International Security Related Conferences
 |
International Security Related Conferences |
The following pages provide highlights of Science of Security related research presented at the international conferences below.
(ID#: 15-7304)
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.
International Conferences: AINA 2015, Korea
|
International Conferences: AINA 2015 Korea |
The 29th IEEE International Conference on Advanced Information Networking and Applications (AINA) and the Advanced Information Networking and Applications Workshop (WAINA) were held in Gwangju, Korea from March 25 to March 27, 2015. AINA addresses advanced networking and the explosive growth in the areas of pervasive and mobile applications, multimedia computing and social networking, semantic collaborative systems, Grid, P2P, and Cloud Computing. The works cited here are deemed relevant to the Science of Security.
Chen Yang; Bo Qin; Xiuwen Zhou; Yang Sun; Shuangyu He; Qianhong Wu, “Privacy-Preserving Traffic Monitoring in Vehicular Ad Hoc Networks,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 22–24, 24–27 March 2015. doi:10.1109/WAINA.2015.31
Abstract: Most modern metropolitan cities have suffered from increasing traffic accidents and jams. Vehicular ad hoc network (VANET), consisting of information collecting, processing and transmitting units embedded in vehicles assisted by roadside infrastructures, has been proposed as one the most promising solution to problems introduced by the increasing number of vehicles in modern cities. To achieve the goal, it is crucial to allow the transportation administration center to collect information about the traffic and road status through VANET. A major obstacle in this scenario is the privacy concern on the vehicles. To address this issue, this paper proposes a generic privacy-preserving traffic monitoring framework which allows individual vehicle driving status and the road usage information are collected while the privacy of the vehicles is well preserved. This goal is achieved by the novel technology of distinguishing individual vehicles with their spatio-temporal occupations. The continual change of spatio-temporal identities provides privacy for vehicles in a natural way, which remains nonetheless traceable by a trusted authority to prevent misbehaving vehicles from abuse the privacy-preserving mechanism provided by the system.
Keywords: telecommunication traffic; vehicular ad hoc networks; individual vehicle driving status; information collection; privacy-preserving traffic monitoring; road usage information; roadside infrastructure; spatio-temporal identity; transportation adminstration center; vehicle privacy; vehicular ad hoc network; Monitoring; Privacy; Protocols; Roads; Security; Vehicles; Vehicular ad hoc networks; VANET; traffic monitoring (ID#: 15-6750)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096141&isnumber=7096097
Hernandez Ramos, J.L.; Bernal Bernabe, J.; Skarmeta, A.F., “Managing Context Information for Adaptive Security in IoT Environments,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 676–681, 24–27 March 2015. doi:10.1109/WAINA.2015.55
Abstract: Pervasive computing is becoming a reality due to the rise of the so-called Internet of Things (IoT). In this paradigm, everyday and physical objects are being equipped with capabilities to detect and communicate information they receive from their environment, turning them into smart objects. However, such entities are usually deployed on environments with changing and dynamic conditions, which can be used by them to modify their operation or behavior. Under the foundations of EU FP7 SocIoTal project, this work provides an overview about how contextual information can be taken into account by smart objects when making security decisions, by considering such information as a first-class component, in order to realize the so-called context-aware security on IoT scenarios.
Keywords: Internet of Things; decision making; security of data; EU FP7 SocIoTal project; IoT environments; adaptive security; context information management; context-aware security; pervasive computing; security decision making; smart objects; Access control; Context; Context modeling; Privacy; Protocols; Smart phones; Adaptive Security; Pervasive Computing (ID#: 15-6751)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096255&isnumber=7096097
Bruce, Ndibanje.; HyunHo Kim; Young-Jin Kang; Young-Sil Lee; Hoon Jae Lee, “On Modeling Protocol-Based Clustering Tag in RFID Systems with Formal Security Analysis,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 498–505, 24–27 March 2015. doi:10.1109/AINA.2015.227
Abstract: This paper presents an efficiency and adaptive cryptographic protocol to ensure users’ privacy and data integrity in RFID system. Radio Frequency Identification technology offers more intelligent systems and applications, but privacy and security issues have to be addressed before and after its adoption. The design of the proposed model is based on clustering configuration of the involved tags where they interchange the data with the reader whenever it sends a request. This scheme provides a strong mutual authentication framework that suits for real heterogeneous RFID applications such as in supply-chain management systems, healthcare monitoring and industrial environment. In addition, we contribute with a mathematical analysis to the delay analysis and optimization in a clustering topology tag-based. Finally, a formal security and proof analysis is demonstrated to prove the effectiveness of the proposed protocol and that achieves security and privacy.
Keywords: cryptographic protocols; mathematical analysis; radiofrequency identification; supply chain management; telecommunication security; RFID systems; cryptographic protocol; delay analysis; healthcare monitoring and industrial environment; intelligent systems; protocol-based clustering tag; radio frequency identification; security analysis; supply-chain management systems; Authentication; Delays; Indexes; Protocols; Radiofrequency identification; Servers; RFID; authentication; cryptography protocol; privacy; security (ID#: 15-6752)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098012&isnumber=7097928
Yamaguchi, H.; Gotaishi, M.; Sheu, P.C.-Y.; Tsujii, S., “Privacy Preserving Data Processing,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 714–719, 24–27 March 2015. doi:10.1109/AINA.2015.258
Abstract: A data processing functions are expected as a key-issue of knowledge-intensive service functions in the Cloud computing environment. Cloud computing is a technology that evolved from technologies of the field of virtual machine and distributed computing. However, these unique technologies brings unique privacy and security problems concerns for customers and service providers due to involvement of expertise (such as knowledge, experience, idea, etc.) in data to be processed. We propose the cryptographic protocols preserving the privacy of users and confidentiality of the problem solving servers.
Keywords: cloud computing; cryptographic protocols; data privacy; virtual machines; cloud computing environment; data processing functions; distributed computing; knowledge-intensive service functions; privacy preserving data processing; problem solving server confidentiality; virtual machine; Data processing; Indexes; Information retrieval; Security; Servers; Web services; Cloud Computing; Cryptographic Protocol; Privacy (ID#: 15-6753)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098043&isnumber=7097928
Bui, T.V.; Nguyen, T.D.; Sonehara, N.; Echizen, I., “Efficient Authentication, Traitor Detection, and Privacy-Preserving for the Most Common Queries in Two-Tiered Wireless Sensor Networks,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 365–372, 24–27 March 2015. doi:10.1109/AINA.2015.208
Abstract: Wireless Sensor Networks (WSNs) are being used more and more and are becoming a key technology in applications ranging from military ones to ones used in daily life. There are basic architectures: one comprising sensors and a server and one comprising sensors, a server, and storage nodes between them (“two-tiered architecture”). We investigate this second type as it has many advantages in terms of energy usage, computation, and data transmission. Although two-tiered wireless sensor networks have many advantages, security is a critical due to three main problems. First, sensors located in hostile areas can be surreptitiously replaced with fake ones that send bogus data. Second, an attacker could install new sensors with valid authentication keys that send bogus data to storage nodes and deceive the server. Third, a storage nodes could be compromised and reveal data received from sensors. Therefore, the server must authenticate sensors before accepting data from them, detect whether a key was intercepted and identify which one, and handle the most common queries while preserving the privacy of data received from storage nodes. We have developed a novel solution using Non-Adaptive Group Testing that enables a server to perform these tasks efficiently and effectively. This solution is secure with high probability against an attack that tries to guess sensor data and thus protects data confidentiality.
Keywords: data privacy; message authentication; probability; telecommunication security; wireless sensor networks; WSN; attacker; authentication keys; common queries; data confidentiality; data privacy; data transmission; energy usage; non-adaptive group testing; sensor data; storage nodes; two-tiered architecture; two-tiered wireless sensor networks; Authentication; Concatenated codes; Decoding; Reed-Solomon codes; Servers; Testing; Wireless sensor networks; Common Query; Group Testing; List Decoding; Privacy-preserving; Wireless Sensor Network (ID#: 15-6754)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7097993&isnumber=7097928
Miguel, J.; Caballe, S.; Xhafa, F.; Snasel, V., “A Data Visualization Approach for Trustworthiness in Social Networks for On-line Learning,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 490–497, 24–27 March 2015. doi:10.1109/AINA.2015.226
Abstract: Up to now, the problem of ensuring collaborative activities in e-Learning against dishonest students’ behaviour has been mainly tackled with technological security solutions. Over the last years, technological security solutions have evolved from isolated security approaches based on specific properties, such as privacy, to holistic models based on technological security comprehensive solutions, such as public key infrastructures, biometric models and multidisciplinary approaches from different research areas. Current technological security solutions are feasible in many e-Learning scenarios but on-line assessment involves certain requirements that usually bear specific security challenges related to e-Learning design. In this context, even the most advanced and comprehensive technological security solutions cannot cope with the whole scope of e-Learning vulnerabilities. To overcome these deficiencies, our previous research aimed at incorporating information security properties and services into on-line collaborative e-Learning by a functional approach based on trustworthiness assessment and prediction. In this paper, we present a peer-to-peer on-line assessment approach carried out in a real on-line course developed in our real e-Learning context of the Open University of Catalonia. The design presented in this paper is conducted by our trustworthiness security methodology with the aim of building peer-to-peer collaborative activities, which enhances security e-Learning requirements. Eventually, peer-to-peer visualizations methods are proposed to manage security e-Learning events, as well as on-line visualization through peer-to-peer tools, intended to analyse collaborative relationship.
Keywords: computer aided instruction; data visualisation; social networking (online); trusted computing; Open University of Catalonia; biometric models; data visualization approach; e-learning; holistic models; information security properties; information security services; multidisciplinary approaches; online learning; peer-to-peer collaborative activities; peer-to-peer on-line assessment; public key infrastructures; social networks; student behaviour; technological security; technological security comprehensive solutions; trustworthiness assessment; trustworthiness security methodology; Collaboration; Context; Electronic learning; Peer-to-peer computing; Security; Social network services; Visualization; Information security; computer-supported collaborative learning; on-line assessment; peer-to-peer analysis; trustworthiness (ID#: 15-6755)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098011&isnumber=7097928
Ssembatya, R.; Kayem, A.V.D.M., “Secure and Efficient Mobile Personal Health Data Sharing in Resource Constrained Environments,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 411–416, 24–27 March 2015. doi:10.1109/WAINA.2015.113
Abstract: Although personal health record (PHR) systems are widely used in the developed world, little has been done to explore the utility of these PHR systems in the developing world. One of the key reasons behind this is the fact that a lot of areas in the developing world suffer from technological impediments that are a result of poor infrastructure, low literacy, intermittent power connectivity, and unstable bandwidth connectivity. In technological resource constrained environments such as these, deploying standard PHR systems is challenging and so it makes sense to redesign these systems to cope with the environmental limitations in order to offer users a usable and reliable platform. Furthermore, healthcare data is inherently privacy and security sensitive so, in re-designing the PHR system the security and privacy requirements need also be taken into consideration. The idea in this case, is to opt for security mechanisms that offer the same levels of security as is the case in the standard PHR systems that are used in the developed world, but that are also lightweight in terms of performance and storage overhead. In this paper, based on the observation that mobile phone use is widely proliferated in developing countries, we propose an access control framework supported by identity-based encryption for a secure Mobile-PHR system. Results from our prototype evaluation (laboratory and field studies) indicate that the proposed IBE scheme effectively secures PHRs beyond the healthcare provider’s security domain and is efficient performance-wise.
Keywords: access control; biomedical communication; cryptography; health care; mobile handsets; personal communication networks; telecommunication network reliability; IBE scheme; access control framework; healthcare providers security domain; identity-based encryption; intermittent power connectivity; mobile PHR system security; mobile personal health data sharing security efficiency; mobile phone; performance-wise efficiency; personal health record systems; privacy sensitivity; reliability systems; resource constrained environments; security sensitivity mechanism; storage overhead; technological impediments; unstable bandwidth connectivity; usability systems; Cryptography; Hospitals; Mobile communication; Mobile handsets; Servers; Identity-Based Encryption; Mobile; Personal Health Records; Resource Constrained Computing; Usable Security (ID#: 15-6756)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096210&isnumber=7096097
Ahmad, M.; Pervez, Z.; Byeong Ho Kang; Sungyoung Lee, “O-Bin: Oblivious Binning for Encrypted Data over Cloud,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 352–357,
24–27 March 2015. doi:10.1109/AINA.2015.206
Abstract: In recent years, the data growth rate has been observed growing at a staggering rate. Considering data search as a primitive operation and to optimize this process on large volume of data, various solution have been evolved over a period of time. Other than finding the precise similarity, these algorithms aim to find the approximate similarities and arrange them into bins. Locality sensitive hashing (LSH) is one such algorithm that discovers probable similarities prior calculating the exact similarity thus enhance the overall search process in high dimensional search space. Realizing same strategy for encrypted data and that too in public cloud introduces few challenges to be resolved before probable similarity discovery. To address these issues and to formalize a similar strategy like LSH, in this paper we have formalized a technique O-Bin that is designed to work over encrypted data in cloud. By exploiting existing cryptographic primitives, O-Bin preserves the data privacy during the similarity discovery for the binning process. Our experimental evaluation for O-Bin produces results similar to LSH for encrypted data.
Keywords: cloud computing; cryptography; data privacy; information retrieval; LSH; O-Bin; approximate similarities; cryptographic primitives; data growth rate; data search; encrypted data; high dimensional search space; locality sensitive hashing; oblivious binning process; probable similarity discovery; public cloud; search process; Cloud computing; Data privacy; Encryption; Outsourcing; Servers; Binning; Cloud; Security and Privacy; Similarity discovery (ID#: 15-6757)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7097991&isnumber=7097928
Peng Chen; Jun Ye; Xiaofeng Chen, “A New Efficient Request-Based Comparable Encryption Scheme,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on , vol., no., pp. 436–439, 24–27 March 2015. doi:10.1109/WAINA.2015.10
Abstract: Privacy-preserving comparisons over encrypted database is a hot topic in the current academic research. Recently, Furukawa [7] introduced a new primitive called request-based comparable encryption (comparable encryption for short) to achieve this target. However, one disadvantage of comparable encryption is that huge of the token and cipher text are required in the scheme and thus the computation and storage overload is heavy. In this paper, we propose an improved comparable encryption scheme by using the sliding window method, which is more efficient in the computation and storage workload than Furukawa’s scheme. Besides, the proposed scheme allows the users to obtain a variable trade-off between security and efficiency through adaptively setting the window size.
Keywords: cryptography; user interfaces; Furukawa scheme; ciphertext; computation and storage workload; database encryption; privacy-preserving comparisons; request-based comparable encryption scheme efficiency; sliding window method; window size; Computational efficiency; Conferences; Databases; Electronic mail; Encryption; comparable encryption; efficiency; security; sliding window (ID#: 15-6758)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096214&isnumber=7096097
Iso, Y.; Saito, T., “A Proposal and Implementation of an ID Federation that Conceals a Web Service from an Authentication Server,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 347–351, 24–27 March 2015. doi:10.1109/AINA.2015.205
Abstract: Recently, it is becoming more common for a website to authenticate its users with an external identity provider by using Open ID Authentication or Security Assertion Markup Language. However, such authentication schemes tell the identity provider where the user is going. Consequently, for instance, an identity provider can track its users and refuse access to services offered by competitors. In this paper, we propose an authentication method whereby an identity provider cannot track users.
Keywords: Web services; XML; authorisation; ID Federation; OpenID authentication; Web service; authentication method; authentication server; identity provider; security assertion markup language; Authentication; Browsers; Cryptography; Privacy; Servers; Uniform resource locators; Federated identity; OpenID; Single Sign-On (ID#: 15-6759)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7097990&isnumber=7097928
Tao Li; Hao Yang; Yilei Wang; Qiuliang Xu, “The Electronic Voting in the Presence of Rational Voters,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 293–296, 24–27 March 2015. doi:10.1109/WAINA.2015.15
Abstract: The most distinct character of electronic voting is that voters need not to vote at a certain ballot box. With the development of Internet, electronic voting is becoming an important field in electronic commerce. The basic security requirements for electronic voting are anonymity of the voters, privacy and fairness of the votes. In fact, electronic voting can be regarded as a multi-party computation, where distributed parties wish to securely compute the votes in electronic voting systems. In this paper, we redefined the types of parties in electronic voting by using definitions in rational multi-party computation. More specifically, voters are regarded as rational other than honest or malicious, where voting is considered as a social choice. Rational voters care about their utilities when they decide to vote. We first present a rational secret sharing scheme (RSSS) and then construct an electronic voting protocol based on this RSSS.
Keywords: game theory; government data processing; security of data; RSSS; electronic voting protocol; rational secret sharing scheme; rational voters; social choice; Cryptography; Electronic voting; Electronic voting systems; Game theory; Privacy; Protocols; Nash equilibrium; Rational secret sharing; Utility (ID#: 15-6760)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096190&isnumber=7096097
Sakpere, A.B.; Kayem, A.V.D.M.; Ndlovu, T., “A Usable and Secure Crime Reporting System for Technology Resource Constrained Context,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 424–429, 24–27 March 2015. doi:10.1109/WAINA.2015.97
Abstract: Crime in technology resource constrained environments has been shown to adversely affect economic growth by deterring investment and triggering emigration. To address this secure reporting channels are being investigated to encouraging anonymous crime reporting. In this paper, we present a system (Cry Help App) developed to enable residents of a university community situated in technology resource constrained environment to facilitate secure and covert crime reporting. We focus primarily on the usability of the application. The system was developed on the basis of user centric iterative approach. Deployment and evaluation results of our prototype system demonstrate that overall the system scored a 77.06% usability rating with a standard deviation of 0.05 for contributing scores on System Use, Information Quality and Interface Quality. This is indicative of the fact that users found the system to be very usable.
