Supervisory Control And Data Acquisition (SCADA) environment. We present exploits for authentication and privileged I/O in a CIP implementation. In particular, Allen Bradley's implementation of CIP communications between its programming software and Programmable Logic Controllers (PLCs) is the target of our exploits. Allen Bradley's RSLogix 5000 software supports programming and centralized monitoring of Programmable Logic Controllers (PLCs) from a desktop computer. In our test bed, ControlLogix EtherNet/IP Web Server Module (1756-EWEB) allows the PLC Module (5573-Logix) to be programmed, monitored and controlled by RSLogix 5000 over an Ethernet LAN. Our vulnerability discovery process included examination of CIP network traffic and reverse engineering the RSLogix 5000 software. Our findings have led to the discovery of several vulnerabilities in the protocol, including denial-of-service attacks, but more significantly and recently the creation of an authentication bypass and remote escalated privileged I/O command exploit. The exploit abuses RSLogix 5000's use of hard-coded credentials for outbound communication with other SCADA components. This paper provides a first public disclosure of the vulnerability, exploit development process, and results.
Keywords: Control Systems, EtherNet/IP, Remote Code Execution, SCADA (ID#: 15-6442)
URL: http://doi.acm.org/10.1145/2746266.2746268

Suzanna Schmeelk, Junfeng Yang, Alfred Aho. “Android Malware Static Analysis Techniques.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 5. Doi: 10.1145/2746266.2746271
Abstract: During 2014, Business Insider announced that there are over a billion users of Android worldwide. Government officials are also trending towards acquiring Android mobile devices. Google's application architecture is already ubiquitous and will keep expanding. The beauty of an application-based architecture is the flexibility, interoperability and customizability it provides users. This same flexibility, however, also allows and attracts malware development.  This paper provides a horizontal research analysis of techniques used for Android application malware analysis. The paper explores techniques used by Android malware static analysis methodologies. It examines the key analysis efforts used by examining applications for permission leakage and privacy concerns. The paper concludes with a discussion of some gaps of current malware static analysis research.
Keywords: Android Application Security, Cyber Security, Java, Malware Analysis, Static Analysis  (ID#: 15-6443)
URL: http://doi.acm.org/10.1145/2746266.2746271 

 

Mark Pleszkoch, Rick Linger. “Controlling Combinatorial Complexity in Software and Malware Behavior Computation.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 15. Doi: 10.1145/2746266.2746281
Abstract: Virtually all software is out of intellectual control in that no one knows its full behavior. Software Behavior Computation (SBC) is a new technology for understanding everything software does. SBC applies the mathematics of denotational semantics implemented by function composition in Functional Trace Tables (FTTs) to compute the behavior of programs, expressed as disjoint cases of conditional concurrent assignments. In some circumstances, combinatorial explosions in the number of cases can occur when calculating the behavior of sequences of multiple branching structures. This paper describes computational methods that avoid combinatorial explosions. The predicates that control branching structures such as ifthenelses can be organized into three categories: 1) Independent, resulting in no behavior case explosion, 2) Coordinated, resulting in two behavior cases, or 3) Goal-oriented, with potential exponential growth in the number of cases. Traditional FTT-based behavior computation can be augmented by two additional computational methods, namely, Single-Value Function Abstractions (SVFAs) and, introduced in this paper, Relational Trace Tables (RTTs). These methods can be applied to the three predicate categories to avoid combinatorial growth in behavior cases while maintaining mathematical correctness.
Keywords: Hyperion system, Software behavior computation, malware  (ID#: 15-6444)
URL:  http://doi.acm.org/10.1145/2746266.2746281

 

Xingsi Zhong, Paranietharan Arunagirinathan, Afshin Ahmadi, Richard Brooks, Ganesh Kumar Venayagamoorthy. “Side-Channels in Electric Power Synchrophasor Network Data Traffic.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 3. Doi: 10.1145/2746266.2746269
Abstract: The deployment of synchrophasor devices such as Phasor Measurement Units (PMUs) in an electric power grid enhances real-time monitoring, analysis and control of grid operations. PMU information is sensitive, and any missing or incorrect PMU data could lead to grid failure and/or damage. Therefore, it is important to use encrypted communication channels to avoid any cyber attack. However, encrypted communication channels are vulnerable to side-channel attacks. In this study, side-channel attacks using packet sizes and/or inter-packet timing delays differentiate the stream of packets from any given PMU within an encrypted tunnel. This is investigated under different experimental settings. Also, virtual private network vulnerabilities due to side-channel analysis are discussed.
Keywords: Cyber-attacks, cybersecurity, grid operation data, hidden Markov model, phasor measurement units, power system, side-channel analysis (ID#: 15-6445)
URL: http://doi.acm.org/10.1145/2746266.2746269

 

Zoleikha Abdollahi Biron, Pierluigi Pisu, Baisravan HomChaudhuri. “Observer Design Based Cyber Security for Cyber Physical Systems.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 6. Doi: 10.1145/2746266.2746272
Abstract: In this paper, an observer based cyber-attack detection and estimation methodology for cyber physical systems is presented. The cyber-attack is considered to influence the physical part of the cyber physical system that compromises human safety. The cyber-attacks are considered to affect the sensors and the actuators in the sub-systems as well as the software programs of the control systems in the cyber physical system. The whole system is modeled as a hybrid system to incorporate the discrete and continuous part of the cyber physical system and a sliding mode based observer is designed for the detection of these cyber-attacks. For simulation purposes, this paper considers different cyber-attacks on the battery sub-system of modern automobiles and the simulation results of attack detection are presented in the paper.
Keywords: Cyber Physical System, Cyber Security, In-vehicle Network, Sliding Mode Observer  (ID#: 15-6446)
URL: http://doi.acm.org/10.1145/2746266.2746272

 

Yu Fu, Benafsh Husain, Richard R. Brooks. “Analysis of Botnet Counter-Counter-Measures.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 9. Doi: 10.1145/2746266.2746275
Abstract: Botnets evolve quickly to outwit police and security researchers. Since they first appeared in 1993, there have been significant botnet countermeasures. Unfortunately, countermeasures, especially takedown operations, are not particularly effective. They destroy research honeypots and stimulate botmasters to find creative ways to hide. Botnet reactions to countermeasures are more effective than countermeasures. Also, botnets are no longer confined to PCs. Android and iOS platforms are increasingly attractive targets. This paper focuses on recent countermeasures against botnets and counter-countermeasures of botmasters. We look at side effects of botnet takedowns as insight into botnet countermeasures. Then, botnet counter-countermeasures against two-factor-authentication (2FA) are discussed in Android and iOS platform. Representative botnet-in-the-mobile (BITM) implementations against 2FA are compared, and a theoretical iOS-based botnet against 2FA is described. Botnet counter-countermeasures against keyloggers are discussed. More attention needs to be paid to botnet issues.
Keywords: 2FA, Android, Botnet, iOS, keyloggers, takedown (ID#: 15-6447)
URL:  http://doi.acm.org/10.1145/2746266.2746275

 

Michael Iannacone, Shawn Bohn, Grant Nakamura, John Gerth, Kelly Huffer, Robert Bridges, Erik Ferragut, John Goodall. “Developing an Ontology for Cyber Security Knowledge Graphs.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 12. Doi: 10.1145/2746266.2746278
Abstract:  In this paper we describe an ontology developed for a cyber security knowledge graph database. This is intended to provide an organized schema that incorporates information from a large variety of structured and unstructured data sources, and includes all relevant concepts within the domain. We compare the resulting ontology with previous efforts, discuss its strengths and limitations, and describe areas for future work.
Keywords: cyber security, information extraction, ontology architecture, security automation  (ID#: 15-6448)
URL:  http://doi.acm.org/10.1145/2746266.2746278

 

Christopher Robinson-Mallett, Sebastian Hansack. “A Model of an Automotive Security Concept Phase.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 16. Doi: 10.1145/2746266.2746282
Abstract: The introduction of wireless interfaces into cars raises new security-related risks to the vehicle and passengers. Vulnerabilities of the vehicle electronics to remote attacks through internet connections have been demonstrated recently. The introduction of industrial-scale processes, methods and tools for the development and quality assurance of appropriate security-controls into vehicle electronics is an essential task for system providers and vehicle manufacturers to cope with security hazards.  In this contribution a process model for security analysis tasks during automotive systems development is presented. The proposed model is explained on the vulnerabilities in a vehicle's remote unlock function recently published by Spaar.
Keywords: Analysis, Process, Requirements, Security  (ID#: 15-6449)
URL:  http://doi.acm.org/10.1145/2746266.2746282

 

