Android Encryption 2015

	Android Encryption 2015

The proliferation and increased capability of “smartphones” have also increased security issues for users. For the Science of Security community, these small computing platforms have the same hard problems to solve as main frames, data centers, or desktops. The research cited here looked at encryption issues specific to the Android operating system. The work was presented in 2015.

Fang Yuan, Guang-Yi Wang and Bo-zhen Cai, “Android SMS Encryption System Based on Chaos,” 2015 IEEE 16th International Conference on Communication Technology (ICCT), Hangzhou, 2015, vol., no., pp. 856-862. doi:10.1109/ICCT.2015.7399961
Abstract: A new discrete switch-chaos system is proposed for generating chaotic PN sequences. Performance analysis with respect to Logistic map, Tent map and the new switch-chaos system are discussed, including the onto mapping range of the chaos system, the uniformity and pseudo-random of the sequences. An android SMS encryption system based on switch-chaos system is also designed. Experimental results show good performance and high utility value of the SMS encryption system.
Keywords: Android (operating system); chaotic communication; cryptography; electronic messaging; random sequences; telecommunication switching; Android SMS encryption system; chaotic PN sequence generation; discrete switch-chaos system; logistic map; pseudorandom sequence; tent map; Chaos; Encryption; Switches; Android SMS (ID#: 16-10800)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7399961&isnumber=7399781

P. Wächter and M. Gruhn, “Practicability Study of Android Volatile Memory Forensic Research,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, vol., no., pp. 1-6. doi:10.1109/WIFS.2015.7368601
Abstract: As Android device and application storage encryption becomes more widespread, memory analysis becomes more important. Memory is often the only data immediately accessible without decryption and in most cases stores the encryption keys of persistent data currently in use. This work therefore investigates the practicability of current research in forensics with regard to acquiring and analyzing volatile memory of Android smartphones. To this end, we investigate 8 different Android smartphones in their stock vendor configurations. While we are able to recreate current research results by specifically preparing specific phones the same way as described in the relevant research publications, we are only able to conduct a full acquisition and full analysis against 1 of our 8 sample smartphones in its stock configuration. Because the stock configuration, as shipped by the manufacturer, i.e. non-rooted and locked boot loader, is the most likely configuration encountered by forensic investigators, we unfortunately must conclude that current research methods are not applicable in practice. We further present reasons for our conclusion and possible resolutions which should be endeavored by future research.
Keywords: Android (operating system); computer bootstrapping; cryptography; digital forensics; storage management; Android device encryption; Android smartphone stock vendor configurations; Android volatile memory forensic research; application storage encryption; locked boot loader; nonrooted boot loader; persistent data encryption keys; Androids; Data mining; Forensics; Humanoid robots; Kernel; Linux; Smart phones (ID#: 16-10801)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7368601&isnumber=7368550

I. B. Cioc, M. Jurian, I. Lita and R. M. Teodorescu, “A Method for Increasing Security in Electronic Communication Services Based on Text Messages Communication,” Electronics, Computers and Artificial Intelligence (ECAI), 2015 7th International Conference on, Bucharest, 2015, vol., no., pp. AE-23–AE-26. doi:10.1109/ECAI.2015.7301181
Abstract: This paper presents a method used for increasing the security of sending text messages using public text communication services like email and SMS. It uses text encryption before sending the message through email or mobile phone (SMS), so, even [if] the message is received and viewed by another unauthorized person, it cannot be understood. The application was implemented in LabVIEW and can be used for sending encrypted text email between two or more users, using public email services. For encryption, the proposed application uses text encryption methods like symmetrical and asymmetrical encryption, using private encryption key or private and public encryption key. For sending encrypted SMS using this application, the text message must be previously encrypted, and then the encrypted message will be copied to the text window of the application for sending SMS running on the mobile phone. A similar application can be also developed for mobile phones with operating systems like android, iOS, windows mobile, etc. This application can be used also with any text message service, like Yahoo Messenger, facebook messenger, etc.
Keywords: operating systems (computers); private key cryptography; public key cryptography; smart phones; social networking (online); text analysis; LabVIEW; SMS; Yahoo Messenger; android; asymmetrical encryption; electronic communication services security; email; facebook messenger; iOS; mobile phones; operating systems; private encryption key; public encryption key; public text communication services; symmetrical encryption; text encryption methods; text messages; text window; windows mobile; Electronic mail; Encryption; Servers; Smart phones; text encryption/description; text message communication (ID#: 16-10802)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301181&isnumber=7301133

M. Masoud, I. Jannoud, A. Ahmad and H. Al-Shobaky, “The Power Consumption Cost of Data Encryption in Smartphones,” Open Source Software Computing (OSSCOM), 2015 International Conference on, Amman, 2015, vol., no., pp. 1-6. doi:10.1109/OSSCOM.2015.7372685
Abstract: This paper provides a performance evaluation of four different symmetric encryption algorithms in Android mobile platform. DES, Bluefish, RC6 and AES algorithms have been written and implemented in JAVA for Android platform utilizing an open source library called Bouncy castle. Different file sizes have been encrypted and power consumption has been measured. The results demonstrated that the cost of implementing these encryption algorithms in smartphones is high. Power consumption may prevent developers from utilizing encryption algorithms in their communication applications through smartphones. In addition, our results demonstrate the requirements of new power-saving ‘Green’ encryption algorithms. Finally, encryption algorithms are not about security only, power should be one requirement in designing these algorithms for smartphones.
Keywords: Android (operating system); mobile computing; security of data; smart phones; AES algorithm; Android mobile platform; Bluefish algorithm; Bouncy castle; DES algorithm; RC6 algorithm; data encryption; green encryption algorithms; smart phones; symmetric encryption algorithm; Algorithm design and analysis; Batteries; Encryption; Power demand; Smart phones; Software algorithms; Android; Battery Capacity; Encryption Algorithms; Power Consumption; Smartphones (ID#: 16-10803)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7372685&isnumber=7372674

W. Xiang-Gang, “Research and Implementation of Face Recognition System Based on Android,” Measuring Technology and Mechatronics Automation (ICMTMA), 2015 Seventh International Conference on, Nanchang, 2015, vol., no., pp. 812-817. doi:10.1109/ICMTMA.2015.200
Abstract: Represented by smartphone mobile terminal equipment, mostly for using Android system, with the development of modern electronic communication technology, the Android system of image acquisition and processing technology is also in constant progress. The face recognition system based on Android system, which is representative of it greatly expand the function of the use of the Android system. Human face recognition system using the promising prospects in the field of encryption, because of its unique advantages, will be used more and more. This article will mainly introduce the Android system, face recognition system, the characteristics of the processing model and realization process, expect to further promote mobile encryption technology, to provide some reference.
Keywords: Android (operating system); cryptography; face recognition; mobile computing; smart phones; Android system; encryption; face recognition system; image acquisition; image processing; mobile terminal equipment; modern electronic communication technology; smartphone; Androids; Databases; Face; Face recognition; Feature extraction; Humanoid robots; Smart phones; implementation; the Android system (ID#: 16-10804)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7263694&isnumber=7263490

J. Xu and X. Yuan, “Developing a Course Module for Teaching Cryptography Programming on Android,” Frontiers in Education Conference (FIE), 2015. 32614 2015. IEEE, El Paso, TX, 2015, vol., no., pp. 1-4. doi:10.1109/FIE.2015.7344086
Abstract: Mobile platforms have become extremely popular among users and hence become an important platform for developers. Mobile devices often store tremendous amount of personal, financial and commercial data. Several studies have shown that large number of the mobile applications that use cryptography APIs have made mistakes. This could potentially attract both targeted and mass-scale attacks, which will cause great loss to the mobile users. Therefore, it is vitally important to provide education in secure mobile programming to students in computer science and other related disciplines. It is very hard to find pedagogical resources on this topic that many educators urgently need. This paper introduces a course module that teaches students how to develop secure Android applications by correctly using Android’s cryptography APIs. This course module is targeted to two areas where programmers commonly make many mistakes: password based encryption and SSL certificate validation. The core of the module includes a real world sample Android program for students to secure by implementing cryptographic components correctly. The course module will use open-ended problem solving to let students freely explore the multiple options in securing the application. The course module includes a lecture slide on Android’s Crypto library, its common misuses, and suggested good practices. Assessment materials will also be included in the course module. This course module could be used in mobile programming class or network security class. It could also be taught as a module in advanced programming class or used as a self-teaching tool for general public.
Keywords: application program interfaces; computer aided instruction; computer science education; cryptography; educational courses; mobile computing; smart phones; teaching; Android crypto library; Android program; SSL certificate validation; assessment materials; computer science; course module development; cryptographic components; cryptography API; cryptography programming; education; lecture slide; mass-scale attacks; mobile applications; mobile devices; mobile platforms; network security class; open-ended problem solving; password based encryption; pedagogical resources; secure Android applications; secure mobile programming class; targeted attacks; Androids; Encryption; Humanoid robots; Mobile communication; Programming; Android programming; SSL; course module; programming; security (ID#: 16-10805)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7344086&isnumber=7344011

M. K. Debnath, S. Samet and K. Vidyasankar, “A Secure Revocable Personal Health Record System with Policy-Based Fine-Grained Access Control,” Privacy, Security and Trust (PST), 2015 13th Annual Conference on, Izmir, 2015, vol., no., pp. 109-116. doi:10.1109/PST.2015.7232961
Abstract: Collaborative sharing of information is becoming much more needed technique to achieve complex goals in today’s fast-paced tech-dominant world. In our context, Personal Health Record (PHR) system has become a popular research area for sharing patients information very quickly among health professionals. PHR systems store and process sensitive information, which should have proper security mechanisms to protect data. Thus, access control mechanisms of the PHR should be well-defined. Secondly, PHRs should be stored in encrypted form. Therefore, cryptographic schemes offering a more suitable solution for enforcing access policies based on user attributes are needed. Attribute-based encryption can resolve these problems. We have proposed a framework with fine-grained access control mechanism that protects PHRs against service providers, and malicious users. We have used the Ciphertext Policy Attribute Based Encryption system as an efficient cryptographic technique, enhancing security and privacy of the system, as well as enabling access revocation in a hierarchical scheme. The Web Services and APIs for the proposed framework have been developed and implemented, along with an Android mobile application for the system.
Keywords: authorisation; cryptography; data protection; electronic health records; API; Android mobile application; PHR system; Web services; access policies; access revocation; ciphertext policy attribute based encryption system; collaborative information sharing; cryptographic schemes; cryptographic technique; data protection; health professionals; malicious users; patients information sharing; policy-based fine-grained access control; secure revocable personal health record system; security mechanisms; service providers; system privacy; system security; tech-dominant world; user attributes; Access control; Data privacy; Encryption; Medical services; Servers; Attribute Revocation; Attribute-Based Encryption; Fine-Grained Access Control; Patient-centric Data Privacy; Personal Health Records (ID#: 16-10806)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232961&isnumber=7232940

M. Protsenko, S. Kreuter and T. Müller, “Dynamic Self-Protection and Tamperproofing for Android Apps Using Native Code,” Availability, Reliability and Security (ARES), 2015 10th International Conference on, Toulouse, 2015, vol., no., pp. 129-138. doi:10.1109/ARES.2015.98
Abstract: With over one billion sold devices, representing 80% market share, Android remains the most popular platform for mobile devices. Application piracy on this platform is a major concern and a cause of significant losses: about 97% of the top 100 paid apps were found to be hacked in terms of repackaging or the distribution of clones. Therefore new and stronger methods aiming to increase the burden on reverse engineering and modification of proprietary mobile software are required. In this paper, we propose an application of the Android native code component to implement strong software self-protection for apps. Within this scope, we present three dynamic obfuscation techniques, namely dynamic code loading, dynamic re-encryption, and tamper proofing. We provide a practical evaluation of this approach, assessing both the cost and efficiency of its achieved protection level. Our results indicate that with the proposed methods one can reach significant complication of the reverse-engineering process, while being affordable in terms of execution time and application size.
Keywords: Android (operating system); computer crime; cryptography; mobile computing; reverse engineering; Android apps; application piracy; dynamic code loading; dynamic obfuscation techniques; dynamic re-encryption; dynamic self-protection; mobile devices; native code; proprietary mobile software; tamperproofing; Androids; Encryption; Humanoid robots; Loading; Runtime; Software protection; Android; Software Protection (ID#: 16-10807)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7299906&isnumber=7299862

C. Buckley, P. H. Pathak, A. K. Das, C. N. Chuah and P. Mohapatra, “AnonAD: Privacy-Aware Micro-Targeted Mobile Advertisements without Proxies,” Computer Communication and Networks (ICCCN), 2015 24th International Conference on, Las Vegas, NV, 2015, vol., no., pp. 1-8. doi:10.1109/ICCCN.2015.7288379
Abstract: Mobile advertisements have become the dominant source of revenue for mobile application developers, advertisers and brokers. Using novel sensing techniques and the advanced sensors of mobile devices, it has become feasible to determine a user’s fine-grained context such as her location, activity, and interests. This information can be used by the advertisement (ad) brokers to provide more relevant ads to the user based on her context. However, this has led to serious privacy risks, since a user can be tracked by the broker or an adversary based on her context. In this paper, we present AnonAd, an ad delivery scheme that allows users to protect their privacy when receiving micro-targeted ads from the broker. AnonAd utilizes the encryption of the user’s context based on a split-secret scheme that guarantees that the broker can decrypt the context only when there exists k other users in the same context. This way, a user’s privacy is protected with k-anonymity during the context report. We show that the split-secret scheme integrates seamlessly with existing homomorphic encryption-based schemes that can provide differential privacy for ad click reports. We implement AnonAd on Android smartphones and evaluate it with real users as well as simulated users that follow real mobility traces. Our results show that AnonAd achieves a balance between user’s privacy and relevancy of advertisements without the requirement of any additional proxy servers.
Keywords: cryptography; data protection; mobile computing; smart phones; Android smartphone; AnonAD; ad delivery scheme; homomorphic encryption-based scheme; mobile application developer; mobility trace; privacy protection; privacy-aware microtargeted mobile advertisement; split-secret scheme; user context encryption; Context; Encryption; Privacy; Sensors; Servers (ID#: 16-10808)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7288379&isnumber=7288342

Adam Shortall and M. A. Hannan Bin Azhar, “Forensic Acquisitions of WhatsApp Data on Popular Mobile Platforms,” 2015 Sixth International Conference on Emerging Security Technologies (EST), Braunschweig, Germany, 2015, vol., no., pp. 13-17. doi:10.1109/EST.2015.16
Abstract: Encryption techniques used by popular messaging services such as Skype, Viber and WhatsApp make traces of illegal activities by criminal groups almost undetectable. This paper reports challenges involved to examine data of the WhatsApp application on popular mobile platforms (iOS, Android and Windows Phone) using latest forensic software such as EnCase, UFED and Oxygen Forensic Suite. The operating systems used were Windows phone 8.1, Android 5.0.1 (Lollipop) and iOS 8.3. Results show that due to strong security features built into the Windows 8.1 system forensic examiners may not be able to access data with standard forensic suite and they must decide whether to perform a live forensic acquisition. This paper provides forensics examiners with practical techniques for recovering evidences of WhatsApp data from Windows 8.1 mobile operating systems that would otherwise be inaccessible.
Keywords: Data mining; Forensics; Mobile communication; Operating systems; Oxygen; Smart phones; Android; Forensic tools; Live data forensics; Mobile forensics; WhatsApp forensics; Windows Phone; iOS (ID#: 16-10809)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7429264&isnumber=7429252

M. Kühnel, M. Smieschek and U. Meyer, “Fast Identification of Obfuscation and Mobile Advertising in Mobile Malware,” Trustcom/BigDataSE/ISPA, 2015 IEEE, Helsinki, 2015, vol., no., pp. 214-221. doi:10.1109/Trustcom.2015.377
Abstract: The presence of mobile malware on Android devices is indisputable. For static analysis of mobile malware, the nature of the source code is of particular interest as it determines the amount of resources required for an in-depth analysis. On the one hand, the more obfuscation is used in the code, the more time is needed for static analysis. On the other hand, correct identification of various benign third party libraries can considerably speed up static analysis as these libraries can be omitted. In this paper we focus on very fast identification of Identifier renaming, Reflection, Encryption, and mobile Advertising (IREA) in mobile malware. We propose heuristics for detecting IREA in mobile malware and provide a chronological quantitative analysis of IREA in mobile malware gathered between October 2009 and July 2014. The chronological quantitative analysis reveals general facts about the evolution of mobile malware, e.g. that identifier renaming is still on the rise, reflection hit its peak in 2012 and that more than 10% of mobile malware employ third party libraries for mobile advertising and encryption purposes.
Keywords: invasive software; mobile computing; program diagnostics; Android devices; REA detection; chronological quantitative analysis; encryption; identifier renaming-reflection-encryption-and-mobile advertising; mobile malware; obfuscation identification; static analysis; Androids; Encryption; Humanoid robots; Java; Malware; Mobile communication; Mobile malware; mobile advertising; obfuscation (ID#: 16-10810)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7345285&isnumber=7345233

S. Davis, B. Jones and H. Jiang, “Portable Parallelized Blowfish via RenderScript,” Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2015 16th IEEE/ACIS International Conference on, Takamatsu, 2015, vol., no., pp. 1-6. doi:10.1109/SNPD.2015.7176197
Abstract: The recent rise in the popularity of mobile computing has brought the attention of mobile security to the forefront. As users depend more on tablets and smartphones, sensitive data is left to be secured using devices with vastly weaker resources than a typical computer. As mobile technology matures, the industry is starting to provide devices with multiple CPU cores in addition to other coprocessors such as GPUs. By using RenderScript, a new language technology on the Android platform, we hope to utilize the power of parallelism to increase the efficiency of the Blowfish encryption algorithm, while at the same time leveraging the power of RenderScript’s heterogenous execution to cope with the quickly changing mobile architectures in order to make the use of data encryption more feasible on a mobile platform. Experimental results demonstrate the effectiveness of RenderScript.
Keywords: Android (operating system); authoring languages; cryptography; mobile computing; parallel processing; Android platform; GPUs; RenderScript heterogenous execution; coprocessors; data encryption; language technology; mobile architectures; mobile computing; mobile security; mobile technology; multiple CPU cores; portable parallelized blowfish encryption algorithm; sensitive data; smartphones; tablets; Androids; Encryption; Humanoid robots; Java; Kernel; Resource management; Smart phones (ID#: 16-10811)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7176197&isnumber=7176160

M. Kennedy and R. Sulaiman, “Following the Wi-Fi Breadcrumbs: Network Based Mobile Application Privacy Threats,” Electrical Engineering and Informatics (ICEEI), 2015 International Conference on, Denpasar, Bali, 2015, vol., no., pp. 265-270. doi:10.1109/ICEEI.2015.7352508
Abstract: Users are concerned about the protection of personal information they share with mobile applications. Researchers have previously explored security threats to mobile applications through wireless network access, including the disclosure of personal information through unencrypted traffic, excessive information disclosure to service providers, and flaws in TLS security. This study replicates these security threats and performs an assessment of the potential privacy impact for a sample of 30 Android applications. The results show that disclosure of personal information through unencrypted traffic is a significant risk. Individual applications were found which disclosed a user’s identity and application usage, and persistent device identifiers were leaked allowing user information to be linked across applications and wireless sessions. A small number of applications disclosed inappropriate amounts of personal information to service providers which could allow user tracking. TLS issues continue to pose a risk, with one application exhibiting a previously identified TLS certificate validation issue, and a potentially new encryption protocol downgrade flaw was identified triggered by an invalid certificate. Insecure authentication techniques were used by 30% of applications tested and pose a privacy risk even when applications use TLS.
Keywords: cryptography; data privacy; smart phones; wireless LAN; Android applications; Wi-Fi breadcrumb; network based mobile application privacy threats; personal information disclosure; unencrypted traffic; user tracking; wireless network access; IEEE 802.11 Standard; Mobile applications; Object recognition; Privacy; Security; Smart phones; Wireless communication; android; mobile applications; privacy; security; wireless networks (ID#: 16-10812)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7352508&isnumber=7352453