Keywords: police data processing; security of data; Cry Help App; covert crime reporting; information quality; interface quality; secure crime reporting system; technology resource constrained environment; university community; usable crime reporting system; user centric iterative approach; Androids; Humanoid robots; Mobile communication; Mobile handsets; Privacy; Prototypes; Standards (ID#: 15-6761)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096212&isnumber=7096097
Carnielli, A.; Aiash, M., “Will ToR Achieve Its Goals in the ‘Future Internet’? An Empirical Study of Using ToR with Cloud Computing,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 135–140, 24–27 March 2015. doi:10.1109/WAINA.2015.78
Abstract: With the wide development and deployment of mobile devices and gadgets, a larger number of users go online in so many aspects of their daily lives. The challenge is to enjoy the conveniences of online activities while limiting privacy scarifies. In response to the increasing number of online-hacking scandals, mechanisms for protecting users privacy continue to evolve. An example of such mechanisms is the Onion Router (ToR), a free software for enabling online anonymity and resisting censorship. Despite the fact that ToR is a dominant anonymizer in the current Internet, the emergence of new communication and inter-networking trends such as Cloud Computing, Software Defined Networks and Information Centric Networks places a question mark whether ToR will fulfil its promises with these trend of the “Future Internet”. This paper aims at answering the question by implementing ToR on a number of Cloud platforms and discussing the security properties of ToR.
Keywords: cloud computing; data protection; security of data; Internet; ToR; communication trends; dominant anonymizer; information centric networks; internetworking trends; mobile devices; mobile gadgets; online activities; online anonymity; online-hacking scandals; security properties; software defined networks; the onion router; user privacy protection; Cloud computing; IP networks; Public key; Relays; Servers; (ID#: 15-6762)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096160&isnumber=7096097
Kaneko, Y.; Saito, T.; Kikuchi, H., “Cryptographic Operation Load-Balancing between Cryptographic Module and CPU,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 698–705,
24–27 March 2015. doi:10.1109/AINA.2015.256
Abstract: Mobile devices such as smartphones and tables have permeated into our daily lives and are now often indispensable because of the constant Internet access they provide. Furthermore, with ever increasing concerns regarding privacy and security, it has become popular to utilize cryptographic operations when accessing Web application servers from such devices. However, since such operations cause high loading on the central processing units (CPUs) of personal computers (PCs) or servers, mobile device CPUs now often come equipped with hardware cryptographic modules. These cryptographic modules are frequently utilized by many mobile device applications via a process known as offloading. However, when all cryptographic operations can be offloaded to cryptographic modules, device CPUs may become idle, which is an ineffective use of total computing resources. In this paper, we propose the simultaneous balanced offloading of cryptographic operations to the cryptographic module of an AM3358 processor and CPU via load-balancing and then evaluate the performance of our implementation. We evaluated our proposed system and concluded that while it is capable of working effectively, in most cases files smaller than approximately 1000 bytes can be executed faster via the CPU alone, whereas when files are larger than 1000 bytes, the proposed system is faster. In the case of encrypting or decrypting a 7 Kbyte file, our proposed system is twice as fast as ‘CPU only’ operation.
Keywords: Internet; cryptography; microcomputers; resource allocation; smart phones; AM3358 processor; CPU; PC privacy; Web application servers; central processing units; constant Internet access; cryptographic operation load balancing; decryption process; encryption process; hardware cryptographic module; mobile device security; personal computer; Arrays; Central Processing Unit; Encryption; Engines; Linux; Mobile handsets; cryptographic module; offloading (ID#: 15-6763)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098041&isnumber=7097928
Hyunsu Jang; Jaehoon Jeong; Hyoungshick Kim; Jung-Soo Park, “A Survey on Interfaces to Network Security Functions in Network Virtualization,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 160–163, 24–27 March 2015. doi:10.1109/WAINA.2015.103
Abstract: Network Functions Virtualization (NFV) opens new opportunities and challenges for security community. Unlike existing physical network infrastructure, in a virtualized network platform, security services can be dynamically deployed and maintained to cope with the threat of sophisticated network attacks that are increasing over time. This paper surveys the activity that many security vendors and Internet service providers are trying to define common interfaces for NFV-based security services through the analysis of use cases and related technologies. This activity is currently lead by Internet Engineering Task Force (IETF) that is an international Internet standardization organization.
Keywords: Internet; security of data; user interfaces; virtualisation; IETF; Internet Engineering Task Force; Internet service providers; NFV; common interfaces; international Internet standardization organization; network attacks; network functions virtualization; security community; security services; security vendors; Communication networks; Hardware; Mobile computing; Security; Software; Standards; Virtualization; Interfaces; Network Security Functions; Network Virtualization (ID#: 15-6764)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096165&isnumber=7096097
Bernardo, D.V.; Bee Bee Chua, “Introduction and Analysis of SDN and NFV Security Architecture (SN-SECA),” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 796–801, 24–27 March 2015. doi:10.1109/AINA.2015.270
Abstract: There have been a few literature published about the security risks expected on the implementations of SDN and NFV (SN), however, no formal Security Architecture with practical attributes was proposed until recently. The first of its kind SN-Security Architecture (SN-SECA) was presented as an IETF draft. This draft presents the architecture with specific ascription to ensure effective security evaluation and integration on the SDN/NVF designs and implementations. This paper briefly introduces the proposed architecture and employs methods to analyze and verify its underlying security attributes. A unified method to review SN-SECA through symbolic analysis previews traffic process flow behavior across an infrastructure with SDN and NFV frameworks. The result of this work highlights the fundamental but important role of each attribute and its flow, and overall viability of the proposed architecture for SDN and NFV that protractedly useful to security practitioners.
Keywords: computer network security; software defined networking; virtualisation; IETF draft; SDN and NFV security architecture; network function virtualization; software defined networking; traffic process flow behavior; Computer architecture; Industries; Protocols; Security; Semantics; Software; Technological innovation; NFV; OpenFlow; SDN; SN-SECA; Security Architecture; rewrite; symbolic analysis (ID#: 15-6765)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098055&isnumber=7097928
Flauzac, O.; Gonzalez, C.; Hachani, A.; Nolot, F., “SDN Based Architecture for IoT and Improvement of the Security,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 688–693, 24–27 March 2015. doi:10.1109/WAINA.2015.110
Abstract: With the exponential growth of devices connected to the Internet, security networks as one of the hardest challenge for network managers. Maintaining and securing such large scale and heterogeneous network is a challenging task. In this context, the new networking paradigm, the Software Defined Networking (SDN), introduces many opportunities and provides the potential to overcome those challenges. In this article, we first present a new SDN based architecture for networking with or without infrastructure, that we call an SDN domain. A single domain includes wired network, wireless network and Ad-Hoc networks. Next, we propose a second architecture to include sensor networks in an SDN-based network and in a domain. Third, we interconnect multiple domains and we describe how we can enhanced the security of each domain and how to distribute the security rules in order not to compromise the security of one domain. Finally, we propose a new secure and distributed architecture for IoT (Internet of Things).
Keywords: Internet; Internet of Things; ad hoc networks; computer network security; software defined networking; IoT; SDN; ad-hoc network; exponential growth; heterogeneous network; multiple domain; networking paradigm; security network; sensor network; software defined networking; wired network; wireless network; Ad hoc networks; Computer architecture; Security; Software; Switches; Internet of Things (IoT) (ID#: 15-6766)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096257&isnumber=7096097
Inaba, T.; Elmazi, D.; Yi Liu; Sakamoto, S.; Barolli, L.; Uchida, K., “Integrating Wireless Cellular and Ad-Hoc Networks Using Fuzzy Logic Considering Node Mobility and Security,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 54–60, 24–27 March 2015. doi:10.1109/WAINA.2015.116
Abstract: Several solutions have been proposed for improving the Quality of Service (QoS) in wireless cellular networks, such as Call Admission Control (CAC) and handover strategies. However, none of them considers the usage of different interfaces for different conditions. In this work, we propose a Fuzzy-Based Multi-Interface System (FBMIS), where each node is equipped with two interfaces: the traditional cellular network interface and Mobile Ad hoc Networks (MANET) interface. The proposed FBMIS system is able to switch from cellular to ad-hoc mode and vice versa. We consider four input parameters: Distance Between Nodes (DBN), Node Mobility (NM), Angle between Node and Base station (ANB), and User Request Security (URS). We evaluated the performance of the proposed system by computer simulations using MATLAB. The simulation results show that our system has a good performance.
Keywords: cellular radio; fuzzy logic; mobile ad hoc networks; mobility management (mobile radio); quality of service; telecommunication congestion control; telecommunication security; ANB; CAC; DBN; FBMIS system; MANET; Matlab; NM; QoS; URS; angle between node and base station; call admission control; cellular network interface; distance between node; fuzzy-based multiinterface system; handover strategy; mobile ad hoc network; node mobility; user request security; wireless cellular network integration; Conferences; Fuzzy logic; Optical wavelength conversion; Security; Ad-Hoc Networks; Cellular Networks; Fuzzy Logic; Intelligent Systems; QoS (ID#: 15-6769)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096147&isnumber=7096097
Heurtefeux, K.; Erdene-Ochir, O.; Mohsin, N.; Menouar, H., “Enhancing RPL Resilience Against Routing Layer Insider Attacks,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 802–807, 24–27 March 2015. doi:10.1109/AINA.2015.271
Abstract: To gather and transmit data, low cost wireless devices are often deployed in open, unattended and possibly hostile environment, making them particularly vulnerable to physical attacks. Resilience is needed to mitigate such inherent vulnerabilities and risks related to security and reliability. In this paper, Routing Protocol for Low-Power and Lossy Networks (RPL) is studied in presence of packet dropping malicious compromised nodes. Random behavior and data replication have been introduced to RPL to enhance its resilience against such insider attacks. The classical RPL and its resilient variants have been analyzed through Cooja simulations and hardware emulation. Resilient techniques introduced to RPL have enhanced significantly the resilience against attacks providing route diversification to exploit the redundant topology created by wireless communications. In particular, the proposed resilient RPL exhibits better performance in terms of delivery ratio (up to 40%), fairness and connectivity while staying energy efficient.
Keywords: computer network security; radio networks; risk analysis; routing protocols; Cooja simulations; RPL resilience enhancement; data gathering; data replication; data transmission; hardware emulation; hostile environment; insider attacks; low cost wireless devices; low-power and lossy networks; packet dropping malicious compromised nodes; physical attacks; random behavior; redundant topology; risks mitigation; route diversification; routing layer insider attacks; routing protocol; wireless communications; Energy consumption; Resilience; Routing; Routing protocols; Security; Wireless sensor networks; RPL; Wireless Network (ID#: 15-6770)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098056&isnumber=7097928
Hyeryun Lee; Kyunghee Choi; Kihyun Chung; Jaein Kim; Kangbin Yim, “Fuzzing CAN Packets into Automobiles,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 817–821, 24–27 March 2015. doi:10.1109/AINA.2015.274
Abstract: There have been many warnings that automobiles are vulnerable to the attacks through the network, CAN which connects the ECUs (Electrical Control Units) embedded in the automobiles. Some previous studies showed that the warnings were actual treats. They analyzed the packets flowing on the network and used the packets constructed based on the analysis. We show that it is possible to attack automobiles without any in-depth knowledge about automobiles and specially designed tools to analyze the packets. Experiments are performed in two phases. In the first phase, the victims automobiles are attacked with the packets constructed with the CAN IDs gathered from the sniffed packets flowing in the automobiles. It is not a problem at all to gather CAN IDs since CAN is an open simple standard protocol and there are many tools to sniff CAN packets in the Internet. In the second phase, the attack packets are constructed in a completely random manner without any previous information such as CAN IDs. The packets are injected into the network via Bluetooth, a wireless channel. Through the experiments, we show the network vulnerability of automobiles.
Keywords: Internet; automobiles; automotive electronics; computer network security; controller area networks; Bluetooth; CAN ID; ECU; electrical control units; fuzzing CAN packets; network vulnerability; sniff CAN packets; sniffed packets; wireless channel; Automobiles; Bluetooth; Monitoring; Ports (Computers); Security; Wireless communication; Automobile; CAN; Cyber attack; Fuzzing (ID#: 15-6771)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098059&isnumber=7097928
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.
International Conferences: AsiaJCIS 2015, Taiwan
|
International Conferences: AsiaJCIS 2015 Taiwan |
The 2015 10th Asia Joint Conference on Information Security (AsiaJCIS) was held 24-26 May 2015 in Kaohsiung, Taiwan. There were 24 papers accepted on topics including anonymity and privacy; data security mobile and wireless security; privacy preserving analysis; secure payment; symmetric key encryption and digital signature; and system security.
Wen-Chung Kuo; Hong-Ji Wei; Yu-Hui Chen; Jiin-Chiou Cheng, “An Enhanced Secure Anonymous Authentication Scheme Based on Smart Cards and Biometrics for Multi-Server Environments,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 1–5, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.11
Abstract: In 2014, Choi proposed a security enhanced anonymous multi-server authenticated key agreement scheme using smart card and biometrics and claimed that their scheme could overcome all of security issues in Chuang-Chen’s scheme, such as impersonation attack, smart card loss attack, denial of service attack and perfect forward secrecy. Unfortunately, we discover that Choi’s proposed scheme is not only still vulnerable to smart card loss attack and lack of perfect forward secrecy, but also contains a flaw in design for authentication phase after our analysis in detail. In order to solve these security issues, we propose an enhanced secure anonymous authentication scheme with key agreement based on smart cards and biometrics for multi-server environments in this paper. According to our performance and security analysis, it can prove that our proposed scheme is more efficiency and security in comparison to previous schemes.
Keywords: authorisation; biometrics (access control); smart cards; Chuang-Chen’s scheme; authentication phase; biometrics; denial of service attack; enhanced secure anonymous authentication scheme; multiserver environments; perfect forward secrecy; security analysis; security enhanced anonymous multiserver authenticated key agreement scheme; smart card loss attack; Authentication; Fingerprint recognition; Iris recognition; Servers; Smart cards; anonymous; authentication protocol; biometrics; multi-server architecture; smart card (ID#: 15-6794)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153847&isnumber=7153836
Chia-Mei Chen; Tien-Ho Chang, “The Cryptanalysis of WPA & WPA2 in the Rule-Based Brute Force Attack, an Advanced and Efficient Method,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 37–41,
24–26 May 2015. doi:10.1109/AsiaJCIS.2015.14
Abstract: The development of kinds of mobile device is a nonlinear but in a tremendous hopping way. The security of wireless LAN is far more important, and its mainly present protection is the WPA & WPA2 protocol which is a complex tough algorithm. This exploratory study shows that there is a security gap by the social human factors which are the weak passwords. Traditionally, brute force password attack is using the dictionary files that is aimless and extremely labor work. Now, we proposed 10 rule-based methods which are globally inclusive and culturally exclusive and prove the insecurity of WPA & WPA2 by 100 empirical and valuable real wireless encrypted packets of WPA & WPA2. The evidence shows that there is a 68% of cracking rate and then do the passwords patterns analysis as well.
Keywords: computer network security; cryptographic protocols; mobile computing; mobile handsets; wireless LAN; WPA protocol; WPA2 protocol; brute force password attack; complex tough algorithm; cracking rate; cryptanalysis; dictionary files; mobile device; passwords patterns; rule-based brute force attack; rule-based methods; security gap; social human factors; weak passwords; wireless LAN; wireless encrypted packets; Communication system security; Dictionaries; Encryption; Force; Wireless LAN; Wireless communication; brute force attack; cryptanalysis; WPA & WPA2; dictionary attack; rule-based; wireless security (ID#: 15-6795)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153933&isnumber=7153836
He-Ming Ruan; Ming-Hwa Tsai; Yen-Nun Huang; Yen-Hua Liao; Chin-Laung Lei, “Discovery of De-identification Policies Considering Re-identification Risks and Information Loss,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 69–76, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.23
Abstract: In data analysis, it is always a tough task to strike the balance between the privacy and the applicability of the data. Due to the demand for individual privacy, the data are being more or less obscured before being released or outsourced to avoid possible privacy leakage. This process is so called de-identification. To discuss a de-identification policy, the most important two aspects should be the re-identification risk and the information loss. In this paper, we introduce a novel policy searching method to efficiently find out proper de-identification policies according to acceptable re-identification risk while retaining the information resided in the data. With the UCI Machine Learning Repository as our real world dataset, the re-identification risk can therefore be able to reflect the true risk of the de-identified data under the de-identification policies. Moreover, using the proposed algorithm, one can then efficiently acquire policies with higher information entropy.
Keywords: data analysis; data privacy; entropy; learning (artificial intelligence); risk analysis; UCI machine learning repository; data analysis; deidentification policies; deidentified data; information entropy; information loss; privacy leakage; reidentification risks; Computational modeling; Data analysis; Data privacy; Lattices; Privacy; Synthetic aperture sonar; Upper bound; De-identification; HIPPA; Safe Harbor (ID#: 15-6796)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153938&isnumber=7153836
Jheng-Jia Huang; Wen-Shenq Juang; Chun-I Fan, “A Secure and Efficient Smartphone Payment Scheme in IoT/Cloud Environments,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 91–96, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.20
Abstract: In IoT/Cloud environments, to provide an efficient and flexible payment service is very important since the client/device may not have a large storage and computation capability to finish the payment process. In these environments, any thin client/device may issue a service request to the cloud. For the fast progress of smartphone systems, a smartphone can help the client/device to finish the payment process with the help of the carrier. Although the smart phone may have more storage and computation capability than the client/device, the computation ability is also restricted. In this paper, in order to provide an efficient payment and authentication service framework in the IOT/Cloud environments, we propose a secure and efficient smartphone payment scheme in IoT/Cloud environments. Our proposed scheme can satisfy the properties including low communication and computation cost, no time synchronization problem, unforgeability, non-repudiation, and integrity. Also our scheme can achieve the security requirements including mutual authentication, session key agreement, and preventing all various well-known attacks.