Paul Carsten, Todd R. Andel, Mark Yampolskiy, Jeffrey T. McDonald. “In-Vehicle Networks: Attacks, Vulnerabilities, and Proposed Solutions.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 1. Doi: 10.1145/2746266.2746267
Abstract: Vehicles made within the past years have gradually become more and more complex. As a result, the embedded computer systems that monitor and control these systems have also grown in size and complexity. Unfortunately, the technology that protects them from external attackers has not improved at a similar rate. In this paper we discuss the vulnerabilities of modern in-vehicle networks, focusing on the Controller Area Network (CAN) communications protocol as a primary attack vector. We discuss the vulnerabilities of CAN, the types of attacks that can be used against it, and some of the solutions that have been proposed to overcome these attacks.
Keywords: Automotive Vulnerabilities, CAN bus, In-Vehicle Networks  (ID#: 15-6450)
URL:  http://doi.acm.org/10.1145/2746266.2746267

 

Hani Alturkostani, Anup Chitrakar, Robert Rinker, Axel Krings. “On the Design of Jamming-Aware Safety Applications in VANETs.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 7. Doi: 10.1145/2746266.2746273
Abstract: Connected vehicles communicate either with each other or with the fixed infrastructure using Dedicated Short Range Communication (DSRC). The communication is used by DSRC safety applications, such as forward collision warning, which are intended to reduce accidents. Since these safety applications operate in a critical infrastructure, reliability of the applications is essential. This research considers jamming as the source of a malicious act that could significantly affect reliability. Previous research has discussed jamming detection and prevention in the context of wireless networks in general, but little focus has been on Vehicular Ad Hoc Networks (VANET), which have unique characteristics. Other research discussed jamming detection in VANET, however it is not aligned with current DSRC standards. We propose a new jamming-aware algorithm for DSRC safety application design for VANET that increases reliability using jamming detection and consequent fail-safe behavior, without any alteration of existing protocols and standards. The impact of deceptive jamming on data rates and the impact of the jammer's data rate were studied using actual field measurements. Finally, we show the operation of the jamming-aware algorithm using field data.
Keywords: DSRC, Jammer Detection, Jamming, VANET (ID#: 15-6451)
URL:  http://doi.acm.org/10.1145/2746266.2746273

 

Lu Yu, Juan Deng, Richard R. Brooks, Seok Bae Yun. “Automobile ECU Design to Avoid Data Tampering.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 10. Doi: 10.1145/2746266.2746276
Abstract: Modern embedded vehicle systems are based on network architectures. Vulnerabilities from in-vehicle communications are significant. Privacy and security measures are required for vehicular Electronic Control Units (ECUs). We present a security vulnerability analysis, which shows that the vulnerability mainly lies in the ubiquitous on-board diagnostics II (OBD-II) interface and the memory configuration within ECU. Countermeasures using obfuscation and encryption techniques are introduced to protect ECUs from data sniffing and code tampering. A security scheme of deploying lures that look like ECU vulnerabilities to deceive lurking intruders into installing rootkits is proposed. We show that the interactions between the attacker and the system can be modeled as a Markov decision process (MDP).
Keywords: ECU, MDP, vehicular cyber security (ID#: 15-6452)
URL:  http://doi.acm.org/10.1145/2746266.2746276

 

Jarilyn M. Hernández, Aaron Ferber, Stacy Prowell, Lee Hively. “Phase-Space Detection of Cyber Events.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 13. Doi: 10.1145/2746266.2746279
Abstract: Energy Delivery Systems (EDS) are a network of processes that produce, transfer and distribute energy. EDS are increasingly dependent on networked computing assets, as are many Industrial Control Systems. Consequently, cyber-attacks pose a real and pertinent threat, as evidenced by Stuxnet, Shamoon and Dragonfly. Hence, there is a critical need for novel methods to detect, prevent, and mitigate effects of such attacks. To detect cyber-attacks in EDS, we developed a framework for gathering and analyzing timing data that involves establishing a baseline execution profile and then capturing the effect of perturbations in the state from injecting various malware. The data analysis was based on nonlinear dynamics and graph theory to improve detection of anomalous events in cyber applications. The goal was the extraction of changing dynamics or anomalous activity in the underlying computer system. Takens' theorem in nonlinear dynamics allows reconstruction of topologically invariant, time-delay-embedding states from the computer data in a sufficiently high-dimensional space. The resultant dynamical states were nodes, and the state-to-state transitions were links in a mathematical graph. Alternatively, sequential tabulation of executing instructions provides the nodes with corresponding instruction-to-instruction links. Graph theorems guarantee graph-invariant measures to quantify the dynamical changes in the running applications. Results showed a successful detection of cyber events.
Keywords: Energy Delivery Systems, cyber anomaly detection, cyber-attacks, graph theory, malware, phase-space analysis, rootkits (ID#: 15-6453)
URL:  http://doi.acm.org/10.1145/2746266.2746279

 

Mohammad Ashraf Hossain Sadi, Mohd. Hassan Ali, Dipankar Dasgupta, Robert K. Abercrombie. “OPNET/Simulink Based Testbed for Disturbance Detection in the Smart Grid.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 17. Doi: 10.1145/2746266.2746283
Abstract: The important backbone of the Smart Grid is the cyber/information infrastructure, which is primarily used to communicate with different grid components. Smart grid is a complex cyber physical system containing a numerous and variety number of sources, devices, controllers and loads. Therefore, smart grid is vulnerable to the grid related disturbances. For such a dynamic system, disturbance and intrusion detection is a paramount issue. This paper presents a Simulink and Opnet based co-simulated platform to carry out a cyber-intrusion in a cyber-network for modern power systems and smart grid. The IEEE 30 bus power system model is used to demonstrate the effectiveness of the simulated testbed. The experiments were performed by disturbing the circuit breakers reclosing time through a cyber-attack. Different disturbance situations in the considered test system are considered and the results indicate the effectiveness of the proposed co-simulated scheme.
Keywords: Cyber-attacks, Simulation Testbed, Smart Grid security (ID#: 15-6454)
URL:  http://doi.acm.org/10.1145/2746266.2746283

 

Jaewon Yang, Xiuwen Liu, Shamik Bose. “Preventing Cyber-induced Irreversible Physical Damage to Cyber-Physical Systems.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 8. Doi: 10.1145/2746266.2746274
Abstract: Ever since the discovery of the Stuxnet malware, there have been widespread concerns about disasters via cyber-induced physical damage on critical infrastructures. Cyber physical systems (CPS) integrate computation and physical processes; such infrastructure systems are examples of cyber-physical systems, where computation and physical processes are integrated to optimize resource usage and system performance. The inherent security weaknesses of computerized systems and increased connectivity could allow attackers to alter the systems' behavior and cause irreversible physical damage, or even worse cyber-induced disasters. However, existing security measures were mostly developed for cyber-only systems and they cannot be effectively applied to CPS directly. Thus, new approaches to preventing cyber physical system disasters are essential. We recognize very different characteristics of cyber and physical components in CPS, where cyber components are flexible with large attack surfaces while physical components are inflexible and relatively simple with very small attack surfaces. This research focuses on the components where cyber and physical components interact. Securing cyber-physical interfaces will complete a layer-based defense strategy in the "Defense in Depth Framework". In this paper we propose Trusted Security Modules as a systematic solution to provide a guarantee of preventing cyber-induced physical damage even when operating systems and controllers are compromised. TSMs will be placed at the interface between cyber and physical components by adapting the existing integrity enforcing mechanisms such as Trusted Platform Module, Control-Flow Integrity, and Data-Flow Integrity.
Keywords: Cyber-induced physical damage, Trusted Security Module (ID#: 15-6455)
URL: http://doi.acm.org/10.1145/2746266.2746274

 

Corinne L. Jones, Robert A. Bridges, Kelly M. T. Huffer, John R. Goodall. “Towards a Relation Extraction Framework for Cyber-Security Concepts.” CISR '15 Proceedings of the 10th Annual Cyber and Information Security Research Conference, April 2015, Article No. 11. Doi: 10.1145/2746266.2746277
Abstract: In order to assist security analysts in obtaining information pertaining to their network, such as novel vulnerabilities, exploits, or patches, information retrieval methods tailored to the security domain are needed. As labeled text data is scarce and expensive, we follow developments in semi-supervised Natural Language Processing and implement a bootstrapping algorithm for extracting security entities and their relationships from text. The algorithm requires little input data, specifically, a few relations or patterns (heuristics for identifying relations), and incorporates an active learning component which queries the user on the most important decisions to prevent drifting from the desired relations. Preliminary testing on a small corpus shows promising results, obtaining precision of .82.
Keywords: active learning, bootstrapping, cyber security, information extraction, natural language processing, relation extraction (ID#: 15-6456)
URL:  http://doi.acm.org/10.1145/2746266.2746277

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

International Conferences: Electronic Crime Research (eCrime) 2015, Spain

 

	International Conferences: Electronic Crime Research (eCrime) 2015 Barcelona, Spain

 

The 2015 Anti-Phishing Working Group (APWG) Symposium on Electronic Crime Research was held 26-29 May in Barcelona, Spain. The conference focused on a range of topics, many of interest to the Science of Security community. Citations were recovered in July 2015. The conference web site is available at: https://apwg.org/apwg-events/ecrime2015/