C. Xenakis and C. Ntantogian, “Attacking the Baseband Modem of Mobile Phones to Breach the Users’ Privacy and Network Security,” Cyber Conflict: Architectures in Cyberspace (CyCon), 2015 7th International Conference on, Tallinn, 2015, vol., no.,
pp. 231-244. doi:10.1109/CYCON.2015.7158480
Abstract: As people are using their smartphones more frequently, cyber criminals are focusing their efforts on infecting smartphones rather than computers. This paper presents the design and implementation of a new type of mobile malware, named (U)SimMonitor for Android and iPhone devices, which attacks the baseband modem of mobile phones. In particular, the mobile malware is capable of stealing security credentials and sensitive information of the cellular technology including permanent and temporary identities, encryption keys and location of users. The developed malware operates in the background in a stealthy manner without disrupting the normal operation of the phone. We elaborate on the software architecture of (U)SimMonitor and provide implementation details for the specific AT commands used by the malware. We analyse the security impacts of (U)SimMonitor malware and we show that it can entirely breach the privacy of mobile users and the security of cellular networks. In particular, a mobile user with an infected phone can be identified and all his/her movements can be tracked. Moreover, all his/her encrypted phone calls and data sessions can be disclosed.
Keywords: computer network security; data privacy; invasive software; mobile radio; smart phones; Android devices; SimMonitor malware; baseband modem; cyber criminals; iPhone devices; mobile malware; mobile phones; network security; smartphones; software architecture; user privacy; Malware; Mobile communication; Mobile computing; Modems; Smart phones; AT commands; android; iPhone; mobile networks (ID#: 16-10813)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7158480&isnumber=7158456

N. R. Kisore and S. Sagi, “A Secure SMS Protocol for Implementing Digital Cash System,” Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, Kochi, India, 2015, vol., no., pp. 1883-1892. doi:10.1109/ICACCI.2015.7275893
Abstract: We propose a digital cash system suitable for low value transactions and a secure SMS protocol based on EC-MQV key agreement protocol and AES encryption algorithm to operate the proposed digital cash system. The key security aspects of the protocol are resilience to SIM cloning, SIM swapping attacks and possible message tampering using a GSM ghost base station. It further provides for 2 factor authentication by using IMSI number as proof of “what you have?” and a user provided password as proof of “what you know?”. The total cost of executing a financial transaction is 2 SMS messages. We use the proposed protocol to implement a digital cash system. We strongly believe such a low cost secure digital cash system can be a boon to extend financial services to people who are left out of regular banking services due to the high cost of providing the same through existing banking and payment solutions. The low communication cost associated with each financial transaction makes it financially viable for handling low value transactions. The proposed protocol was implemented for both android and J2ME mobile phones with an easy to use interface wherein any individual with number literacy can operate. This makes it easy to deploy in less developed economies where literacy is often a challenge.
Keywords: cryptographic protocols; electronic messaging; electronic money; mobile handsets; public key cryptography; AES encryption algorithm; Android mobile phones; EC-MQV key agreement protocol; GSM ghost base station; IMSI number; J2ME mobile phones; SIM cloning; SIM swapping attacks; Short Messaging Service; advanced encryption standard; authentication; banking services; digital cash system; message tampering; secure SMS protocol; user provided password; Logic gates; Mobile handsets; Protocols; Public key; Servers; Digital Cash; Elliptic curve; Secure SMS (ID#: 16-10814)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7275893&isnumber=7275573

A. Munch-Ellingsen, R. Karlsen, A. Andersen and S. Akselsen, “Two-Factor Authentication for Android Host Card Emulated Contactless Cards,” Mobile and Secure Services (MOBISECSERV), 2015 First Conference on, Gainesville, FL, 2015, vol., no., pp. 1-6. doi:10.1109/MOBISECSERV.2015.7072874
Abstract: With the introduction of Host Card Emulation (HCE) in Android 4.4 KitKat the Near Field Communication (NFC) card emulation mode took a twist. On one side, HCE allows for easier development and a shorter deployment path for contactless card services on the mobile phone (e.g. payment, ticketing, loyalty cards etc.). On the other side, it introduces new security issues since it does not intrinsically involve a secure element on the mobile phone. As an example, the Cipurse open ticketing standard for public transportation, published by OSPT, implies usage of a secure element for the authentication mechanism and key storage. How can Cipurse benefit from the advantages of HCE and still provide secure authentication and encryption of transferred data? We have designed a two-factor authentication mechanism that involves usage of the Universal Integrated Circuit Card (also known as the SIM card) as the secure second-factor that allows for the implementation of the Cipurse specification as a secure HCE application. The benefit is faster execution of the Cipurse emulated card but still with feasible security for many application areas.
Keywords: Android (operating system); cryptography; near-field communication; smart phones; trusted computing; Android 4.4 KitKat; Android host card emulated contactless cards; Cipurse open ticketing standard; Cipurse specification; HCE application; NFC card emulation mode; OSPT; SIM card; Universal Integrated Circuit Card; authentication mechanism; data encryption; host card emulation; mobile phone; near field communication card emulation mode; public transportation; security issues; two-factor authentication mechanism; Androids; Authentication; Emulation; Humanoid robots; Mobile communication; Smart phones; Cipurse; Host Card Emulation; Near Field Communication; Trusted Service Manager (ID#: 16-10815)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7072874&isnumber=7072857

I. Mohamed and D. Patel, “Android vs iOS Security: A Comparative Study,” Information Technology – New Generations (ITNG), 2015 12th International Conference on, Las Vegas, NV, 2015, vol., no., pp. 725-730. doi:10.1109/ITNG.2015.123
Abstract: The massive adoption of mobile devices by individuals as well as by organizations has brought forth many security concerns. Their significant abilities have resulted in their permeating use while correspondingly increasing their attractiveness as targets for cybercriminals. Consequently, mobile device vendors have increasingly focused on security in their design efforts. However, present security features might still be insufficient to protect users’ assets. In this paper, factors that influence security within the two leading mobile platforms, Android and iOS, are presented and examined to promote discussion while studying them under one umbrella. We consider various factors that influence security on both platforms, such as application provenance, application permissions, application isolation, and encryption mechanisms.
Keywords: Android (operating system); cryptography; iOS (operating system); mobile computing; mobile handsets; organisational aspects; Android security; application isolation; application permissions; application provenance; cybercriminals; design efforts; encryption mechanisms; iOS security; mobile device vendors; organizations; security features; Androids; Encryption; Google; Humanoid robots; Mobile communication; Mobile handsets; Android; Application store; Mobile Platform; Security; iOS
(ID#: 16-10816)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7113562&isnumber=7113432

Y. Yuan, C. M. Cheng, S. Kiyomoto, Y. Miyake and T. Takagi, “Portable Implementation of Lattice-Based Cryptography Using JavaScript,” 2015 Third International Symposium on Computing and Networking (CANDAR), Sapporo, 2015, vol., no., pp. 58-67. doi:10.1109/CANDAR.2015.36
Abstract: Lattice-based cryptography has attracted a high degree of attention in the cryptologic research community. It is expected to be in wide use in the foreseeable future once large quantum computers are in sight. In addition, JavaScript is a standard programming language for Web applications. It is now supported on a wide variety of computing platforms and devices with immense efficiency improvement in the past few years. In this paper, we present the results of our JavaScript implementation of several Lattice-based encryption schemes and show the speed performance on four common Web browsers on PC. Furthermore, we also show the performance on two smaller computing platforms, namely, tablets running the Android operating system, as well as Tessel, an embedded system equipped with an ARM Cortex-M3-grade microcontroller. Our results demonstrate that some of today’s Lattice-based cryptosystems can already have efficient JavaScript implementations and hence are ready for use on a growing list of JavaScript-enabled computing platforms.
Keywords: Android (operating system); Internet; Java; cryptography; embedded systems; lattice theory; microcontrollers; notebook computers; online front-ends; ARM Cortex-M3-grade microcontroller; Android operating system; JavaScript-enabled computing platform; Tessel; Web applications; Web browsers; cryptologic research community; embedded system; lattice-based cryptography portable implementation; lattice-based cryptosystem; lattice-based encryption scheme; quantum computers; tablets; Browsers; Encryption; Lattices; Performance evaluation; Public key; Android; JavaScript; Lattice-based cryptography (ID#: 16-10817)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7424690&isnumber=7424253

S. Szlósarczyk and A. Schulte, “Voice Encrypted Recognition Authentication—VERA,” Next Generation Mobile Applications, Services and Technologies, 2015 9th International Conference on, Cambridge, 2015, vol., no., pp. 270-274. doi:10.1109/NGMAST.2015.74
Abstract: We propose VERA—an authentication scheme where sensitive data on mobile phones can be secured or whereby services can be locked by the user’s voice. Our algorithm takes use of acoustic fingerprints to identify the personalized voice. The security of the algorithm depends on the discrete logarithm problem in ZN where N is a safe prime. Further we evaluate two practical examples on Android devices where our scheme is used: First the encryption of any data(set). Second locking a mobile phone. Voice is the basic for both of the fields.
Keywords: acoustic signal processing; cryptography; smart phones; VERA scheme; acoustic fingerprints; data encryption; discrete logarithm problem; mobile phones; voice encrypted recognition authentication scheme; Acoustics; Authentication; Encryption; Mobile handsets; Protocols; Android; acoustic fingerprint; authentication; biometrics; encryption; voice (ID#: 16-10818)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7373254&isnumber=7373199

I. Denisow, S. Zickau, F. Beierle and A. Küpper, “Dynamic Location Information in Attribute-Based Encryption Schemes,” Next Generation Mobile Applications, Services and Technologies, 2015 9th International Conference on, Cambridge, 2015, vol., no., pp. 240-247. doi:10.1109/NGMAST.2015.63
Abstract: Attribute-based encryption (ABE) allows users to encrypt (cloud) data with fine-grained Boolean access control policies. To be able to decrypt the ciphertext, users need to have a private key with the associated attributes. If the attributes satisfy the formula, the plaintext can be recovered. In this paper, ABE is extended with dynamic attributes. This allows attributes to be added to an existing private key. A server component named Attribute Authority is introduced. By using these dynamic attributes, it is now possible to have the decryption depend on data that changes often, such as location information of a mobile device. Two schemes were developed that convert location data into usable ABE attributes. To demonstrate our results, an Android application was implemented and evaluated in a field test.
Keywords: Android (operating system); authorisation; cloud computing; mobile computing; private key cryptography; Android application; Boolean access control policies; associated attributes; attribute authority; attribute-based encryption schemes; ciphertext decryption; cloud data encryption; dynamic attributes; dynamic location information; location data; mobile device; plaintext recovery; private key; server component; usable ABE attributes; Access control; Encryption; Java; Libraries; Mobile handsets; Public key; Attribute-based Encryption Schemes; Cloud Data; Dynamic Attribute Information; Location-based Access Control (ID#: 16-10819)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7373250&isnumber=7373199

S. Singh, R. Jain, P. Deep and S. Agarwal, “Developing Mobile Message Security Application Using 3D Playfair Cipher Algorithm,” Computer Engineering and Applications (ICACEA), 2015 International Conference on Advances in, Ghaziabad, 2015, vol., no., pp. 838-841. doi:10.1109/ICACEA.2015.7164820
Abstract: The theme of this research is to provide security for the messages of an Android phone that contains alphabets, numerals and special characters. This research overrules the functioning of Application Lock and secures the messages by encrypting through 3D-Playfair Cipher (4 × 4 × 4). 3D-Playfair works on trigraph and supports all of the 26 alphabets {A to Z}, the 10 digits {0 to 9} and the 28 basic special characters. 3D-Playfair increases the security by maximizing complexity. Using this application, all the messages will be displayed in the encrypted form on the mobile screen which can be decrypted upon the verification of valid user.
Keywords: Android (operating system); computational complexity; cryptography; smart phones; 3D playfair cipher algorithm; Android phone; application lock; complexity maximization; decrypted; encrypted form; mobile message security application; mobile screen; special characters; valid user verification; Ciphers; Encryption; Floors; Smart phones; Three-dimensional displays; 3D Playfair cipher; Android Application; trigraph (ID#: 16-10820)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7164820&isnumber=7164643

R. Stevens and H. Chen, “Predictive Eviction: A Novel Policy for Optimizing TLS Session Cache Performance,” 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, CA, 2015, vol., no., pp. 1-7. doi:10.1109/GLOCOM.2015.7417274
Abstract: Transport Layer Security (TLS) is the most commonly used security protocol to encrypt web traffic. TLS connections are computationally expensive to set up, so the TLS protocol supports session resumption, where previously negotiated connection parameters can be used to short-circuit the TLS handshake. The server assigns new sessions a session identifier (ID) and caches each session by its ID so it can be retrieved later. As clients come and go, sessions in the server’s cache will have to be evicted according to the server’s eviction policy. We find that first-in-first-out (FIFO) and least-recently-used (LRU) are the most common session cache eviction policies among popular TLS libraries, however, for applications whose clients connect at regular intervals, such as mobile advertising, the performance of these policies may be far worse than randomly evicting policies from the cache. To handle this, we propose a novel eviction policy for TLS session caches, predictive eviction, that relies on the server knowing the next time each client will connect again. Using a real-world application of such a policy, Android in-application advertising, we build a client that is able to simulate the behavior of a large number of devices requesting mobile advertisements over TLS. We use this simulated client to benchmark the hit rate of the predictive policy compared with eviction policies found in popular TLS library implementations. In addition, we demonstrate that our policy can be implemented efficiently by benchmarking its performance in transactions per second compared with OpenSSL’s session cache implementation, and compared with TLS session tickets (an alternative to session caching for resuming TLS sessions). We find that our policy has better hit rate performance than other eviction policies, and can achieve comparable performance to session tickets. To the best of our knowledge, this is the first study of the performance of TLS session resumption strategies.
Keywords: Internet; cache storage; cryptographic protocols; Android in-application advertising; FIFO; ID; LRU; OpenSSL session cache; TLS library; TLS session cache performance optimization; TLS session resumption strategy; Web traffic encryption; first-in-first-out session cache eviction policy; hit rate performance; least-recently-used session cache eviction policy; mobile advertisements; predictive eviction; security protocol; session identifier; transport layer security; Advertising; Cryptography; Libraries; Mobile communication; Protocols; Servers (ID#: 16-10821)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7417274&isnumber=7416057

P. P. Nayadkar, “Automatic and Secured Backup and Restore Technique in Android,” Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015 International Conference on, Coimbatore, India, 2015, vol., no., pp. 1-4. doi:10.1109/ICIIECS.2015.7193103
Abstract: In today’s world Smartphone users are increasing day by day. As Smartphone’s have always been connected with the internet it plays very important role in a user’s daily life. Almost all Important data are stored in Smartphone’s compared to desktops or PC’s. This increases the chances of data theft, loss or failure from Smartphone’s so backup and restore technique is used for preventing loss of data. But there are many challenges faced by the user while taking backup because of operating systems and versions available in the market. In this paper, we apply automatic as well as an encrypted backup technique for an Android device as per as security is concerned.
Keywords: Android (operating system); mobile computing; security of data; smart phones; Android restore technique; PC; Smartphone users; automatic backup; data theft; desktops; encrypted backup technique; operating systems; secured backup; Cloud computing; Encryption; Smart phones; Synchronization; Backup and Restore; Backup techniques; Mobile devices; Smartphone (ID#: 16-10822)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7193103&isnumber=7192777

Prajitha, M V, Rekha, P and Amrutha, George A, “A Secured Authentication Protocol Which Resist[s] Password Reuse Attack,” Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015 International Conference on, Coimbatore, India, 2015, vol., no., pp. 1-5. doi:10.1109/ICIIECS.2015.7193082
Abstract: Passwords are the powerful tools that tend to keep all data and information digitally safe. It is frequently noticed that text password remains predominantly popular over the other formats of passwords, due to the fact that it is simple and expedient. However, text passwords are not always sturdy enough and are very easily stolen and misused under different vulnerabilities. Other persons can obtain a text password when a person creates a weak password or a password that is completely reused in many sites. In this condition if one password is hacked, it can be used for all the websites. This is called the Domino Effect. Another unsafe situation is when a person enters his/her password in a computer that is not trust-worthy; the password is prone to stealing attacks such as phishing, malware and key loggers etc. Among the most significant current threats to online banking are keylogging and phishing. These attacks extract user identity and account information to be used later for unauthorized access to user’s financial accounts. This paper proposes a user authentication protocol which leverages a user’s Android Smartphone and short message service to resist password stealing and password reuse attacks. This protocol only requires each participating website possesses a unique phone number and users only need to remember a long-term password for login on all websites. To provide more security to Android Smartphone, an additional method called color pattern screen locking is also proposed in this paper.
Keywords: Android (operating system); Web sites; computer crime; invasive software; message authentication; smart phones; Android smartphone; color pattern screen locking; domino effect; financial accounts; key loggers; keylogging; malware; online banking; password hacking; password reuse attacks; password stealing; phishing; short message service; stealing attacks; text passwords; user authentication protocol; Authentication; Computers; Cryptography; Mobile handsets; Protocols; Servers; Encryption and decryption; Network security; Password; password reuse attack; password stealing attack (ID#: 16-10823)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7193082&isnumber=7192777

A. Jevremovic and M. Veinovic, “Development of the Android-Based Secure Communication Device,” Telecommunication in Modern Satellite, Cable and Broadcasting Services (TELSIKS), 2015 12th International Conference on, Niš, Serbia, 2015, vol., no., pp. 385-388. doi:10.1109/TELSKS.2015.7357837
Abstract: The possibility of secure communication used only to be the privilege of professional services and systems which could afford to allocate enormous funds for the development of specialized communication devices. Nowadays, through the popularization of the open-source development model, significant reduction of development costs was thus enabled, together with maintaining a high level of security. Such development implies the inclusion of ready-made components, the operating principles of which may be checked and modified, when needed. This paper shall elaborate on key issues concerning the development of mobile devices for secure communication based on the Android platform.
Keywords: Android (operating system); cryptography; public domain software; smart phones; Android platform; Android-based secure communication device; Linux; custom cipher; mobile device; open-source development model; ready-made component; Encryption; Hardware; Kernel; Linux; Protocols; Android; Secure communication; custom cipher (ID#: 16-10824)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7357837&isnumber=7357713

R. Divya and S. Muthukumarasamy, “An Impervious QR-Based Visual Authentication Protocols to Prevent Black-Bag Cryptanalysis,” Intelligent Systems and Control (ISCO), 2015 IEEE 9th International Conference on, Coimbatore, India, 2015, vol., no., pp. 1-6. doi:10.1109/ISCO.2015.7282330
Abstract: Black-bag cryptanalysis is used to acquire the cryptographic secrets from the target computers and devices through burglary or covert installation of keylogging and Trojan horse hardware/software. To overcome black-bag cryptanalysis, the secure authentication protocols are required. It mainly focuses on keylogging where the keylogger hardware or software is used to capture the client’s keyboard strokes to intercept the password. They considers various root kits residing in PCs (Personnel Computers) to observe the client’s behavior that breaches the security. The QR code can be used to design the visual authentication protocols to achieve high usability and security. The two authentication protocols are Time based One-Time-Password protocol and Password-based authentication protocol. Through accurate analysis, the protocols are proved to be robust to several authentication attacks. And also by deploying these two protocols in real-world applications especially in online transactions, the strict security requirements can be satisfied.
Keywords: QR codes; cryptographic protocols; invasive software; message authentication; QR code; QR-based visual authentication protocol; Trojan horse hardware/software; authentication attack; black-bag cryptanalysis; burglary; covert installation; cryptographic secret; keylogger hardware; keylogger software; keylogging; online transaction; password-based authentication protocol; personnel computer; secure authentication protocol; time based one-time-password protocol; Encryption; Hardware; Keyboards; Personnel; Protocols; Robustness; Android; Attack; Authentication; Black-bag cryptanalysis; Keylogging; Malicious code; Pharming; Phishing; Session hijacking; visualization (ID#: 16-10825)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282330&isnumber=7282219