Keywords: Internet of Things; authorisation; cloud computing; network computers; public key cryptography; smart phones; IoT environment; attack prevention; authentication service framework; cloud environment; communication cost; computation ability; computation capability; computation cost; mutual authentication; payment service; service request; session key agreement; smart phone payment scheme; storage capability; thin-client; thin-device; Authentication; Electronic countermeasures; Elliptic curve cryptography; Smart phones; Cloud; ECC; IoT; Payment; Smartphone (ID#: 15-6797)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153941&isnumber=7153836
Nai-Wei Lo; Meng-Chih Chiang; Chao Yang Hsu, “Hash-Based Anonymous Secure Routing Protocol in Mobile Ad Hoc Networks,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 55–62, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.27
Abstract: A mobile ad hoc network (MANET) is composed of multiple wireless mobile devices in which an infrastructure less network with dynamic topology is built based on wireless communication technologies. Novel applications such as location-based services and personal communication Apps used by mobile users with handheld wireless devices utilize MANET environments. In consequence, communication anonymity and message security have become critical issues for MANET environments. In this study, a novel secure routing protocol with communication anonymity, named as Hash-based Anonymous Secure Routing (HASR) protocol, is proposed to support identity anonymity, location anonymity and route anonymity, and defend against major security threats such as replay attack, spoofing, route maintenance attack, and denial of service (DoS) attack. Security analyses show that HASR can achieve both communication anonymity and message security with efficient performance in MANET environments.
Keywords: cryptography; mobile ad hoc networks; mobile computing; mobility management (mobile radio); routing protocols; telecommunication network topology; telecommunication security; DoS attack; HASR protocol; Hash-based anonymous secure routing protocol; MANET; denial of service attack; dynamic network topology; handheld wireless devices; location-based services; message security; mobile users; personal communication Apps; route maintenance attack; wireless communication technologies; wireless mobile devices; Cryptography; Mobile ad hoc networks; Nickel; Routing; Routing protocols; communication anonymity; message security; mobile ad hoc network (ID#: 15-6798)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153936&isnumber=7153836
Kosugi, T.; Hayafuji, T.; Mambo, M., “On the Traceability of the Accountable Anonymous Channel,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 6–11, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.29
Abstract: Anonymous channels guaranteeing anonymity of senders such as Tor are effective for whistle-blowing and other privacy sensitive scenarios. However, there is a risk of being abused for illegal activities. As a countermeasure to illegal activities using an anonymous channel, it is natural to construct an accountable anonymous channel which can revoke anonymity of senders when an unlawful message was sent out from them. In this paper, we point out that an accountable anonymous channel THEMIS does not provide anonymity in a perfect way and there is a possibility that attackers can identify senders even if messages are not malicious. Feasibility of tracing senders is analyzed by using simulation. Moreover, we give a simple remedy of the flaw in THEMIS.
Keywords: computer network security; cryptographic protocols; data privacy; THEMIS accountable anonymous channel traceability; attacker possibility; illegal activity; privacy sensitive scenario; sender anonymity; sender tracing; unlawful message; whistle-blowing scenario; Art; Encryption; Mathematical model; Payloads; Public key; Receivers (ID#: 15-6799)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153848&isnumber=7153836
Yu Liu; Goto, N.; Kanaoka, A.; Okamoto, E., “Privacy Preserved Rule-Based Risk Analysis through Secure Multi-Party Computation,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 77–84, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.32
Abstract: Network systems are becoming the core components of technical information infrastructures. The protection of network systems from malicious attacks is an urgent priority in our society. However, considering that all security threats are very complicated, easily missed, and error-prone, dealing with network vulnerabilities has brought about enormous challenges to network management. Therefore, one reasonable solution for a risk analysis is delegating an analysis of a network system to third parties that have more professional knowledge regarding a risk analysis. Highly confidential data such as the network configuration and vulnerabilities, as well as each hosts, are needed when delegating a risk analysis to a third party. Such confidential data may cause information leakage if no protection is provided. In this paper, we proposed a risk analysis system based on a rule-based risk analysis method. The prototype system was developed using Fairplay MP, a secure multi-party computation system, and was evaluated for a small network environment.
Keywords: computer network security; data protection; risk analysis; transport protocols; FairplayMP; confidential data; information leakage; malicious attacks; network configuration; network management; network system protection; network vulnerabilities; privacy preserved rule-based risk analysis; rule-based risk analysis method; secure multiparty computation; security threats; technical information infrastructures; Computational modeling; Engines; Ports (Computers); Privacy; Protocols; Risk analysis; Servers; Network risk analysis; multiparty computation; privacy preserving (ID#: 15-6800)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153939&isnumber=7153836
Feng, Y.; Hori, Y.; Sakurai, K., “A Proposal for Detecting Distributed Cyber-Attacks Using Automatic Thresholding,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 152–159, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.22
Abstract: Distributed attacks have reportedly caused the most serious losses in the modern cyber environment. Thus, how to avoid and detect distributed attacks has become one of the most important topics in the cyber security community. Of many approaches for avoiding and detecting cyber-attacks, behavior-based method has been attracting great attentions from many researchers and developers. It is well known that, for behavior-based cyber-attack detections, the algorithm for extracting normal modes from historic traffic is critically important. In this paper, after the newest algorithms for extracting normal behavior mode from historic traffics are discussed, a novel algorithm is proposed. Its efficiency is examined by experiments using dark net traffic data.
Keywords: security of data; automatic thresholding; cyber security community; darknet traffic data; distributed cyber-attacks detection; historic traffic; modern cyber environment; Asia; Information security; Joints; Anomaly detection; Behavior-based Detection; Cyber attacks; Frequency distribution (ID#: 15-6801)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153950&isnumber=7153836
Chien-Lung Hsu; Tzu-Wei Lin, “Privacy-Preserved Key Agreement with User Authentication,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 12–17, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.18
Abstract: With the progress of information technology, the computer crimes are emerging in an endless stream. It is because of the user’s privacy should be protected, when the user submit a service request to the service provider, both of them should check the identity of the other, and then build a shared key to accomplish the service request. In this paper, we adopt the identity-based cryptosystem and the elliptic curve cryptosystem to design a privacy-preserved key agreement with user authentication. This protocol can achieve several properties: mutual authentication, deniability, and forward secrecy. Besides, the performance of the proposed protocol based on RSA is better than previous studies.
Keywords: computer crime; cryptographic protocols; data protection; public key cryptography; RSA; computer crimes; deniability; elliptic curve cryptosystem; forward secrecy; identity-based cryptosystem; information technology; mutual authentication; privacy-preserved key agreement; service provider; service request; shared key; user authentication; user privacy protection; Authentication; Elliptic curve cryptography; Protocols; elliptic curve; identity-based; key agreement; shared key; user privacy (ID#: 15-6802)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153849&isnumber=7153836
Pei-Yih Ting; Shao-Da Huang; Tzong-Sun Wu; Han-Yu Lin, “A Provable Watermark-Based Copyright Protection Scheme,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp.124–129, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.28
Abstract: Watermark-based copyright protection techniques have been investigated for more than two decades in the signal processing and the digital rights management communities. Most efforts have been devoted on hiding the watermark and increasing the robustness of the embedded watermark under common signal processing operations and geometric transformations. In this paper, we build our scheme based on these previous well developed signal processing techniques but focus on how to employ unpredictable signature-seeded pseudo random bit sequence to make the false negative watermark detection rate computationally negligible. The ultimate goal is to resolve the ownership dispute of an exhibited digital media under adversarial watermark removal attacks.
Keywords: copyright; digital rights management; digital signatures; watermarking; adversarial watermark removal attacks; digital rights management communities; embedded watermark; false negative watermark detection rate; geometric transformations; provable watermark-based copyright protection scheme; signal processing operations; signal processing techniques; unpredictable signature-seeded pseudo random bit sequence; Cryptography; Digital signatures; Random sequences; Robustness; Signal processing; Watermarking; copyright protection; digital signature; pseudo random bit sequence; watermark (ID#: 15-6803)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153946&isnumber=7153836
Nai-Wei Lo; Chi-Kai Yu; Chao Yang Hsu, “Intelligent Display Auto-Lock Scheme for Mobile Devices,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 48–54, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.30
Abstract: In recent years people in modern societies have heavily relied on their own intelligent mobile devices such as smartphones and tablets to get personal services and improve work efficiency. In consequence, quick and simple authentication mechanisms along with energy saving consideration are generally adopted by these smart handheld devices such as screen auto-lock schemes. When a smart device activates its screen lock mode to protect user privacy and data security on this device, its screen auto-lock scheme will be executed at the same time. Device user can setup the length of time period to control when to activate the screen lock mode of a smart device. However, it causes inconvenience for device users when a short time period is set for invoking screen auto-lock. How to get balance between security and convenience for individual users to use their own smart devices has become an interesting issue. In this paper, an intelligent display (screen) auto-lock scheme is proposed for mobile users. It can dynamically adjust the unlock time period setting of an auto-lock scheme based on derived knowledge from past user behaviors.
Keywords: authorisation; data protection; display devices; human factors; mobile computing; smart phones; authentication mechanisms; data security; energy saving; intelligent display auto-lock scheme; intelligent mobile devices; mobile users; personal services; screen auto-lock schemes; smart handheld devices; smart phones; tablets; unlock time period; user behaviors; user convenience; user privacy protection; user security; work efficiency improvement; Authentication; IEEE 802.11 Standards; Mathematical model; Smart phones; Time-frequency analysis; Android platform; display auto-lock; smartphone (ID#: 15-6804)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153935&isnumber=7153836
Adachi, T.; Omote, K., “An Approach to Predict Drive-by-Download Attacks by Vulnerability Evaluation and Opcode,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 145–151, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.17
Abstract: Drive-by-download attacks exploit vulnerabilities in Web browsers, and users are unnoticeably downloading malware which accesses to the compromised Web sites. A number of detection approaches and tools against such attacks have been proposed so far. Especially, it is becoming easy to specify vulnerabilities of attacks, because researchers well analyze the trend of various attacks. Unfortunately, in the previous schemes, vulnerability information has not been used in the detection/prediction approaches of drive-by-download attacks. In this paper, we propose a prediction approach of “malware downloading” during drive-by-download attacks (approach-I), which uses vulnerability information. Our experimental results show our approach-I achieves the prediction rate (accuracy) of 92%, FNR of 15% and FPR of 1.0% using Naive Bayes. Furthermore, we propose an enhanced approach (approach-II) which embeds Opcode analysis (dynamic analysis) into our approach-I (static approach). We implement our approach-I and II, and compare the three approaches (approach-I, II and Opcode approaches) using the same datasets in our experiment. As a result, our approach-II has the prediction rate of 92%, and improves FNR to 11% using Random Forest, compared with our approach-I.
Keywords: Web sites; invasive software; learning (artificial intelligence); system monitoring; FNR; FPR; Opcode analysis; Web browsers; attack vulnerabilities; drive-by-download attack prediction; dynamic analysis; malware downloading; naive Bayes; prediction rate; random forest; static approach; vulnerability evaluation; vulnerability information; Browsers; Feature extraction; Machine learning algorithms; Malware; Predictive models; Probability; Web pages; Drive-by-Download Attacks; Malware; Supervised Machine Learning (ID#: 15-6805)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153949&isnumber=7153836
Kawaguchi, N.; Omote, K., “Malware Function Classification Using APIs in Initial Behavior,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 138–144, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.15
Abstract: Malware proliferation has become a serious threat to the Internet in recent years. Most of the current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we give priority to analyze. However, estimating malware functions has been difficult due to the increasing sophistication of malware. Although various approaches for malware detection and classification have been considered, the classification accuracy is still low. In this paper, we propose a new classification method which estimates malware’s functions from APIs observed by dynamic analysis on a host. We examining whether the proposed method can correctly classify unknown malware based on function by machine learning. The results show that the our new method can classify each malware’s function with an average accuracy of 83.4%.
Keywords: Internet; invasive software; learning (artificial intelligence); pattern classification; API; Internet; dynamic analysis; efficient malware analysis; illegal tools; initial behavior; machine learning; malware detection; malware function classification; malware proliferation; Accuracy; Data mining; Feature extraction; Machine learning algorithms; Malware; Software; Support vector machines; machine learning; malware classification (ID#: 15-6806)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153948&isnumber=7153836
Chih-Hung Hsieh; Yu-Siang Shen; Chao-Wen Li; Jain-Shing Wu, “iF2: An Interpretable Fuzzy Rule Filter for Web Log Post-Compromised Malicious Activity Monitoring,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 130–137, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.19
Abstract: To alleviate the loads of tracking web log file by human effort, machine learning methods are now commonly used to analyze log data and to identify the pattern of malicious activities. Traditional kernel based techniques, like the neural network and the support vector machine (SVM), typically can deliver higher prediction accuracy. However, the user of a kernel based techniques normally cannot get an overall picture about the distribution of the data set. On the other hand, logic based techniques, such as the decision tree and the rule-based algorithm, feature the advantage of presenting a good summary about the distinctive characteristics of different classes of data such that they are more suitable to generate interpretable feedbacks to domain experts. In this study, a real web-access log dataset from a certain organization was collected. An efficient interpretable fuzzy rule filter (iF2) was proposed as a filter to analyze the data and to detect suspicious internet addresses from the normal ones. The historical information of each internet address recorded in web log file is summarized as multiple statistics. And the design process of iF2 is elaborately modeled as a parameter optimization problem which simultaneously considers 1) maximizing prediction accuracy, 2) minimizing number of used rules, and 3) minimizing number of selected statistics. Experimental results show that the fuzzy rule filter constructed with the proposed approach is capable of delivering superior prediction accuracy in comparison with the conventional logic based classifiers and the expectation maximization based kernel algorithm. On the other hand, though it cannot match the prediction accuracy delivered by the SVM, however, when facing real web log file where the ratio of positive and negative cases is extremely unbalanced, the proposed iF2 of having optimization flexibility results in a better recall rate and enjoys one major advantage due to providing the user with an overall picture of the underlying distributions.
Keywords: Internet; data mining; fuzzy set theory; learning (artificial intelligence); neural nets; pattern classification; statistical analysis; support vector machines; Internet address; SVM; Web log file tracking; Web log post-compromised malicious activity monitoring; Web-access log dataset; decision tree; expectation maximization based kernel algorithm; fuzzy rule filter; iF2; interpretable fuzzy rule filter; kernel based techniques; log data analysis; logic based classifiers; logic based techniques; machine learning methods; malicious activities; neural network; parameter optimization problem; recall rate; rule-based algorithm; support vector machine; Accuracy; Internet; Kernel; Monitoring; Optimization; Prediction algorithms; Support vector machines; Fuzzy Rule Based Filter; Machine Learning; Parameter Optimization; Pattern Recognition; Post-Compromised Threat Identification; Web Log Analysis (ID#: 15-6807)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153947&isnumber=7153836
Kitajima, N.; Yanai, N.; Nishide, T.; Hanaoka, G.; Okamoto, E., “Constructions of Fail-Stop Signatures for Multi-Signer Setting,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 112–123, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.26
Abstract: Fail-stop signatures (FSS) provide the security for a signer against a computationally unbounded adversary by enabling the signer to provide a proof of forgery. Conventional FSS schemes are for a single-signer setting, but in the real world, there is a case where a countersignature of multiple signers (e.g. A signature between a bank, a user, and a consumer) is required. In this work, we propose a framework of FSS capturing a multi-signer setting and call the primitive fail-stop multisignatures (FSMS). We propose a generic construction of FSMS via the bundling homomorphisms proposed by Pfitzmann and then propose a provably secure instantiation of the FSMS scheme from the factoring assumption. Our proposed schemes can be also extended to fail-stop aggregate signatures (FSAS).
Keywords: digital signatures; FSAS; FSMS scheme; bundling homomorphisms; fail-stop aggregate signatures; generic construction; multisigner setting; primitive fail-stop multisignatures; proof of forgery; single-signer setting; Adaptation models; Computational modeling; Forgery; Frequency selective surfaces; Games; Public key; Fail-stop multisignatures; Fail-stop signatures; Family of bundling homomorphisms; Information-theoretic security (ID#: 15-6808)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153945&isnumber=7153836
Jonghyun Baek; Heung Youl Youm, “Secure and Lightweight Authentication Protocol for NFC Tag Based Services,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 63–68, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.35
Abstract: Near Field Communication (NFC) technology is one of the most promising technologies in the field of mobile application services recently. The integration of NFC technology and smart mobile device (e.g., smart phones, tablet PC and etc.) stimulates the daily increasing popularity of NFC-based mobile applications which having proliferated in the mobile society. However, this proliferation of NFC-based mobile services in a mobile environment can cause another security threat in the field of mobile application services. Recently, mobile phishing and smishing are one of the most serious security issues in the mobile application services. And, the NFC tag-based mobile services (i.e. NFC tag based services) also have the same problem because an NFC tag have security vulnerabilities. Actually, NFC-enabled device can communicate with NFC tag using specified data format, be called NFC Data Exchange Format (NDEF). The NDEF message is composed one or more NDEF records such as text, URI, Smart post (text and URL) and so on. Therefore, if an attacker overwrite the NDEF message in a tag or replace a NFC tag with hacked tag, they might deliver a mobile malware to an NFC-enabled device. In this paper, a secure and lightweight authentication protocols for NFC tag based services is proposed which effectively achieves security with preventing spoofing, DoS, data modification and phishing attack. And, this authentication protocols are also requires less memory storage and computational power for low-cost NFC tags.