Zheng Dong; Kapadia, A.; Blythe, J.; Camp, L.J., "Beyond The Lock Icon: Real-Time Detection Of Phishing Websites Using Public Key Certificates," Electronic Crime Research (eCrime), 2015 APWG Symposium on, pp. 1, 12, 26-29 May 2015. doi: 10.1109/ECRIME.2015.7120795
Abstract: We propose a machine-learning approach to detect phishing websites using features from their X.509 public key certificates. We show that its efficacy extends beyond HTTPS-enabled sites. Our solution enables immediate local identification of phishing sites. As such, this serves as an important complement to the existing server-based anti-phishing mechanisms which predominately use blacklists. Blacklisting suffers from several inherent drawbacks in terms of correctness, timeliness, and completeness. Due to the potentially significant lag prior to site blacklisting, there is a window of opportunity for attackers. Other local client-side phishing detection approaches also exist, but primarily rely on page content or URLs, which are arguably easier to manipulate by attackers. We illustrate that our certificate-based approach greatly increases the difficulty of masquerading undetected for phishers, with single millisecond delays for users. We further show that this approach works not only against HTTPS-enabled phishing attacks, but also detects HTTP phishing attacks with port 443 enabled.
Keywords: Web sites; computer crime; learning (artificial intelligence);public key cryptography; HTTPS-enabled phishing attack; Web site phishing detection; machine-learning approach from; public key certificate; server-based antiphishing mechanism; site blacklisting; Browsers; Electronic mail; Feature extraction; Public key; Servers; Uniform resource locators; certificates; machine learning; security (ID#: 15-6294)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120795&isnumber=7120794 

de los Santos, S.; Guzman, A.; Alonso, C.; Gomez Rodriguez, F., "Chasing Shuabang In Apps Stores," Electronic Crime Research (eCrime), 2015 APWG Symposium on, pp. 1, 9, 26-29 May 2015. doi: 10.1109/ECRIME.2015.7120796
Abstract: There are well-known attack techniques that threaten current apps stores. However, the complexity of these environments and their high rate of variability have prevented any effective analysis aimed at mitigating the effects of these threats. In this paper, the analysis performed over one of these techniques, Shuabang, is introduced. The completion of this analysis has been supported by a new tool that facilitates the correlation of large amounts of information from different apps stores.
Keywords: mobile computing; security of data; Shuabang; application stores; attack techniques; information correlation; threat analysis; threat mitigation; Correlation; Databases; Google; Mobile communication; Performance evaluation; Servers; Smart phones (ID#: 15-6295)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120796&isnumber=7120794 

Spring, J.; Kern, S.; Summers, A., "Global Adversarial Capability Modeling," Electronic Crime Research (eCrime), 2015 APWG Symposium on, pp. 1, 21, 26-29 May 2015. doi: 10.1109/ECRIME.2015.7120797
Abstract: Intro: Computer network defense has models for attacks and incidents comprised of multiple attacks after the fact. However, we lack an evidence-based model the likelihood and intensity of attacks and incidents. Purpose: We propose a model of global capability advancement, the adversarial capability chain (ACC), to fit this need. The model enables cyber risk analysis to better understand the costs for an adversary to attack a system, which directly influences the cost to defend it. Method: The model is based on four historical studies of adversarial capabilities: capability to exploit Windows XP, to exploit the Android API, to exploit Apache, and to administer compromised industrial control systems. Result: We propose the ACC with five phases: Discovery, Validation, Escalation, Democratization, and Ubiquity. We use the four case studies as examples as to how the ACC can be applied and used to predict attack likelihood and intensity.
Keywords: Android (operating system); application program interfaces; computer network security; risk analysis; ACC; Android API; Apache; Windows XP; adversarial capability chain; attack likelihood prediction; compromised industrial control systems; computer network defense; cyber risk analysis; evidence-based model; global adversarial capability modeling; Analytical models; Androids; Biological system modeling; Computational modeling; Humanoid robots; Integrated circuit modeling; Software systems; CND; computer network defense; cybersecurity; incident response; intelligence; intrusion detection; modeling; security (ID#: 15-6296)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120797&isnumber=7120794

Johnson, R.; Kiourtis, N.; Stavrou, A.; Sritapan, V., "Analysis Of Content Copyright Infringement In Mobile Application Markets," Electronic Crime Research (eCrime), 2015 APWG Symposium on, pp. 1, 10, 26-29 May 2015. doi: 10.1109/ECRIME.2015.7120798
Abstract: As mobile devices increasingly become bigger in terms of display and reliable in delivering paid entertainment and video content, we also see a rise in the presence of mobile applications that attempt to profit by streaming pirated content to unsuspected end-users. These applications are both paid and free and in the case of free applications, the source of funding appears to be advertisements that are displayed while the content is streamed to the device. In this paper, we assess the extent of content copyright infringement for mobile markets that span multiple platforms (iOS, Android, and Windows Mobile) and cover both official and unofficial mobile markets located across the world. Using a set of search keywords that point to titles of paid streaming content, we discovered 8,592 Android, 5,550 iOS, and 3,910 Windows mobile applications that matched our search criteria. Out of those applications, hundreds had links to either locally or remotely stored pirated content and were not developed, endorsed, or, in many cases, known to the owners of the copyrighted contents. We also revealed the network locations of 856,717 Uniform Resource Locators (URLs) pointing to back-end servers and cyber-lockers used to communicate the pirated content to the mobile application.
Keywords: copyright; mobile computing; Android; URL; Uniform Resource Locators; Windows mobile applications; back-end servers; content copyright infringement; cyber-lockers; iOS; mobile application markets; mobile devices; network locations; paid entertainment; paid streaming content; pirated content streaming; search criteria; search keywords; unofficial mobile markets; video content; Androids; Humanoid robots; Java; Mobile communication; Mobile handsets; Servers; Writing (ID#: 15-6297)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120798&isnumber=7120794

Warner, G.; Rajani, D.; Nagy, M., "Spammer Success Through Customization and Randomization of URLs," Electronic Crime Research (eCrime), 2015 APWG Symposium on, pp. 1, 6, 26-29 May 2015. doi: 10.1109/ECRIME.2015.7120799
Abstract: Spam researchers and security personnel require a method for determining whether the URLs embedded in email messages are safe or potentially hostile. Prior research has been focused on spam collections that are quite insignificant compared to real-world spam volumes. In this paper, researchers evaluate 464 million URLs representing nearly 1 million unique domains observed in email messages in a six day period from November 2014. Four methods of customization and randomization of URLs believed to be used by spammers to attempt to increase deliverability of their URLs are explored: domain diversity, hostname wild-carding, path uniqueness, and attribute uniqueness. Implications of the findings suggest improvements for “URL blacklist” methods, methods of sampling to decrease the number of URLs that must be reviewed for safety, as well as presenting some challenges to the ICANN, Registrar, and Email Safety communities.
Keywords: computer crime; unsolicited e-mail; Email Safety communities; ICANN communities; Registrar communities; URL blacklist methods; URL customization; URL deliverability; URL randomization; attribute uniqueness; domain diversity; email messages; hostname; malicious email; path uniqueness; real-world spam volumes; sampling methods; spam collections; spammer; wild-carding; Personnel; Pharmaceuticals; Safety; Security; Uniform resource locators; Unsolicited electronic mail; URL evaluation; domain registration; malicious email; spam (ID#: 15-6298)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120799&isnumber=7120794

Garg, V.; Camp, L.J., "Spare The Rod, Spoil The Network Security? Economic Analysis Of Sanctions Online," Electronic Crime Research (eCrime), 2015 APWG Symposium on, pp. 1, 10, 26-29 May 2015. doi: 10.1109/ECRIME.2015.7120800
Abstract: When and how should we encourage network providers to mitigate the harm of security and privacy risks? Poorly designed interventions that do not align with economic incentives can lead stakeholders to be less, rather than more, careful. We apply an economic framework that compares two fundamental regulatory approaches: risk based or ex ante and harm based or ex post. We posit that for well known security risks, such as botnets, ex ante sanctions are economically efficient. Systematic best practices, e.g. patching, can reduce the risk of becoming a bot and thus can be implemented ex ante. Conversely risks, which are contextual, poorly understood, and new, and where distribution of harm is difficult to estimate, should incur ex post sanctions, e.g. information disclosure. Privacy preferences and potential harm vary widely across domains; thus, post-hoc consideration of harm is more appropriate for privacy risks. We examine two current policy and enforcement efforts, i.e. Do Not Track and botnet takedowns, under the ex ante vs. ex post framework. We argue that these efforts may worsen security and privacy outcomes, as they distort market forces, reduce competition, or create artificial monopolies. Finally, we address the overlap between security and privacy risks.
Keywords: computer network security; data privacy; invasive software; risk management; Do Not Track approach; botnet takedowns; botnets; economic incentives; ex-ante sanction approach; ex-post sanction approach; fundamental regulatory approaches; harm based approach; information disclosure; network security; online sanction economic analysis; patching method; privacy risks; risk reduction; risk-based approach; security risks; Biological system modeling; Companies; Economics; Google; Government; Privacy; Security (ID#: 15-6299)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120800&isnumber=7120794