L. Malina, J. Hajny and V. Zeman, “Usability of Pairing-Based Cryptography on Smartphones,” Telecommunications and Signal Processing (TSP), 2015 38th International Conference on, Prague, 2015, vol., no., pp. 617-621. doi:10.1109/TSP.2015.7296337
Abstract: This paper deals with the usability of pairing-based cryptography on smartphones. Pairing-based cryptographic schemes can offer many advanced cryptographic primitives such as privacy protection, identity-based encryption and so on. These schemes are used to secure services and applications that may run on hand-held devices. Nevertheless, pairing operations are more expensive than modular arithmetic operations that are used in conventional cryptographic schemes. In this work, we investigate the performance of pairing operations on current smartphones. Then, we implement and evaluate a pairing-based group signature scheme on smartphones. Further, we show optimization techniques that can reduce expensive pairing operations in pairing-based schemes. Our results help to clarify whether these schemes are suitable to run on current smartphones.
Keywords: cryptography; optimisation; smart phones; cryptographic primitives; hand-held devices; identity based encryption; modular arithmetic operations; pairing based cryptographic schemes; pairing based group signature scheme; privacy protection; smartphones; Androids; Cryptography; Elliptic curves; Humanoid robots; Optimization; Smart phones; Subspace constraints; Bilinear Pairing; Cryptography; Group Signatures; Optimization; Performance; Smartphones (ID#: 16-10826)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7296337&isnumber=7296206

E. Huseynov and J. M. Seigneur, “WiFiOTP: Pervasive Two-Factor Authentication Using Wi-Fi SSID Broadcasts,” ITU Kaleidoscope: Trust in the Information Society (K-2015), 2015, Barcelona, 2015, vol., no., pp. 1-8. doi:10.1109/Kaleidoscope.2015.7383630
Abstract: Two-factor authentication can significantly reduce risks of compromised accounts by protecting from weak passwords, online identity theft and other online fraud. This paper presents a new easy solution to implement two-factor authentication without affecting user experience by introducing minimum user interaction based on standard Wi-Fi. It has been validated with different software and hardware implementations in a real life environment to show it can easily be deployed in many cases.
Keywords: fraud; message authentication; ubiquitous computing; wireless LAN; Wi-Fi SSID broadcasts; WiFiOTP; minimum user interaction; online fraud; online identity theft; pervasive two-factor authentication; weak password; Androids; Authentication; Decision support systems; Encryption; Humanoid robots; Servers; multi-factor authentication; user-friendly security (ID#: 16-10827)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7383630&isnumber=7383613

M. Aliasgari, N. Sabol and A. Sharma, “Sesame: A Secure and Convenient Mobile Solution for Passwords,” Mobile and Secure Services (MOBISECSERV), 2015 First Conference on, Gainesville, FL, 2015, vol., no., pp. 1-5. doi:10.1109/MOBISECSERV.2015.7072879
Abstract: Passwords are the main and most common method of remote authentication. However, they have their own frustrating challenges. Users tend to forget passwords that are chosen to be hard to guess. Password managers are an approach to keeping our passwords safe. However, they mainly rely on one master password to secure all of our passwords. If this master password is compromised then all other passwords can be recovered. In this work, we introduce Sesame: a secure yet convenient mobile-based, voice-activated password manager. It combines all different methods of user authentication to create a more robust digital vault for personal data. Each password is encrypted with a new fresh key on the user’s mobile device for maximum security. The keys are stored in our servers in a protected format. The user has the option of backing up the encrypted passwords in any cloud service. To view a password, the user only needs to utter the name of a web service, and speaker and speech recognition are applied for authentication. Only the key for that service is sent to the mobile application and the password is decrypted and displayed. The biggest advantage of Sesame is that the user need not assume any trust to neither our servers nor any cloud storage. Also, there is no need to enter a master password every time since speaker recognition is used. However, as an alternative to voice, users can view their passwords using a master password in case voice is not available. We provide a brief analysis of the security of our solution that has been implemented on Android platform and freely available on Google Play. Sesame is an ideal and practical solution for mobile password managers.
Keywords: Android (operating system); Web services; authorisation; cloud computing; cryptography; mobile computing; speaker recognition; Android platform; Google Play; Sesame; Web service; cloud service; cloud storage; digital vault; master password; mobile application; mobile device; mobile-based voice-activated password manager; password decryption; password encryption; personal data; remote authentication; speaker recognition; speech recognition; Authentication; Cryptography; Mobile handsets; Servers; Speaker recognition; Speech recognition; Biometrics; Mobile Authentication; Password Management; Secure Cloud Storage (ID#: 16-10828)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7072879&isnumber=7072857

J. Gan, R. Kok, P. Kohli, Y. Ding and B. Mah, “Using Virtual Machine Protections to Enhance Whitebox Cryptography,” Software Protection (SPRO), 2015 IEEE/ACM 1st International Workshop on, Florence, 2015, vol., no., pp. 17-23. doi:10.1109/SPRO.2015.12
Abstract: Since attackers can gain full control of the mobile execution environment, they are able to examine the inputs, outputs, and, with the help of a disassembler/debugger the result of every intermediate computation a cryptographic algorithm carries out. Essentially, attackers have total visibility into the cryptographic operation. Whitebox cryptography aims at protecting keys from disclosed in software implementation. With theoretically unbounded resources a determined attacker is able to recover any confidential keys and data. A strong whitebox cipher implementation as the cornerstone of security is essential for the overall security in mobile environments. Our goal is to provide an increased degree of protection given the constraints of a software solution and the resource constrained, hostile-host environments. We seek neither perfect protection nor long-term guarantees, but rather a practical level of protection to balance cost, security and usability. Regular software updates can be applied such that the protection will need to withstand a limited period of time. V-OS operates as a virtual machine (VM) within the native mobile operating system to provide a secure software environment within which to perform critical processes and computations for a mobile app.
Keywords: cryptography; mobile computing; virtual machines; V-OS; confidential keys; cryptographic algorithm; mobile application; mobile execution environment; secure software environment; software implementation; virtual machine protection; whitebox cipher implementation; whitebox cryptography; Androids; Encryption; Microprogramming; Mobile communication; Object recognition; Virtual machining; Anti-Debugging; Anti-Reverse Engineering; Code Obfuscation; Data Obfuscation; Fingerprinting; Mobile Code; Software Licensing; Software Renewability; Software Tamper Resistance; Virtual Machine Protections (VMP); Whitebox Cryptography (WBC) (ID#: 16-10829)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7174806&isnumber=7174794

W. Zegers, S. Y. Chang, Y. Park and J. Gao, “A Lightweight Encryption and Secure Protocol for Smartphone Cloud,” Service-Oriented System Engineering (SOSE), 2015 IEEE Symposium on, San Francisco Bay [Area], CA, 2015, vol., no., pp. 259-266. doi:10.1109/SOSE.2015.47
Abstract: User data on mobile devices are always transferred into Cloud for flexible and location-independent access to services and resources. The issues of data security and privacy data have been often reverted to contractual partners and trusted third parties. As a matter of fact, to project data, data encryption and user authentication are fundamental requirements between the mobile devices and the Cloud before a data transfer. However, due to limited resources of the smartphones and the unawareness of security from users, data encryption has been the last priority in mobile devices, and the authentication between two entities always depends on a trusted third party. In this paper, we propose a lightweight encryption algorithm and a security handshaking protocol for use specifically between in mobile devices and in Cloud, with the intent of securing data on the user side before it is migrated to cloud storages. The proposed cryptographic scheme and security protocol make use of unique device specific identifiers and user supplied credentials. It aims to achieve a usersoriented approach for Smartphone Cloud. Through experiments, we demonstrated that the proposed cryptographic scheme requires less power consumption on mobile devices.
Keywords: authorisation; cloud computing; cryptographic protocols; data privacy; smart phones; cloud storages; contractual partners; cryptographic scheme; data encryption; data security; data transfer; lightweight encryption algorithm; location-independent access; mobile devices; privacy data; project data; secure protocol; security handshaking protocol; security protocol; smart phone cloud; trusted third party; user authentication; user data; Authentication; Encryption; Mobile communication; Protocols; Smart phones; Android; Cloud; Cryptography; Mobile devices and smartphones; Security (ID#: 16-10830)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7133539&isnumber=7133490

J. Xu, L. Zhang, D. Lin and Y. Mao, “Recommendable Schemes of Anti-decompilation for Android Applications,” Frontier of Computer Science and Technology (FCST), 2015 Ninth International Conference on, Dalian, China, 2015, vol., no., pp. 184-190. doi:10.1109/FCST.2015.76
Abstract: Currently, Regular Android software, injected in malicious code, is one of the important factors of that Android virus run rampant. Protecting the Android software has become a focus of attention in academia and industry. Addressing the safety protection issues of the Android software, this paper will present some new schemes for Android software security technology. On the basis of existing research results, we will propose some recommendable solutions to prevent android applications being decompiled. Take advantage of these methods, we will build the Android software protection system, which will mostly eliminate the feasibility of the secondary packaging for Android software, and extend the Android software safety lifecycle.
Keywords: Android (operating system); invasive software; mobile computing; Android applications; Android software protection system; Android software safety lifecycle; Android software security technology; Android virus; malicious code; recommendable antidecompilation schemes; safety protection issues; Androids; Encryption; Humanoid robots; Smart phones; Software (ID#: 16-10831)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7314672&isnumber=7314625

J. Cui, D. She, J. Ma, Q. Wu and J. Liu, “A New Logistics Distribution Scheme Based on NFC,” Network and Information Systems for Computers (ICNISC), 2015 International Conference on, Wuhan, 2015, vol., no., pp. 492-495. doi:10.1109/ICNISC.2015.48
Abstract: There are many disadvantages in the logistics distribution scheme today. The package may be taken by mistake and the information of consumers on the package may be hooked up illegally. What is more, it needs lots of couriers and costs plenty of money. To solve these problems above, a more effective logistics distribution scheme based on Near Field Communication is proposed. Many key technologies, such as the data exchange technology among android APP, server and NFC module, the data transmission technology by NFC and so on, are used in this scheme. The information is encrypted by ASE while transmission from one place to another. By contrasting the existing schemes and the new scheme, it is obvious that the new scheme has more advantages. Finally, the performance of the scheme is tested. The scheme makes logistics distribution automated greatly by the NFC, PN532 and arduino. In addition, it can ensure the safety of consumer privacy largely. All in all, the data of the test indicates that the new scheme has better performance.
Keywords: cryptography; data privacy; goods distribution; logistics data processing; mobile computing; near-field communication; production engineering computing; Android application; Arduino; NFC; consumer privacy; data exchange technology; data transmission technology; information encryption; logistics distribution scheme; near field communication; Cryptography; Databases; Logistics; Servers; Smart phones; AES; Logistics distribution; NFC (ID#: 16-10832)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7311934&isnumber=7311794

P. Amthor and W. E. Kühnhauser, “Security Policy Synthesis in Mobile Systems,” Services (SERVICES), 2015 IEEE World Congress on, New York City, NY, 2015, vol., no., pp. 189-197. doi:10.1109/SERVICES.2015.36
Abstract: Contemporary mobile devices have become universal and versatile tools that increasingly are used in sensitive application scenarios. They inevitably carry confidential information such as passwords, encryption keys, mission-critical company data, or location information in combat areas. In order to meet sophisticated security requirements, recent technology focuses on policy-oriented approaches that allow for the definition and enforcement of rigorous and precise rules for protecting confidential information. State-of-the-art development of security policies is a critical process, because of the involved quality assurance measures, it is quite heavy-weighted and tends to antagonize the distinguished virtues of mobile devices for lightweight, spontaneous communication and cooperation. This paper presents an approach to support secure, mobile device based cooperation in temporary, sporadically and spontaneously fashioned cliques within open communication infrastructures. The approach is based upon light-weight security domains protected by security policies that are dynamically and automatically composed during group formation. Due to the volatile nature of such groups simplicity, adaptability, efficiency and compatibility with today’s security policy implementation techniques have been a major design goal.
Keywords: mobile computing; security of data; confidential information; contemporary mobile devices; light-weight security domains; mobile device based cooperation; mobile systems; policy-oriented approaches; security policy synthesis; Androids; Companies; Humanoid robots; Mobile communication; Security; Smart phones; Android Security Extensions; Flaskdroid; MOSES; Mobile computing; SE Android; SE Linux; ad-hoc cooperation; metapolicy; mobile devices security; policy-controlled system; security domain; security policy (ID#: 16-10833)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7196524&isnumber=7196486
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Black Box Cryptography 2015

	Black Box Cryptography 2015

According to Stack Exchange, black box security is “security of a cryptographic algorithm studied in the ‘black-box’ model: e.g., for symmetric encryption, the attacker is given access to a ‘device’ which runs the encryption algorithm with a given key, and can submit plaintexts and ciphertexts, the goal of the attacker being to be able to decrypt a given block without submitting that exact block as ciphertext.” For the Science of Security community, back box cryptography is important to composability, metrics, and resilience. The work cited here was presented in 2013–2016.

S. Garg, S. Lu and R. Ostrovsky, “Black-Box Garbled RAM,” Foundations of Computer Science (FOCS), 2015 IEEE 56th Annual Symposium on, Berkeley, CA, 2015, vol., no., pp. 210-229. doi:10.1109/FOCS.2015.22
Abstract: Garbled RAM, introduced by Lu and Ostrovsky, enables the task of garbling a RAM (Random Access Machine) program directly, thereby avoiding the inefficient process of first converting it into a circuit. Garbled RAM can be seen as a RAM analogue of Yao’s garbled circuit construction, except that known realizations of Garbled RAM make non-black-box use of the underlying cryptographic primitives. In this paper we remove this limitation and provide the first black-box construction of Garbled RAM with polylogarithmic overhead. Our scheme allows for garbling multiple RAM programs being executed on a persistent database and its security is based only on the existence of one-way functions. We also obtain the first secure RAM computation protocol that is both constant round and makes only black-box use of one-way functions in the Oblivious Transfer hybrid model.
Keywords: cryptographic protocols; RAM computation protocol; black-box construction; black-box garbled RAM; cryptographic primitives; oblivious transfer hybrid model; one-way functions; persistent database; polylogarithmic overhead; random access machine program; Central Processing Unit; Complexity theory; Computer science; Cryptography; Databases; Random access memory; Black-Box Cryptography; Garbled RAM; One-Way Functions; Secure Computation (ID#: 16-10872)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7354396&isnumber=7354373

G. Asharov and G. Segev, “Limits on the Power of Indistinguishability Obfuscation and Functional Encryption,” Foundations of Computer Science (FOCS), 2015 IEEE 56th Annual Symposium on, Berkeley, CA, 2015, pp. 191-209. doi:10.1109/FOCS.2015.21
Abstract: Recent breakthroughs in cryptography have positioned indistinguishability obfuscation as a “central hub“ for almost all known cryptographic tasks, and as an extremely powerful building block for new cryptographic tasks resolving long-standing and foundational open problems. However, constructions based on indistinguishability obfuscation almost always rely on non-black-box techniques, and thus the extent to which it can be used as a building block in cryptographic constructions has been completely unexplored so far. We present a framework for proving meaningful negative results on the power of indistinguishability obfuscation. By considering indistinguishability obfuscation for oracle-aided circuits, we capture the common techniques that have been used so far in constructions based on indistinguishability obfuscation. These include, in particular, non-black-box techniques such as the punctured programming approach of Sahai and Waters (STOC ’14) and its variants, as well as sub-exponential security assumptions. Within our framework we prove the first negative results on the power of indistinguishability obfuscation and of the tightly related notion of functional encryption. Our results are as follows: There is no fully black-box construction of a collision-resistant function family from an indistinguishability obfuscator for oracle-aided circuits. There is no fully black-box construction of a key-agreement protocol with perfect completeness from a private-key functional encryption scheme for oracle-aided circuits. Specifically, we prove that any such potential constructions must suffer from an exponential security loss, and thus our results cannot be circumvented using sub-exponential security assumptions. Our framework captures constructions that may rely on a wide variety of primitives in a non-black-box manner (e.g., Obfuscating or generating a functional key for a function that uses the evaluation circuit of a puncturable pseudorandom function), and we only assume that the underlying indistinguishability obfuscator or functional encryption scheme themselves are used in a black-box manner.
Keywords: exponential distribution; private key cryptography; random sequences; exponential security loss; indistinguishability obfuscation; nonblack-box technique; oracle-aided circuit; private-key functional encryption scheme; pseudorandom function; Encryption; Integrated circuit modeling; Protocols; Public key; Standards (ID#: 16-10873)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7354395&isnumber=7354373

H. Bruyninckx, F. Lafitte and D. Van Heule, “Safe Cryptographic Random Number Generation Using Untrusted Generators,” Communications (ICC), 2014 IEEE International Conference on, Sydney, NSW, 2014, vol., no., pp. 731-736. doi:10.1109/ICC.2014.6883406
Abstract: The security of many cryptographic applications relies heavily on the quality of the random numbers used. Therefore, random number generation is one of the most critical primitives for cryptography. This paper focuses on true random number generators (TRNGs) and the analysis of their security requirements. After illustrating issues associated with adversarial influences on TRNGs, we propose a simple method to obtain a secure TRNG based on n TRNGs originating from (potentially) untrusted vendors. The untrusted generators are combined such that as long as one out of the n vendors does not collude with the other vendors, the generator is secure, i.e., the output is unpredictable and uniformly distributed even in the presence of an active attacker. In order to achieve this, we review several choices of functions to be used as combiner. The advantage of our design is that only the (black-box) input-output behavior of the vendor’s TRNGs needs to be evaluated. No overhead is introduced by the combiner. The resulting generator offers fault resilience and ease of maintenance.
Keywords: cryptography; random number generation; TRNGs; active attacker; cryptographic random number generation; fault resilience; true random number generators; untrusted generators; Boolean functions; Correlation; Cryptography; Entropy; Generators; Noise; Attacks on TRNGs; Cryptography; Fault-tolerance; Hardware Trojans; Random Number Generator (RNG); Resilient functions (ID#: 16-10874)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6883406&isnumber=6883277

Y. Ren and L. Wu, “Power Analysis Attacks on Wireless Sensor Nodes Using CPU Smart Card,” Wireless and Optical Communication Conference (WOCC), 2013 22nd, Chongqing, 2013, vol., no., pp. 665-670. doi:10.1109/WOCC.2013.6676458
Abstract: In wireless sensor networks (WSN), CPU smart cards can be used as crypto accelerators and temper-resistant storages to improve security. But Side Channel Attacks (SCA) can bypass temper-resistant mechanisms and recover the confidential information without being detected. In this work, a typical black-box Side Channel Attack (SCA) on a real-life 32-Bit CPU smart card against Triple Data Encryption Standard (3DES) is successfully conducted, and the whole 112 key bits of 3DES are recovered with moderate effort which is around 80,000 power traces. Our result highlights that SCA is a practical threat in the security of WSN, and proper countermeasures against SCA should be used.
Keywords: cryptography; microprocessor chips; smart cards; wireless sensor networks; 3DES; CPU smart cards; SCA; WSN; crypto accelerators; power analysis attacks; side channel attacks; tamper-resistant mechanisms; tamper-resistant storages; triple data encryption standard; wireless sensor nodes; 3DES; CPU smart card; side channel attack (SCA); wireless sensor network (WSN) (ID#: 16-10875)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6676458&isnumber=6676323