Keywords: computer crime; cryptographic protocols; electronic data interchange; invasive software; mobile communication; mobile computing; near-field communication; smart phones; telecommunication security; telecommunication services; unsolicited e-mail; NDEF message; NDEF records; NFC data exchange format; NFC tag-based mobile services; NFC technology; NFC-based mobile applications; NFC-based mobile services; NFC-enabled device; data format; data modification; lightweight authentication protocol; memory storage; mobile application services; mobile environment; mobile malware; mobile phishing; mobile smishing; mobile society; near field communication; phishing attack; smart mobile device; smart phones; tablet PC; Authentication; Malware; Mobile communication; Protocols; Servers; Uniform resource locators; NFC; Malware; Authentication Protocol; NFC tag (ID#: 15-6809)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153937&isnumber=7153836
Chun-I Fan; Chien-Nan Wu; Chun-Hung Chen; Yi-Fan Tseng; Cheng-Chun Feng, “Attribute-Based Proxy Re-encryption with Dynamic Membership,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no. pp. 26–32, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.21
Abstract: Cloud computing has been developed rapidly in recent years, and offers novel concepts and innovations in computer use. The applications of cloud computing are that people can put their data on cloud and also can designate a proxy to help them to execute a number of tasks in certain situations. The proxy re-encryption which is a cryptographic primitive has been proposed to solve this problem. In the proxy re-encryption system, when a user (e.g., Alice) wants to send a cipher text that is encrypted by her public key and stored in the cloud to another user (e.g., Bob), she can designate a proxy to transform the cipher text into a different cipher text that can be decrypted by Bob’s private key. Recently, Fan et al. proposed an attribute-based encryption scheme with dynamic membership. However, we found that their scheme may be flawed. In this paper we will modify Fan et al.’s scheme to fix the flaw. Based on our modified scheme and the proxy re-encryption, we also propose an attribute-based proxy re-encryption under bilinear pairing. Furthermore, the proposed scheme has rich access policies and dynamic membership.
Keywords: cloud computing; private key cryptography; public key cryptography; attribute-based encryption scheme; attribute-based proxy reencryption; bilinear pairing; ciphertext; cloud computing; cryptographic primitive; dynamic membership; private key; public key; rich access policies; Computer science; Encryption; Indexes; Polynomials; Sun; attribute-based encryption; information security; proxy re-encryption (ID#: 15-6810)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153851&isnumber=7153836
Hung-Yu Chien, “De-synchronization Attack on Quadratic Residues-Based RFID Ownership Transfer,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 42–47, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.13
Abstract: Radio Frequency Identification (RFID) ownership transfer protocol aims at securely updating RFID tag’s internal state and key such that only the current owner of a tag is allowed to access the tag when it is transferred from one owner to the next. Doss et al. [32] proposed two very promising RFID ownership transfer protocols which represented state of the art and were claimed to own excellent security performance and computational performance. However, we will show our de-synchronization attack on these protocols.
Keywords: cryptographic protocols; radiofrequency identification; RFID ownership transfer protocol; RFID tag; de-synchronization attack; quadratic residues-based RFID ownership transfer; radio frequency identification ownership transfer protocol; security performance; Authentication; Cryptography; Privacy; Protocols; Radiofrequency identification; Servers; RFID; Security; authentication; ownership transfer; quadric residues (ID#: 15-6811)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153934&isnumber=7153836
Chen-Ming Hsu; Jen-Chun Lee; Wei-Kuei Chen, “An Efficient Detection Algorithm for Copy-Move Forgery,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 33–36, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.16
Abstract: The most common method of tampering with a digital image is copy-move forgery, in which a part of an image is duplicated and used to substitute another part of the same image at a different location. In this paper, we present an efficient and robust method to detect such artifacts. First, the tampered image is segmented into overlapping fixed-size blocks, and the Gabor filter is applied to each block. Thus, the image of Gabor magnitude represents each block. Secondly, statistical features are extracted from the histogram of orientated Gabor magnitude (HOGM) of overlapping blocks, and reduced features are generated for similarity measurement. Finally, feature vectors are sorted lexicographically, and duplicated image blocks are identified by finding similarity block pairs after suitable post-processing. Experimental results demonstrate that the proposed method can detect multiple examples of copy-move forgery and locate precisely the duplicated regions, even when dealing with images distorted by translation, rotation, JPEG compression, blurring, and brightness adjustment.
Keywords: Gabor filters; brightness; feature extraction; image coding; image forensics; image representation; image restoration; image segmentation; Gabor filter; HOGM; copy-move forgery detection algorithm; digital image tampering method; duplicated image block identification; histogram-of-orientated Gabor magnitude; image JPEG compression; image blurring; image brightness adjustment; image representation; image rotation; image translation; lexicographically sorted feature vectors; overlapping fixed-size blocks; overlapping image blocks; reduced feature generation; similarity block; similarity measurement; statistical feature extraction; tampered image segmentation; Brightness; Feature extraction; Forgery; Histograms; Image coding; Robustness; Transform coding; Copy-Move forgery; Digital image forensics; Duplicated region detection; Gabor magnitude (ID#: 15-6812)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153852&isnumber=7153836
Hakju Kim; Kwangjo Kim, “Preliminary Design of a Novel Lightweight Authenticated Encryption Scheme Based on the Sponge Function,” in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp.110–111, 24–26 May 2015. doi:10.1109/AsiaJCIS.2015.24
Abstract: The authenticated encryption plays a key cryptographic primitive that provides confidentiality, integrity, and authenticity in an efficient manner. This paper presents a preliminary design of a novel lightweight authenticated encryption scheme based on the duplex construction of the sponge function supporting the most required features of the authenticated encryption schemes.
Keywords: cryptography; message authentication; confidentiality; duplex construction; integrity; key cryptographic primitive; lightweight authenticated encryption scheme; sponge function; Algorithm design and analysis; Bit rate; Encryption; NIST; Robustness; Authenticated Encryption; CAESAR; Sponge Function; Symmetric Key Cryptography (ID#: 15-6813)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153944&isnumber=7153836
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.
International Conferences: IACC 2015, India
|
International Conferences: IACC 2015 India |
The 2015 IEEE International Advance Computing Conference (IACC) was held June 12 –13, 2015 in Bangalore, India. More than 300 papers were presented. The ones cited here relate to Science of Security and include topics such as cyber-physical systems, privacy, and resiliency.
Billure, R.; Tayur, V.M.; Mahesh, V., “Internet of Things — A Study on the Security Challenges,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 247–252, 12–13 June 2015. doi:10.1109/IADCC.2015.7154707
Abstract: The vision of Internet of Things (IoT) is to enable devices to collaborate with each other on the Internet. Multiple devices collaborating with each other have opened up various opportunities in multitude of areas. It has presented unique set of challenges in scaling the Internet, techniques for identification of the devices, power efficient algorithms and communication protocols. Always connected devices have access to private sensitive information and any breach in them is a huge security risk. The IoT environment is composed of the hardware, software and middleware components making it a complex system to manage and secure. The objective of this paper is to present the challenges in IoT related to security, its challenges and recent developments through a comprehensive review of the literature.
Keywords: Internet of Things; data privacy; middleware; security of data; IoT; hardware component; information privacy; security risk; software component; Computers; Jamming; Lead; Middleware; Radiofrequency identification; Reliability; Security; security in IOT (ID#: 15-6814)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154707&isnumber=7154658
Chatterjee, S., “Security and Privacy Issues in E-Commerce: A Proposed Guidelines to Mitigate the Risk,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 393–396, 12–13 June 2015. doi:10.1109/IADCC.2015.7154737
Abstract: Threat of security issues in Information Science has now become an important subject of discussion amongst the concerned users. E-Commerce is one of the parts of Information Science framework and its uses are gradually becoming popular. However now-a-days, ironically, these users are gradually found to be bit reluctant on pain of threats of security and privacy issues. Needless to say, E-Commerce business has opened a new era in banking industry too. But unfortunately the banking business through E-Commerce is covered with risks for these issues. Thus if these threats of privacy and security are not eliminated, users will not have trust and users will not visit or shop at a site and the sites will also not be able to function properly. These two issues i.e. security and privacy are required to be looked into through social, organizational, technical and economic perspectives. In this paper attempts are being taken to discuss with overview of security and privacy issues in E-Commerce transactions. We shall also discuss in particular different steps required to be taken before online shopping and also shall discuss the purpose of security and privacy in E-Commerce and after discussion we shall provide a guideline to be adopted to mitigate risks and vulnerabilities while an user is involved in E-Commerce transaction.
Keywords: bank data processing; data privacy; electronic commerce; security of data; socio-economic effects; banking industry; e-commerce transaction; economic perspectives; information science; online shopping; organizational perspectives; privacy issues; risk mitigation; security issues; social perspectives; technical perspectives; Business; Cryptography; E-Commerce Cycle; E-Commerce Security tools; E-Commerce Transaction Phases; Guidelines for safe online transaction; Security Dimensions of E-Commerce (ID#: 15-6815)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154737&isnumber=7154658
Mohammed, N.; Kisore, N.R., “Experimental Evaluation of Security in 2G Cellular Networks in India,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 701–705, 12–13 June 2015. doi:10.1109/IADCC.2015.7154797
Abstract: In general, security evaluation of communication networks has always been of prime interest and in particular the ever increasing use of mobile phones in the last decade has led to keen interest in studying the possibility of hacking cellular networks. Security comes at an overhead in terms of either CPU cycles (computational overhead), bandwidth (communication overhead) and/or memory. While it is possible to theoretically design a system that is 100% secure, the operational overhead makes it uneconomical to deploy such a system in the real world. Often compromises are made in the real world implementation of a communication system and a trade-off is made between security and cost of operation of the communication system. In this paper we build a low cost GSM testbed to evaluate the security features in the commercially deployed 2G and 2.5G cellular networks in India.
Keywords: cellular radio; mobile handsets; telecommunication security; 2G cellular network security evaluation; CPU cycle; GSM; mobile phone; Hardware; Libraries; Radio frequency; Security; Software; Synchronization; Cellular networks; Communications (ID#: 15-6816)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154797&isnumber=7154658
Salvi, S.; Sanjay, H.A.; Deepika, K.M.; Rangavittala, S.R., “An Encryption, Compression and Key(ECK) Management Based Data Security Framework for Infrastructure as a Service in Cloud,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 872–876, 12–13 June 2015. doi:10.1109/IADCC.2015.7154830
Abstract: Cloud Computing is the recent technology that is based on shared pool of resources and provides features like Ubiquitous access, multi-tenancy, flexibility, scalability and pay as you use, which makes it more resource efficient and cost effective. But Cloud-based systems open unfamiliar threats in authentication and authorization. Explicit authorization accordance must be defined at smallest level, especially in multi-tenant environments. The liaison between Cloud Service Provider & customer must also be clearly mentioned in relation like who holds administrative rights and indirect access to privileged customer information. Moreover the scenario of cloud in educational and research community is still developing and has some security concerns. This paper provides a brief review about Cloud Security concerns for adoption of cloud computing in data sensitive research and technology aided education. Also this paper proposes, ECK based framework for securing end-user data in Community Cloud. Implications and considerations for additional research are provided as well.
Keywords: authorisation; cloud computing; cryptography; data compression; message authentication; ECK management; authentication; authorization; cloud computing security; cloud-based system; data security framework; encryption compression and key management; infrastructure as a service; Cloud computing; Computer architecture; Encryption; Virtual machining; Cloud Computing; Data Securtiy; Educational Cloud (Edu-Cloud); Virtual Machine (VM); Xen Server (ID#: 15-6817)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154830&isnumber=7154658
Mahajan, S.; Katti, J.; Walunj, A.; Mahalunkar, K., “Designing a Database Encryption Technique for Database Security Solution with Cache,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 357–360, 12–13 June 2015. doi:10.1109/IADCC.2015.7154730
Abstract: A database is a vast collection of data which helps us to collect, retrieve, organize and manage the data in an efficient and effective manner. Databases are critical assets. They store client details, financial information, personal files, company secrets and other data necessary for business. Today people are depending more on the corporate data for decision making, management of customer service and supply chain management etc. Any loss, corrupted data or unavailability of data may seriously affect its performance. The database security should provide protected access to the contents of a database and should preserve the integrity, availability, consistency, and quality of the data This paper describes the architecture based on placing the Elliptical curve cryptography module inside database management software (DBMS), just above the database cache. Using this method only selected part of the database can be encrypted instead of the whole database. This architecture allows us to achieve very strong data security using ECC and increase performance using cache.
Keywords: cache storage; database management systems; public key cryptography; DBMS; client details; company secrets; corporate data; corrupted data; customer service management; data availability; data collection; data consistency; data integrity; data loss; data management; data organization; data quality; data retrieval; database cache; database encryption technique; database management software; database security solution; decision making; elliptical curve cryptography module; financial information; personal files; supply chain management; Computer architecture; Databases; Elliptic curve cryptography; Elliptic curves; Encryption; Advanced Encryption Standard (AES); Database Cache; Elliptic Curve Cryptography (ECC); RSA (ID#: 15-6818)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154730&isnumber=7154658
Lakshmi Devi, V.; Sujatha, P.; Anjaneyulu, K.S.R., “A Novel Approach for Security Constrained Unit Commitment Using Bat Computation,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 623–628, 12–13 June 2015. doi:10.1109/IADCC.2015.7154782
Abstract: The most economical operation of modern power systems is to provide the power generation optimally from different units with possible lowest cost by trying to meet all the system Constraints. This work necessitates an answer to security constrained unit commitment (SCUC) problem with an objective function incorporating equality and inequality constraints of the system. The objective of the problem will be solved using multiple optimization function. The constraints such as real power operating limits, power balance, minimum up and down time, emission, spinning reserve etc. will be subjected to project a solution to the problem by using BAT procedure. The performance of the proposed method is implemented in MATLAB working platform and the performance is evaluated with the testing system of 3-unit and 10-unit system.
Keywords: optimisation; power generation dispatch; power generation scheduling; BAT procedure; SCUC problem; inequality constraints; multiple optimization function; objective function; power balance; real power operating limits; Conferences; Economics; Fuels; Generators; Optimization; Power generation; Power systems; BAT algorithm; constraints; security constrained unit commitment (ID#: 15-6819)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154782&isnumber=7154658
Kumar, S.; Syam Kumar, P., “Secure and Efficient Design and Implementation of Out-of-Band Storage Virtualization,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 1021–1025, 12–13 June 2015. doi:10.1109/IADCC.2015.7154859
Abstract: Storage virtualization is the most applied word in the industry due to its importance. Now a day’s data become more import, to hold and to extract needful information. Datacenter become an integral part of any organization, so its management too. For best and efficient result as well as proper storage utilization and management we need storage area network (SAN). In the environment of SAN, there is the compatibility issue with the different vendors and their drivers, so we are going for storage virtualization. Storage virtualization is applied in SAN environment. The classical techniques [1] to achieve storage virtualization is suffering from many problems like improper disk utilization, high latency, power consumption, different attacks and security issues. In this paper we design and implement storage virtualization technique EC2S2 to get better yield in terms of security, high throughput, efficient management and least latency. Through the security and performance analysis we show that our method is secure and efficient.
Keywords: computer centres; disc storage; security of data; storage area networks; storage management; storage media; SAN; datacenter; disk utilization; high latency; out-of-band storage virtualization; power consumption; storage area network; storage utilization and management; storage virtualization technique; Computer architecture; Security; Software; Storage area networks; Switches; Virtual machine monitors; Virtualization; memory management; out-of-band; power management; security; storage; thin-provisioning; virtualization (ID#: 15-6820)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154859&isnumber=7154658
Surv, N.; Wanve, B.; Kamble, R.; Patil, S.; Katti, J., “Framework for Client Side AES Encryption Technique in Cloud Computing,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 525–528, 12–13 June 2015. doi:10.1109/IADCC.2015.7154763
Abstract: Nowadays, cloud computing is most popular network in world. Cloud computing provides resource sharing and online data storage for the end users. In existed cloud computing systems there are many security issues. So, security becomes essential part for the data which is stored on cloud. To solve this problem we have proposed this paper. This paper presents client side AES encryption and decryption technique using secret key. AES encryption and decryption is high secured and fastest technique. Client side encryption is an effective approach to provide security to transmitting data and stored data. This paper proposed user authentication to secure data of encryption algorithm with in cloud computing. Cloud computing allows users to use browser without application installation and access their data at any computer using browser. This infrastructure guaranteed to secure the information in cloud server.
Keywords: cloud computing; message authentication; private key cryptography; resource allocation; storage management; client side AES decryption; client side AES encryption technique; cloud computing systems; cloud server; online data storage; resource sharing; secret key; security issues; user authentication; Ciphers; Cloud computing; Data privacy; Databases; Encryption; AES Algorithm; Cloud Computing; Cloud Security; Cryptography (ID#: 15-6821)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154763&isnumber=7154658
Devaki, P.; Rao, R., “A Novel Way of ICON Based Authentication Methods,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 449–453, 12–13 June 2015. doi:10.1109/IADCC.2015.7154748
Abstract: Authentication is one of the important security aspects to secure the critical or sensitive information in a system. The authentication system must allow only the authorized users to access the critical information. So it must be strong enough to identify only the valid users and at the same time it should be user friendly. There are many authentication systems designed and used, but most commonly used authentication system is login-password. But this suffers with the attack called shoulder surfing, and brute force method of password guessing. The work carried out to explore the strengths of different graphical based password system to avoid the attack of shoulder surfing and enhance the security in terms of authentication. Also we have proposed a new graphical based authentication system.