Moore, T.; Clayton, R., "Which Malware Lures Work Best? Measurements From A Large Instant Messaging Worm," Electronic Crime Research (eCrime), 2015 APWG Symposium on , vol., no., pp.110,, 26-29 May 2015. doi: 10.1109/ECRIME.2015.7120801
Abstract: Users are inveigled into visiting a malicious website in a phishing or malware-distribution scam through the use of a `lure' - a superficially valid reason for their interest. We examine real world data from some `worms' that spread over the social graph of Instant Messenger users. We find that over 14 million distinct users clicked on these lures over a two year period from Spring 2010. Furthermore, we present evidence that 95% of users who clicked on the lures became infected with malware. In one four week period spanning May-June 2010, near the worm's peak, we estimate that at least 1.67 million users were infected. We measure the extent to which small variations in lure URLs and the short pieces of text that accompany these URLs affects the likelihood of users clicking on the malicious URL. We show that the hostnames containing recognizable brand names were more effective than the terse random strings employed by URL shortening systems; and that brief Portuguese phrases were more effective in luring in Brazilians than more generic `language independent' text.
Keywords: Web sites; computer crime; electronic messaging; invasive software; natural language processing; text analysis; Portuguese phrases; Spring 2010;URL shortening systems; brand names; generic language independent text; instant messaging worm; lure URL; malicious URL; malicious Website; malware-distribution scam; phishing; social graph; terse random strings; time 4 week; Facebook; Grippers; IP networks; Malware; Monitoring; Servers; Uniform resource locators (ID#: 15-6300)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120801&isnumber=7120794
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

International Conferences: Information Hiding & Multimedia Security, 2015, Portland, Oregon

 

	International Conferences: Information Hiding and Multimedia Security, 2015 Portland, Oregon

 

The 3rd ACM Workshop on Information Hiding and Multimedia Security (IH & MMSec) was held June 17-19, 2015 in Portland, Oregon. The workshop focused on information hiding topics such as watermarking, steganography, steganalysis, anonymity, privacy, hard-to-intercept communications, and covert/subliminal channels, and on a variety of multimedia security topics including multimedia identification, biometrics, video surveillance, multimedia forensics, and computer and network security. The papers presented are cited here. The conference web site is available at: http://www.ihmmsec.org/  

Sebastian Matthias Burg, Dustin Peterson, Oliver Bringmann. “End-to-Display Encryption: A Pixel-Domain Encryption with Security Benefit.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 123-128. Doi: 10.1145/2756601.2756613
Abstract: Providing secure access to confidential information is extremely difficult, notably when regarding weak endpoints and users. With the increasing number of corporate espionage cases and data leaks, a usable approach enhancing the security of data on endpoints is needed. In this paper we present our implementation for providing a new level of security for confidential documents that are viewed on a display. We call this End-to-Display Encryption (E2DE). E2DE encrypts images in the pixel-domain before transmitting them to the user. These images can then be displayed by arbitrary image viewers and are sent to the display. On the way to the display, the data stream is analyzed and the encrypted pixels are decrypted depending on a private key stored on a chip card inserted in the receiver, creating a viewable representation of the confidential data on the display, without decrypting the information on the computer itself. We implemented a prototype on a Digilent Atlys FPGA Board supporting resolutions up to Full HD.
Keywords: encryption, multimedia, physical security, security (ID#: 15-6381)
URL: http://doi.acm.org/10.1145/2756601.2756613

Adi Hajj-Ahmad, Séverine Baudry, Bertrand Chupeau, Gwenaël Doërr. “Flicker Forensics for Pirate Device Identification.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 75-84. Doi: 10.1145/2756601.2756612
Abstract: Cryptography-based content protection is an efficient means to protect multimedia content during transport. Nevertheless, content is eventually decrypted at rendering time, leaving it vulnerable to piracy e.g. using a camcorder to record movies displayed on an LCD screen. Such type of piracy naturally imprints a visible flicker signal in the pirate video due to the interplay between the rendering and acquisition devices. The parameters of such flicker are inherently tied to the characteristics of the pirate devices such as the back-light of the LCD screen and the read-out time of the camcorder. In this article, we introduce a forensic methodology to estimate such parameters by analyzing the flicker signal present in pirate recordings. Experimental results clearly showcase that the accuracy of these estimation techniques offers efficient means to tell-tale which devices have been used for piracy thanks to the variety of factory settings used by consumer electronics manufacturers.
Keywords: LCD screen, back-light, camcorder, flicker, passive forensics, piracy, read-out time, rolling shutter (ID#: 15-6382)
URL: http://doi.acm.org/10.1145/2756601.2756612

Tomáš Denemark, Jessica Fridrich. “Improving Steganographic Security by Synchronizing the Selection Channel.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 5-14. Doi: 10.1145/2756601.2756620
Abstract: This paper describes a general method for increasing the security of additive steganographic schemes for digital images represented in the spatial domain. Additive embedding schemes first assign costs to individual pixels and then embed the desired payload by minimizing the sum of costs of all changed pixels. The proposed framework can be applied to any such scheme -- it starts with the cost assignment and forms a non-additive distortion function that forces adjacent embedding changes to synchronize. Since the distortion function is purposely designed as a sum of locally supported potentials, one can use the Gibbs construction to realize the embedding in practice. The beneficial impact of synchronizing the embedding changes is linked to the fact that modern steganalysis detectors use higher-order statistics of noise residuals obtained by filters with sign-changing kernels and to the fundamental difficulty of accurately estimating the selection channel of a non-additive embedding scheme implemented with several Gibbs sweeps. Both decrease the accuracy of detectors built using rich media models, including their selection-channel-aware versions.
Keywords: Gibbs construction, non-additive distortion, security, selection channel, steganography, synchronization (ID#: 15-6383)
URL: http://doi.acm.org/10.1145/2756601.2756620

Christian Arndt, Stefan Kiltz, Jana Dittmann, Robert Fischer. “ForeMan, a Versatile and Extensible Database System for Digitized Forensics Based on Benchmarking Properties.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 91-96. Doi: 10.1145/2756601.2756615
Abstract: To benefit from new opportunities offered by the digitalization of forensic disciplines, the challenges especially w.r.t. comprehensibility and searchability have to be met. Important tools in this forensic process are databases containing digitized representations of physical crime scene traces. We present ForeMan, an extensible database system for digitized forensics handling separate databases and enabling intra and inter trace type searches. It now contains 762 fiber data sets and 27 fingerprint data sets (anonymized time series). Requirements of the digitized forensic process model are mapped to design aspects and conceptually modeled around benchmarking properties. A fiber categorization scheme is used to structure fiber data according to forensic use case identification. Our research extends the benchmarking properties by fiber fold shape derived from the application field of fibers (part of micro traces) and sequence number derived from the application field of time series analysis for fingerprint aging research. We identify matching data subsets from both digitized trace types and introduce the terms of entity-centered and spatial-centered information. We show how combining two types of digitized crime scene traces (fiber and fingerprint data) can give new insights for research and casework and discuss requirements for other trace types such as firearm and toolmarks.
Keywords: benchmarking properties, digitized crime scene forensics, forensic trace database (ID#: 15-6384)
URL: http://doi.acm.org/10.1145/2756601.2756615

Vahid Sedighi, Jessica Fridrich. “Effect of Imprecise Knowledge of the Selection Channel on Steganalysis.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 33-42. Doi: 10.1145/2756601.2756621
Abstract: It has recently been shown that steganalysis of content-adaptive steganography can be improved when the Warden incorporates in her detector the knowledge of the selection channel -- the probabilities with which the individual cover elements were modified during embedding. Such attacks implicitly assume that the Warden knows at least approximately the payload size. In this paper, we study the loss of detection accuracy when the Warden uses a selection channel that was imprecisely determined either due to lack of information or the stego changes themselves. The loss is investigated for two types of qualitatively different detectors -- binary classifiers equipped with selection-channel-aware rich models and optimal detectors derived using the theory of hypothesis testing from a cover model. Two different embedding paradigms are addressed -- steganography based on minimizing distortion and embedding that minimizes the detectability of an optimal detector within a chosen cover model. Remarkably, the experimental and theoretical evidence are qualitatively in agreement across different embedding methods, and both point out that inaccuracies in the selection channel do not have a strong effect on steganalysis detection errors. It pays off to use imprecise selection channel rather than none. Our findings validate the use of selection-channel-aware detectors in practice.
Keywords: adaptive, selection channel, steganalysis, steganography (ID#: 15-6385)
URL: http://doi.acm.org/10.1145/2756601.2756621