S. Arul Oli and L. Arockiam, “A Framework for Key Management for Data Confidentiality in Cloud Environment,” Computer Communication and Informatics (ICCCI), 2015 International Conference on, Coimbatore, 2015, vol., no., pp. 1-4. doi:10.1109/ICCCI.2015.7218116
Abstract: Cloud computing is a technique to keep the resources intact and available with internet facilities online at anytime and anywhere. A user may access cloud services as a utility service and can use them almost instantly. These features make cloud computing so flexible with easy access for unlimited users with several potential risks, thus demanding for the security mechanisms. Hence the need for cryptographic algorithm is inevitable for the transaction of data in a more secure manner, providing confidentiality and integrity of the data to the users. There are many numbers of cryptographic algorithms that make the system protected from the attacks of intruders. With the use of cryptographic algorithms, the keys are generated and the techniques are introduced to manage these generated keys. We make all the impossibility by use of management techniques for the intruders to break the key. These techniques act as a black box where the intruders have not even slightest glue for the key identification. In this paper the key management mechanisms are introduced which would help the users to manage the generated keys to protect the data in terms of confidentiality in cloud storage.
Keywords: cloud computing; data integrity; management science; private key cryptography; Internet facilities; cloud computing; cloud environment; cloud services; cryptographic algorithm; data confidentiality; data integrity; key identification; key management; security mechanisms; utility service; Cloud computing; Computer science; Computers; Encryption; Informatics; Cryptography; Cryptosystems; Data security; Key management (ID#: 16-10876)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218116&isnumber=7218046

T. Nakasone, Y. Li, K. Ohta and K. Sakiyama, “Exploration of the CC-EMA Attack Towards Efficient Evaluation of EM Information Leakage,” Electromagnetic Compatibility (EMC EUROPE), 2013 International Symposium on, Brugge, 2013, vol., no., pp. 411-414. doi: (not provided)
Abstract: This paper discusses the efficiency of the CC-EMA (Clockwise Collision based ElectroMagnetic Analysis) attack on hardware implementation of 128-bit AES (Advanced Encryption Standard) block cipher. The analysis efficiency of CC-EMA was first discussed on a white-box setting, i.e., using a known-key AES (Advanced Encryption Standard) hardware [10]. Then, more realistic attack scenario was applied for CC-EMA, where the secret key of AES hardware was unknown, i.e., black-box analysis, and the attack efficiency in the key recovery was briefly discussed in [11]. In this paper, we revisit the previous work for CC-EMA and explore the attack efficiency of CC-EMA furthermore in order to evaluate the information leakage from proximal EM measurements of IC (Integrated Circuit) devices. In order to evaluate the attack efficiency under various attack environments, we construct a simulation environment, where the intensity of EM radiation is parameterised assuming that it follows a normal distribution. As a result, we show that CC-EMA attack delivers equal or superior performance in the key recovery compared to the CEMA (Correlation EMA) attack and the key can be recovered by CC-EMA with less than 1100 EM measurements, in such case that the EM intensity for CC could be measured distinctly.
Keywords: cryptography; integrated circuits; normal distribution; 128-bit AES block cipher; CC-EMA attack; EM radiation intensity; IC devices; advanced encryption standard; attack efficiency; black-box analysis; clockwise collision based electromagnetic analysis attack; information leakage evaluation; integrated circuit devices; normal distribution; proximal EM measurements; Clocks; Cryptography; Electromagnetic compatibility; Hardware; High definition video; Integrated circuit modeling; Registers (ID#: 16-10877)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6653338&isnumber=6653179

K. M. Chung, R. Ostrovsky, R. Pass and I. Visconti, “Simultaneous Resettability from One-Way Functions,” Foundations of Computer Science (FOCS), 2013 IEEE 54th Annual Symposium on, Berkeley, CA, 2013, vol., no., pp. 60-69. doi:10.1109/FOCS.2013.15
Abstract: Resettable-security, introduced by Canetti, Goldreich, Goldwasser and Micali (STOC’00), considers the security of cryptographic two-party protocols (in particular zero-knowledge arguments) in a setting where the attacker may “reset” or “rewind” one of the players. The strongest notion of resettable security, simultaneous resettability, introduced by Barak, Goldreich, Goldwasser and Lindell (FOCS’01), requires resettable security to hold for both parties: in the context of zero-knowledge, both the soundness and the zero-knowledge conditions remain robust to resetting attacks. To date, all known constructions of protocols satisfying simultaneous resettable security rely on the existence of ZAPs; constructions of ZAPs are only known based on the existence of trapdoor permutations or number-theoretic assumptions. In this paper, we provide a new method for constructing protocols satisfying simultaneous resettable security while relying only on the minimal assumption of one-way functions. Our key results establish, assuming only one-way functions: Every language in NP has an ω(1)-round simultaneously resettable witness indistinguishable argument system; Every language in NP has a (polynomial-round) simultaneously resettable zero-knowledge argument system. The key conceptual insight in our technique is relying on black-box impossibility results for concurrent zero-knowledge to achieve resettable-security.
Keywords: computational complexity; cryptographic protocols; number theory; ω(1)-round simultaneously resettable witness indistinguishable argument system; NP; ZAP; black-box impossibility results; cryptographic two-party protocols; number-theoretic assumptions; one-way functions; polynomial-round simultaneously resettable zero-knowledge argument system; simultaneous resettable security; trapdoor permutations; zero-knowledge conditions; Cryptography; Polynomials; Probabilistic logic; Protocols; Schedules; Standards; proof systems; resettable WI/ZK/soundness (ID#: 16-10878)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6686141&isnumber=6686124

S. Choi, D. Zage, Y. R. Choe and B. Wasilow, “Physically Unclonable Digital ID,” Mobile Services (MS), 2015 IEEE International Conference on, New York, NY, 2015, vol., no., pp. 105-111. doi:10.1109/MobServ.2015.24
Abstract: The Center for Strategic and International Studies estimates the annual cost from cyber crime to be more than $400 billion. Most notable is the recent digital identity thefts that compromised millions of accounts. These attacks emphasize the security problems of using clonable static information. One possible solution is the use of a physical device known as a Physically Unclonable Function (PUF). PUFs can be used to create encryption keys, generate random numbers, or authenticate devices. While the concept shows promise, current PUF implementations are inherently problematic: inconsistent behavior, expensive, susceptible to modeling attacks, and permanent. Therefore, we propose a new solution by which an unclonable, dynamic digital identity is created between two communication endpoints such as mobile devices. This Physically Unclonable Digital ID (PUDID) is created by injecting a data scrambling PUF device at the data origin point that corresponds to a unique and matching descrambler/hardware authentication at the receiving end. This device is designed using macroscopic, intentional anomalies, making them inexpensive to produce. PUDID is resistant to cryptanalysis due to the separation of the challenge response pair and a series of hash functions. PUDID is also unique in that by combining the PUF device identity with a dynamic human identity, we can create true two-factor authentication. We also propose an alternative solution that eliminates the need for a PUF mechanism altogether by combining tamper resistant capabilities with a series of hash functions. This tamper resistant device, referred to as a Quasi-PUDID (Q-PUDID), modifies input data, using a black-box mechanism, in an unpredictable way. By mimicking PUF attributes, Q-PUDID is able to avoid traditional PUF challenges thereby providing high-performing physical identity assurance with or without a low performing PUF mechanism. Three different application scenarios with mobile devices for PUDID and Q-PUDI- have been analyzed to show their unique advantages over traditional PUFs and outline the potential for placement in a host of applications.
Keywords: authorisation; cryptography; random number generation; PUF; Q-PUDID; center for strategic and international studies; clonable static information; cryptanalysis; descrambler-hardware authentication; device authentication; digital identity thefts; dynamic human identity; encryption keys; hash functions; physically unclonable digital ID; physically unclonable function; quasi-PUDID; random number generation; two-factor authentication; Authentication; Cryptography; Immune system; Optical imaging; Optical sensors; Servers; PUF; access control; authentication; biometrics; cloning; computer security; cyber security; digital signatures; identification of persons; identity management systems; mobile hardware security (ID#: 16-10879)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7226678&isnumber=7226653

A. Al-Anwar, Y. Alkabani, M. W. El-Kharashi and H. Bedour, “Hardware Trojan Protection for Third Party IPs,” Digital System Design (DSD), 2013 Euromicro Conference on, Los Alamitos, CA, 2013, vol., no., pp. 662-665. doi:10.1109/DSD.2013.133
Abstract: Hardware Trojan detection is a very important topic especially as parts of critical systems which are designed and/or manufactured by untrusted third parties. Most of the current research concentrates on detecting Trojans at the testing phase by comparing the suspected circuit to a golden (trusted) one. However, these attempts do not work in the case of third party IPs, which are black boxes with no golden IPs to trust. In this work, we present novel methods for system protection that alleviate the need for a golden chip. Protection against injected Trojan is done using simple blockage method. We show the practicality of the introduced schemes by providing a proof of concept implementation of the proposed methodology on FPGA. We showed that the overhead is low enough in the simple blockage method. The delay overhead is negligible while the power overhead does not exceed 2%.
Keywords: field programmable gate arrays; logic design; trusted computing; FPGA; black boxes; critical systems; golden chip; hardware trojan protection; simple blockage method; system protection; third party IP; Benchmark testing; Cryptography; Delays; Hardware; IP networks; Standards; Trojan horses; backdoors; hardware; hardware attack; hardware trojan; security; third-party IP (ID#: 16-10880)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6628342&isnumber=6628240

C. Wu and S. Marotta, “Framework for Assessing Cloud Trustworthiness,” Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on, Santa Clara, CA, 2013, vol., no., pp. 956-957. doi:10.1109/CLOUD.2013.76
Abstract: When applications or data reside in a public cloud, trustworthiness can be compromised due to lack of control over the underlying infrastructure. Most public cloud infrastructures cannot be instrumented or modified to independently verify data integrity. To support verifiable access to applications and data residing in cloud infrastructures, we are developing a framework that treats the cloud as a black box and assesses its trustworthiness from the trusted cloud client. Our solution generates and performs diagnostic tests to assess the trustworthiness of cloud-based applications. Diagnostic tests for data objects stored in the cloud are based on a separate cryptographic hash-based check that verifies their data integrity.
Keywords: cloud computing; cryptography; data integrity; program testing; trusted computing; black box; cloud trustworthiness; cloud-based applications; cryptographic hash-based check; data integrity; diagnostic tests; public cloud infrastructures; trusted cloud client; Cloud computing; Instruments; Monitoring; Optimization; Security; Testing; cloud computing; security; trustworthiness; data integrity (ID#: 16-10881)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6740257&isnumber=6676660

K. Butterfield, H. Li, X. Zou and F. Li, “Enhancing and Implementing Fully Transparent Internet Voting,” Computer Communication and Networks (ICCCN), 2015 24th International Conference on, Las Vegas, NV, 2015, vol., no., pp. 1-6. doi:10.1109/ICCCN.2015.7288408
Abstract: Voting over the internet has been the focus of significant research with the potential to solve many problems. Current implementations typically suffer from a lack of transparency, where the connection between vote casting and result tallying is seen as a black box by voters. A new protocol was recently proposed that allows full transparency, never obfuscating any step of the process, and splits authority between mutually-constraining conflicting parties. Achieving such transparency brings with it challenging issues. In this paper we propose an efficient algorithm for generating unique, anonymous identifiers (voting locations) that is based on the Chinese Remainder Theorem, we extend the functionality of an election to allow for races with multiple winners, and we introduce a prototype of this voting system implemented as a multiplatform web application.
Keywords: Internet; Chinese remainder theorem; election functionality extension; multiplatform Web application; transparent Internet voting implementing; vote casting; Cryptography; Internet; Nominations and elections; Protocols; Prototypes; Synchronization (ID#: 16-10882)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7288408&isnumber=7288342

A. Ahmad, M. Farooq and M. Amin, “SBoxScope: A Meta S-box Strength Evaluation Framework for Heterogeneous Confusion Boxes,” 2016 49th Hawaii International Conference on System Sciences (HICSS), Koloa, HI, USA, 2016, vol., no.,
pp. 5545-5553. doi:10.1109/HICSS.2016.685
Abstract: In cipher algorithms, both block or streaming, the most important non-linear component is a confusion box (commonly termed as s Substitution box or an S-box). The designers of cipher algorithms create an S-box on the basis of a unique formal model, as a result, its parameters, including its size, are different. Consequently, it becomes a daunting task for a cryptanalyst to conduct a comparative study to analyze, in a scientific yet unbiased manner, the cryptographic strength of these heterogeneous S-boxes. The major contribution of this paper is SBoxScope, a meta S-Box strength evaluation framework that enables designers and analysts to evaluate cryptographic strength of heterogeneous S-boxes. The framework consists of two layers: (1) White Box Layer analyzes the contents of an S-box and calculates 8 relevant parameters (5 core and 3 auxiliary) and then normalizes them to draw conclusions about the strength of an S-box, (2) Black Box Layer assumes that no knowledge is available about the contents of an S-box, rather, it gives a predefined input bit stream to each S-box and then applies NIST tests to measure 10 parameters. Finally, the two layer are augmented that empowers an analyst to make a decision about the strength of an S-box after analyzing 18 different parameters. In this paper, we have evaluated 9 S-boxes of five well known cipher algorithms: AES, MARS, Skipjack, Serpent and Twofish.
Keywords: Algorithm design and analysis; Ciphers; Computer architecture; Correlation; Mars; NIST; Cipher Algorithms; Cryptographic Strength; Cryptography (ID#: 16-10883)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7427873&isnumber=7427173

K. M. Chung, H. Lin and R. Pass, “Constant-Round Concurrent Zero Knowledge from P-Certificates,” Foundations of Computer Science (FOCS), 2013 IEEE 54th Annual Symposium on, Berkeley, CA, 2013, vol., no., pp. 50-59. doi:10.1109/FOCS.2013.14
Abstract: We present a constant-round concurrent zero-knowledge protocol for NP. Our protocol relies on the existence of families of collision-resistant hash functions, and a new, but in our eyes, natural complexity-theoretic assumption: the existence of P-certificates-that is, “succinct” non-interactive proofs/arguments for P. As far as we know, our results yield the first constant-round concurrent zero-knowledge protocol for NP with an explicit zero-knowledge simulator based on any assumption.
Keywords: computational complexity; concurrency theory; theorem proving; P-certificates; collision-resistant hash functions; constant-round concurrent zero-knowledge protocol; explicit zero-knowledge simulator; natural complexity-theoretic assumption; zero-knowledge interactive proofs; Awards activities; Complexity theory; Computational modeling; Concurrent computing; Polynomials; Protocols; Security; Concurrent Zero-Knowledge; Cryptography; Non-Black-Box Technique (ID#: 16-10884)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6686140&isnumber=6686124

Qihui Zhang et al., “Optimization Design of a Low Power Asynchronous DES for Security Applications Based on Balsa and Synchronous Tools,” Electronics, Communications and Computers (CONIELECOMP), 2015 International Conference on, Cholula, 2015, vol., no., pp. 124-129. doi:10.1109/CONIELECOMP.2015.7086938
Abstract: DES has been widely used in current financial security application, but side-channel attacks are considered as serious threats to DES cryptographic algorithm. Asynchronous DES design will be a proper solution because of its natural properties. First, a low power asynchronous DES architecture and sub key generation architecture are proposed. Then, optimized Balsa implementation, GTECH-based implementation and black-box-based implementation are described to reduce area and power. Furthermore, a dual-rail implementation is carried out for future security applications and a Spartan-6 FPGA verification is checked before taping out. ASIC implementation results show that our proposed asynchronous DES architecture and black-box-based scheme can achieve about 20% lower power with 25% area increase of its synchronous equivalent, and its energy is only 8.2% and 27.3% of those reported in other papers, respectively. FPGA experimental results show that our proposed asynchronous DES exhibits an operation frequency of 196.2 MHz and costs only 4% slice LUTs. Moreover, it can be suitably integrated into contactless smart cards.
Keywords: application specific integrated circuits; cryptography; field programmable gate arrays; standards; ASIC implementation; Balsa implementation; DES cryptographic algorithm; GTECH-based implementation; Spartan-6 FPGA verification; asynchronous DES architecture; black-box-based implementation; data encryption standard; dual-rail implementation; frequency 196.2 MHz; low power asynchronous DES; security applications; slice LUT; sub key generation architecture; synchronous tools; Application specific integrated circuits; Computer architecture; Field programmable gate arrays; Hardware design languages; Libraries; Logic gates; Optimization; ASIC; Balsa properties; FPGA; asynchronous DES; dual-rail; low power; optimization schemes; security applications (ID#: 16-10885)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7086938&isnumber=7086811

R. Cheng, F. Diao and F. Zhang, “On Obfuscating Set-Membership Predicate Functions,” Intelligent Networking and Collaborative Systems (INCoS), 2013 5th International Conference on, Xi’an, 2013, vol., no., pp. 304-308. doi:10.1109/INCoS.2013.54
Abstract: Obfuscation was first studied in computer programming field, which could be explained as a compiler that translates computer codes into an unintelligible form while preserving the original functionality. Since obfuscation for cryptographic purposes was raised out, several positive results have been presented in despite of the general impossibility. Secure obfuscation of point functions have been studied well and it was pointed out that secure composition of several point function obfuscation could realize the secure obfuscation of set-membership predicate function. However, secure composition of point function obfuscation was only proposed in one literature and the security was proved in Generic Group Model (GGM) under the definition of Virtual Grey Box-Obfuscation (VGB). In this paper we propose a new obfuscation construction of set-membership predicate functions under the standard definition of Virtual Black Box-Obfuscation (VBB). We utilize the vector space technique instead of obfuscation composition, and the security of obfuscation relies on an assumption which exists in standard model. Moreover, our obfuscation result of set-membership predicate functions can hide the real scale of the set and the obfuscation construction can be securely composed for different sets.
Keywords: cryptography; set theory; vectors; compiler; computer programming; cryptographic purposes; generic group model; obfuscation composition; obfuscation security; point function obfuscation; set-membership predicate functions; vector space technique; virtual black box-obfuscation; virtual grey box-obfuscation; Cryptography; Educational institutions; Equations; Mathematical model; Standards; Vectors; Privacy; secure obfuscation; set-membership predicate function; vector space (ID#: 16-10886)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6630427&isnumber=6630249

G. S. Babil, O. Mehani, R. Boreli and M. A. Kaafar, “On the Effectiveness of Dynamic Taint Analysis for Protecting Against Private Information Leaks on Android-Based Devices,” Security and Cryptography (SECRYPT), 2013 International Conference on, Reykjavik, Iceland, 2013, vol., no., pp. 1-8. doi: (not provided)
Abstract: We investigate the limitations of using dynamic taint analysis for tracking privacy-sensitive information on Android-based mobile devices. Taint tracking keeps track of data as it propagates through variables, interprocess messages and files, by tagging them with taint marks. A popular taint-tracking system, TaintDroid, uses this approach in Android mobile applications to mark private information, such as device identifiers or user’s contacts details, and subsequently issue warnings when this information is misused (e.g., sent to an un-desired third party). We present a collection of attacks on Android-based taint tracking. Specifically, we apply generic classes of anti-taint methods in a mobile device environment to circumvent this security technique. We have implemented the presented techniques in an Android application, ScrubDroid. We successfully tested our app with the TaintDroid implementations for Android OS versions 2.3 to 4.1.1, both using the emulator and with real devices. Finally, we evaluate the success rate and time to complete of the presented attacks. We conclude that, although taint tracking may be a valuable tool for software developers, it will not effectively protect sensitive data from the black-box code of a motivated attacker applying any of the presented anti-taint tracking methods.
Keywords: Androids; Arrays; Humanoid robots; Malware; Mobile communication; Mobile handsets; Software; Android; Anti-Taint-Analysis; Anti-TaintDroid; Dynamic Taint Analysis; Malware; Privacy (ID#: 16-10887)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7223198&isnumber=7223120