Keywords: authorisation; computer graphics; ICON based authentication methods; authorized users; brute force method; graphical based authentication system; graphical based password system; login-password; password guessing; security aspects; shoulder surfing; Authentication; Bandwidth; Conferences; Face; Fingerprint recognition; Iris recognition; Attacker; Authentication; Braille; Graphical based password; Security; Shoulder Surfing (ID#: 15-6822)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154748&isnumber=7154658
Grewal, R.; Kaur, J.; Saini, K.S., “A Survey on Proficient Techniques to Mitigate Clone Attack in Wireless Sensor Networks,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 1148–1152, 12–13 June 2015. doi:10.1109/IADCC.2015.7154883
Abstract: Due to open deployment of sensor nodes in hostile environment and lack of physical shielding, sensor networks are exposed to different types of physical threats including Clone attack where an adversary physically compromises a node, extract all the credentials such as keys, identity and stored codes, make hardware replicas with the captured information and introduce them at specified positions in the network. Replica detection has become an important and challenging issue in the field of security. This paper surveys the existing schemes for clone attack detection. To conclude the paper, a comparison is shown of all the existing techniques in the literature.
Keywords: telecommunication security; wireless sensor networks; clone attack detection; clone attack mitigation; hostile environment; physical shielding; physical threats; replica detection; wireless sensor network; Base stations; Cloning; Conferences; Protocols; Routing; Security; Wireless sensor networks; WSNs; distributed; node clone; security (ID#: 15-6823)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154883&isnumber=7154658
Mangalwedekar, S.; Surve, S.K., “Measurement Sets in Power System State Estimator in Presence of False Data Injection Attack,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 855–860, 12–13 June 2015. doi:10.1109/IADCC.2015.7154827
Abstract: False data injection attacks (FDIA) on smart grid is a popular subject of current research. The presence of FDIA and other such attacks in smart grid is partly due to the combination of Information and Communication Technology with Power Systems. The FDIA on linear model of power system has been extensively analyzed in literature. However the non linear system model has not received the same amount of attention. This paper proposes the concept of balanced and unbalanced measurement set for the purpose of corrupting the state variables in linear and non-linear power system state estimators. The effect of balanced and unbalanced measurement sets for targeted constrained and unconstrained attacks are analyzed for linear and non-linear state estimators.
Keywords: power engineering computing; power system security; power system state estimation; security of data; smart power grids; FDIA; false data injection attack; information and communication technology; nonlinear state estimators; power system state estimator; smart grid; unconstrained attacks; Fluid flow measurement; Linear systems; Measurement uncertainty; Power measurement; Power systems; Transmission line measurements; Voltage measurement; Cyber security; cyber physical; false data injection attacks; linear state estimation; non-linear state estimation (ID#: 15-6824)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154827&isnumber=7154658
Kangavalli, R.; Vagdevi, S., “A Mixed Homomorphic Encryption Scheme for Secure Data Storage in Cloud,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp.1062–1066, 12–13 June 2015. doi:10.1109/IADCC.2015.7154867
Abstract: Cloud computing has been considered as the architectural model for future generation Information Technology. Inspite of its numerous advantages in both technical and business aspects, cloud computing still poses new challenges particularly in data storage security. The main threat here is trustworthiness. Data centers which power a cloud cannot perform computations on encrypted data stored on cloud. With the advances in homomorphic encryption techniques, data stored in cloud can be analyzed without decryption of the entire data. This paper discusses about various homomorphic encryption schemes and their applications on various domains. A homomorphic method with byte level homomorphism has been proposed.
Keywords: cloud computing; computer centres; cryptography; architectural model; byte level homomorphism; data centers; data storage security; information technology; mixed homomorphic encryption scheme; Ciphers; Cloud computing; Encryption; Memory; Servers; Cloud Data storage; Data Security; Fully Homomorphic Encryption; Homomorphic Encryption; Homomorphic Key (ID#: 15-6825)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154867&isnumber=7154658
Prasanna M.D.; Roopa, S.R., “SSO-Key Distribution Center Based Implementation Using Serpent Encryption Algorithm for Distributed Network (Securing SSO in Distributed Network),” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 425–429, 12–13 June 2015. doi:10.1109/IADCC.2015.7154743
Abstract: Network of things is expanding day by day, with that security, flexibility and ease of use became concern of the user. We do have a different technique to full fill user’s demands. Some of them are: Single Sign On (SSO), Cryptography techniques like RSA-VES, Serpent etc. In this paper an effort is made to provide all mentioned facilities to the user. Single Sign On (SSO) authorizes user only once and allow user to access multiple services and make the system very easy to use and also provides flexibility to use multiple programs or applications. The combination of cryptographic algorithms: Serpent (symmetric encryption) and RSA-VES (asymmetric encryption) which are known as one of the secured cryptographic algorithms are used with “session time” which makes communication very secure and reliable.
Keywords: public key cryptography; RSA-VES; SSO-key distribution center; Serpent encryption algorithm; cryptography techniques; distributed network; securing SSO; single sign on; Authentication; Ciphers; Encryption; Public key; Servers; authorization; distributed computer networks; information security; private key; public key; single sign-on (SSO); symmetric key (ID#: 15-6826)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154743&isnumber=7154658
Sricharan, K.G.; Kisore, N.R., “Mathematical Model to Study Propagation of Computer Worm in a Network,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 772–777, 12–13 June 2015. doi:10.1109/IADCC.2015.7154812
Abstract: Large scale digitization of essential services like governance, banking, public utilities etc has made the internet an attractive target for worm programmers to launch large scale cyber attack with the intention of either stealing information or disruption of services. Large scale attacks continue to happen in spite of the best efforts to secure a network by adopting new protection mechanisms against them. Security comes at a significant operational cost and organizations need to adopt an effective and efficient strategy so that the operational costs do not become more than the combined loss in the event of a wide spread attack. The ability to access damage in the event of a cyber attack and choose an appropriate and cost effective strategy depends on the ability to successfully model the spread of a cyber attack and thus determine the number of machines that would get affected. The existing models fail to take into account the impact of security techniques deployed on worm propagation while accessing the impact of worm on the computer network. Further they consider the network links to be homogenous and lack the granularity to capture the heterogeneity in security risk across the various links in a computer network. In this paper we propose a stochastic model that takes into account the fact that different network paths have different risk levels and also capture the impact of security defenses based on memory randomization on the worm propagation.
Keywords: Internet; computer network security; invasive software; stochastic processes; Internet; computer network; computer worm propagation;cyber attack; essential service digitization; mathematical model; memory randomization; network security; operational costs; protection mechanisms; security risk; stochastic model; Computational modeling; Computers; Grippers; Mathematical model; Security; Stochastic processes; Cyber defense; Large-scale cyber attack; Stochastic model (ID#: 15-6827)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154812&isnumber=7154658
Pramod, A.; Ghosh, A.; Mohan, A.; Shrivastava, M.; Shettar, R., “SQLI Detection System for a Safer Web Application,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 237–240, 12–13 June 2015. doi:10.1109/IADCC.2015.7154705
Abstract: SQL Injection (SQLI) is a quotidian phenomenon in the field of network security. It is a potent and effective way of intruding into secured databases thereby jeopardizing the confidentiality, integrity and availability of information in them. SQL Injection works by inserting malicious queries into legal queries thereby rendering it increasingly arduous for most detection systems to be able to discern its occurrence. Hence, the need of the hour is to build a coherent and a smart SQL Injection detection system to make web applications safer and thus, more reliable. Unlike a great majority of current detection tools and systems that are deployed at a region between the web server and the database server, the proposed system is deployed between client and the web server, thereby shielding the web server from the inimical impacts of the attack. This approach is nascent and efficient in terms of detection, ranking and notification of the attack designed using pattern matching algorithm based on the concept of hashing.
Keywords: Internet; SQL; computer network security; cryptography; file organisation; file servers; pattern matching; SQL Injection; SQLI detection system; Web application; Web server; database security; database server; hashing function; network security; pattern matching algorithm; Algorithm design and analysis; Databases; Inspection; Security; Time factors; Web servers; Deep Packet Inspection; Hardware Network Analyzer; SQL injection attack (ID#: 15-6828)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154705&isnumber=7154658
Bindu, C.S., “Click Based Graphical CAPTCHA to Thwart Spyware Attack,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 324–328, 12–13 June 2015. doi:10.1109/IADCC.2015.7154723
Abstract: Software that gathers information regarding the computer’s use secretly and conveys that information to a third party is Spyware. This paper proposes a click based Graphical CAPTCHA to overcome the spyware attacks. In case of traditional Text-Based CAPTCHA’s user normally enters disorder strings to form a CAPTCHA, the same is stored in the key loggers where spywares can decode it easily. To overcome this, Click-Based Graphical CAPTCHA uses a unique way of verification where user clicks on a sequence of images to form a CAPTCHA, and that sequence is stored in pixels with a random predefined order. This paper also analyzes the proposed scheme in terms of usability, security and performance.
Keywords: image sequences; invasive software; click based graphical CAPTCHA; image sequence; key loggers; spyware attack; text-based CAPTCHA; Barium; CAPTCHAs; Computers; Conferences; Spyware; Usability; CAPTCHA; Spyware; Usability (ID#: 15-6829)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154723&isnumber=7154658
Patkar, S.S.; Ambawade, D.D., “Secure 3GPP-WLAN Authentication Protocol Based On EAP-AKA,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 1011–1016, 12–13 June 2015. doi:10.1109/IADCC.2015.7154857
Abstract: EAP-AKA is used as an authentication protocol during handoff across heterogeneous systems with different underlying technologies like the 3GPP-WLAN internetwork. However the protocol cannot be put to practical use due to its high authentication delay and vulnerabilities to several attacks like user identity disclosure, man in the middle attack and DoS attack. Moreover, the validity of Access Point of the WLAN network is often not checked, leaving the user vulnerable to several attacks even after heavy authentication procedure. For this purpose we propose a modified, secure EAP-SAKA protocol using Elliptic Curve Diffie Hellman for symmetric key generation by taking into consideration the validation of access point. Additionally, we make EAP-SAKA faster by decreasing the propagation delay of the signaling messages. The proposed protocol is supported using detailed security analysis and performance analysis. Also, security validation of EAP-SAKA is carried out using a widely accepted formal verification tool called AVISPA and is found to be safe.
Keywords: 3G mobile communication; computer network security; cryptographic protocols; formal verification; internetworking; mobility management (mobile radio); public key cryptography; wireless LAN; 3GPP-WLAN internetwork; AVISPA; DoS attack; EAP-AKA; WLAN network; access point validation; attack vulnerability; authentication delay; detailed security analysis; elliptic curve Diffie Hellman; formal verification tool; handoff; heavy authentication procedure; heterogeneous systems; identity disclosure; man in the middle attack; performance analysis; propagation delay; secure 3GPP-WLAN authentication protocol; secure EAP-SAKA protocol; security validation; signaling message; symmetric key generation; Authentication; Delays; Handover; Protocols; Servers; EAP-SAKA; ECDH; Full-Authentication (ID#: 15-6830)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154857&isnumber=7154658
Kaur, S.; Khandnor, P., “A Survey on Two-Factor User Authentication Schemes in Wireless Sensor Networks,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 1077–1081, 12–13 June 2015. doi:10.1109/IADCC.2015.7154870
Abstract: Wireless Sensor Networks have emerged as one of the most promising technologies and promoted research avenues due to their widespread applicability. Wireless Sensor Networks have found applications in critical information infrastructure like military surveillance, nuclear power plants, etc., hence there arises the need to restrict access to critical information of such systems. So as to maintain confidentiality, user authentication is required so that only legitimate users are allowed to retrieve the information. Several two-factor user authentication schemes have been suggested by the research community. In this paper, a brief review of various security issues, security attacks and authentication schemes pertaining to Wireless Sensor Networks has been presented.
Keywords: authorisation; information retrieval; telecommunication security; wireless sensor networks; security attack; two-factor user authentication scheme; wireless sensor network; Authentication; Resilience; Servers; Smart cards; Wireless communication; Wireless sensor networks; Base station (BS); Gateway node (GWN); Sensor node; Wireless Sensor Network (WSN) (ID#: 15-6831)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154870&isnumber=7154658
Srividya, R.; Ramesh, B., “Authentication Technique to Reduce Call Setup Delay Incurred Due to Authentication in Mobiles,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 126–130, 12–13 June 2015. doi:10.1109/IADCC.2015.7154684
Abstract: Wireless Mobile Adhoc network is an infrastructure less network which consists of equally distributed self configuring mobile nodes. Secured access to these mobile nodes is a major issue, since these devices are most widely used in our day to day life due to their diverse capabilities like online transactions processing. Designing a reliable authentication technique for users of these mobile nodes with minimum delay incurred for the authentication process is the most vital and challenging task, so that only legitimate users can access their personal data and also communicate with the other mobile devices in the network. In this paper we present an approach for authentication of the Mobile users with minimum time delay incurred for authentication process, which is well explained with a scenario of setting up a call session during an emergency, unlike traditional techniques and hence reducing the average delay caused due to setting up a call session after authenticating the user. Performance valuation indicates that this approach achieves a reliable security for nodes with a minimum time overhead.
Keywords: mobile ad hoc networks; telecommunication network reliability; telecommunication security; authentication technique; call setup delay reduction; mobiles device; wireless mobile ad hoc network security; Accuracy; Authentication; Delays; Mobile communication; Mobile computing; Mobile handsets; Telecommunication traffic; Authentication; Biometrics; Call Setup; In-Call; Legitimate; Mobile Phones (ID#: 15-6832)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154684&isnumber=7154658
Manjunath, C.R.; Anand, S.; Nagaraja, G.S., “An Hybrid Secure Scheme for Secure Transmission in Grid Based Wireless Sensor Network,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 472–475, 12–13 June 2015. doi:10.1109/IADCC.2015.7154753
Abstract: In a Wireless Sensor Networks (WSNs) the sensor nodes are placed in an environment depending on the applications where secure communication is in high demand. To ensure the privacy and safety of data transactions in the network, a unique identification for the nodes and secure key for transportation have become major concerns. In order to establish a secure communication channel in the network, care and address the recourse constraints related to the devices and the scalability of the network when designing a secure key management. An approach for secure communication channel establishment is made in order to suite the functional and architectural features of WSNs. Here a hybrid key management scheme for symmetric key cryptography is attempted to establish a secure communication. An ECC and DH based key management and a certificate generation scheme, where the key is generated to decrypt the certificates to establish link for communication in the network. The hybrid scheme is tested based on amount of energy consumed and security analysis by simulation.
Keywords: data privacy; public key cryptography; telecommunication power management; telecommunication security; wireless sensor networks; DH based key management; Diffie-Hellman based key management; ECC; WSN; certificate generation scheme; data transactions; elliptic curve cryptography; grid based wireless sensor network; hybrid key management scheme; hybrid secure scheme; secure communication channel; secure key management; secure transmission; security analysis; sensor nodes; symmetric key cryptography; Base stations; Clustering algorithms; Elliptic curve cryptography; Elliptic curves; Wireless sensor networks; Elliptic Curve Cryptography; Wireless Sensor Networks; certificate; key establishment; scheme; secure communication (ID#: 15-6833)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154753&isnumber=7154658
Deshmukh, L.R.; Potgantwar, A.D., “Ensuring an Early Recognition and Avoidance of the Vampire Attacks in WSN Using Routing Loops,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 61–66, 12–13 June 2015. doi:10.1109/IADCC.2015.7154669
Abstract: In sensing it’s the ad-hoc sensor and data routing which is an important research direction. Security work is prioritized in this area and focusing primarily at medium access control or the routing levels on denial of communication. Attacks focusing on routing protocol layer are known as resource depletion attacks in this paper. This attack impacts by persistently disabling the network and causing the node’s battery power drain drastically. There are protocols established which tends to protect from DOS attacks, however it isn’t possible perfectly. Vampire attack is one such DOS attack. These Vampire attacks depends on various characteristics of well-known many classes of routing protocols as these are not specific to any particular protocol. These Vampire attacks can be easily executed using even a single malicious intruder, who sends simply protocol complaint message, these attacks are thus destructing and very hard to detect. In the nastiest condition, an individual attacker has the ability to enlarge the energy usage of the network by a factor of O(N), where N is the quantity of nodes in the network. A new proof-of-concept protocol is a method discussed to mitigate these kinds of attacks. This protocol limits the damage caused at the time of packet forwarding done by Vampires. To diminish the Vampire attacks using PLGP-a which identifies malicious attack, certain approaches have also been discussed.
Keywords: access protocols; ad hoc networks; computer network security; routing protocols; wireless sensor networks; DOS attack; PLGP-a; WSN; ad hoc sensor; data routing protocol layer; malicious attack identification; malicious intruder; medium access control; packet forwarding; proof-of-concept protocol; resource depletion attack; vampire attack avoidance; vampire attack early recognition; Ad hoc networks; Receivers; Routing; Routing protocols; Topology; Wireless sensor networks; Wireless networks; ad-hoc networks; routing protocols; sensor network; vampire attack (ID#: 15-6834)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154669&isnumber=7154658
Saggi, M.K.; Kaur, R., “Isolation of Sybil Attack in VANET Using Neighboring Information,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 46–51, 12–13 June 2015. doi:10.1109/IADCC.2015.7154666
Abstract: The advancement of wireless communication leads researchers to conceive and develop the idea of vehicular networks, also known as vehicular ad hoc networks (VANETs). In Sybil attack, the WSN is destabilized by a malicious node which creates an innumerable fraudulent identities in favor of disrupting networks protocols. In this paper, a novel technique has been proposed to detect and isolate Sybil attack on vehicles resulting in proficiency of network. It will work in two-phases. In first phase RSU registers the nodes by identifying their credentials offered by them. If they are successfully verified, second phase starts & it allots identification to vehicles thus, RSU gathers information from neighboring nodes & define threshold speed limit to them & verify the threshold value is exceed the defined limit of speed. A multiple identity generated by Sybil attack is very harmful for the network & can be misused to flood the wrong information over network. Simulation results show that proposed detection technique increases the possibilities of detection and reduces the percentage of Sybil attack.