Jong-Uk Hou, Do-Gon Kim, Sunghee Choi, Heung-Kyu Lee. “3D Print-Scan Resilient Watermarking Using a Histogram-Based Circular Shift Coding Structure.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 115-121. Doi: 10.1145/2756601.2756607
Abstract: 3D printing content is a new form of content being distributed in digital as well as analog domains. Therefore, its security is the biggest technical challenge of the content distribution service. In this paper, we analyze the 3D print-scan process, and we organize possible distortions according to the processes with respect to 3D mesh watermarking. Based on the analysis, we propose a circular shift coding structure for the 3D model. When the rotating disks of the coding structure are aligned in parallel to the layers of the 3D printing, the structure preserves a statistical feature of each disk from the layer dividing process. Based on the circular shift coding structure, we achieve a 3D print-scan resilient watermarking scheme. In experimental tests, the proposed scheme is robust against such signal processing, and cropping attacks. Furthermore, the embedded information is not lost after 3D print-scan process.
Keywords: 3D mesh model, 3D printer, digital watermarking, robust watermarking, stair-stepping effect (ID#: 15-6386)
URL: http://doi.acm.org/10.1145/2756601.2756607

Brent C. Carrara, Carlisle Adams. “On Characterizing and Measuring Out-of-Band Covert Channels.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 43-54. Doi: 10.1145/2756601.2756604
Abstract: A methodology for characterizing and measuring out-of-band covert channels (OOB-CCs) is proposed and used to evaluate covert-acoustic channels (i.e., covert channels established using speakers and microphones). OOB-CCs are low-probability of detection/low-probability of interception channels established using commodity devices that are not traditionally used for communication (e.g., speaker and microphone, display and FM radio, etc.). To date, OOB-CCs have been declared "covert" if the signals used to establish these channels could not be perceived by a human adversary. This work examines OOB-CCs from the perspective of a passive adversary and argues that a different methodology is required in order to effectively assess OOB-CCs. Traditional communication systems are measured by their capacity and bit error rate; while important parameters, they do not capture the key measures of OOB-CCs: namely, the probability of an adversary detecting the channel and the amount of data that two covertly communicating parties can exchange without being detected. As a result, the adoption of the measure steganographic capacity is proposed and used to measure the amount of data (in bits) that can be transferred through an OOB-CC before a passive adversary's probability of detecting the channel reaches a given threshold. The theoretical steganographic capacity for discrete memoryless channels as well as additive white Gaussian noise channels is calculated in this paper and a case study is performed to measure the steganographic capacity of OOB covert-acoustic channels, when a passive adversary uses an energy detector to detect the covert communication. The case study reveals the conditions under which the covertly communicating parties can achieve perfect steganography (i.e., conditions under which data can be communicated without risk of detection).
Keywords: covert channels, covert-acoustic channels, information hiding, malware communication, out-of-band covert channels, steganographic capacity (ID#: 15-6387)
URL: http://doi.acm.org/10.1145/2756601.2756604

Xiaofeng Song, Fenlin Liu, Chunfang Yang, Xiangyang Luo, Yi Zhang. “Steganalysis of Adaptive JPEG Steganography Using 2D Gabor Filters.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 15-23. Doi: 10.1145/2756601.2756608
Abstract: Adaptive JPEG steganographic schemes are difficult to preserve the image texture features in all scales and orientations when the embedding changes are constrained to the complicated texture regions, then a steganalysis feature extraction method is proposed based on 2 dimensional (2D) Gabor filters. The 2D Gabor filters have certain optimal joint localization properties in the spatial domain and in the spatial frequency domain. They can describe the image texture features from different scales and orientations, therefore the changes of image statistical characteristics caused by steganography embedding can be captured more effectively. For the proposed feature extraction method, the decompressed JPEG image is filtered by 2D Gabor filters with different scales and orientations firstly. Then, the histogram features are extracted from all the filtered images. Lastly, the ensemble classifier is used to assemble the proposed steganalysis feature as well as the final steganalyzer. The experimental results show that the proposed steganalysis feature can achieve a competitive performance by comparing with the other steganalysis features when they are used for the detection performance of adaptive JPEG steganography such as UED, JUNIWARD and SI-UNIWARD.
Keywords: algorithms, design, security (ID#: 15-6388)
URL: http://doi.acm.org/10.1145/2756601.2756608

Yao Shen, Liusheng Huang, Fei Wang, Xiaorong Lu, Wei Yang, Lu Li. “LiHB: Lost in HTTP Behaviors - A Behavior-Based Covert Channel in HTTP.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 55-64. Doi: 10.1145/2756601.2756605
Abstract: The application-layer covert channels have been extensively studied in recent years. Information-hiding in ubiquitous application packets can significantly improve the capacity of covert channels. However, the undetectability is still a knotty problem, because the existing covert channels are all frustrated by proper detection schemes. In this paper, we propose LiHB, a behavior-based covert channel in HTTP. When a client is browsing a website and downloading webpage objects, we can reveal some fluctuation behaviors that the distribution relationship between the ports opening and HTTP requests are flexible. Based on combinatorial nature of distributing N HTTP requests over M HTTP flows, such fluctuation can be exploited by LiHB channel to encode covert messages, which can obtain high stealthiness. Besides, LiHB achieves a considerable and controllable capacity by setting the number of webpage objects and HTTP flows. Compared with existing techniques, LiHB is the first covert channel implemented based on the unsuspicious behavior of browsers, the most important application-layer software. Because most HTTP proxies are using NAPT techniques, LiHB can also operate well even when a proxy is equipped, which poses a serious threat to individual privacy. Experimental results show that LiHB covert channel achieves a good capacity, reliability and high undetectability.
Keywords: application layer, browser, combinatorics, covert channels, http behaviors, proxy (ID#: 15-6389)
URL: http://doi.acm.org/10.1145/2756601.2756605

Yun Cao, Hong Zhang, Xianfeng Zhao, Haibo Yu. “Video Steganography Based on Optimized Motion Estimation Perturbation.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 25-31. Doi: 10.1145/2756601.2756609
Abstract: In this paper, a novel motion vector-based video steganographic scheme is proposed, which is capable of withstanding the current best statistical detection method. With this scheme, secret message bits are embedded into motion vector (MV) values by slightly perturbing their motion estimation (ME) processes. In general, two measures are taken for steganographic security (statistical undetectability) enhancement. First, the ME perturbations are optimized ensuring the modified MVs are still local optimal, which essentially makes targeted detectors ineffective. Secondly, to minimize the overall embedding impact under a given relative payload, a double-layered coding structure is used to control the ME perturbations. Experimental results demonstrate that the proposed scheme achieves a much higher level of security compared with other existing MV-based approaches. Meanwhile, the reconstructed visual quality and the coding efficiency are slightly affected as well.
Keywords: H.264/AVC, information hiding, motion estimation, steganography, video (ID#: 15-6390)
URL: http://doi.acm.org/10.1145/2756601.2756609

Charles V. Wright, Wu-chi Feng, Feng Liu. “Thumbnail-Preserving Encryption for JPEG.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 141-146. Doi: 10.1145/2756601.2756618
Abstract: With more and more data being stored in the cloud, securing multimedia data is becoming increasingly important. Use of existing encryption methods with cloud services is possible, but makes many web-based applications difficult or impossible to use. In this paper, we propose a new image encryption scheme specially designed to protect JPEG images in cloud photo storage services. Our technique allows efficient reconstruction of an accurate low-resolution thumbnail from the ciphertext image, but aims to prevent the extraction of any more detailed information. This will allow efficient storage and retrieval of image data in the cloud but protect its contents from outside hackers or snooping cloud administrators. Experiments of the proposed approach using an online selfie database show that it can achieve a good balance of privacy, utility, image quality, and file size.
Keywords: image security, multimedia encryption, privacy (ID#: 15-6391)
URL: http://doi.acm.org/10.1145/2756601.2756618

Eun-Kyung Ryu, Dae-Soo Kim, Kee-Young Yoo. “On Elliptic Curve Based Untraceable RFID Authentication Protocols.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 147-153. Doi: 10.1145/2756601.2756610
Abstract: An untraceable RFID authentication scheme allows a legitimate reader to authenticate a tag, and at the same time it assures the privacy of the tag against unauthorized tracing. In this paper, we revisit three elliptic-curve based untraceable RFID authentication protocols recently published and show they are not secure against active attacks and do not support the untraceability for tags. We also provide a new construction to solve such problems using the elliptic-curved based Schnorr signature technique. Our construction satisfies all requirements for RFID security and privacy including replay protection, impersonation resistance, untraceability, and forward privacy. It requires only two point scalar multiplications and two hash operations with two messages exchanges. Compared to previous works, our construction has better security and efficiency.
Keywords: ECC, RFID, authentication, privacy, untraceability (ID#: 15-6392)
URL: http://doi.acm.org/10.1145/2756601.2756610