M. Kim and K. Y. Kim, “Data Forgery Detection for Vehicle Black Box,” Information and Communication Technology Convergence (ICTC), 2014 International Conference on, Busan, 2014, vol., no., pp. 636-637. doi:10.1109/ICTC.2014.6983237
Abstract: This paper presents a security scheme to detect the data forgery in the vehicle black box system. The proposed scheme uses chained hash and symmetric-key encryption to check whether the data is forged or modified. Experimental results show that the proposed scheme can find and notify the point of the falsification. Based on our experiment, we believe that the proposed scheme could be a practical solution to improve the reliability of the black box data.
Keywords: cryptography; data recording; driver information systems; road vehicles; chained hash encryption; data forgery detection; driving information; security scheme; symmetric-key encryption; vehicle black box system; Accidents; Encryption; Forgery; Reliability; Vehicles; Black Box; Event data recorder; information security (ID#: 16-10888)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6983237&isnumber=6983064

R. Canetti, H. Lin and R. Pass, “From Unprovability to Environmentally Friendly Protocols,” Foundations of Computer Science (FOCS), 2013 IEEE 54th Annual Symposium on, Berkeley, CA, 2013, vol., no., pp. 70-79. doi:10.1109/FOCS.2013.16
Abstract: An important security concern for crypto-graphic protocols is the extent to which they adversely affect the security of the systems in which they run. In particular, can we rule out the possibility that introducing a new protocol to a system might, as a “side effect”, break the security of unsuspecting protocols in that system? Universally Composable (UC) security rules out such adverse side effects. However, many functionalities of interest provably cannot be realized with UC security unless the protocol participants are willing to put some trust in external computational entities. We propose a notion of security that: (a) allows realizing practically any functionality by protocols in the plain model without putting trust in any external entity; (b) guarantees that secure protocols according to this notion have no adverse side-effects on existing protocols in the system — as long as the security of these existing protocols is proven via the traditional methodology of black box reduction to a game-based cryptographic hardness assumption with bounded number of rounds. Our security notion builds on the angel-based security notion of Prabhakaran and Sahai. A key part in our analysis is to come up with a CCA-secure commitment scheme that (a) cannot be proven secure via a black box reduction to a game-based assumption, but (b) can be proven secure using a non-black-box reduction. To the best of our knowledge, this is the first time that the interplay between black-box provability and unprovability is used to demonstrate security properties of protocols.
Keywords: cryptographic protocols; game theory; CCA-secure commitment scheme; UC security; angel-based security notion; black box reduction; black-box unprovability; chosen-commitment-attack secure commitment scheme; crypto-graphic protocols; environmentally friendly protocols; external computational entities; game-based cryptographic hardness assumption; plain model; protocol security properties; secure protocols; universally composable security; Awards activities; Cryptography; Educational institutions; Games; Polynomials; Protocols; Angel-Based Security; Black-Box Unprovability; Cryptography; Environmentally Friendliness (ID#: 16-10889)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6686142&isnumber=6686124

C. Gentry, S. Halevi, M. Raykova and D. Wichs, “Outsourcing Private RAM Computation,” Foundations of Computer Science (FOCS), 2014 IEEE 55th Annual Symposium on, Philadelphia, PA, 2014, vol., no., pp. 404-413. doi:10.1109/FOCS.2014.50
Abstract: We construct the first schemes that allow a client to privately outsource arbitrary program executions to a remote server while ensuring that: (I) the client’s work is small and essentially independent of the complexity of the computation being outsourced, and (II) the server’s work is only proportional to the run-time of the computation on a random access machine (RAM), rather than its potentially much larger circuit size. Furthermore, our solutions are non-interactive and have the structure of reusable garbled RAM programs, addressing an open question of Lu and Ostrovsky (Eurocrypt 2013). We also construct schemes for an augmented variant of the above scenario, where the client can initially outsource a large private and persistent database to the server, and later outsource arbitrary program executions with read/write access to this database. Our solutions are built from non-reusable garbled RAM in conjunction with new types of reusable garbled circuits that are more efficient than prior solutions but only satisfy weaker security. For the basic setting without a persistent database, we can instantiate the required type of reusable garbled circuits from indistinguishability obfuscation or from functional encryption for circuits as a black-box. For the more complex setting with a persistent database, we can instantiate the required type of reusable garbled circuits using stronger notions of obfuscation. Our basic solution also requires the client to perform a one-time pre-processing step to garble a program at the cost of its RAM run-time, and we can avoid this cost using stronger notions of obfuscation. It remains an open problem to instantiate these new types of reusable garbled circuits under weaker assumptions, possibly avoiding obfuscation altogether. We show several simple extensions of our results and techniques to achieve: efficiency proportional to the input-specific RAM run-time, verifiability of outsourced RAM computation, functional encryption for RAMs, and a candidate obfuscation for RAMs.
Keywords: cryptography; outsourcing; program compilers; software reusability; computation complexity; functional encryption; input-specific RAM run-time; nonreusable garbled RAM; one-time preprocessing step; outsourced RAM computation verifiability; private RAM computation outsourcing; private arbitrary program execution outsourcing; random access machine; read-write access; remote server; reusable garbled RAM programs; Complexity theory; Databases; Outsourcing; Protocols; Random access memory; Security; Servers; obfuscation; reusable garbled RAM; reusable garbled circuits (ID#: 16-10890)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6979025&isnumber=6978973

F. Aarts, J. De Ruiter and E. Poll, “Formal Models of Bank Cards for Free,” Software Testing, Verification and Validation Workshops (ICSTW), 2013 IEEE Sixth International Conference on, Luxembourg, 2013, pp. 461-468. doi:10.1109/ICSTW.2013.60
Abstract: Learning techniques allow the automatic inference of the behaviour of a system as a finite state machine. We demonstrate that learning techniques can be used to extract such formal models from software on banking smartcards which, as most bank cards do, implement variants of the EMV protocol suite. Such automated reverse-engineering, which only observes the smartcard as a black box, takes little effort and is fast. The finite state machine models obtained provide a useful insight into decisions (or indeed mistakes) made in the design and implementation, and would be useful as part of security evaluations, not just for bank cards but for smartcard applications in general, as they can show unexpected additional functionality that is easily missed in conformance tests.
Keywords: banking; finite state machines; formal specification; formal verification; inference mechanisms; learning (artificial intelligence); reverse engineering; security of data; smart cards; EMV protocol suite; banking smart card; finite state machine; formal model; learning technique; security evaluation; smart card application; system behaviour inference; Credit cards; Cryptography; Learning automata; Protocols; Standards; Testing (ID#: 16-10891)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6571671&isnumber=6571592

L. Chen, H. W. Lim and G. Yang, “Cross-Domain Password-Based Authenticated Key Exchange Revisited,” INFOCOM, 2013 Proceedings IEEE, Turin, 2013, vol., no., pp. 1052-1060. doi:10.1109/INFCOM.2013.6566895
Abstract: We revisit the problem of cross-domain secure communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this paper, we propose a four-party password-based authenticated key exchange (4PAKE) protocol that takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that “certify” some key materials that the users can subsequently exchange and agree on a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange protocol and two-party asymmetric-key based key exchange protocol as black boxes, we combine them to obtain a generic and provably secure 4PAKE protocol.
Keywords: cryptographic protocols; public key cryptography; telecommunication security; cross-domain password-based authenticated key exchange; cross-domain secure communication; domain authentication servers; four-party password-based authenticated key exchange protocol; long-term secret key; public key certificates; trusted certificate; two-party asymmetric-key based key exchange protocol; two-party password-based key exchange protocol; Authentication; Electronic mail; Materials; Protocols; Public key; Servers; Password-based protocol; client-to-client; cross-domain; key exchange (ID#: 16-10892)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6566895&isnumber=6566708

N. Bitansky, O. Paneth and A. Rosen, “On the Cryptographic Hardness of Finding a Nash Equilibrium,” Foundations of Computer Science (FOCS), 2015 IEEE 56th Annual Symposium on, Berkeley, CA, 2015, vol., no., pp. 1480-1498. doi:10.1109/FOCS.2015.94
Abstract: We prove that finding a Nash equilibrium of a game is hard, assuming the existence of indistinguishability obfuscation and one-way functions with sub-exponential hardness. We do so by showing how these cryptographic primitives give rise to a hard computational problem that lies in the complexity class PPAD, for which finding Nash equilibrium is complete. Previous proposals for basing PPAD-hardness on program obfuscation considered a strong “virtual black-box” notion that is subject to severe limitations and is unlikely to be realizable for the programs in question. In contrast, for indistinguishability obfuscation no such limitations are known, and recently, several candidate constructions of indistinguishability obfuscation were suggested based on different hardness assumptions on multilinear maps. Our result provides further evidence of the intractability of finding a Nash equilibrium, one that is extrinsic to the evidence presented so far.
Keywords: computational complexity; cryptography; game theory; PPAD complexity class; complete Nash equilibrium; cryptographic hardness; hard computational problem; hard-Nash equilibrium; indistinguishability obfuscation; multilinear maps; one-way functions; subexponential hardness; Complexity theory; Computer science; Cryptography; Games; Search problems; nash equilibrium; obfuscation (ID#: 16-10893)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7354468&isnumber=7354373
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Command Injection Attacks

	Command Injection Attacks

Command or shell injection is one of the most critical vulnerabilities. To the Science of Security community, command injection attacks impact cyber physical systems and are related to composability, resiliency, and metrics. 

Tuan Phan Vuong, G. Loukas, D. Gan and A. Bezemskij, “Decision Tree-Based Detection of Denial of Service and Command Injection Attacks on Robotic Vehicles,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, vol., no., pp. 1-6. doi:10.1109/WIFS.2015.7368559
Abstract: Mobile cyber-physical systems, such as automobiles, drones and robotic vehicles, are gradually becoming attractive targets for cyber attacks. This is a challenge because intrusion detection systems built for conventional computer systems tend to be unsuitable. They can be too demanding for resource-restricted cyber-physical systems or too inaccurate due to the lack of real-world data on actual attack behaviours. Here, we focus on the security of a small remote-controlled robotic vehicle. Having observed that certain types of cyber attacks against it exhibit physical impact, we have developed an intrusion detection system that takes into account not only cyber input features, such as network traffic and disk data, but also physical input features, such as speed, physical jittering and power consumption. As the system is resource-restricted, we have opted for a decision tree-based approach for generating simple detection rules, which we evaluate against denial of service and command injection attacks. We observe that the addition of physical input features can markedly reduce the false positive rate and increase the overall accuracy of the detection.
Keywords: control engineering computing; cyber-physical systems; decision trees; mobile robots; security of data; telerobotics; vehicles; attack behaviours; automobiles; command injection attacks; computer systems; cyber attacks; decision tree-based detection; denial of service attacks; detection rules; disk data; drones; false positive rate; intrusion detection systems; mobile cyber-physical systems; network traffic; physical input features; physical jittering; power consumption; security; small remote-controlled robotic vehicle; Computer crime; Decision trees; Feature extraction; Intrusion detection; Robot kinematics; Vehicles; Command injection; Cyber-physical attack; Cyber-physical systems; Decision tree; Denial of service (DoS); Intrusion detection; Mobile robots; Network security (ID#: 16-10402)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7368559&isnumber=7368550

R. Johari and P. Sharma, “A Survey on Web Application Vulnerabilities (SQLIA, XSS) Exploitation and Security Engine for SQL Injection,” Communication Systems and Network Technologies (CSNT), 2012 International Conference on, Rajkot, 2012, vol., no., pp. 453-458. doi:10.1109/CSNT.2012.104
Abstract: Today almost all organizations have improved their performance through allowing more information exchange within their organization as well as between their distributers, suppliers, and customers using web support. Databases are central to the modern websites as they provide necessary data as well as stores critical information such as user credentials, financial and payment information, company statistics etc. These websites have been continuously targeted by highly motivated malicious users to acquire monetary gain. Structured Query Language (SQL) injection and Cross Site Scripting Attack (XSS) is perhaps one of the most common application layer attack technique used by attacker to deface the website, manipulate or delete the content through inputting unwanted command strings. Structured Query Language Injection Attacks (SQLIA) is ranked 1st in the Open Web Application Security Project (OWASP) [1] top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. In this paper, we present a detailed review on various types of Structured Query Language Injection attacks, Cross Site Scripting Attack, vulnerabilities, and prevention techniques. Besides presenting our findings from the survey, we also propose future expectations and possible development of countermeasures against Structured Query Language Injection attacks.
Keywords: SQL; Web sites; security of data; software performance evaluation; OWASP; SQL injection; SQLIA exploitation; Web application vulnerabilities; Web support; XSS exploitation; application layer attack technique; attack prevention techniques; content deletion; content manipulation; cross site scripting attack; information exchange; malicious users; monetary gain; open Web application security project; performance improvement; security engine; structured query language injection attacks; Analytical models; Browsers; Databases; Encryption; Peer to peer computing; Runtime; Servers; Authentication Bypass; Database Mapping etc; Dynamic Analysis; Input Validation; SQL Injection Attack; Static Analysis; Unauthorized Access; Web Vulnerabilities
(ID#: 16-10403)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6200667&isnumber=6200561

A. Sadeghian, M. Zamani and A. A. Manaf, “A Taxonomy of SQL Injection Detection and Prevention Techniques,” Informatics and Creative Multimedia (ICICM), 2013 International Conference on, Kuala Lumpur, 2013, vol., no., pp. 53-56. doi:10.1109/ICICM.2013.18
Abstract: While using internet for proposing online services is increasing every day, security threats in the web also increased dramatically. One of the most serious and dangerous web application vulnerabilities is SQL injection. SQL injection attack took place by inserting a portion of malicious SQL query through a non-validated input from the user into the legitimate query statement. Consequently database management system will execute these commands and it leads to SQL injection. A successful SQL injection attack interfere Confidentiality, Integrity and availability of information in the database. Based on the statistical researches this type of attack had a high impact on business. Finding the proper solution to stop or mitigate the SQL injection is necessary. To address this problem security researchers introduce different techniques to develop secure codes, prevent SQL injection attacks and detect them. In this paper we present a comprehensive review of different types of SQL injection detection and prevention techniques. We criticize strengths and weaknesses of each technique. Such a structural classification would further help other researchers to choose the right technique for the further studies.
Keywords: Internet; SQL; query processing; security of data; SQL injection attacks; SQL injection detection technique; SQL injection prevention technique; database management system; legitimate query statement; malicious SQL query; statistical researches; structural classification; Browsers; Conferences; Context; Databases; Runtime; Security; Testing; Information security; SQL injection; Web application vulnerability (ID#: 16-10404)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6702782&isnumber=6702763

Wei Gao, T. Morris, B. Reaves and D. Richey, “On SCADA Control System Command and Response Injection and Intrusion Detection,” eCrime Researchers Summit (eCrime), 2010, Dallas, TX, 2010, vol., no., pp. 1-9. doi:10.1109/ecrime.2010.5706699
Abstract: SCADA systems are widely used in critical infrastructure sectors, including electricity generation and distribution, oil and gas production and distribution, and water treatment and distribution. SCADA process control systems are typically isolated from the internet via firewalls. However, they may still be subject to illicit cyber penetrations and may be subject to cyber threats from disgruntled insiders. We have developed a set of command injection, data injection, and denial of service attacks which leverage the lack of authentication in many common control system communication protocols including MODBUS, DNP3, and EtherNET/IP. We used these exploits to aid in development of a neural network based intrusion detection system which monitors control system physical behavior to detect artifacts of command and response injection attacks. Finally, we present intrusion detection accuracy results for our neural network based IDS which includes input features derived from physical properties of the control system.
Keywords: SCADA systems; authorisation; computer crime; critical infrastructures; neural nets; DNP3; EtherNET/IP; Internet; MODBUS; control system communication protocol; critical infrastructure sector; cyber threat; data injection; denial of service attack; electricity generation; firewall; intrusion detection; neural network; oil and gas production; water distribution; water treatment; Chemicals; Ethernet networks; IP networks; Monitoring; Protocols; Registers; Security; SCADA control system; cyber security
(ID#: 16-10405)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5706699&isnumber=5706677

N. Antunes, N. Laranjeiro, M. Vieira and H. Madeira, “Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services,” Services Computing, 2009. SCC ’09. IEEE International Conference on, Bangalore, 2009, vol., no., pp. 260-267. doi:10.1109/SCC.2009.23
Abstract: This paper proposes a new automatic approach for the detection of SQL Injection and XPath Injection vulnerabilities, two of the most common and most critical types of vulnerabilities in Web services. Although there are tools that allow testing Web applications against security vulnerabilities, previous research shows that the effectiveness of those tools in Web services environments is very poor. In our approach a representative workload is used to exercise the Web service and a large set of SQL/XPath injection attacks are applied to disclose vulnerabilities. Vulnerabilities are detected by comparing the structure of the SQL/XPath commands issued in the presence of attacks to the ones previously learned when running the workload in the absence of attacks. Experimental evaluation shows that our approach performs much better than known tools (including commercial ones), achieving extremely high detection coverage while maintaining the false positives rate very low.
Keywords: SQL; Web services; program testing; security of data; SQL injection vulnerabilities; Web services; XPath injection vulnerabilities; security vulnerabilities; Data security; Informatics; Pattern analysis; Performance analysis; Performance evaluation; Relational databases; Runtime; Stress; Testing (ID#: 16-10406)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5283945&isnumber=5283890

A. Stasinopoulos, C. Ntantogian and C. Xenakis, “The Weakest Link on the Network: Exploiting ADSL Routers to Perform Cyber-Attacks,” Signal Processing and Information Technology(ISSPIT), 2013 IEEE International Symposium on, Athens, 2013, vol., no., pp. 000135-000139. doi:10.1109/ISSPIT.2013.6781868
Abstract: ADSL routers are an integral part of today’s home and small office networks. Typically, these devices are provided by a user’s ISP and are, usually, managed by people who do not have any special technical knowledge. Often poorly configured and vulnerable, such devices are an easy target for network-based attacks, allowing cyber-criminals to quickly and easily gain control over a network. In this paper, we systematically evaluate the security of ADSL routers and identify the potential of attacks, which attempt to compromise the vulnerabilities of their web interface. More specifically, we present common vulnerabilities and attacks that occur in websites on the Internet, and project them on the special characteristics of the web management interface of ADSL routers. To put this analysis into a practical context, we investigate the security of a popular ADSL router provided by a Greek ISP. In this security assessment, we have discovered two 0-day vulnerabilities in the web management interface of the tested router. In particular, we discovered an operating system (OS) command injection and stored Cross-Site Scripting (XSS) attack. A malicious may exploit these vulnerabilities to perform several large-scale attacks. Specifically, he/she can perform DNS hijacking attack and redirect the users to fake web sites for phishing; mount a Distributed Denial of Service (DDoS) attack using the compromised routers as zombie machines; or even spread a malware. Finally, we discuss some well-known security practices that should be followed from developers and users to enhance the security of ADSL routers.
Keywords: Internet; digital subscriber lines; telecommunication network routing; telecommunication security; ADSL router security; DDoS attack; DNS hijacking attack; Greek ISP; Internet service providers; OS command injection; Web interface; Web management interface; Web sites; XSS attack; asymmetric digital subscriber line; cross-site scripting attack; cyber-attacks; distributed denial-of-service attack; home networks; malware; network-based attacks; operating system; security assessment; security practices; small office networks; zombie machines; Broadband communication; Chaos; Operating systems; Testing; ADSL routers; DNS hijacking; XSS; command injection; phishing; web interface vulnerabilities (ID#: 16-10407)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6781868&isnumber=6781844