Keywords: computer network security; RSU; Sybil attack; VANET; credentials; fraudulent identities; malicious node; neighboring nodes; networks protocols disruption; threshold speed limit; threshold value; vehicular ad hoc networks; Mobile nodes; Monitoring; Protocols; Roads; Routing; Vehicles; Vehicular ad hoc networks; Collision; MANET; Malicious node; Sybil Attack; V2V communication (ID#: 15-6835)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154666&isnumber=7154658
Bajaj, S.B.; Grewal, M., “TL-SMD: Two Layered Secure Message Digest Algorithm,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 349–352, 12–13 June 2015. doi:10.1109/IADCC.2015.7154728
Abstract: In this era of technology with an increasing usage of Internet, data security has become a major issue. Various cryptographic hash function such as MD4, MD5, SHA-1, SHA-2 has been defined to provide data security. In this paper we proposed a new algorithm, TL-SMD (Two Layered-Secure Message Digest) for building a secure hash function, which can provide two level processing security. For the construction of this algorithm, various techniques have been used that includes block cipher technique, modified combination of Merkle-Damgard construction and fast wide pipe construction. For computing the hash value from the input block, combination of cipher block chaining (CBC) mode and electronic codebook (ECB) mode with some modification is used.
Keywords: codes; cryptography; CBC mode; ECB mode; Internet; MD4; MD5; Merkle-Damgard construction; SHA-1; SHA-2; TL-SMD; block cipher technique; cipher block chaining mode; cryptographic hash function; data security; electronic codebook mode; two layered secure message digest algorithm; two level processing security; wide pipe construction; Computers; Cryptography; Optimization; Merkle-Damgard construction; cipher block chaining; electronic codebook; fast wide pipe construction (ID#: 15-6836)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154728&isnumber=7154658
Prasad, T.S.; Kisore, N.R., “Application of Hidden Markov Model for Classifying Metamorphic Virus,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 1201–1206, 12–13 June 2015. doi:10.1109/IADCC.2015.7154893
Abstract: Computer virus is a rapidly evolving threat to the computing community. These viruses fall into different categories. It is generally believed that metamorphic viruses are extremely difficult to detect. Metamorphic virus generating kits are readily available using which potentially dangerous viruses can be created with very little knowledge or skill. Classification of computer virus is very important for effective defection of any malware using anti virus software. It is also necessary for building and applying right software patch to overcome the security vulnerability. Recent research work on Hidden Markov Model (HMM) analysis has shown that it is more effective tool than other techniques like machine learning in detecting of computer viruses and their classification. In this paper, we present a classification technique based on Hidden Markov Model for computer virus classification. We trained multiple HMMs with 500 malware files belonging to different virus families as well as compilers. Once trained the model was used to classify new malware of its kind efficiently.
Keywords: computer viruses; hidden Markov models; invasive software; pattern classification; HMM analysis; antivirus software; compilers; computer virus classification; hidden Markov model; malware files; metamorphic virus classification; security vulnerability; software patch; Computational modeling; Computers; Hidden Markov models; Malware; Software; Training; Viruses (medical); Hidden Markov Model; Malware Classification; Metamorphic Malware; N-gram (ID#: 15-6837)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154893&isnumber=7154658
Reddy, M.R.; Reddy, V.B., “A Quasigroup Based Cipher Algorithm for Ad-Hoc Wireless Networks,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 241–246, 12–13 June 2015. doi:10.1109/IADCC.2015.7154706
Abstract: Security is the main concern in today's wireless network environment. However, cipher algorithms consume a lot of resources to provide the required confidentiality. Ad-Hoc wireless networks are one area where the devices are extremely resource constrained. Therefore computationally simple yet cryptographically strong cipher algorithms are required for such kind of networks. In this paper a light weight Quasigroup based stream cipher is proposed and implemented on a Virtex-6 FPGA. It is also subjected to the NIST-STS test suite. Its performance is evaluated in MANETs using Glomosim simulator.
Keywords: field programmable gate arrays; mobile ad hoc networks; public key cryptography; Glomosim simulator; MANET; NIST-STS test; Virtex-6 FPGA; ad hoc wireless network security; cryptographically strong cipher algorithm; light weight quasigroup based stream cipher algorithm; public key algorithm; Ad hoc networks; Algorithm design and analysis; Ciphers; Encryption; Energy consumption; Field programmable gate arrays; Ad-Hoc; Cryptography; FPGA; Quasigroup (ID#: 15-6838)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154706&isnumber=7154658
Dhanuka, S.K.; Sachdeva, P.; Shaikh, S.S., “Cryptographic Algorithm Optimisation,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 1111–1116, 12–13 June 2015. doi:10.1109/IADCC.2015.7154876
Abstract: Lightweight cryptographic algorithm is intended for implementation in resource constrained devices such as smart cards, wireless sensors, Radio Frequency Identification (RFID) tags which aim at providing adequate security. Hummingbird is a recent encryption algorithm based on ultra-lightweight cryptography and its design is based on blend of block cipher and stream cipher. This paper presents design space exploration of the algorithm and optimisation using different architectural approaches. It provides comparative analysis of different models of substitution box, cipher and encryption blocks.
Keywords: cryptography; Hummingbird encryption algorithm; RFID tags; architectural approach; block cipher; cipher block; cryptographic algorithm optimisation; design space exploration; encryption block; radiofrequency identification tags; resource constrained devices; smart cards; stream cipher; substitution box model; ultralightweight cryptographic algorithm; wireless sensors; Algorithm design and analysis; Ciphers; Encryption; Optimization; Resource management; Table lookup; Boolean Function Representation (BFR); Cryptography; Hummingbird; Look Up Table (LUT); Resource Constrained Devices (RCD); Resource Sharing (ID#: 15-6839)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154876&isnumber=7154658
Suhas, H.V.; Malla, R.; Ravi, S., “Red Black Cryptography,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 716–720, 12–13 June 2015. doi:10.1109/IADCC.2015.7154800
Abstract: Cryptography is defined as the practice and study of techniques for secure communication in the presence of third party attackers. It is a good way to protect sensitive information. Over the years, the need to protect information has increased. Confidentiality is of utmost importance. Complete protection of information is not an easy task. In this paper, a method is proposed that consists of three different levels of encryption, accomplished using Red Black Trees and Linear Congruential Generator. Due to the existence of three levels, it becomes extremely difficult for an attacker to hack data.
Keywords: cryptography; data privacy; trees (mathematics); communication security; confidentiality; data hacking; encryption; linear congruential generator; red black cryptography; red black trees; sensitive information protection; third party attackers; Ciphers; Generators; Image color analysis; Receivers; Vegetation; Cryptography; Decryption; Encryption; Linear Congruential Generator; Red-Black Trees (ID#: 15-6840)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154800&isnumber=7154658
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.
International Conferences: ICCPS 2015, Seattle, WA
|
International Conferences: ICCPS 2015 Seattle, WA |
The 6th International Conference on Cyber-Physical Systems (ICCPS) was held in Seattle, Washington on April 14–16, 2015. The conference presentations covered a variety of issues and topics in cyber-physical systems. The ones cited here focus on the hard problems of cyber-physical system security, privacy, and human behavior and interaction.
Tamara Bonaci, Junjie Yan, Jeffrey Herron, Tadayoshi Kohno, Howard Jay Chizeck; “Experimental Analysis of Denial-of-Service Attacks on Teleoperated Robotic Systems,” in ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015, Pages 11–20. doi:10.1145/2735960.2735980
Abstract: Applications of robotic systems have had an explosive growth in recent years. In 2008, more than eight million robots were deployed worldwide in factories, battlefields, and medical services. The number and the applications of robotic systems are expected to continue growing, and many future robots will be controlled by distant operators through wired and wireless communication networks. The open and uncontrollable nature of communication media between robots and operators renders these cyber-physical systems vulnerable to a variety of cyber-security threats, many of which cannot be prevented using traditional cryptographic methods. A question thus arises: what if teleoperated robots are attacked, compromised or taken over? In this paper, we systematically analyze cyber-security attacks against Raven II R, an advanced teleoperated robotic surgery system. We classify possible threats, and focus on denial-of-service (DoS) attacks, which cannot be prevented using available cryptographic solutions. Through a series of experiments involving human subjects, we analyze the impact of these attacks on teleoperated procedures. We use the Fitts’ law as a way of quantifying the impact, and measure the increase in tasks’ difficulty when under DoS attacks. We then consider possible steps to mitigate the identified DoS attacks, and evaluate the applicability of these solutions for teleoperated robotics. The broader goal of our paper is to raise awareness, and increase understanding of emerging cyber-security threats against teleoperated robotic systems.
Keywords: Fitts’ law, cyber-physical systems, cybersecurity threats, denial-of-service attacks, teleoperated robotic systems (ID#: 15-6841)
URL: http://doi.acm.org/10.1145/2735960.2735980
Alexandre Bayen, Michael Branicky; “Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems,” ICCPS ’15, the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, Seattle, WA, April 14–16, 2015. ACM 2015. ISBN: 978-1-4503-3455-6.
Abstract: This volume contains the papers presented at the Sixth ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS 2015), which was held with the Cyber-Physical Systems Week in Seattle, Washington, USA, on 13--16 April 2015. ICCPS has been the flagship conference on Cyber-Physical Systems (CPS) that tightly couple the cyber aspects of computing and communications with the physical aspects of dynamics and engineering. ICCPS, as an integral part of CPS Week, is pleased to be co-located with its sister conferences that focus on various components of CPS including embedded systems, hybrid systems, real-time systems, and wireless sensor networks. ICCPS aims to showcase cutting-edge research that spans both the cyber and physical aspects of CPS. In the process, it will bring together engineers from various disciplines and computer scientists to create the scientific foundations, identify new principles, present novel architectures, demonstrate promising applications, and enable powerful capabilities of CPS. In addition to its traditional focus on the foundations, applications, and examples of CPS, this year ICCPS has absorbed the former High Confidence Networked Systems (HiCoNS) conference and includes its focus on secure and resilient infrastructure for CPS.
Keywords: (not provided) (ID#: 15-6842)
URL: http://dl.acm.org/citation.cfm?doid=2735960
Abdulmalik Humayed, Bo Luo; “Cyber-Physical Security for Smart Cars: Taxonomy of Vulnerabilities, Threats, and Attacks,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015, Pages 252–253. doi:10.1145/2735960.2735992
Abstract: As the passenger vehicles evolve to be “smart”, electronic components, including communication and intelligent software, are continuously introduced to new models and concept vehicles. The new paradigm introduces new features and benefits, but also brings new security concerns. Smart cars are considered cyber-physical systems (CPS) because of their integration of cyber- and physical-components. In recent years, various threats, vulnerabilities, and attacks have been discovered from different models of smart cars. In the worst-case scenario, external attackers may remotely obtain full control of the vehicle by exploiting an existing vulnerability. In this poster, we examine smart car security from a CPS’ perspective, and derive a taxonomy of threats, vulnerabilities, and attacks. We demonstrate a systematic model of smart car security by distinguishing between cyber, cyber-physical, and physical (C-CP-P) components and their interactions. We present our reflections on how the systematic model and taxonomy could be utilized to help the development of effective control mechanisms.
Keywords: (not provided) (ID#: 15-6843)
URL: http://doi.acm.org/10.1145/2735960.2735992
Junkil Park, Radoslav Ivanov, James Weimer, Miroslav Pajic, Insup Lee; “Sensor Attack Detection in the Presence of Transient Faults,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015,
Pages 1–10. doi:10.1145/2735960.2735984
Abstract: This paper addresses the problem of detection and identification of sensor attacks in the presence of transient faults. We consider a system with multiple sensors measuring the same physical variable, where some sensors might be under attack and provide malicious values. We consider a setup, in which each sensor provides the controller with an interval of possible values for the true value. While approaches exist for detecting malicious sensor attacks, they are conservative in that they treat attacks and faults in the same way, thus neglecting the fact that sensors may provide faulty measurements at times due to temporary disturbances (e.g., a tunnel for GPS). To address this problem, we propose a transient fault model for each sensor and an algorithm designed to detect and identify attacks in the presence of transient faults. The fault model consists of three aspects: the size of the sensor’s interval (1) and an upper bound on the number of errors (2) allowed in a given window size (3). Given such a model for each sensor, the algorithm uses pairwise inconsistencies between sensors to detect and identify attacks. In addition to the algorithm, we provide a framework for selecting a fault model for each sensor based on training data. Finally, we validate the algorithm’s performance on real measurement data obtained from an unmanned ground vehicle.
Keywords: (not provided) (ID#: 15-6844)
URL: http://doi.acm.org/10.1145/2735960.2735984
Jackeline Abad Torres, Dinuka Sahabandu, Rahul Dhal, Sandip Roy; “Local Open- and Closed-Loop Manipulation of Multi-Agent Networks,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015, Pages 21–30. doi:10.1145/2735960.2735982
Abstract: We explore the manipulation of networked cyber-physical devices via external actuation or feedback control at a single location, in the context of a canonical multi-agent system model known as the double integrator network. One main focus is to understand whether or not, and how easily, a stakeholder can manipulate network’'s full dynamics by designing the actuation signal for one agent (in an open-loop sense). Additionally, we investigate the ability of the stakeholder to manipulate the multi-agent system, and achieve control objectives, via local feedback control. For both problems, we find that manipulation of the dynamics is crucially dependent on the network’s graph and associated spectrum.
Keywords: controllability, cyber-physical systems, multi-agent systems (ID#: 15-6845)
URL: http://doi.acm.org/10.1145/2735960.2735982
Jian Xu, Vasiliki Sfyrla, Krishna K. Venkatasubramanian; “Methodology for Generating Attack Trees for Interoperable Medical Devices,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015,
Pages 258–258. doi:10.1145/2735960.2735993
Abstract: In this paper we present a methodology that provides a systematic way of generating attack trees for interoperable medical devices by leveraging process modeling, hazard descriptions, and fault-trees.
Keywords: (not provided) (ID#: 15-6846)
URL: http://doi.acm.org/10.1145/2735960.2735993
Taylor T. Johnson, Stanley Bak, Steven Drager; “Cyber-Physical Specification Mismatch Identification with Dynamic Analysis,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015, Pages 208–217. doi:10.1145/2735960.2735979
Abstract: Embedded systems use increasingly complex software and are evolving into cyber-physical systems (CPS) with sophisticated interaction and coupling between physical and computational processes. Many CPS operate in safety-critical environments and have stringent certification, reliability, and correctness requirements. These systems undergo changes throughout their lifetimes, where either the software or physical hardware is updated in subsequent design iterations. One source of failure in safety-critical CPS is when there are unstated assumptions in either the physical or cyber parts of the system, and new components do not match those assumptions. In this work, we present an automated method towards identifying unstated assumptions in CPS. Dynamic specifications in the form of candidate invariants of both the software and physical components are identified using dynamic analysis (executing and/or simulating the system implementation or model thereof). A prototype tool called Hynger (for HYbrid iNvariant GEneratoR) was developed that instruments Simulink/Stateflow (SLSF) model diagrams to generate traces in the input format compatible with the Daikon invariant inference tool, which has been extensively applied to software systems. Hynger, in conjunction with Daikon, is able to detect candidate invariants of several CPS case studies. We use the running example of a DC-to-DC power converter, and demonstrate that Hynger can detect a specification mismatch where a tolerance assumed by the software is violated due to a plant change.
Keywords: cyber-physical systems, dynamic analysis, specifications (ID#: 15-6847)
URL: http://doi.acm.org/10.1145/2735960.2735979
Xiaodong Zhang, Matthew Clark, Kudip Rattan, Jonathan Muse; “Controller Verification in Adaptive Learning Systems Towards Trusted Autonomy,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015, Pages 31–40. doi:10.1145/2735960.2735971
Abstract: With the increasing levels of adaptation and autonomy in complex cyber-physical systems (CPS), the traditional notion that such systems can be fully tested and validated offline is becoming an impossible task. It is virtually impossible to analyze or test ahead of time all the possible parameter values resulting from the uncertainty in system operational and environmental conditions. This paper considers the problem of online controller verification in a class of first-order nonlinear uncertain systems incorporating neural network based learning algorithms. Based on several critical assumptions, an on-line neural network model is employed to ensure robustness and fault-tolerance to certain modeling uncertainty and physical faults under consideration. However, these assumptions may be violated in the presence of software faults or unanticipated physical faults in the closed-loop system, leading to unstable learning behaviors and controller malfunctions. Based on Lyapunov stability theory, an online controller verification scheme is developed to detect such unstable learning behaviors by continuously monitoring the decrease of Lyapunov functions. Adaptive thresholds for detecting malfunctions of the adaptive learning controller are derived, ensuring the robustness with respect to modeling uncertainty and neural network approximation error. Additionally, the detectability conditions are investigated, characterizing the class of detectable software faults and unanticipated hardware faults. An upper bound on the detection time of controller malfunction is also derived. Some simulation results using a two-tank system are shown to illustrate the effectiveness of the controller verification method.
Keywords: adaptive learning systems, fault detection, neural networks, verification and validation of control systems (ID#: 15-6848)
URL: http://doi.acm.org/10.1145/2735960.2735971
Yunlong Gao, Shaohan Hu, Renato Mancuso, Hongwei Wang, Minje Kim, PoLiang Wu, Lu Su, Lui Sha, Tarek Abdelzaher; “Exploiting Structured Human Interactions to Enhance Estimation Accuracy in Cyber-Physical Systems,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015, Pages 60–69. doi:10.1145/2735960.2735965
Abstract: In this paper, we describe a general methodology for enhancing measurement accuracy in cyber-physical systems that involve structured human interactions with a noisy physical environment. We define structured human interactions as those that follow a domain-specific workflow. The idea of the paper is simple: we exploit knowledge of the workflow to correct unreliable sensor data. The intellectual contribution lies in an algorithm for joint estimation of the current state of the workflow together with correction of noisy sensor measurements, given only the noisy measurements and an overall workflow description. We demonstrate through simulations and a physical implementation the degree to which knowledge of workflow can increase sensing accuracy. As a specific instantiation of this idea, we present a novel situation-awareness tool called the Emergency Transcriber designed to automatically document operational procedures followed by teams of first responders in emergency-response scenarios. Evaluation shows that our system provides a significant fidelity enhancement over the state of the art, effectively coping with the noisy environment of emergency teams.