Lakshmanan Nataraj, S. Karthikeyan, B.S. Manjunath. “SATTVA: SpArsiTy inspired classificaTion of malware VAriants.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 135-140. Doi: 10.1145/2756601.2756616
Abstract: There is an alarming increase in the amount of malware that is generated today. However, several studies have shown that most of these new malware are just variants of existing ones. Fast detection of these variants plays an effective role in thwarting new attacks. In this paper, we propose a novel approach to detect malware variants using a sparse representation framework. Exploiting the fact that most malware variants have small differences in their structure, we model a new/unknown malware sample as a sparse linear combination of other malware in the training set.  The class with the least residual error is assigned to the unknown malware. Experiments on two standard malware datasets, Malheur dataset and Malimg dataset, show that our method outperforms current state of the art approaches and achieves a classification accuracy of 98.55\% and 92.83\% respectively. Further, by using a confidence measure to reject outliers, we obtain 100\% accuracy on both datasets, at the expense of throwing away a small percentage of outliers. Finally, we evaluate our technique on two large scale malware datasets: Offensive Computing dataset (2,124 classes, 42,480 malware) and Anubis dataset (209 classes, 36,784 samples). On both datasets our method obtained an average classification accuracy of 77\%, thus making it applicable to real world malware classification.
Keywords: sparsity based classification, compressed sensing, malware variant classification, random projections (ID#: 15-6393)
URL: http://doi.acm.org/10.1145/2756601.2756616

Ji Won Yoon, Hyoungshick Kim, Hyun-Ju Jo, Hyelim Lee, Kwangsu Lee. “Visual Honey Encryption: Application to Steganography.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 65-74. Doi: 10.1145/2756601.2756606
Abstract: Honey encryption (HE) is a new technique to overcome the weakness of conventional password-based encryption (PBE). However, conventional honey encryption still has the limitation that it works only for binary bit streams or integer sequences because it uses a fixed distribution-transforming encoder (DTE). In this paper, we propose a variant of honey encryption called visual honey encryption which employs an adaptive DTE in a Bayesian framework so that the proposed approach can be applied to more complex domains including images and videos. We applied this method to create a new steganography scheme which significantly improves the security level of traditional steganography.
Keywords: honey encryption, multimedia, steganography (ID#: 15-6394)
URL: http://doi.acm.org/10.1145/2756601.2756606

William F. Bond, Ahmed Awad E.A. “Touch-based Static Authentication Using a Virtual Grid.” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 129-134. Doi: 10.1145/2756601.2756602
Abstract: Keystroke dynamics is a subfield of computer security in which the cadence of the typist's keystrokes are used to determine authenticity. The static variety of keystroke dynamics uses typing patterns observed during the typing of a password or passphrase. This paper presents a technique for static authentication on mobile tablet devices using neural networks for analysis of keystroke metrics. Metrics used in the analysis of typing are monographs, digraphs, and trigraphs. Monographs as we define them consist of the time between the press and release of a single key, coupled with the discretized x-y location of the keystroke on the tablet. A digraph is the duration between the presses of two consecutively pressed keys, and a trigraph is the duration between the press of a key and the press of a key two keys later. Our technique combines the analysis of monographs, digraphs, and trigraphs to produce a confidence measure. Our best equal error rate for distinguishing users from impostors is 9.3% for text typing, and 9.0% for a custom experiment setup that is discussed in detail in the paper.
Keywords: Bayesian fusion, back-propagation neural networks, digraphs, discretization, keystroke dynamics, mobile authentication, monographs, receiver operating characteristic curve, static authentication, trigraphs (ID#: 15-6395)
URL: http://doi.acm.org/10.1145/2756601.2756602

David Aucsmith. “Implications of Cyber Warfare;. IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 1-1. Doi: 10.1145/2756601.2756622
Abstract: Freedom of operation in cyberspace has become an object of contestation between nation states. Cyber warfare is emerging as a realistic threat. This talk will explore the implications of the development of cyberspace as a domain of warfare and how military theory developed for the other domains of war may be applicable to cyberspace. Far from being a completely different domain, the talk will demonstrate that cyberspace is simply an obvious evolution in conflict theory.
Keywords: conflict theory, cyber warfare, military theory (ID#: 15-6396)
URL: http://doi.acm.org/10.1145/2756601.2756622

Richard Chow. “IoT Privacy: Can We Regain Control?” IH&MMSec '15 Proceedings of the 3rd ACM Workshop on Information Hiding and Multimedia Security, June 2015, Pages 3-3. Doi: 10.1145/2756601.2756623
Abstract: Privacy is part of the Internet of Things (IoT) discussion because of the increased potential for sensitive data collection. In the vision for IoT, sensors penetrate ubiquitously into our physical lives and are funneled into big data systems for analysis. IoT data allows new benefits to end users - but also allows new inferences that erode privacy. The usual privacy mechanisms employed by users no longer work in the context of IoT. Users can no longer turn off a service (e.g., GPS), nor can they even turn off a device and expect to be safe from tracking. IoT means the monitoring and data collection is continuing even in the physical world. On a computer, we have at least a semblance of control and can in principle determine what applications are running and what data they are collecting. For example, on a traditional computer, we do have malware defenses - even if imperfect. Such defenses are strikingly absent for IoT, and it is unclear how traditional defenses can be applied to IoT. The issue of control is the main privacy problem in the context of IoT. Users generally don't know about all the sensors in the environment (with the potential exception of sensors in the user's own home). Present-day examples are WiFi MAC trackers and Google Glass, of course, but systems in the future will become even less discernible. In one sense, this is a security problem - detecting malicious devices or "environmental malware." But it is also a privacy problem - many sensor devices in fact want to be transparent to users (for instance, by adopting a traditional notice-and-consent model), but are blocked by the lack of a natural communication channel to the user. Even assuming communication mechanisms, we have complex usability problems. For instance, we need to understand what sensors a person might be worried about and in what contexts. Audio capture at home is different from audio capture in a lecture hall. What processing is done on the sensor data may also be important. A camera capturing video for purposes of gesture recognition may be less worrisome than for purposes of facial recognition (and, of course, the user needs assurance on the proclaimed processing). Finally, given the large number of "things", the problem of notice fatigue must be dealt with, or notifications will become no more useful than browser security warnings. In this talk, we discuss all these problems in detail, together with potential solutions.
Keywords: (not provided) (ID#: 15-6397)
URL: http://doi.acm.org/10.1145/2756601.2756623
 

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

International Conferences: Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP)

 

	International Conferences: Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP) Singapore

The IEEE Tenth International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP) was held April 7-9, 2015 in Singapore. While the research presented covers many aspects of cyber-physical systems, much of it has specific implications for the hard problems in the Science of Security, particularly resiliency. These works are cited here. Citations were recovered on July 2, 2015.

Nigussie, E.; Teng Xu; Potkonjak, M., "Securing Wireless Body Sensor Networks Using Bijective Function-Based Hardware Primitive," Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, vol., no., pp. 1, 6, 7-9 April 2015. doi: 10.1109/ISSNIP.2015.7106907
Abstract: We present a novel lightweight hardware security primitive for wireless body sensor networks (WBSNs). Security of WBSNs is crucial and the security solution must be lightweight due to resource constraints in the body senor nodes. The presented security primitive is based on digital implementation of bidirectional bijective function. The one-to-one input-output mapping of the function is realized using a network of lookup tables (LUTs). The bidirectionality of the function enables implementation of security protocols with lower overheads. The configuration of the interstage interconnection between the LUTs serves as the shared secret key. Authentication, encryption/decryption and message integrity protocols are formulated using the proposed security primitive. NIST randomness benchmark suite is applied to this security primitive and it passes all the tests. It also achieves higher throughput and requires less area than AES-CCM.
Keywords: body sensor networks; cryptographic protocols; table lookup; telecommunication security; wireless sensor networks; LUT; WBSN security; bidirectional bijective function; bijective function; body senor nodes; digital implementation; encryption-decryption; hardware primitive; lightweight hardware security primitive; lookup tables; message integrity protocols; one-to-one input-output mapping; resource constraints; securing wireless body sensor networks; security protocols; Authentication; Encryption; Protocols; Radiation detectors; Receivers; Table lookup (ID#: 15-6325)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106907&isnumber=7106892

Hoang Giang Do; Wee Keong Ng, "Privacy-Preserving Approach for Sharing And Processing Intrusion Alert Data," Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, vol., no., pp. 1, 6, 7-9 April 2015. doi: 10.1109/ISSNIP.2015.7106911
Abstract: Amplified and disrupting cyber-attacks might lead to severe security incidents with drastic consequences such as large property damage, sensitive information breach, or even disruption of the national economy. While traditional intrusion detection and prevention system might successfully detect low or moderate levels of attack, the cooperation among different organizations is necessary to defend against multi-stage and large-scale cyber-attacks. Correlating intrusion alerts from a shared database of multiple sources provides security analysts with succinct and high-level patterns of cyber-attacks - a powerful tool to combat with sophisticate attacks. However, sharing intrusion alert data raises a significant privacy concern among data holders, since publishing this information means a risk of exposing other sensitive information such as intranet topology, network services, and the security infrastructure. This paper discusses possible cryptographic approaches to tackle this issue. Organizers can encrypt their intrusion alert data to protect data confidentiality and outsource them to a shared server to reduce the cost of storage and maintenance, while, at the same time, benefit from a larger source of information for alert correlation process. Two privacy preserving alert correlation techniques are proposed under semi-honest model. These methods are based on attribute similarity and prerequisite/consequence conditions of cyber-attacks.
Keywords: cryptography; data privacy; intranets; cryptographic approach; cyber-attacks; intranet topology; intrusion alert data processing; intrusion alert data sharing; large-scale cyber-attacks; network services; privacy-preserving approach; security infrastructure; Encryption; Sensors (ID#: 15-6326)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106911&isnumber=7106892