J. M. Beaver, R. C. Borges-Hink and M. A. Buckner, “An Evaluation of Machine Learning Methods to Detect Malicious SCADA Communications,” Machine Learning and Applications (ICMLA), 2013 12th International Conference on, Miami, FL, 2013, vol., no., pp. 54-59. doi:10.1109/ICMLA.2013.105
Abstract: Critical infrastructure Supervisory Control and Data Acquisition (SCADA) systems have been designed to operate on closed, proprietary networks where a malicious insider posed the greatest threat potential. The centralization of control and the movement towards open systems and standards has improved the efficiency of industrial control, but has also exposed legacy SCADA systems to security threats that they were not designed to mitigate. This work explores the viability of machine learning methods in detecting the new threat scenarios of command and data injection. Similar to network intrusion detection systems in the cyber security domain, the command and control communications in a critical infrastructure setting are monitored, and vetted against examples of benign and malicious command traffic, in order to identify potential attack events. Multiple learning methods are evaluated using a dataset of Remote Terminal Unit communications, which included both normal operations and instances of command and data injection attack scenarios.
Keywords: SCADA systems; computer network security; critical infrastructures; industrial control; learning (artificial intelligence); open systems; command and control communication; critical infrastructure monitoring; critical infrastructure systems; cyber security domain; data injection attack; machine learning method; malicious SCADA communication detection; network intrusion detection system; open standards; open systems; potential attack event identification; remote terminal unit communication; security threat potential; supervisory control and data acquisition; Intrusion detection; Learning systems; Machine learning algorithms; Pipelines; Telemetry; SCADA; critical infrastructure protection; intrusion detection; machine learning; network (ID#: 16-10408)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6786081&isnumber=6786067

Pang Zhonghua, Hou Fangyuan, Zhou Yuguo and Sun Dehui, “False Data Injection Attacks for Output Tracking Control Systems,” Control Conference (CCC), 2015 34th Chinese, Hangzhou, 2015, vol., no., pp. 6747-6752. doi:10.1109/ChiCC.2015.7260704
Abstract: Cyber-physical systems (CPSs) have been gaining popularity with their high potential in widespread applications, and the security of CPSs becomes a rigorous problem. In this paper, an output track control (OTC) method is designed for discrete-time linear time-invariant Gaussian systems. The output tracking error is regarded as an additional state, Kalman filter-based incremental state observer and LQG-based augmented state feedback control strategy are designed, and Euclidean-based detector is used for detecting the false data injection attacks. Stealthy false data attacks which can completely disrupt the normal operation of the OTC systems without being detected are injected into the sensor measurements and control commands, respectively. Three kinds of numerical examples are employed to illustrate the effectiveness of the designed false data injection attacks.
Keywords: Gaussian processes; discrete time systems; linear systems; observers; security of data; sensors; state feedback; CPS security; Euclidean-based detector; Kalman filter-based incremental state observer; LQG-based augmented state feedback control strategy; OTC method; OTC systems; cyber-physical systems; discrete-time linear time-invariant Gaussian systems; false data injection attacks; output track control method; output tracking control systems; output tracking error; sensor measurements; Detectors; Kalman filters; Robot sensing systems; Security; State estimation; State feedback; Cyber-physical systems; Kalman filter; output tracking control (ID#: 16-10409)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7260704&isnumber=7259602

R. Borgaonkar, “An Analysis of the Asprox Botnet,” Emerging Security Information Systems and Technologies (SECURWARE), 2010 Fourth International Conference on, Venice, 2010, vol., no., pp. 148-153. doi:10.1109/SECURWARE.2010.32
Abstract: The presence of large pools of compromised computers, also known as botnets, or zombie armies, represents a very serious threat to Internet security. This paper describes the architecture of a contemporary advanced bot commonly known as Asprox. Asprox is a type of malware that combines the two threat vectors of forming a botnet and of generating SQL injection attacks. The main features of the Asprox botnet are the use of centralized command and control structure, HTTP based communication, use of advanced double fast-flux service networks, use of SQL injection attacks for recruiting new bots and social engineering tricks to spread malware binaries. The objective of this paper is to contribute to a deeper understanding of Asprox in particular and a better understanding of modern botnet designs in general. This knowledge can be used to develop more effective methods for detecting botnets, and stopping the spreading of botnets on the Internet.
Keywords: Internet; SQL; invasive software; Asprox botnet analysis; HTTP based communication; Internet security threat; SQL injection attack; advanced bot architecture; bot recruitment; botnet detection; double fast-flux service network; malware binary spreading; social engineering; zombie armies; Computer architecture; Computers; IP networks; Malware; Protocols; Servers; Asprox; Bot; Botnet; Fast-flux networks; Malware; SQL injection (ID#: 16-10410)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5633693&isnumber=5630128

Y. O. Basciftci and F. Ozguner, “Trust Aware Particle Filters for Autonomous Vehicles,” Vehicular Electronics and Safety (ICVES), 2012 IEEE International Conference on, Istanbul, 2012, vol., no., pp. 50-54. doi:10.1109/ICVES.2012.6294259
Abstract: Cyber-Physical Systems have been widely employed in safety critical applications including intelligent highways, autonomous vehicles and robotic systems. State estimation is crucial for Cyber-Physical Systems because control commands that are sent to physical systems depend on the estimated states. The particle filter is a good candidate for state estimation due to its applicability to nonlinear and/or non-Gaussian dynamic systems. However, classical particle filters are not robust against false data injection from sensors compromised by attackers. In this paper, we propose a novel particle filter algorithm, trust aware particle filter, that is robust to false data injection attacks. We develop a framework in which a state estimator assigns trust values to sensors based on the measurements and we utilize the trust values in the state estimation. Simulation results demonstrate the robustness of the trust aware particle filter in the presence of false data injection attacks.
Keywords: mobile robots; nonlinear dynamical systems; particle filtering (numerical methods); sensors; state estimation; autonomous vehicles; cyber-physical systems; false data injection attacks; intelligent highways; nonGaussian dynamic systems; nonlinear dynamic systems; robotic systems; safety critical applications; trust aware particle filters; trust values; Atmospheric measurements; Noise; Particle measurements; Robustness; Sensor fusion; State estimation (ID#: 16-10411)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6294259&isnumber=6294251

V. S. Randhe, A. B. Chougule and D. Mukhopadhyay, “Reverse Proxy Framework Using Sanitization Technique for Intrusion Prevention in Database,” Computational Intelligence and Information Technology, 2013. CIIT 2013. Third International Conference on, Mumbai, 2013, vol., no., pp. 200-208. doi:10.1049/cp.2013.2592
Abstract: With the increasing importance of the internet in our day-to-day life, data security in web application has become very crucial. Ever increasing online and real time transaction services have led to manifold rise in the problems associated with the database security. Attacker uses illegal and unauthorized approaches to hijack the confidential information like username, password and other vital details. Hence the real-time transaction requires security against web based attacks. SQL injection and cross site scripting attack are the most common application layer attack. The SQL injection attacker pass SQL statement through a web application’s input fields, URL or hidden parameters and get access to the database or update it. The attacker take a benefit from user provided data in such a way that the user’s input is handled as a SQL code. Using this vulnerability an attacker can execute SQL commands directly on the database. SQL injection attacks are most serious threats which take user’s input and integrate it into SQL query. Reverse Proxy is a technique which is used to sanitize the users’ inputs that may transform into a database attack. In this technique a data redirector program redirects the user’s input to the proxy server before it is sent to the application server. At the proxy server, data cleaning algorithm is triggered using a sanitizing application. In this framework we include detection and sanitization of the tainted information being sent to the database and innovate a new prototype.
Keywords: Internet; SQL; database management systems; query processing; security of data; SQL code; SQL injection attacker; SQL query; SQL statement; URL; Web application; Web based attacks; application layer attack; confidential information; cross site scripting attack; data redirector program; data security; database attack; database security; illegal approaches; intrusion prevention; proxy server; real-time transaction; reverse proxy framework; sanitization technique; transaction services; unauthorized approaches; Cross Site Scripting Attack; Data Sanitization; Database Security; SQL Attack; SQL Injection; Security Threats
(ID#: 16-10412)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6950876&isnumber=6897631

N. Laranjeiro, M. Vieira and H. Madeira, “A Learning-Based Approach to Secure Web Services from SQL/XPath Injection Attacks,” Dependable Computing (PRDC), 2010 IEEE 16th Pacific Rim International Symposium on, Tokyo, 2010, vol., no., pp. 191-198. doi:10.1109/PRDC.2010.24
Abstract: Business critical applications are increasingly being deployed as web services that access database systems, and must provide secure operations to its clients. Although the open web environment emphasizes the need for security, several studies show that web services are still being deployed with command injection vulnerabilities. This paper proposes a learning-based approach to secure web services against SQL and XPath Injection attacks. Our approach is able to transparently learn valid request patterns (learning phase) and then detect and abort potentially harmful requests (protection phase). When it is not possible to have a complete learning phase, a set of heuristics can be used to accept/discard doubtful cases. Our mechanism was applied to secure TPC-App services and open source services. It showed to be extremely effective in stopping all tested attacks, while introducing a negligible performance impact.
Keywords: SQL; Web services; business data processing; learning (artificial intelligence); relational databases; security of data; SQL/XPath injection attacks; business critical applications; database systems; learning-based approach; secure Web services; SQL/ XPath Injection; code instrumentation; security; vulnerabilities (ID#: 16-10413)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5703244&isnumber=5703220

C. C. Kulkarni and S. A. Kulkarni, “Human Agent Knowledge Transfer Applied to Web Security,” Computing, Communications and Networking Technologies (ICCCNT), 2013 Fourth International Conference on, Tiruchengode, 2013, vol., no., pp. 1-4. doi:10.1109/ICCCNT.2013.6726770
Abstract: Web Applications today rely heavily on database for storage of information & processing of the same. In the same time plenty of threats & security attacks are being launched against web - applications that are aimed to inject commands and gain unauthorized access to the sensitive information from the back-end database. Plenty of attacks exploit vulnerabilities of web-based applications, with majority because of input validation flaws. If the input provided by user is not sanitized correctly, then it is easily possible to launch variety of attacks that force web-based applications to compromise the security of back-end databases. In this work we propose a novel approach for detecting the SQL Injection attacks by applying TD machine learning technique. In this approach first the SQL query is compared with KB and if the query matches KB then it is a genuine query and database access is given. But in case of SQLIA queries, they are subjected to tokenization and then SQL query analysis is performed. A model based RL using TD learning is developed to distinguish between genuine & SQLIA queries. In the model, if the query traverses the path & reaches final state with higher rewards then it is termed as a SQLIA query.
Keywords: Internet; SQL; learning (artificial intelligence); security of data; software agents; SQL injection attacks; SQL query analysis; SQLIA queries; TD machine learning; Web applications; Web security; back-end databases; database access; genuine query; human agent knowledge transfer; model based RL; query traverses; security attacks; sensitive information; tokenization; Computer hacking; Databases; Games; Grippers; Intrusion detection; Testing; HAT; Reinforcement Learning; SQLIA; TD Learning (ID#: 16-10414)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6726770&isnumber=6726462

Yang Zhong, H. Asakura, H. Takakura and Y. Oshima, “Detecting Malicious Inputs of Web Application Parameters Using Character Class Sequences,” Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual, Taichung, 2015, vol., no., pp. 525-532. doi:10.1109/COMPSAC.2015.73
Abstract: Web attacks that exploit vulnerabilities of web applications are still major problems. The number of attacks that maliciously manipulate parameters of web applications such as SQL injections and command injections is increasing nowadays. Anomaly detection is effective for detecting these attacks, particularly in the case of unknown attacks. However, existing anomaly detection methods often raise false alarms with normal requests whose parameters differ slightly from those of learning data because they perform strict feature matching between characters appeared as parameter values and those of normal profiles. We propose a novel anomaly detection method using the abstract structure of parameter values as features of normal profiles in this paper. The results of experiments show that our approach reduced the false positive rate more than existing methods with a comparable detection rate.
Keywords: Internet; security of data; SQL injections; Web application parameters; Web attacks; anomaly detection; character class sequences; command injections; malicious input detection; Accuracy; Electronic mail; Feature extraction; Payloads; Servers; Training; Training data; Anomaly detection; Attack detection; HTTP; Web application (ID#: 16-10415)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7273662&isnumber=7273573

Anh Nguyen-Tuong et al., “To B or not to B: Blessing OS Commands with Software DNA Shotgun Sequencing,” Dependable Computing Conference (EDCC), 2014 Tenth European, Newcastle, 2014, vol., no., pp. 238-249. doi:10.1109/EDCC.2014.13
Abstract: We introduce Software DNA Shotgun Sequencing (S3), a novel, biologically-inspired approach to combat OS Injection Attacks, the #2 most dangerous software error as identified by MITRE. To thwart such attacks, researchers have advocated various forms of taint-tracking techniques. Despite promising results, e.g., few missed attacks and few false alarms, taint-tracking has not seen widespread adoption. Impediments to adoption include high overhead and difficulty of deployment. S3 is based on a novel technique: positive taint inference which dynamically reassembles string fragments from a binary to infer blessed, i.e. trusted, parts of an OS command. S3 incurs negligible performance overhead and is easy to deploy as it operates directly on binary programs.
Keywords: DNA; biology computing; operating systems (computers); security of data; binary programs; biologically inspired approach; blessing OS commands; combat OS injection attacks; operating system; software DNA shotgun sequencing; software error; taint tracking techniques; Computer architecture; Operating systems; Security; Sequential analysis; Servers; command injection; injection; security; taint inference; taint tracking (ID#: 16-10416)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6821110&isnumber=6821069

Tuan Phan Vuong, G. Loukas and D. Gan, “Performance Evaluation of Cyber-Physical Intrusion Detection on a Robotic Vehicle,” Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, Liverpool, 2015, vol., no., pp. 2106-2113. doi:10.1109/CIT/IUCC/DASC/PICOM.2015.313
Abstract: Intrusion detection systems designed for conventional computer systems and networks are not necessarily suitable for mobile cyber-physical systems, such as robots, drones and automobiles. They tend to be geared towards attacks of different nature and do not take into account mobility, energy consumption and other physical aspects that are vital to a mobile cyber-physical system. We have developed a decision tree-based method for detecting cyber attacks on a small-scale robotic vehicle using both cyber and physical features that can be measured by its on-board systems and processes. We evaluate it experimentally against a variety of scenarios involving denial of service, command injection and two types of malware attacks. We observe that the addition of physical features noticeably improves the detection accuracy for two of the four attack types and reduces the detection latency for all four.
Keywords: decision trees; invasive software; mobile robots; remotely operated vehicles; telecommunication security; account mobility; command injection; computer networks; computer systems; cyber attack detection; cyber features; cyber-physical intrusion detection systems; decision tree-based method; energy consumption; malware attacks; mobile cyber-physical systems; performance evaluation; physical features; small-scale robotic vehicle; Computer crime; Decision trees; Feature extraction; Intrusion detection; Robots; Vehicles; Command injection; Cyber-physical attack; Cyber-physical systems; Decision tree; Denial of service (DoS); Detection Latency; Intrusion detection; Malware; Mobile robots; Network security (ID#: 16-10417)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7363359&isnumber=7362962

B. Zekan, M. Shtern and V. Tzerpos, “Protecting Web Applications via Unicode Extension,” Software Analysis, Evolution and Reengineering (SANER), 2015 IEEE 22nd International Conference on, Montreal, QC, 2015, vol., no., pp. 419-428. doi:10.1109/SANER.2015.7081852
Abstract: Protecting web applications against security attacks, such as command injection, is an issue that has been attracting increasing attention as such attacks are becoming more prevalent. Taint tracking is an approach that achieves protection while offering significant maintenance benefits when implemented at the language library level. This allows the transparent re-engineering of legacy web applications without the need to modify their source code. Such an approach can be implemented at either the string or the character level.
Keywords: program debugging; security of data; software maintenance; command injection; language library level; legacy Web application; maintenance benefit; security attack; taint tracking; unicode extension; Databases; Java; Operating systems; Prototypes; Security; Servers (ID#: 16-10418)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7081852&isnumber=7081802

Y. Kosuga, K. Kono, M. Hanaoka, M. Hishiyama and Y. Takahama, “Sania: Syntactic and Semantic Analysis for Automated Testing Against SQL Injection,” Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual, Miami Beach, FL, 2007, vol., no., pp. 107-117. doi:10.1109/ACSAC.2007.20
Abstract: With the recent rapid increase in interactive Web applications that employ back-end database services, an SQL injection attack has become one of the most serious security threats. The SQL injection attack allows an attacker to access the underlying database, execute arbitrary commands at intent, and receive a dynamically generated output, such as HTML Web pages. In this paper, we present our technique, Sania, for detecting SQL injection vulnerabilities in Web applications during the development and debugging phases. Sania intercepts the SQL queries between a Web application and a database, and automatically generates elaborate attacks according to the syntax and semantics of the potentially vulnerable spots in the SQL queries. In addition, Sania compares the parse trees of the intended SQL query and those resulting after an attack to assess the safety of these spots. We evaluated our technique using real-world Web applications and found that our solution is efficient in comparison with a popular Web application vulnerabilities scanner. We also found vulnerability in a product that was just about to be released.
Keywords: Internet; SQL; program debugging; program diagnostics; program testing; query processing; security of data; trees (mathematics); HTML Web pages; SQL injection attack; SQL queries; Sania; automated testing; back-end database services; interactive Web applications; parse trees; security threat; semantic analysis; syntactic analysis; system debugging; system development; Application software; Authentication; Automatic testing; Computer science; Computer security; Data security; Debugging; HTML; Information analysis; Relational databases (ID#: 16-10419)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4412981&isnumber=4412960

M. Knysz, X. Hu, Y. Zeng and K. G. Shin, “Open WiFi networks: Lethal Weapons for Botnets?,” INFOCOM, 2012 Proceedings IEEE, Orlando, FL, 2012, vol., no., pp. 2631-2635. doi:10.1109/INFCOM.2012.6195668
Abstract: This paper assesses the potential for highly mobile botnets to communicate and perform nefarious actions using only open WiFi networks, which we term mobile WiFi botnets. We design and evaluate a proof-of-concept mobile WiFi botnet using real-world mobility traces and actual open WiFi network locations for the urban environment of San Francisco. Our extensive simulation results demonstrate that mobile WiFi botnets can support rapid command propagation, with commands typically reaching over 75% of the botnet only 2 hours after injection-sometimes, within as little as 30 minutes. Moreover, those bots able to receive commands usually have ≈40-50% probability of being able to do so within a minute of the command being issued. Our evaluation results also indicate that even a small mobile WiFi botnet of only 536 bots can launch an effective DDoS attack against poorly protected systems. Furthermore, mobile WiFi botnet traffic is sufficiently distributed across multiple open WiFi networks—with no single network being over-utilized at any given moment—to make detection difficult.
Keywords: computer network security; mobile computing; telecommunication traffic; wireless LAN; actual open WiFi network locations; effective DDoS attack; lethal weapons; mobile WiFi botnet traffic; proof-of-concept mobile WiFi botnet; rapid command propagation; real-world mobility traces; Computer crime; IEEE 802.11 Standards; Mobile communication; Mobile computing; Mobile handsets; Protocols; Servers (ID#: 16-10420)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6195668&isnumber=6195452