Keywords: emergency, unreliable sensor data, workflow (ID#: 15-6849)
URL: http://doi.acm.org/10.1145/2735960.2735965
Kyong-Tak Cho, Kang G. Shin, Taejoon Park; “CPS Approach to Checking Norm Operation of a Brake-by-Wire System,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015, Pages 41–50. doi:10.1145/2735960.2735977
Abstract: For better controllability and energy-efficiency, more vehicle functions are being implemented via electronic control systems in place of traditional mechanical control systems. However, such transitions are creating new, unprecedented risks such as software bugs or hardware glitches, all of which can lead to serious safety risks. Recent real-world examples and research literature have been covering them under the name of vehicle misbehavior. In this paper, we present a new way of checking norm operations, called BAD (Brake Anomaly Detection), which detects any vehicle misbehavior in the Brake-by-Wire system. We focus on the braking system since it is a prototypical safety-critical and cyber-physical system. We first propose a new method for constructing norm models of braking and then show how anomalies are detected by BAD using the constructed models. Finally, we discuss how to verify the results, especially in the context of false positives. Our evaluation results show that BAD can effectively detect various types of anomaly in the braking system.
Keywords: anomaly detection, braking system, vehicle misbehavior (ID#: 15-6851)
URL: http://doi.acm.org/10.1145/2735960.2735977
Lu Feng, Clemens Wiltsche, Laura Humphrey, Ufuk Topcu; “Controller Synthesis for Autonomous Systems Interacting with Human Operators,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015, Pages 70–79. doi:10.1145/2735960.2735973
Abstract: We propose an approach to synthesize control protocols for autonomous systems that account for uncertainties and imperfections in interactions with human operators. As an illustrative example, we consider a scenario involving road network surveillance by an unmanned aerial vehicle (UAV) that is controlled remotely by a human operator but also has a certain degree of autonomy. Depending on the type (i.e., probabilistic and/or nondeterministic) of knowledge about the uncertainties and imperfections in the operator-autonomy interactions, we use abstractions based on Markov decision processes and augment these models to stochastic two-player games. Our approach enables the synthesis of operator-dependent optimal mission plans for the UAV, highlighting the effects of operator characteristics (e.g., workload, proficiency, and fatigue) on UAV mission performance; it can also provide informative feedback (e.g., Pareto curves showing the trade-offs between multiple mission objectives), potentially assisting the operator in decision-making.
Keywords: (not provided) (ID#: 15-6852)
URL: http://doi.acm.org/10.1145/2735960.2735973
Nisar Ahmed, Mark Campbell, David Casbeer, Yongcan Cao, Derek Kingston; “Fully Bayesian Learning and Spatial Reasoning with Flexible Human Sensor Networks,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015, Pages 80–89. doi:10.1145/2735960.2735970
Abstract: This work considers the challenging problem of simultaneous modeling and fusion of ‘soft data’ generated by a network of ‘human sensors’ for spatial state estimation tasks, such as lost target search or large area surveillance. Human sensors can opportunistically provide useful information to constrain difficult state estimation problems, but are imperfect information sources whose reliability cannot be easily determined in advance. Formal observation likelihood models are derived for flexible sketch-based observations, but are found to lead to analytically intractable statistical dependencies between unknown sensor parameters and spatial states of interest that cannot adequately characterized by simple point estimates. Hierarchical Bayesian models and centralized inference strategies based on Gibbs sampling are proposed to address these issues, especially in cases of sparse, noisy, ambiguous and conflicting soft data. This leads to an automatic online calibration procedure for human sensor networks, as well as conservative spatial state posteriors that naturally account for model uncertainties. Experimental outdoor target search results with real spatial human sensor data (obtained via networked mobile graphical sketch interfaces) demonstrate the proposed methodology.
Keywords: autonomous sensor networks, human-in-the-loop, statistical signal processing (ID#: 15-6853)
URL: http://doi.acm.org/10.1145/2735960.2735970
Ming Jin, Lillian J. Ratliff, Ioannis Konstantakopoulos, Costas Spanos, Shankar Sastry; “REST: A Reliable Estimation of Stopping Time Algorithm for Social Game Experiments,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015, Pages 90–99. doi:10.1145/2735960.2735974
Abstract: Through a social game, we integrate building occupants into the control and management of an office building that is instrumented with networked embedded systems for sensing and actuation. The goal of the social game is to both incentivize building occupants to be more energy efficient and learn behavioral models for occupants so that the building can be made sustainable through automation. Given a generative model for the occupants behavior in the competitive environment created by the social game, we develop a method for learning the parameters of the behavioral model as we conduct the experiment by adopting a learning to learn framework. Using tools from statistical learning, we provide bounds on the parameter inference error. In addition, we provide an algorithm for computing the stopping time required for a specified level of confidence in estimation. We show the performance of our algorithm in several examples.
Keywords: (not provided) (ID#: 15-6854)
URL: http://doi.acm.org/10.1145/2735960.2735974
Huihua Zhao, Jake Reher, Jonathan Horn, Victor Paredes, Aaron D. Ames; “Realization of Nonlinear Real-Time Optimization Based Controllers on Self-Contained Transfemoral Prosthesis,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015, Pages 130–138. doi:10.1145/2735960.2735964
Abstract: Lower-limb prosthesis provide a prime example of cyber-physical systems (CPSs) that interact with humans in a safety critical fashion, and therefore require the synergistic development of sensing, algorithms and controllers. With a view towards better understanding CPSs of this form, this paper presents a methodology for successfully translating nonlinear real-time optimization based controllers from bipedal robots to a novel custom built self-contained powered transfemoral prosthesis: AMPRO. To achieve this goal, we begin by collecting reference human locomotion data via Inertial measurement Units (IMUs). This data forms the basis for an optimization problem that generates virtual constraints, i.e., parametrized trajectories, for the prosthesis that provably yields walking in simulation. Leveraging methods that have proven successful in generating stable robotic locomotion, control Lyapunov function (CLF) based Quadratic Programs (QPs) are utilized to optimally track the resulting desired trajectories. The parameterization of the trajectories is determined through a combination of on-board sensing on the prosthesis together with IMU data, thereby coupling the actions of the user with the controller. Finally, impedance control is integrated into the QP yielding an optimization based control law that displays remarkable tracking and robustness, outperforming traditional PD and impedance control strategies. This is demonstrated experimentally on AMPRO through the implementation of the holistic sensing, algorithm and control framework, with the end result being stable and human-like walking.
Keywords: hybrid systems, nonlinear control, transfemoral prosthesis (ID#: 15-6855)
URL: http://doi.acm.org/10.1145/2735960.2735964
Kun Zhang, Jonathan Sprinkle, Ricardo G. Sanfelice; “A Hybrid Model Predictive Controller for Path Planning and Path Following,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015, Pages 139–148. doi:10.1145/2735960.2735966
Abstract: The use of nonlinear model-predictive methods for path planning and following has the advantage of concurrently solving problems of obstacle avoidance, feasible trajectory selection, and trajectory following, while obeying constraints on control inputs and state values. However, such approaches are computationally intensive, and may not be guaranteed to return a result in bounded time when performing a non-convex optimization. This problem is an interesting application to cyber-physical systems due to their reliance on computation to carry out complex control. The computational burden can be addressed through model reduction, at a cost of potential (bounded) model error over the prediction horizon. In this paper we introduce a metric called uncontrollable divergence, and discuss how the selection of the model to use for the predictive controller can be addressed by evaluating this metric, which reveals the divergence between predicted and true states caused by return time and model mismatch. A map of uncontrollable divergence plotted over the state space gives the criterion to judge where reduced models can be tolerated when high update rate is preferred (e.g. at high speed and small steering angles), and where high-fidelity models are required to avoid obstacles or make tighter curves (e.g. at large steering angles). With this metric, we design a hybrid controller that switches at runtime between predictive controllers in which respective models are deployed.
Keywords: MPC, hybrid control, model error evaluation (ID#: 15-6856)
URL: http://doi.acm.org/10.1145/2735960.2735966
Zhishan Guo, Sanjoy K. Baruah; “Uniprocessor EDF Scheduling of AVR Task Systems,” ICCPS ’15, Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, April 2015, Pages 159–168. doi:10.1145/2735960.2735976
Abstract: The adaptive varying-rate (AVR) task model has been proposed as a means of modeling certain physically-derived constraints in CPS’s in a manner that is more accurate (less pessimistic) than is possible using prior task models from real-time scheduling theory. Existing work on schedulability analysis of systems of AVR tasks is primarily restricted to fixed-priority scheduling; this paper establishes schedulability analysis results for systems of AVR and sporadic tasks under Earliest Deadline First (EDF) scheduling. The proposed analysis techniques are evaluated both theoretically via the speedup factor metric, and experimentally via schedulability experiments on randomly-generated task systems.
Keywords: (not provided) (ID#: 15-6857)
URL: http://doi.acm.org/10.1145/2735960.2735976
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.
International Conferences: PST 2015, Izmir, Turkey
|
International Conferences: PST 2015 Izmir, Turkey |
The 2015 13th Annual Conference on Privacy, Security and Trust (PST) was held 21-23 July 2015 in Izmir, Turkey. This year’s topics included access control, modelling, privacy, social networks, and trust.
Debnath, Mitu Kumar; Samet, Saeed; Vidyasankar, Krishnamurthy, “A Secure Revocable Personal Health Record System with Policy-Based Fine-Grained Access Control,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 109–116, 21–23 July 2015. doi:10.1109/PST.2015.7232961
Abstract: Collaborative sharing of information is becoming much more needed technique to achieve complex goals in today’s fast-paced tech-dominant world. In our context, Personal Health Record (PHR) system has become a popular research area for sharing patient information very quickly among health professionals. PHR systems store and process sensitive information, which should have proper security mechanisms to protect data. Thus, access control mechanisms of the PHR should be well-defined. Secondly, PHRs should be stored in encrypted form. Therefore, cryptographic schemes offering a more suitable solution for enforcing access policies based on user attributes are needed. Attribute-based encryption can resolve these problems. We have proposed a framework with fine-grained access control mechanism that protects PHRs against service providers, and malicious users. We have used the Ciphertext Policy Attribute Based Encryption system as an efficient cryptographic technique, enhancing security and privacy of the system, as well as enabling access revocation in a hierarchical scheme. The Web Services and APIs for the proposed framework have been developed and implemented, along with an Android mobile application for the system.
Keywords: Access control; Data privacy; Encryption; Medical services; Servers; Attribute Revocation; Attribute-Based Encryption; Fine-Grained Access Control; Patient-centric Data Privacy; Personal Health Records (ID#: 15-6772)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232961&isnumber=7232940
Anandan, Balamurugan; Clifton, Chris, “Laplace Noise Generation for Two-Party Computational Differential Privacy,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 54–61, 21–23 July 2015. doi:10.1109/PST.2015.7232954
Abstract: Computing a differentially private function using secure function evaluation prevents private information leakage both in the process, and from information present in the function output. However, the very secrecy provided by secure function evaluation poses new challenges if any of the parties are malicious. We first show how to build a two party differentially private secure protocol in the presence of malicious adversaries. We then relax the utility requirement of computational differential privacy to reduce computational cost, still giving security with rational adversaries. Finally, we provide a modified two-party computational differential privacy definition and show correctness and security guarantees in the rational setting.
Keywords: Computational modeling; Encryption; Hamming distance; Noise; Privacy; Protocols (ID#: 15-6773)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232954&isnumber=7232940
Vanderlei de Arruda, Tiago; Venturini, Yeda Regina; Sakata, Tiemi Christine, “Performance Evaluation of ECC Scalar Multiplication Using Parallel Modular Algorithms on Mobile Devices,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 153–156, 21–23 July 2015. doi:10.1109/PST.2015.7232967
Abstract: Mobile devices, such as smartphones, allow people around the world to access a huge amount of online applications anywhere and anytime. Elliptic Curve Cryptography (ECC) algorithm can be used in mobile devices to trust the access to these applications. Scalar multiplication is the main and most expensive operation in ECC and its cost is directly related to the size of the key used. It is composed of a lot of modular arithmetic operations (addition, subtraction, squaring, multiplication and inversion), defined by the coordinate system used. Using the short Weierstrass Jacobian coordinate system, the modular multiplication and squaring are the most costly operations performed in our experiments. In this paper we analyze the performance of scalar multiplication using a variety of sequential and parallel modular multiplication algorithms with standardized NIST curves. To predict the timings for highorder curves, it is used a 1536-bit pairing-friendly curve available on RELIC. Experiments were performed on a SabreLite IMX6Quad board with a quad-core ARM cortex A9 (ARMv7 architecture) processor, which allows the analysis of these scalar multiplications on a mobile device architecture. Results show that Bipartite 2th timings were faster than the sequential ones for 1536-bit curves. Bipartite timings were strictly close to the best sequential timing for 521 bits, indicating that for a not too much longer key, parallel algorithms’ timings are capable to overcome the sequential ones.
Keywords: Algorithm design and analysis; Elliptic curve cryptography; Elliptic curves; Mobile handsets; Parallel algorithms; Timing (ID#: 15-6774)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232967&isnumber=7232940
Abidi, Balkis; Ben Yahia, Sadok, “An Adaptive Algorithm for Multivariate Data-Oriented Microaggregation,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 70–76, 21–23 July 2015. doi:10.1109/PST.2015.7232956
Abstract: Microaggregation for Statistical Disclosure Control (SDC) has been shown to be an efficient method to hamper individual identification. Indeed, micro data are wrapped in such a way that can be published and mined without providing any private information that can be linked to specific individuals. In this respect, a microaggregation method would seek to lower the information loss resulting from this replacement process. The challenge is how to minimize the information loss during the microaggregation process. In this paper, we introduce a new algorithm, called AdMicro-FSOM for the multivariate microaggregation task. The main thrust of this algorithm stands in its handling fuzzy partition into a microaggregation method. The extensive carried out experiments show the obtention of low information loss, even when handling noisy data. In addition, the obtained results sharply outperform those obtained by the pioneering algorithms of the dedicated literature.
Keywords: Algorithm design and analysis; Clustering algorithms; Data privacy; Noise measurement; Partitioning algorithms; Sorting; Training data (ID#: 15-6775)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232956&isnumber=7232940
Kiraz, Mehmet Sabir; Sertkaya, Isa; Uzunkol, Osmanbey, “An Efficient ID-Based Message Recoverable Privacy-Preserving Auditing Scheme,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 117–124, 21–23 July 2015. doi:10.1109/PST.2015.7232962
Abstract: One of the most important benefits of public cloud storage is outsourcing of management and maintenance with easy accessibility and retrievability over the internet. However, outsourcing data on the cloud brings new challenges such as integrity verification and privacy of data. More concretely, once the users outsource their data on the cloud they have no longer physical control over the data and this leads to the integrity protection issue. Hence, it is crucial to guarantee proof of data storage and integrity of the outsourced data. Several pairing-based auditing solutions have been proposed utilizing the Boneh-Lynn-Shacham (BLS) short signatures. They basically provide a desirable and efficient property of non-repudiation protocols. In this work, we propose the first ID-based privacy-preserving public auditing scheme with message recoverable signatures. Because of message recoverable auditing scheme, the message itself is implicitly included during the verification step that was not possible in previously proposed auditing schemes. Furthermore, we point out that the algorithm suites of existing schemes is either insecure or very inefficient due to the choice of the underlying bilinear map and its baseline parameter selections. We show that our scheme is more efficient than the recently proposed auditing schemes based on BLS like short signatures.
Keywords: Cloud computing; Data privacy; Elliptic curves; Memory; Protocols; Security; Servers; Data storage; bilinear maps; message recoverable signatures; privacy preserving; public auditability (ID#: 15-6776)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232962&isnumber=7232940
Kikuchi, Hiroaki; Takahashi, Katsumi, “Zipf Distribution Model for Quantifying Risk of Re-Identification from Trajectory Data,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 14–21, 21–23 July 2015. doi:10.1109/PST.2015.7232949
Abstract: In this paper, we proposes a new mathematical model for evaluating a given anonymized dataset that needs to be reidentified. Many anonymization algorithms have been proposed in the area called privacy-preserving data publishing (PPDP), but, no anonymization algorithms are suitable for all scenarios because many factors are involved. In order to address the issues of anonymization, we propose a new mathematical model based on the Zipf distribution. Our model is simple, but it fits well with the real distribution of trajectory data. We demonstrate the primary property of our model and we extend it to a more complex environment. Using our model, we define the theoretical bound for reidentification, which yields the appropriate optimal level for anonymization.