Silva, R.; Sa Silva, J.; Boavida, F., "A Symbiotic Resources Sharing IoT Platform in the Smart Cities Context," Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, vol., no., pp.1,6, 7-9 April 2015. doi: 10.1109/ISSNIP.2015.7106922
Abstract: Large urban areas are nowadays covered by millions of wireless devices, including not only cellular equipment carried by their inhabitants, but also several ubiquitous and pervasive platforms used to monitor and/or actuate on a variety of phenomena in the city area. Whereas the former are increasingly powerful devices equipped with advanced processors, large memory capacity, high bandwidth, and several wireless interfaces, the latter are typically resource constrained systems. Despite their differences, both kinds of systems share the same ecosystem, and therefore, it is possible to build symbiotic relationships between them. Our research aims at creating a resource-sharing platform to support such relationships, in the perspective that resource unconstrained devices can assist constrained ones, while the latter can extend the features of the former. Resource sharing between heterogeneous networks in an urban area poses several challenges, not only from a technical point of view, but also from a social perspective. In this paper we present our symbiotic resource-sharing proposal while discussing its impact on networks and citizens. 
Keywords: Internet of Things; mobile computing; resource allocation; smart cities; heterogeneous networks; mobile devices; pervasive platform; resource constrained systems; resource unconstrained devices; smart cities context; social perspective; symbiotic relationships; symbiotic resources sharing IoT platform; ubiquitous platform; wireless devices; Cities and towns; Mobile communication; Mobile handsets; Security; Symbiosis; Wireless communication; Wireless sensor networks (ID#: 15-6327)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106922&isnumber=7106892

Alohali, B.A.; Vassialkis, V.G., "Secure And Energy-Efficient Multicast Routing in Smart Grids," Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, vol., no., pp. 1, 6, 7-9 April 2015. doi: 10.1109/ISSNIP.2015.7106929
Abstract: A smart grid is a power system that uses information and communication technology to operate, monitor, and control data flows between the power generating source and the end user. It aims at high efficiency, reliability, and sustainability of the electricity supply process that is provided by the utility centre and is distributed from generation stations to clients. To this end, energy-efficient multicast communication is an important requirement to serve a group of residents in a neighbourhood. However, the multicast routing introduces new challenges in terms of secure operation of the smart grid and user privacy. In this paper, after having analysed the security threats for multicast-enabled smart grids, we propose a novel multicast routing protocol that is both sufficiently secure and energy efficient. We also evaluate the performance of the proposed protocol by means of computer simulations, in terms of its energy-efficient operation.
Keywords: data flow computing; data privacy; multicast protocols; power system analysis computing; power system reliability; routing protocols; smart power grids; telecommunication security; data flow control; data flow monitoring; data flow operation; electricity supply high efficiency; electricity supply reliability; electricity supply sustainability; end user; energy-efficient multicast communication; energy-efficient multicast routing; generation stations; information-and-communication technology; multicast-enabled smart grids; power generating source; power system ;secure multicast routing protocol; security threats; user privacy; utility centre; Authentication; Protocols; Public key; Routing; Smart meters; Multicast; Secure Routing; Smart Grid (ID#: 15-6328)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106929&isnumber=7106892

Saleh, M.; El-Meniawy, N.; Sourour, E., "Routing-Guided Authentication in Wireless Sensor Networks," Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, vol., no., pp.1,6, 7-9 April 2015. doi: 10.1109/ISSNIP.2015.7106939
Abstract: Entity authentication is a crucial security objective since it enables network nodes to verify the identity of each other. Wireless Sensor Networks (WSNs) are composed of a large number of possibly mobile nodes, which are limited in computational, storage and energy resources. These characteristics pose a challenge to entity authentication protocols and security in general. We propose an authentication protocol whose execution is integrated within routing. This is in contrast to currently proposed protocols, in which a node tries to authenticate itself to other nodes without an explicit tie to the underlying routing protocol. In our protocol, nodes discover shared keys, authenticate themselves to each other and build routing paths all in a synergistic way.
Keywords: cryptographic protocols; mobile radio; routing protocols; wireless sensor networks; WSN routing protocol; entity authentication protocol; wireless sensor network mobile node; Ad hoc networks; Cryptography; Media Access Protocol; Mobile computing; Wireless sensor networks (ID#: 15-6329)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106939&isnumber=7106892

Bose, T.; Bandyopadhyay, S.; Ukil, A.; Bhattacharyya, A.; Pal, A., "Why Not Keep Your Personal Data Secure Yet Private in IoT?: Our Lightweight Approach," Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, vol., no., pp. 1, 6, 7-9 April 2015. doi: 10.1109/ISSNIP.2015.7106942
Abstract: IoT (Internet of Things) systems are resource-constrained and primarily depend on sensors for contextual, physiological and behavioral information. Sensitive nature of sensor data incurs high probability of privacy breaching risk due to intended or malicious disclosure. Uncertainty about privacy cost while sharing sensitive sensor data through Internet would mostly result in overprovisioning of security mechanisms and it is detrimental for IoT scalability. In this paper, we propose a novel method of optimizing the need for IoT security enablement, which is based on the estimated privacy risk of shareable sensor data. Particularly, our scheme serves two objectives, viz. privacy risk assessment and optimizing the secure transmission based on that assessment. The challenges are, firstly, to determine the degree of privacy, and evaluate a privacy score from the fine-grained sensor data and, secondly, to preserve the privacy content through secure transfer of the data, adapted based on the measured privacy score. We further meet this objective by introducing and adapting a lightweight scheme for secure channel establishment between the sensing device and the data collection unit/ backend application embedded within CoAP (Constrained Application Protocol), a candidate IoT application protocol and using UDP as a transport. We consider smart energy management, a killer IoT application, as the use-case where smart energy meter data contains private information about the residents. Our results with real household smart meter data demonstrate the efficacy of our scheme.
Keywords: Internet; Internet of Things; data privacy; energy management systems; risk management; security of data; transport protocols; CoAP; Internet; Internet of Things systems; UDP; behavioral information; constrained application protocol; contextual information; data collection unit; fine-grained sensor data; loT scalability; loT security enablement; malicious disclosure; personal data privacy; personal data security; physiological information; privacy breaching risk; privacy risk assessment; resource-constrained loT systems; shareable sensor data; smart energy management; Encryption; IP networks; Optimization; Physiology; Privacy; Sensitivity; CoAP; IoT; Lightweight; Privacy; Security; Smart meter (ID#: 15-6330)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106942&isnumber=7106892

Unger, S.; Timmermann, D., "DPWSec: Devices profile for Web Services Security," Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, vol., no., pp. 1, 6, 7-9 April 2015. doi: 10.1109/ISSNIP.2015.7106961
Abstract: As cyber-physical systems (CPS) build a foundation for visions such as the Internet of Things (IoT) or Ambient Assisted Living (AAL), their communication security is crucial so they cannot be abused for invading our privacy and endangering our safety. In the past years many communication technologies have been introduced for critically resource-constrained devices such as simple sensors and actuators as found in CPS. However, many do not consider security at all or in a way that is not suitable for CPS. Also, the proposed solutions are not interoperable although this is considered a key factor for market acceptance. Instead of proposing yet another security scheme, we looked for an existing, time-proven solution that is widely accepted in a closely related domain as an interoperable security framework for resource-constrained devices. The candidate of our choice is the Web Services Security specification suite. We analysed its core concepts and isolated the parts suitable and necessary for embedded systems. In this paper we describe the methodology we developed and applied to derive the Devices Profile for Web Services Security (DPWSec). We discuss our findings by presenting the resulting architecture for message level security, authentication and authorization and the profile we developed as a subset of the original specifications. We demonstrate the feasibility of our results by discussing the proof-of-concept implementation of the developed profile and the security architecture.
Keywords: Internet; Internet of Things; Web services; ambient intelligence; assisted living; security of data; AAL; CPS; DPWSec; IoT; ambient assisted living; communication security; cyber-physical system; devices profile for Web services security; interoperable security framework; message level security; resource-constrained devices; Authentication; Authorization; Cryptography; Interoperability; Applied Cryptography; Cyber-Physical Systems (CPS); DPWS; Intelligent Environments; Internet of Things (IoT); Usability (ID#: 15-6331)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106961&isnumber=7106892