D. Arora, A. Verigin, T. Godkin and S. W. Neville, “Statistical Assessment of Sybil-Placement Strategies within DHT-Structured Peer-to-Peer Botnets,” Advanced Information Networking and Applications (AINA), 2014 IEEE 28th International Conference on, Victoria, BC, 2014, vol., no., pp. 821-828. doi:10.1109/AINA.2014.100
Abstract: Botnets are a well recognized global cyber-security threat as they enable attack communities to command large collections of compromised computers (bots) on-demand. Peer to-peer (P2P) distributed hash tables (DHT) have become particularly attractive botnet command and control (C & C) solutions due to the high level resiliency gained via the diffused random graph overlays they produce. The injection of Sybils, computers pretending to be valid bots, remains a key defensive strategy against DHT-structured P2P botnets. This research uses packet level network simulations to explore the relative merits of random, informed, and partially informed Sybil placement strategies. It is shown that random placements perform nearly as effectively as the tested more informed strategies, which require higher levels of inter-defender co-ordination. Moreover, it is shown that aspects of the DHT-structured P2P botnets behave as statistically nonergodic processes, when viewed from the perspective of stochastic processes. This suggests that although optimal Sybil placement strategies appear to exist they would need carefully tuning to each specific P2P botnet instance.
Keywords: command and control systems; computer network security; invasive software; peer-to-peer computing; statistical analysis; stochastic processes; C&C solutions; DHT-structured P2P botnets; DHT-structured peer-to-peer botnets; Sybil placement strategy statistical assessment; botnet command and control solution; compromised computer on-demand collections; cyber security threat; diffused random graph; interdefender coordination; packet level network simulation; peer-to-peer distributed hash tables; stochastic process; Computational modeling; Computers; Internet; Network topology; Peer-to-peer computing; Routing; Topology (ID#: 16-10421)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6838749&isnumber=6838626

P. Sripairojthikoon and T. Senivongse, “Concept-Based Readability of Web Services Descriptions,” Advanced Communication Technology (ICACT), 2013 15th International Conference on, PyeongChang, 2013, vol., no., pp. 853-858.  doi: (not provided)
Abstract: Web Services is a technology for building distributed software applications that are built upon a set of information and communication standards. Among those standards is the Web Services Description Language (WSDL) which is an XML-based language for describing service descriptions. Service providers will publish WSDL documents of their Web services so that service consumers can learn about service capability and how to interface with the services. Since WSDL documents are the primary source of service information, readability of WSDL documents is of concern to service providers, i.e. service descriptions should be understood with ease by service consumers. Providing highly readable service descriptions can then be used as a strategy to attract service consumers. However, given highly readable information in the WSDL documents, competitors are able to learn know-how and can copy the design to offer competing services. Security attacks such as information espionage, client impersonation, command injection, and denial of service are also possible since attackers can learn about exchanged data and invocation patterns from WSDL documents. While readability of service descriptions makes Web services discoverable, it contributes to service vulnerability too. Service designers therefore should consider this trade-off when designing service descriptions. Currently there is no readability measurement for WSDL documents. We propose an approach to such measurement so that service designers can determine if readability is too low or too high with regard to service discoverability, service imitation, and service attack issues, and then can consider increasing or lowering service description readability accordingly. Our readability measurement is based on the concepts or terms in service domain knowledge. Given a WSDL document as a service description, readability is defined in terms of the use of difficult words in the description and the use of words that are key concepts in the service domain. As an example, we measure readability of the WSDL document of public Web services, and outline a method to lower or increase readability.
Keywords: Web services; XML; security of data; WSDL documents; Web services description language; XML-based language; client impersonation; command injection; concept-based readability; denial of service; distributed software applications; information espionage; readability measurement; security attacks; service capability; service domain knowledge; Mobile communication; Ontologies; Concept Hierarchy; Ontology; Readability; WSDL; Web Services (ID#: 16-10422)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6488317&isnumber=6488107

P. Sripairojthikoon and T. Senivongse, “Concept-Based Readability Measurement and Adjustment for Web Services Descriptions,” Advanced Communication Technology (ICACT), 2014 16th International Conference on, Pyeongchang, 2014, vol., no., pp. 378-388. doi:10.1109/ICACT.2014.6779196
Abstract: Web Services is a technology for building distributed software applications that are built upon a set of information and communication standards. Among those standards is the Web Services Description Language (WSDL) which is an XML-based language for describing service descriptions. Service providers will publish WSDL documents of their Web services so that service consumers can learn about service capability and how to interface with the services. Since WSDL documents are the primary source of service information, readability of WSDL documents is of concern to service providers, i.e., service descriptions should be understood with ease by service consumers. Providing highly readable service descriptions can then be used as a strategy to attract service consumers. However, given highly readable information in the WSDL documents, competitors are able to learn know-how and can copy the design to offer competing services. Security attacks such as information espionage, client impersonation, command injection, and denial of service are also possible since attackers can learn about exchanged data and invocation patterns from WSDL documents. While readability of service descriptions makes Web services discoverable, it contributes to service vulnerability too. Service designers therefore should consider this trade-off when designing service descriptions. Currently there is no readability measurement for WSDL documents. We propose an approach to such measurement so that service designers can determine if readability is too low or too high with regard to service discoverability, service imitation, and service attack issues, and then can consider increasing or lowering service description readability accordingly. Our readability measurement is based on the concepts or terms in service domain knowledge. Given a WSDL document as a service description, readability is defined in terms of the use of difficult words in the description and the use of words that are key concepts in the service domain. As an example, we measure readability of the WSDL document of E-commerce Web services, and experiment on redesigning of WSDL terms to adjust readability.
Keywords: Web services; XML; electronic data interchange; security of data; specification languages; WSDL documents; Web Services Description Language; Web services descriptions; XML-based language; client impersonation; command injection; communication standards; concept-based readability measurement; denial of service; distributed software applications; exchanged data; information espionage; information standards; invocation patterns; security attacks; service attack; service capability; service consumers; service description readability; service discoverability; service domain knowledge; service imitation; service information; service providers; service vulnerability; Current measurement; Indexes; Materials; Ontologies; Web pages; Web services; Concept Hierarchy; Ontology; Readability; Web Services (ID#: 16-10423)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6779196&isnumber=6778899

A. Kumar and K. Reddy, “Constructing Secure Web Applications with Proper Data Validations,” Recent Advances and Innovations in Engineering (ICRAIE), 2014, Jaipur, 2014, vol., no., pp. 1-5. doi:10.1109/ICRAIE.2014.6909304
Abstract: With the advent of World Wide Web, information sharing through internet increased drastically. So web applications security is today’s most significant battlefield between attackers and resources of web service. It is likely to remain so for the foreseeable future. By considering recent attacks it has been found that major attacks in Web Applications have been carried out even when system having most significant network level security. Poor input validation mechanisms that using in Web Applications shall causes to launching vulnerable web applications, which easy to exploit easy in future stages. Critical Web Application Vulnerabilities like Cross Site Scripting (XSS) and Injections (SQL, PHP, LDAP, SSL, XML, Command, and Code) are happen because of base level Validations, and it is enough to update system in unauthorized way or may be causes to exploit the system. In this paper we present those issues in data validations strategies, to avoid deployment of vulnerable web applications.
Keywords: Internet; computer network security; critical web application vulnerabilities; cross site scripting; data validations; injections; secure Web applications; Computational modeling; HTML; XML; injection; security; validation; vulnerability; xss
(ID#: 16-10424)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6909304&isnumber=6909103

M. D. Penta, L. Cerulo and L. Aversano, “The Evolution and Decay of Statically Detected Source Code Vulnerabilities,” Source Code Analysis and Manipulation, 2008 Eighth IEEE International Working Conference on, Beijing, 2008, vol., no.,
pp. 101-110. doi:10.1109/SCAM.2008.20
Abstract: The presence of vulnerable statements in the source code is a crucial problem for maintainers: properly monitoring and, if necessary, removing them is highly desirable to ensure high security and reliability. To this aim, a number of static analysis tools have been developed to detect the presence of instructions that can be subject to vulnerability attacks, ranging from buffer overflow exploitations to command injection and cross-site scripting. Based on the availability of existing tools and of data extracted from software repositories, this paper reports an empirical study on the evolution of vulnerable statements detected in three software systems with different static analysis tools. Specifically, the study investigates on vulnerability evolution trends and on the decay time exhibited by different kinds of vulnerabilities.
Keywords: buffer storage; program diagnostics; security of data; software reliability; software tools; buffer overflow exploitations; command injection; cross-site scripting; software repository; software systems; static analysis tools; statically detected source code vulnerability; vulnerability attacks; vulnerable statements; Application software; Availability; Buffer overflow; Data analysis; Maintenance engineering; Pattern analysis; Performance analysis; Protection; Security; Software tools; empirical study; mining software repositories; software vulnerabilities (ID#: 16-10425)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4637543&isnumber=4637523

C. Kasmi and J. Lopes Esteves, “IEMI Threats for Information Security: Remote Command Injection on Modern Smartphones,” in IEEE Transactions on Electromagnetic Compatibility, vol. 57, no. 6, pp. 1752-1755, Dec. 2015. doi:10.1109/TEMC.2015.2463089
Abstract: Numerous papers dealing with the analysis of electromagnetic attacks against critical electronic devices have been made publicly available. In this paper, we exploit the principle of front-door coupling on smartphones headphone cables with specific electromagnetic waveforms. We present a smart use of intentional electromagnetic interference, resulting in finer impacts on an information system than a classical denial of service effect. As an outcome, we introduce a new silent remote voice command injection technique on modern smartphones.
Keywords: radiofrequency interference; security of data; smart phones; IEMI threats; critical electronic device; electromagnetic attack; electromagnetic waveforms; front door coupling; information security; intentional electromagnetic interference; remote command injection; smart phones headphone cables; Computers; Frequency modulation; Hardware; Headphones; Microphones; Security; Smart phones; Electronic warfare; information security (ID#: 16-10426)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7194754&isnumber=7353235

J. J. Farris and D. M. Nicol, “Evaluation of Secure Peer-to-Peer Overlay Routing for Survivable SCADA Systems,” Simulation Conference, 2004. Proceedings of the 2004 Winter, 2004, vol., no., pp. 308. doi:10.1109/WSC.2004.1371330
Abstract: Supervisory control and data acquisition (SCADA) systems gather and analyze data for real-time control. SCADA systems are used extensively, in applications such as electrical power distribution, telecommunications, and energy refining. SCADA systems are obvious targets for cyber-attacks that would seek to disrupt the physical complexities governed by a SCADA system. This paper uses a discrete-event simulation to begin to investigate the characteristics of one potential means of hardening SCADA systems against a cyber-attack. When it appears that real-time message delivery constraints are not being met (due, for example, to a denial of service attack), a peer-to-peer overlay network is used to route message floods in an effort to ensure delivery. The SCADA system and peer-to-peer nodes all use strong hardware-based authentication techniques to prevent injection of false data or commands, and to harden the routing overlay. Our simulations help to quantify the anticipated tradeoffs of message survivability and latency minimization.
Keywords: SCADA systems; discrete event simulation; message authentication; peer-to-peer computing; real-time systems; telecommunication control; telecommunication network routing; telecommunication security; cyber-attack; data acquisition; discrete-event simulation; electrical power distribution; energy refining; hardware-based authentication technique; latency minimization; message survivability; real-time control; real-time message delivery constraint; secure peer-to-peer overlay routing; supervisory control; survivable SCADA system; telecommunication; Computer crime; Control systems; Data analysis; Discrete event simulation; Peer to peer computing; Power distribution; Real time systems; Routing; Telecommunication control (ID#: 16-10427)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1371330&isnumber=29988

K. Yoshioka, Y. Hosobuchi, T. Orii and T. Matsumoto, “Vulnerability in Public Malware Sandbox Analysis Systems,” Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on, Seoul, 2010, vol., no., pp. 265-268. doi:10.1109/SAINT.2010.16
Abstract: The use of Public Malware Sandbox Analysis Systems (public MSASs) which receives online submissions of possibly malicious executables from an arbitrary user, analyzes their behavior by executing them in a testing environment (i.e., a sandbox), and sends analysis reports back to the user, have increased in popularity. In such systems, the sandbox for analysis is often connected to the Internet as modern malware communicate with remote hosts for various reasons, such as receiving command and control (C&C) messages and files for updates. However, connecting the sandbox to these hosts involves a risk that the analysis activities may be detected and disturbed by the attackers who control them. In this paper, we discuss the issue of sandbox detection in the case of public MSASs. Namely, we point out that the IP address of an Internet-connected sandbox can be easily disclosed by an attacker who submits a decoy sample dedicated to this purpose. The disclosed address can then be shared among attackers, blacklisted, and used against the analysis system, for example, to conceal potential malicious behavior of malware. We have termed such an attack Decoy Sample Injection (DSI). We conducted a case study with nine existing public MSASs and found that six utilized Internet-connected sandboxes with very few IP addresses and were therefore vulnerable to DSI. In addition, it was revealed that certain background analysis activities of these systems can be revealed by the attack. Finally, we discuss the mitigation of DSI by dynamic IP address acquisition.
Keywords: Internet; invasive software; Internet-connected sandbox; decoy sample; decoy sample injection attack; public malware sandbox analysis systems; sandbox detection; Conferences; IP networks; Malware; Servers; Surveillance; Web sites; Malware sandbox analysis; Sandbox detection (ID#: 16-10428)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5598065&isnumber=5598016

Lei Yang and Fengjun Li, “Detecting False Data Injection in Smart Grid In-Network Aggregation,” Smart Grid Communications (SmartGridComm), 2013 IEEE International Conference on, Vancouver, BC, 2013, vol., no., pp. 408-413. doi:10.1109/SmartGridComm.2013.6687992
Abstract: The core of the smart grid relies on the ability of transmitting realtime metering data and control commands efficiently and reliably. Secure in-network data aggregation approaches have been introduced to fulfill the goal in smart grid neighborhood area networks (NANs) by aggregating the data on-the-fly via intermediate meters. To protect users’ privacy from being learnt from the fine-grained consumption data by the utilities or other third-party services, homomorphic encryption schemes have been adopted. Hence, intermediate smart meters participate in the aggregation without seeing any individual reading, nor intermediate or final aggregation results. However, the malleable property of homomorphic encryption operations makes it difficult to identify misbehaving meters from which false data can be injected through accidental errors or malicious attacks. In this paper, we propose an efficient anomaly detection scheme based on dynamic grouping and data re-encryption, which is compatible with existing secure in-network aggregation schemes, to detect falsified data injected by malfunctioning and malicious meters.
Keywords: computer network security; computerised instrumentation; cryptography; power engineering computing; smart meters; smart power grids; NAN; anomaly detection; control command; data reencryption; dynamic grouping; false data injection; homomorphic encryption; real-time metering data; secure in-network aggregation; secure in-network data aggregation; smart grid in-network aggregation; smart grid neighborhood area network; smart meter; third party service; Data privacy; Detectors; Encryption; Kernel; Smart grids; Wireless sensor networks (ID#: 16-10429)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6687992&isnumber=6687920

Jun Guo, Liji Wu, Xiangming Zhang and XiangYu Li, “Design and Implementation of a Fault Attack Platform for Smart IC Card,” Computational Intelligence and Security (CIS), 2012 Eighth International Conference on, Guangzhou, 2012, vol., no.,
pp. 653-656. doi:10.1109/CIS.2012.150
Abstract: Fault attack is a kind of attack that the attacker injects faults into the hardware and the secret key is likely to be revealed. The paper will describe a fault attack platform for smart card. This platform includes PC terminal serial console software, smart card interface circuits, and smart card reader fault attack circuits. Then the fault platform could communicate with the contact smart card or the smart card reader by complying with the protocol of ISO/IEC 7816. Using this fault platform, we can inject any glitches on power and clock when the smart card is running the encryption command. And then the fault attack platform can send wrong cipher text to the PC terminal console software through by serial port. We can analyze the fault data by MATLAB or software programming to crack the key of the smart card. So, the security of smart card could be verified. The glitch of voltage range could be from 0v to 5v. And the scope of clock frequency can be from 1HZ to 50 MHZ.
Keywords: cryptographic protocols; data analysis; peripheral interfaces; smart cards; software fault tolerance; ISO/IEC 7816 protocol; MATLAB; PC terminal serial console software; ciphertext; encryption command; fault attack platform design; fault data analysis; fault injection; secret key; serial port; smart IC card; smart card interface circuits; smart card reader fault attack circuits; smart card security verification; software programming; voltage range; Circuit faults; Clocks; Encryption; Field programmable gate arrays; Smart cards; Software; ISO/IEC 7816; fault attack platform; smart card (ID#: 16-10430)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6405920&isnumber=6405841

L. Lu, S. Huang and Z. Ren, “A Weakness-Based Attack Pattern Modeling and Relational Analysis Method,” Computational Science and Engineering (CSE), 2014 IEEE 17th International Conference on, Chengdu, 2014, vol., no., pp. 1024-1028. doi:10.1109/CSE.2014.203
Abstract: With growing popularity of online services, the amount of information on web increases dramatically, which has resulted in increasingly concerns on web application security. Subject knowledge is in desperate need to guide security testing against advanced attacks. Unlike common software security weakness study pattern, a combination analysis method based on Colored Petri Net is presented in this paper. An Attack Pattern is modeled to describe a single weakness’s specific exploiting process. Then attack nets are constructed as a result of their relational analysis. The method is verified by a case study.
Keywords: Internet; Petri nets; data analysis; pattern classification; security of data; Web application security; Web information; colored Petri net; combination analysis method; relational analysis method; security testing; software security weakness study pattern; weakness-based attack pattern modeling; Analytical models; Educational institutions; Finite element analysis; Image color analysis; ecurity; Software; Testing; Attack Pattern; Colored Petri Net; attack injection; attack net; software security testing
(ID#: 16-10431)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7023713&isnumber=7023510

N. Antunes and M. Vieira, “Penetration Testing for Web Services,” in Computer, vol. 47, no. 2, pp. 30-36, Feb. 2014. doi:10.1109/MC.2013.409
Abstract: Web services are often deployed with critical software security faults that open them to malicious attack. Penetration testing using commercially available automated tools can help avoid such faults, but new analysis of several popular testing tools reveals significant failings in their performance. The Web extra at http://youtu.be/COgKs9e679o is an audio interview in which authors Nuno Antunes and Marco Vieira describe how their analysis of popular testing tools revealed significant performance failures and provided important insights for future improvement.
Keywords: Web services; program testing; safety-critical software; security of data; commercially available automated tools; critical software security faults; malicious attack; penetration testing; Computer security; Computer viruses; Runtime; Simple object access protocol; Software testing; Web and internet services; SQL injection; Web security scanners; Web services; code vulnerabilities; command injection; vulnerability detection (ID#: 16-10432)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6681866&isnumber=6756723
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

False Data Injection Attacks 2015

	False Data Injection Attacks 2015

False data injection attacks against electric power grids potentially have major consequences. For the Science of Security community, false data injection attacks are relevant to resiliency, composability, cyber physical systems, and human behavior. The research cited here was presented in 2015.