Keywords: Data models; Data privacy; Mathematical model; Probability distribution; Sociology; Statistics; Trajectory; Zipf distribution; anonymity; k-anonymity; re-identified risk (ID#: 15-6777)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232949&isnumber=7232940
Domingo-Ferrer, Josep; Ricci, Sara; Soria-Comas, Jordi, “Disclosure Risk Assessment via Record Linkage by a Maximum-Knowledge Attacker,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 28–35, 21–23 July 2015. doi:10.1109/PST.2015.7232951
Abstract: Before releasing an anonymized data set, the data protector must know how safe the data set is, that is, how much disclosure risk is incurred by the release. If no privacy model is used to select specific privacy guarantees prior to anonymization, posterior disclosure risk assessment must be performed based on the anonymized data set and, if the result is not satisfactory, anonymization must be repeated with stricter privacy parameters. Even if a privacy model is used, it may still be advisable to empirically evaluate disclosure on the anonymized data set, especially if the privacy model parameters have been relaxed to improve data utility. Record linkage is a general methodology to posterior disclosure risk assessment, whereby the data protector attempts to recreate the attacker’s re-identification scenario. An important limitation of record linkage is that it usually requires the data protector to make restrictive assumptions on the attacker’s background knowledge. To overcome this limitation, we present a maximum-knowledge attacker model and then we specify and compare several record linkage tests for such a worst-case attacker. Our tests are based on comparing the distribution of linkage distances between the original and the anonymized data set with the distribution of distances between one of the two previous data sets and one random data set. The more similar the distributions, the more plausibly deniable are record linkages claimed by an attacker. Because attaining zero disclosure risk for all records is too costly in terms of utility, a less demanding alternative is presented whose goal is to reduce the maximum per-record disclosure risk.
Keywords: Couplings; Data models; Data privacy; Dictionaries; Noise; Privacy; Risk management (ID#: 15-6778)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232951&isnumber=7232940
Oh, Seongyeol; Yang, Joon-Sung; Bianchi, Andrea; Kim, Hyoungshick, “Devil in a Box: Installing Backdoors in Electronic Door Locks,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 139–144, 21–23 July 2015. doi:10.1109/PST.2015.7232965
Abstract: Electronic door locks must be carefully designed to allow valid users to open (or close) a door and prevent unauthorized people from opening (or closing) the door. However, lock manufacturers have often ignored the fact that door locks can be modified by attackers in the real world. In this paper, we demonstrate that the most popular electronic door locks can easily be compromised by inserting a malicious hardware backdoor to perform unauthorized operations on the door locks. Attackers can replay a valid DC voltage pulse to open (or close) the door in an unauthorized manner or capture the user’s personal identification number (PIN) used for the door lock.
Keywords: Batteries; Bluetooth; Central Processing Unit; Consumer electronics; Solenoids; Voltage measurement; Wires (ID#: 15-6779)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232965&isnumber=7232940
Soeder, Brian; Barber, K. Suzanne, “A Model for Calculating User-Identity Trustworthiness in Online Transactions,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 177–185, 21–23 July 2015. doi:10.1109/PST.2015.7232971
Abstract: Online transactions require a fundamental relationship between users and resource providers (e.g., retailers, banks, social media networks) built on trust; both users and providers must believe the person or organization they are interacting with is who they say they are. Yet with each passing year, major data breaches and other identity-related cybercrimes become a daily way of life, and existing methods of user identity authentication are lacking. Furthermore, much research on identity trustworthiness focuses on the user’s perspective, whereas resource providers receive less attention. Therefore, the current research investigated how providers can increase the likelihood their users’ identities are trustworthy. Leveraging concepts from existing research, the user-provider trust relationship is modeled with different transaction contexts and attributes of identity. The model was analyzed for two aspects of user-identity trustworthiness — reliability and authenticity — with a significant set of actual user identities obtained from the U.S. Department of Homeland Security. Overall, this research finds that resource providers can significantly increase confidence in user-identity trustworthiness by simply collecting a limited amount of user-identity attributes.
Keywords: Authentication; Computational modeling; Context; Industries; Mathematical model; Protocols; Reliability; authenticity; Identity; reliability; trust (ID#: 15-6780)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232971&isnumber=7232940
Zarras, Apostolis; Papadogiannakis, Antonis; Ioannidis, Sotiris; Holz, Thorsten, “Revealing the Relationship Network Behind Link Spam,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 101–108, 21–23 July 2015. doi:10.1109/PST.2015.7232960
Abstract: Accessing the large volume of information that is available on the Web is more important than ever before. Search engines are the primary means to help users find the content they need. To suggest the most closely related and the most popular web pages for a user’s query, search engines assign a ranking to each web page, which typically increases with the number and ranking of other websites that link to this page. However, link spammers have developed several techniques to exploit this algorithm and improve the ranking of their web pages. These techniques are commonly based on underground forums for collaborative link exchange; building a relationship network among spammers to favor their web pages in search engine results. In this study, we provide a systematic analysis of the spam link exchange performed through 15 Search Engine Optimization (SEO) forums. We design a system, which is able to capture the activity of link spammers in SEO forums, identify spam link exchange, and visualize the link spam ecosystem. The outcomes of this study shed light on a different aspect of link spamming that is the collaboration among spammers.
Keywords: Crawlers; Ecosystems; Search engines; Uniform resource locators; Unsolicited electronic mail; Web pages (ID#: 15-6781)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232960&isnumber=7232940
Papp, Dorottya; Ma, Zhendong; Buttyan, Levente, “Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 145–152, 21–23 July 2015. doi:10.1109/PST.2015.7232966
Abstract: Embedded systems are the driving force for technological development in many domains such as automotive, healthcare, and industrial control in the emerging post-PC era. As more and more computational and networked devices are integrated into all aspects of our lives in a pervasive and “invisible” way, security becomes critical for the dependability of all smart or intelligent systems built upon these embedded systems. In this paper, we conduct a systematic review of the existing threats and vulnerabilities in embedded systems based on public available data. Moreover, based on the information, we derive an attack taxonomy for embedded systems. We envision that the findings in this paper provide a valuable insight of the threat landscape facing embedded systems. The knowledge can be used for a better understanding and the identification of security risks in system analysis and design.
Keywords: Authentication; Cryptography; Embedded systems; Protocols; Taxonomy (ID#: 15-6782)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232966&isnumber=7232940
Jafer, Yasser; Matwin, Stan; Sokolova, Marina, “A Framework for a Privacy-Aware Feature Selection Evaluation Measure,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 62–69, 21–23 July 2015. doi:10.1109/PST.2015.7232955
Abstract: Feature selection is based on the notion that redundant and/or irrelevant variables bring no additional information about the data classes and can be considered noise for the predictor. As a result, the total feature set of a dataset could be minimized to only few features containing maximum discrimination information about the class. Classification accuracy is used as the evaluation measure in guiding the feature selection process. At the same time, such measure does not take into account the privacy of the resulting dataset. In this work, we incorporate privacy considerations into the very evaluation measure that is used to evaluate and select feature subsets. We consider privacy “during” the feature selection process and as such introduce a two-dimensional measure in automatic feature selection that takes into account both objectives of privacy and efficacy (e.g. accuracy) simultaneously and provides the data user with the flexibility of trading-off one for another.
Keywords: Accuracy; DH-HEMTs; Data privacy; Noise; Privacy; Programmable logic arrays; Classification; Data Mining; Evaluation Measure; Feature Selection; Wrappers (ID#: 15-6783)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232955&isnumber=7232940
Cho, Junsung; Cho, Geumhwan; Kim, Hyoungshick, “Keyboard or Keylogger?: A Security Analysis of Third-Party Keyboards on Android,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 173–176, 21–23 July 2015. doi:10.1109/PST.2015.7232970
Abstract: Use of third-party keyboards makes Android more flexible and customizable. However, we demonstrate their potential security risks by implementing a proof-of-concept keylogger that can effectively steal users’ sensitive keystrokes with 81 popular websites (out of 100 tested websites). We also empirically analyzed the security behaviors of 139 keyboard applications that were available on Google Play. Our study results show that the majority of existing keyboard applications (84 out of 139) could be potentially misused as malicious keyloggers. To avoid such keylogging attacks, we discuss possible defense mechanisms.
Keywords: Androids; Google; Humanoid robots; Internet; Keyboards; Malware (ID#: 15-6784)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232970&isnumber=7232940
Falcone, Rino; Sapienza, Alessandro; Castelfranchi, Cristiano, “Recommendation of Categories in an Agents World: The Role of (not) Local Communicative Environments,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 7–13, 21–23 July 2015. doi:10.1109/PST.2015.7232948
Abstract: Due to Internet and social media web, the world as we know it is deeply changing integrating two different aspects of the social interaction: the one that develop in the real world and the one that develop in web society. In this paper we focus on the importance of generalized knowledge (agents’ categories) in order to understand how much it is crucial in these two worlds. The cognitive advantage of generalized knowledge can be synthesized in this claim: “It allows us to know a lot about something/somebody we do not directly know”. At a social level this means that I can know a lot of things on people that I never met; it is social “prejudice” with its good side and fundamental contribution to social exchange. In this study we will analyse and present some differences between the social relationships in the two worlds and how they influence categories’ reputation. On this basis, we will experimentally inquire the role played by categories’ reputation with respect to the reputation and opinion on single agents: when it is better to rely on the first ones and when are more reliable the second ones. We will consider these simulations for both the two kind of world, investigating how the parameters defining the specific environment (number of agents, their interactions, transfer of reputation, and so on) determine the use of categories” reputation and trying to understand how the role played by categories will be important in the new digital worlds.
Keywords: Context; Dogs; Organizations; Reliability; Sociology; Statistics; Uncertainty; cognitive analysis; social simulations; trust (ID#: 15-6785)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232948&isnumber=7232940
Wuller, Stefan; Meyer, Ulrike; Forg, Fabian; Wetzel, Susanne, “Privacy-Preserving Conditional Random Selection,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 44–53, 21–23 July 2015. doi:10.1109/PST.2015.7232953
Abstract: In this paper, we introduce a new primitive — referred to as conditional random selection. This new primitive allows the random selection of a data record from the subset of data records that meet a specified condition. We present a new privacy-preserving protocol that implements the new primitive and is secure in the semi-honest model. At its core, it uses newly developed protocols for oblivious shuffling, oblivious swapping, and privacy-preserving less than comparison on binary values with shared output. We show the relevance of conditional random selection in various application scenarios.
Keywords: Complexity theory; Computational modeling; Encryption; Protocols; Silicon (ID#: 15-6786)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232953&isnumber=7232940
Jemel, Meriam; Ben Azzouna, Nadia; Ghedira, Khaled, “ECA Rules for Controlling Authorisation Plan to Satisfy Dynamic Constraints,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 133–138, 21–23 July 2015. doi:10.1109/PST.2015.7232964
Abstract: The workflow satisfiability problem has been studied by researchers in the security community using various approaches. The goal is to ensure that the user/role is authorised to execute the current task and that this permission doesn't prevent the remaining tasks in the workflow instance to be achieved. A valid authorisation plan consists in affecting authorised roles and users to workflow tasks in such a way that all the authorisation constraints are satisfied. Previous works are interested in workflow satisfiability problem by considering intra-instance constraints, i.e. constraints which are applied to a single instance. However, inter-instance constraints which are specified over multiple workflow instances are also paramount to mitigate the security frauds. In this paper, we present how ECA (Event-Condition-Action) paradigm and agent technology can be exploited to control authorisation plan in order to meet dynamic constraints, namely intra-instance and inter-instance constraints. We present a specification of a set of ECA rules that aim to achieve this goal. A prototype implementation of our proposed approach is also provided in this paper.
Keywords: Authorization; Complexity theory; Context; Engines; Planning; Receivers (ID#: 15-6787)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232964&isnumber=7232940
Boender, Jaap; Primiero, Giuseppe; Raimondi, Franco, “Minimizing Transitive Trust Threats in Software Management Systems,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 191–198, 21–23 July 2015. doi:10.1109/PST.2015.7232973
Abstract: We consider security threats in software installation processes, posed by transitively trusted dependencies between packages from distinct repositories. To analyse them, we present SecureNDC, a Coq implemented calculus using an explicit trust function to bridge repository access and software package installation rights. Thereby, we resolve a version of the minimum install problem under trust conditions on repositories.
Keywords: Calculus; Context; Lead; Libraries; Security; Software packages (ID#: 15-6788)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232973&isnumber=7232940
Fujita, Masahiro; Jensen, Christian D.; Arimura, Shiori; Ikeya, Yuki; Nishigaki, Masakatsu, “Physical Trust-Based Persistent Authentication,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 186–190, 21–23 July 2015. doi:10.1109/PST.2015.7232972
Abstract: Recently companies have applied two-factor user authentication. Persistent Authentication is one of the interesting authentication mechanisms to establish security and usability of two-factor authentication systems. However, there is room to improve its feasibility and usability. In this paper, we propose a new type of persistent authentication, called Persistent Authentication Based On physical Trust (PABOT). PABOT uses a context of “physical trust relationship” that is built by visual contact between users, and thus can offer a persistent authentication mechanism with better usability and higher feasibility.
Keywords: Authentication; Companies; Sensors; Servers; Usability; Visualization; persistent authentication; physical trust; user authentication; visual contact (ID#: 15-6789)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232972&isnumber=7232940
Chen, Liang; Edwards, Peter; Nelson, John D.; Norman, Timothy J., “An Access Control Model for Protecting Provenance Graphs,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 125–132, 21–23 July 2015. doi:10.1109/PST.2015.7232963
Abstract: Securing provenance has recently become an important research topic, resulting in a number of models for protecting access to provenance. Existing work has focused on graph transformation mechanisms that supply a user with a provenance view that satisfies both access control policies and validity constraints of provenance. However, it is not always possible to satisfy both of them simultaneously, because these two conditions are often inconsistent which require sophisticated conflict resolution strategies to be put in place. In this paper we develop a new access control model tailored for provenance. In particular, we explicitly take into account validity constraints of provenance when specifying certain parts of provenance to which access is restricted. Hence, a provenance view that is granted to a user by our authorisation mechanism would automatically satisfy the validity constraints. Moreover, we propose algorithms that allow provenance owners to deploy fine-grained access control for their provenance data.
Keywords: Authorization; Computers; Data models; Object recognition; Transforms (ID#: 15-6790)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232963&isnumber=7232940
Hallgren, Per; Ochoa, Martin; Sabelfeld, Andrei, “InnerCircle: A Parallelizable Decentralized Privacy-Preserving Location Proximity Protocol,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 1–6, 21–23 July 2015. doi:10.1109/PST.2015.7232947
Abstract: Location Based Services (LBS) are becoming increasingly popular. Users enjoy a wide range of services from tracking a lost phone to querying for nearby restaurants or nearby tweets. However, many users are concerned about sharing their location. A major challenge is achieving the privacy of LBS without hampering the utility. This paper focuses on the problem of location proximity, where principals are willing to reveal whether they are within a certain distance from each other. Yet the principals are privacy-sensitive, not willing to reveal any further information about their locations, nor the distance. We propose InnerCircle, a novel secure multi-party computation protocol for location privacy, based on partially homomorphic encryption. The protocol achieves precise fully privacy-preserving location proximity without a trusted third party in a single round trip. We prove that the protocol is secure in the semi-honest adversary model of Secure Multi-party Computation, and thus guarantees the desired privacy properties. We present the results of practical experiments of three instances of the protocol using different encryption schemes. We show that, thanks to its parallelizability, the protocol scales well to practical applications.
Keywords: Approximation methods; Encryption; Privacy; Protocols; Public key (ID#: 15-6791)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232947&isnumber=7232940
Alzahrani, Abdullah J.; Ghorbani, Ali A., “Real-Time Signature-Based Detection Approach for SMS Botnet,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 157–164, 21–23 July 2015. doi:10.1109/PST.2015.7232968
Abstract: As an open platform for mobile electronic devices, Android is experiencing a steady growth in the number of published applications (apps). Features of the Android platform have caught the attention of malicious users who have targeted the Short Message Service (SMS) to abuse its permissions. Various types of attack, referred to as botnets, can be executed without the user’s knowledge by taking advantage of SMS messages, such as sending text message spam, transferring all command and control (C&C) instructions, launching denial-of-service (DoS) attacks, sending premium-rate SMS messages, or distributing malicious applications via URLs embedded in text messages. In this paper, we propose a real-time signature-based detection mechanism to combat SMS botnets, in which we first apply pattern-matching detection approaches for incoming and outgoing SMS text messages, and then use rule-based techniques to label unknown SMS messages as suspicious or normal. This approach was evaluated using over 12,000 test messages. It was able to detect all 747 malicious SMS messages in the dataset (100% detection rate with no false negatives). It also flagged 351 SMS messages as suspicious.
Keywords: Feature extraction; Malware; Mobile communication; Pattern matching; Smart phones; Android; Botnet Detection; Mobile Malware; SMS (ID#: 15-6792)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232968&isnumber=7232940
Dewan, Prateek; Kumaraguru, Ponnurangam, “Towards Automatic Real Time Identification of Malicious Posts on Facebook,” in Privacy, Security and Trust (PST), 2015 13th Annual Conference on, vol., no., pp. 85–92, 21–23 July 2015. doi:10.1109/PST.2015.7232958
Abstract: Online Social Networks (OSNs) witness a rise in user activity whenever a news-making event takes place. Cyber criminals exploit this spur in user-engagement levels to spread malicious content that compromises system reputation, causes financial losses and degrades user experience. In this paper, we characterized a dataset of 4.4 million public posts generated on Facebook during 17 news-making events (natural calamities, terror attacks, etc.) and identified 11,217 malicious posts containing URLs. We found that most of the malicious content which is currently evading Facebook’s detection techniques originated from third party and web applications, while more than half of all legitimate content originated from mobile applications. We also observed greater participation of Facebook pages in generating malicious content as compared to legitimate content. We proposed an extensive feature set based on entity profile, textual content, metadata, and URL features to automatically identify malicious content on Facebook in real time. This feature set was used to train multiple machine learning models and achieved an accuracy of 86.9%. We performed experiments to show that past techniques for spam campaign detection identified less than half the number of malicious posts as compared to our model. This model was used to create a REST API and a browser plug-in to identify malicious Facebook posts in real time.
Keywords: Facebook; Malware; Real-time systems; Twitter; Uniform resource locators (ID#: 15-6793)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232958&isnumber=7232940
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.