Van den Abeele, F.; Vandewinckele, T.; Hoebeke, J.; Moerman, I.; Demeester, P., "Secure Communication in IP-Based Wireless Sensor Networks via aTrusted Gateway," Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, vol., no., pp. 1, 6, 7-9 April 2015. doi: 10.1109/ISSNIP.2015.7106963
Abstract: As the IP-integration of wireless sensor networks enables end-to-end interactions, solutions to appropriately secure these interactions with hosts on the Internet are necessary. At the same time, burdening wireless sensors with heavy security protocols should be avoided. While Datagram TLS (DTLS) strikes a good balance between these requirements, it entails a high cost for setting up communication sessions. Furthermore, not all types of communication have the same security requirements: e.g. some interactions might only require authorization and do not need confidentiality. In this paper we propose and evaluate an approach that relies on a trusted gateway to mitigate the high cost of the DTLS handshake in the WSN and to provide the flexibility necessary to support a variety of security requirements. The evaluation shows that our approach leads to considerable energy savings and latency reduction when compared to a standard DTLS use case, while requiring no changes to the end hosts themselves.
Keywords: IP networks; Internet; authorisation; computer network security; energy conservation; internetworking; protocols; telecommunication power management; trusted computing; wireless sensor networks; DTLS handshake; Internet; WSN authorization; communication security; datagram TLS; end-to-end interactions; energy savings; heavy security protocol; latency reduction; trusted gateway; wireless sensor network IP integration; Bismuth; Cryptography; Logic gates; Random access memory; Read only memory; Servers; Wireless sensor networks;6LoWPAN;CoAP;DTLS;Gateway;IP;IoT; Wireless sensor networks (ID#: 15-6332)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106963&isnumber=7106892

Kurniawan, A.; Kyas, M., "A Trust Model-Based Bayesian Decision Theory in Large Scale Internet of Things," Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, vol., no., pp. 1, 5, 7-9 April 2015. doi: 10.1109/ISSNIP.2015.7106964
Abstract: In addressing the growing problem of security of Internet of Things, we present, from a statistical decision point of view, a naval approach for trust-based access control using Bayesian decision theory. We build a trust model, TrustBayes which represents a trust level for identity management in IoT. TrustBayes model is be applied to address access control on uncertainty environment where identities are not known in advance. The model consists of EX (Experience), KN (Knowledge) and RC (Recommendation) values which is be obtained in measurement while a IoT device requests to access a resource. A decision will be taken based model parameters and be computed using Bayesian decision rules. To evaluate our a trust model, we do a statistical analysis and simulate it using OMNeT++ to investigate battery usage. The simulation result shows that the Bayesian decision theory approach for trust based access control guarantees scalability and it is energy efficient as increasing number of devices and not affecting the functioning and performance.
Keywords: Bayes methods; Internet of Things; authorisation; decision theory; statistical analysis; Bayesian decision rules; EX value; KN value; OMNeT++; RC value; TrustBayes model; battery usage; experience value; identity management; knowledge value; large scale Internet-of-things; recommendation value; statistical analysis; statistical decision point; trust model-based Bayesian decision theory; trust-based access control; uncertainty environment; Batteries; Communication system security; Scalability; Wireless communication; Wireless sensor networks; Access Control; Decision making; Decision theory; Trust Management (ID#: 15-6333)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106964&isnumber=7106892

Ozvural, G.; Kurt, G.K., "Advanced Approaches for Wireless Sensor Network Applications and Cloud Analytics," Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, vol., no., pp. 1, 5, 7-9 April 2015. doi: 10.1109/ISSNIP.2015.7106979
Abstract: Although wireless sensor network applications are still at early stages of development in the industry, it is obvious that it will pervasively come true and billions of embedded microcomputers will become online for the purpose of remote sensing, actuation and sharing information. According to the estimations, there will be 50 billion connected sensors or things by the year 2020. As we are developing first to market wireless sensor-actuator network devices, we have chance to identify design parameters, define technical infrastructure and make an effort to meet scalable system requirements. In this manner, required research and development activities must involve several research directions such as massive scaling, creating information and big data, robustness, security, privacy and human-in-the-loop. In this study, wireless sensor networks and Internet of things concepts are not only investigated theoretically but also the proposed system is designed and implemented end-to-end. Low rate wireless personal area network sensor nodes with random network coding capability are used for remote sensing and actuation. Low throughput embedded IP gateway node is developed utilizing both random network coding at low rate wireless personal area network side and low overhead websocket protocol for cloud communications side. Service-oriented design pattern is proposed for wireless sensor network cloud data analytics.
Keywords: IP networks; Internet of Things; cloud computing; data analysis; microcomputers; network coding; personal area networks; protocols; random codes; remote sensing; service-oriented architecture; wireless sensor networks; Internet of things concept; actuation; cloud communications side; cloud data analytics; design parameter identification; embedded microcomputer; information sharing; low throughput embedded IP gateway; overhead websocket protocol; random network coding capability; service-oriented design pattern; wireless personal area network sensor node; wireless sensor-actuator network device; IP networks; Logic gates; Network coding; Protocols; Relays; Wireless sensor networks; Zigbee (ID#: 15-6334)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106979&isnumber=7106892

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

International Conferences: SIGMETRICS ’15, Portland Oregon

 

	International Conferences: SIGMETRICS ’15  Portland, Oregon

The ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS) is the flagship conference of the ACM special interest group for the computer systems performance evaluation community. The 2015 conference was held from June 16-18, 2015 in Portland, Oregon. “Spy vs. Spy: Rumor Source Obfuscation,” by Giulia Fanti (UC Berkeley); Peter Kairouz (University of Illinois at Urbana-Champaign); Sewoong Oh (University of Illinois at Urbana-Champaign); Pramod Viswanath (University of Illinois at Urbana-Champaign) was named Best Paper.

The works cited here specifically relate to the Science of Security and were among 63 papers presented. They were recovered pn July 8, 2015. The conference web page is available at http://www.sigmetrics.org/sigmetrics2015/.   

Giulia Fanti, Peter Kairouz, Sewoong Oh, Pramod Viswanath. “Spy vs. Spy: Rumor Source Obfuscation.” SIGMETRICS '15 Proceedings of the 2015 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, Pages 271-284, June 2015. Doi: 10.1145/2745844.2745866
Abstract: Anonymous messaging platforms, such as Secret, Yik Yak and Whisper, have emerged as important social media for sharing one's thoughts without the fear of being judged by friends, family, or the public. Further, such anonymous platforms are crucial in nations with authoritarian governments; the right to free expression and sometimes the personal safety of the author of the message depend on anonymity. Whether for fear of judgment or personal endangerment, it is crucial to keep anonymous the identity of the user who initially posted a sensitive message. In this paper, we consider an adversary who observes a snapshot of the spread of a message at a certain time. Recent advances in rumor source detection shows that the existing messaging protocols are vulnerable against such an adversary. We introduce a novel messaging protocol, which we call adaptive diffusion, and show that it spreads the messages fast and achieves a perfect obfuscation of the source when the underlying contact network is an infinite regular tree: all users with the message are nearly equally likely to have been the origin of the message. Experiments on a sampled Facebook network show that it effectively hides the location of the source even when the graph is finite, irregular and has cycles.
Keywords: anonymous social media, privacy, rumor spreading (ID#: 15-6398)
URL: http://doi.acm.org/10.1145/2745844.2745866

Saleh Soltan, Mihalis Yannakakis, Gil Zussman. “Joint Cyber and Physical Attacks on Power Grids: Graph Theoretical Approaches for Information Recovery.” ACM SIGMETRICS Performance Evaluation Review, Volume 43, Issue 1, Pages 361-374, June 2015. Doi: 10.1145/2745844.2745846
Abstract: Recent events demonstrated the vulnerability of power grids to cyber attacks and to physical attacks. Therefore, we focus on joint cyber and physical attacks and develop methods to retrieve the grid state information following such an attack. We consider a model in which an adversary attacks a zone by physically disconnecting some of its power lines and blocking the information flow from the zone to the grid's control center. We use tools from linear algebra and graph theory and leverage the properties of the power flow DC approximation to develop methods for information recovery. Using information observed outside the attacked zone, these methods recover information about the disconnected lines and the phase angles at the buses. We identify sufficient conditions on the zone structure and constraints on the attack characteristics such that these methods can recover the information. We also show that it is NP-hard to find an approximate solution to the problem of partitioning the power grid into the minimum number of attack-resilient zones. However, since power grids can often be represented by planar graphs, we develop a constant approximation partitioning algorithm for these graphs. Finally, we numerically study the relationships between the grid's resilience and its structural properties, and demonstrate the partitioning algorithm on real power grids. The results can provide insights into the design of a secure control network for the smart grid.
Keywords: algorithms, cyber attacks, graph theory, information recovery, physical attacks, power grids (ID#: 15-6399)
URL:  http://doi.acm.org/10.1145/2745844.2745846

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---