Ying Sun, Wen-Tai Li, Wentu Song and Chau Yuen, “False Data Injection Attacks with Local Topology Information Against Linear State Estimation,” Smart Grid Technologies - Asia (ISGT ASIA), 2015 IEEE Innovative, Bangkok, 2015, pp. 1-5. doi:10.1109/ISGT-Asia.2015.7387159
Abstract: False data injection attacks (FDIAs) have been introduced as a critical class of cyber attacks against smart grid’s monitoring system. These attacks aim to compromise the reading of grid sensors and phasor measurement units. It was shown that FDIAs can pass the traditional bad data detection. Furthermore, to perform an FDIA, the attacker need to acknowledge the power grid topology and transmission-line admittance value, which is not easy to obtain. In this paper, we propose a novel false data injection attack approach, called false data proportional attacks (FDPAs), which could avoid the traditional bad data detection method and do not need the transmission-line admittance value, but only local grid topology. When the measurement of a bus and transmission-line data is changed, simultaneously inject the same false data proportionally for all the buses and transmission-line that are connected to it. We demonstrate the success of these attacks with simulation by IEEE 30-bus test systems.
Keywords: computer network security; power engineering computing; power system measurement; false data injection attack; false data proportional attack; grid sensor; linear state estimation; local grid topology; local topology information; phasor measurement unit; smart grid monitoring system; Smart grids; State estimation; Topology; Transmission line measurements; Transmission lines; False Data Injection Attack; Network Observability; Smart Grid Security; State Estimation; Topological Vulnerability (ID#: 16-10433)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7387159&isnumber=7386954

Pang Zhonghua, Hou Fangyuan, Zhou Yuguo and Sun Dehui, “False Data Injection Attacks for Output Tracking Control Systems,” Control Conference (CCC), 2015 34th Chinese, Hangzhou, 2015, pp. 6747-6752. doi:10.1109/ChiCC.2015.7260704
Abstract: Cyber-physical systems (CPSs) have been gaining popularity with their high potential in widespread applications, and the security of CPSs becomes a rigorous problem. In this paper, an output track control (OTC) method is designed for discrete-time linear time-invariant Gaussian systems. The output tracking error is regarded as an additional state, Kalman filter-based incremental state observer and LQG-based augmented state feedback control strategy are designed, and Euclidean-based detector is used for detecting the false data injection attacks. Stealthy false data attacks which can completely disrupt the normal operation of the OTC systems without being detected are injected into the sensor measurements and control commands, respectively. Three kinds of numerical examples are employed to illustrate the effectiveness of the designed false data injection attacks.
Keywords: Gaussian processes; Kalman filters; discrete time systems; linear systems; observers; security of data; sensors; state feedback; CPS security; Euclidean-based detector; Kalman filter-based incremental state observer; LQG-based augmented state feedback control strategy; OTC method; OTC systems; cyber-physical systems; discrete-time linear time-invariant Gaussian systems; false data injection attacks; output track control method; output tracking control systems; output tracking error; sensor measurements; Detectors; Kalman filters; Robot sensing systems; Security; State estimation; State feedback; Cyber-physical systems; Kalman filter; false data injection attacks; output tracking control (ID#: 16-10434)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7260704&isnumber=7259602

Lei Zou, Zidong Wang, Hongli Dong and Derui Ding, “State Estimation for a Class of Nonlinear Discrete-Time Complex Networks Subject to False Data Injection Attacks,” Control Conference (CCC), 2015 34th Chinese, Hangzhou, 2015, pp. 1740-1745. doi:10.1109/ChiCC.2015.7259899
Abstract: This paper is concerned with the state estimation problem for a class of nonlinear discrete-time complex networks subject to false data injection attacks. By utilizing Bernoulli random binary distributed white sequences, the false data injection attack model is established to describe the characteristics of false data injection attacks applying to the complex networks under consideration. An estimator is designed to guarantee the ultimate boundedness of the estimation error in mean square. By employing stochastic analysis approach, sufficient conditions are derived for the existence of the desired estimators whose gains are parameterized by minimizing an upper bound of the output variance of the estimation errors. Finally, a numerical example is given to illustrate the effectiveness of the results.
Keywords: complex networks; discrete time systems; nonlinear control systems; random sequences; state estimation; stochastic processes; Bernoulli random binary distributed white sequences; false data injection attack model; mean square estimation error; nonlinear discrete-time complex networks; state estimation problem; stochastic analysis approach; sufficient conditions; upper bound minimization; Complex networks; Estimation error; Linear matrix inequalities; State estimation; Symmetric matrices; Upper bound; State estimation; complex networks; false data injection attacks; ultimate boundedness (ID#: 16-10435)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7259899&isnumber=7259602

Z. Hu, Y. Wang, X. Tian, X. Yang, D. Meng and R. Fan, “False Data Injection Attacks Identification for Smart Grids,” Technological Advances in Electrical, Electronics and Computer Engineering (TAEECE), 2015 Third International Conference on, Beirut, 2015, pp. 139-143. doi:10.1109/TAEECE.2015.7113615
Abstract: False Data Injection Attacks (FDIA) in Smart Grid is considered to be the most threatening cyber-physics attack. According to the variety of measurement categories in power system, a new method for false data detection and identification is presented. The main emphasis of our research is that we have equivalent measurement transformation instead of traditional weighted least squares state estimation in the process of SE and identify false data by the residual researching method. In this paper, one FDIA attack case in IEEE 14 bus system is designed by exploiting the MATLAB to test the effectiveness of the algorithm. Using this method the false data can be effectively dealt with.
Keywords: IEEE standards; power system security; security of data; smart power grids; FDIA; IEEE 14 bus system; SE; cyberphysical attack threatening; equivalent measurement transformation; false data injection attack identification; power system; residual researching method; smart grid; Current measurement; Pollution measurement; Power measurement; Power systems; State estimation; Transmission line measurements; Weight measurement; equivalent measurement transformation; false data detection and identification; false data injection attacks; residual researching method; smart grid (ID#: 16-10436)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7113615&isnumber=7113589

Zhonghua Pang, Fangyuan Hou, Yuguo Zhou and Dehui Sun, “Design of False Data Injection Attacks for Output Tracking Control of CARMA Systems,” Information and Automation, 2015 IEEE International Conference on, Lijiang, 2015, pp. 1273-1277. doi:10.1109/ICInfA.2015.7279482
Abstract: Considerable attention has focused on the problem of cyber-attacks on cyber-physical systems in recent years. In this paper, we consider a class of single-input single-output systems which are described by a controlled auto-regressive moving average (CARMA) model. A PID controller is designed to make the system output track the reference signal. Then the state-space model of the controlled plant and the corresponding Kalman filter are employed to generate stealthy false data injection attacks for the sensor measurements, which can destroy the control system performance without being detected by an online parameter identification algorithm. Finally, two numerical simulation results are given to demonstrate the effectiveness of the proposed false data injection attacks.
Keywords: Kalman filters; autoregressive moving average processes; control system synthesis; security of data; state-space methods; three-term control; CARMA systems; Kalman filter; PID controller design; controlled auto-regressive moving average; false data injection attacks; online parameter identification algorithm; output tracking control; single-input single-output systems; state-space model; Conferences; Control systems; Detectors; Kalman filters; Mathematical model; Parameter estimation; Smart grids; CARMA model; Cyber-physical systems (CPSs); false data injection attacks; output feedback control (ID#: 16-10437)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7279482&isnumber=7279248

Xialei Zhang, Xinyu Yang, Jie Lin and Wei Yu, “On False Data Injection Attacks Against the Dynamic Microgrid Partition in the Smart Grid,” Communications (ICC), 2015 IEEE International Conference on, London, 2015, pp. 7222-7227. doi:10.1109/ICC.2015.7249479
Abstract: To enhance the reliability and efficiency of energy service in the smart grid, the concept of the microgrid has been proposed. Nonetheless, how to secure the dynamic microgrid partition process is essential in the smart grid. In this paper, we address the security issue of the dynamic microgrid partition process and systematically investigate three false data injection attacks against the dynamic microgrid partition process. Particularly, we first discussed the dynamic microgrid partition problem based on a Connected Graph Constrained Knapsack Problem (CGKP) algorithm. We then developed a theoretical model and carried out simulations to investigate the impacts of these false data injection attacks on the effectiveness of the dynamic microgrid partition process. Our theoretical and simulation results show that the investigated false data injection attacks can disrupt the dynamic microgrid partition process and pose negative impacts on the balance of energy demand and supply within microgrids such as an increased number of lack-nodes and increased energy loss in microgrids.
Keywords: computer network security; distributed power generation; graph theory; knapsack problems; power engineering computing; power system management; power system measurement; power system reliability; smart power grids; algorithm; connected graph constrained knapsack problem; dynamic microgrid partition process security; energy service efficiency; false data injection attacks; smart power grid reliability; Energy loss; Heuristic algorithms; Microgrids; Partitioning algorithms; Smart grids; Smart meters (ID#: 16-10438)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7249479&isnumber=7248285

F. Hou, Z. Pang, Y. Zhou and D. Sun, “False Data Injection Attacks for a Class of Output Tracking Control Systems,” Control and Decision Conference (CCDC), 2015 27th Chinese, Qingdao, 2015, pp. 3319-3323. doi:10.1109/CCDC.2015.7162493
Abstract: With the development of cyber-physical systems (CPSs), the security becomes an important and challenging problem. Attackers can launch various attacks to destroy the control system performance. In this paper, a class of linear discrete-time time-invariant control systems is considered, which is open-loop critically stable and only has one critical eigenvalue. By including the output tracking error as an additional state, a Kalman filter-based augmented state feedback control strategy is designed to solve its output tracking problem. Then a stealthy false data attack is injected into the measurement output, which can completely destroy the output tracking control systems without being detected. Simulation results on a numerical example show that the proposed false data injection attack is effective.
Keywords: discrete time systems; linear systems; open loop systems; stability; state feedback; CPS development; Kalman filter-based augmented state feedback control strategy; control system performance; cyber-physical systems; eigenvalue; false data injection attacks; linear discrete-time time-invariant control system; open-loop stability; output tracking control systems; Computer security; Detectors; Kalman filters; Simulation; State feedback; Wireless sensor networks; Critically Stable; False Data Injection Attacks; Output Tracking Control (ID#: 16-10439)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7162493&isnumber=7161655

S. Mangalwedekar and S. K. Surve, “Measurement Sets In Power System State Estimator in Presence of False Data Injection Attack,” Advance Computing Conference (IACC), 2015 IEEE International, Bangalore, 2015, pp. 855-860. doi:10.1109/IADCC.2015.7154827
Abstract: False data injection attacks (FDIA) on smart grid is a popular subject of current research. The presence of FDIA and other such attacks in smart grid is partly due to the combination of Information and Communication Technology with Power Systems. The FDIA on linear model of power system has been extensively analyzed in literature. However the non linear system model has not received the same amount of attention. This paper proposes the concept of balanced and unbalanced measurement set for the purpose of corrupting the state variables in linear and non-linear power system state estimators. The effect of balanced and unbalanced measurement sets for targeted constrained and unconstrained attacks are analyzed for linear and non-linear state estimators.
Keywords: power engineering computing; power system security; power system state estimation; security of data; smart power grids; FDIA; false data injection attack; information and communication technology; nonlinear state estimators; power system state estimator; smart grid; unconstrained attacks; Fluid flow measurement; Linear systems; Measurement uncertainty; Power measurement; Power systems; Transmission line measurements; Voltage measurement; Cyber security; cyber physical; false data injection attacks; linear state estimation; non-linear state estimation; smart grid (ID#: 16-10440)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154827&isnumber=7154658

S. Mangalwedekar, S. K. Surve and H. A. Mangalvedekar, “Error Propagation in Linear and Non-Linear Systems for False Data Injection Attack,” Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, Kochi, 2015, pp. 662-667. doi:10.1109/ICACCI.2015.7275686
Abstract: Due to technological advancement, the integration of cyber systems with the physical power system has increased security concerns. The cyber security issues and the impact of various attacks on the smart grid have become an integral part of the smart grid. False Data Injection Attack (FDIA) is one of the many ways to compromise a system. In this, measurements are biased by deliberate addition of errors, which in turn, affect the state variables of the system. This paper discusses the impact of FDIA on the smart grid. The paper analyses the effect of FDIA on the non-linear state estimator. It further compares the impact of FDIA on the non-linear state estimator with that of the linear state estimator. This comparison is explained using propagation of error.
Keywords: nonlinear estimation; power system security; security of data; smart power grids; state estimation; FDIA; cyber security system; error propagation; false data injection attack; linear system; nonlinear state estimator; nonlinear system; physical power system security; smart grid; Fluid flow measurement; Linear systems; Power measurement; Smart grids; Transmission line measurements; Voltage measurement; Cyber security; cyber physical; error propagation; false data injection attacks; linear state estimation; non-linear state estimation; smart grid (ID#: 16-10441)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7275686&isnumber=7275573

Y. Xiang, Z. Ding and L. Wang, “Power System Adequacy Assessment with Load Redistribution Attacks,” Innovative Smart Grid Technologies Conference (ISGT), 2015 IEEE Power & Energy Society, Washington, DC, 2015, pp. 1-5. doi:10.1109/ISGT.2015.7131808
Abstract: The wider deployment of advanced information and control technologies in the smart grid makes the power grid more vulnerable to cyber attacks such as false data injection attacks. However, the work on the long-term statistical impact of these attacks on the power grid adequacy is rather limited. In this study a novel adequacy evaluation procedure incorporating the load redistribution (LR) attack is proposed. The procedure takes into consideration the physical failures and the bilevel model representing the LR attack. The simulation is conducted based on Monte Carlo simulation (MCS) using Matlab and CPLEX. The influences of the time of attacks, the attack level, the defense level and the line transmission capacity are investigated. It is concluded that the cyber defense level is critical to the power system adequacy, and cyber issues need to be considered in the planning of the power grid.
Keywords: Monte Carlo methods; failure analysis; load distribution; power engineering computing; power system planning; power system reliability; security of data; smart power grids; LR attack; MCS; Monte Carlo simulation; bilevel model; cyber attacks;cyber defense level; cyber issues; load redistribution attack; long-term statistical impact; physical failures; power grid planning; power system adequacy assessment; smart power grid adequacy evaluation; Load modeling; Power system reliability; Reliability; Smart grids; Transmission line measurements; Cybersecurity; adequacy assessment; bilevel optimization; cyber-physical systems; false data injection attack; smart grid (ID#: 16-10442)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7131808&isnumber=7131775

S. Geedhabhanu and P. Latha, “Excluding Compromised Node by Tracing False Data Injected Messages in Wireless Sensor Network,” International Conference on Innovation Information in Computing Technologies, Chennai, 2015, pp. 1-5. doi:10.1109/ICIICT.2015.7396096
Abstract: Wireless Sensor Network (WSN) is a collection of sensor nodes that involve in gathering of happenings from a nodes’ surrounding. They help in supervising all the mission critical applications instead of depending on humans in monitoring cynical areas. Sensor nodes play a important role in alerting us any distinct changes that occur in the sited area and is prone to innumerous attacks. These attacks damage trust with the received data from a sensor node. One such type of attack is the false data injection attack. The message is forged by the adversary, not detected by the forwarding nodes as false information. Compromised node is the origin of false data to be injected in to the WSN. The proposed work discards the false data injected message from the network. This issue of compromised node is handled by the detection and elimination of it from causing further damage to the network by incorporating Elliptical Curve Cryptography (ECC) technique for data authentication to any message received. A node involved in sensing requires a high range of sensing power. But sensor nodes have limited energy and this is a battle for all technicians in creating any inventions that suits this constraint. The proposed scheme provides safety and reliability over the received data and offers less power consumption and memory utilization of the sensor node.
Keywords: authorisation; public key cryptography; telecommunication power management; telecommunication security; wireless sensor networks; ECC; cynical areas; data authentication; elliptical curve cryptography; false data injected messages; false data injection attack; forwarding nodes; innumerous attacks; mission critical applications; nodes surrounding; power consumption; received message; wireless sensor network; Authentication; Digital signatures; Elliptic curve cryptography; Filtering; Robot sensing systems; Wireless sensor networks; Digital Signature; Elliptical Curve Cryptography (ECC); False Data Injection attack; Wireless Sensor Networks (WSN); security (ID#: 16-10443)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7396096&isnumber=7396045

Yingmeng Xiang and Lingfeng Wang, “A Game-Theoretic Approach to Optimal Defense Strategy against Load Redistribution Attack,” Power & Energy Society General Meeting, 2015 IEEE, Denver, CO, 2015, pp. 1-5. doi:10.1109/PESGM.2015.7286529
Abstract: The wider deployment of advanced computer and communication technologies in the cyber monitoring and control layer of power system will inevitably make the power grid more vulnerable to various cyber attacks, such as false data injection attack and load redistribution (LR) attack. It is critical to develop methods to study the interaction between the attacker and defender for finding the optimal allocation of the limited defense resources. In this study, the LR attack considering the attack and defense is modeled by bilevel optimization. Game-theoretic approaches are developed to model the interaction of the attacker and defender for two scenarios for defending critical measurements and for defending critical substations. The attack and defense interaction is modeled by a zero-sum game if only the load curtailment is considered in the utility functions. And it can be modeled by a non-zero-sum game if both the load curtailment and the associated attack cost and defense cost are considered. The proposed approach is tested based on a representative IEEE 14-bus system, and optimal defense strategies are derived in different scenarios. This study can offer some meaningful insight on effectively preventing and mitigating the LR attack.
Keywords: IEEE standards; game theory; load distribution; optimisation; power grids; power system control; power system protection; IEEE 14-bus system; LR attack; bilevel optimization; cyber monitoring; game theoretic approach; limited defense resource optimal allocation; load curtailment; load redistribution attack; optimal defense strategy; power grid; power system control layer; utility function; Game theory; Load modeling; MATLAB; Mathematical model; Cybersecurity; bilevel optimization; false data injection attack; game theory; non-zero-sum game (ID#: 16-10444)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7286529&isnumber=7285590

Yingmeng Xiang, Lingfeng Wang, D. Yu and Nian Liu, “Coordinated Attacks Against Power Grids: Load Redistribution Attack Coordinating with Generator and Line Attacks,” Power & Energy Society General Meeting, 2015 IEEE, Denver, CO, 2015, pp. 1-5. doi:10.1109/PESGM.2015.7286402
Abstract: With the increasing terrorism and sabotage activities, the power grid is becoming more vulnerable to various kinds of cyber and physical attacks. The coordination between the attacks could bring disastrous impacts. In this paper, two typical attack coordination scenarios are studied: the coordination between load redistribution (LR) attack and generator attack; and the coordination between LR attack and line attack. They are formulated as bilevel optimization problems, where the attacker in the upper level aims to maximize the load curtailment while the defender in the lower level makes effort to reduce the load curtailment. The case studies conducted based on an IEEE 14-bus system indicate that when attacking the measurements and essential generation/transmission elements in a coordinated manner, the attacker could maximize the damage with the limited attack resource by disrupting the physical system and misleading the power dispatch simultaneously. This study can provide meaningful insights on how to prevent and mitigate such high-impact, low-frequency (HILF) coordinated attacks.
Keywords: electric generators; load distribution; optimisation; power generation protection; power grids; power system security; power transmission faults; power transmission protection; IEEE 14-bus system; disastrous impacts; generation elements; high-impact low-frequency coordinated attacks; limited attack resource; line attacks; load curtailment; load redistribution attack; optimization problems; physical attacks; power dispatch; power grids; sabotage activities; transmission elements; Area measurement; Computer architecture; Coordinate measuring machines; Noise measurement; Reliability; Smart grids; Cybersecurity; bilevel optimization; coordinated attacks; false data injection attack; physical attack (ID#: 16-10445)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7286402&isnumber=7285590

Junjie Yang, Rong Yu, Yi Liu, Shengli Xie and Yan Zhang, “A Two-Stage Attacking Scheme for Low-Sparsity Unobservable Attacks in Smart Grid,” Communications (ICC), 2015 IEEE International Conference on, London, 2015, pp. 7210-7215. doi:10.1109/ICC.2015.7249477
Abstract: False data injection attacks have serious threat to the smart grid, e.g., may incur power outage or blackout. Normally, an intruder should have priori knowledge of the linear structure matrix and then control all smart meters to perform attacks. State-of-the-art studies have proven in theory that false data injection attacks can be unobservable when an intruder coordinately controls a small number of smart meters. However, there are no practical or implementable unobservable false data injection attacks with low-sparsity yet in the literature. In this paper, we propose a two-stage attacking scheme to demonstrate the practical feasibility of unobservable false data injection attacks in the smart grid. In the first stage, we explore the parallel factor analysis to derive the linear structure matrix of the smart grid using the intercepted data. In the second stage, we construct the sparse attack vector via a linear-based relaxation approach, which is used as the false data. Results indicate that we can realize highly successful attacking performance with a low detection probability.
Keywords: matrix algebra; power system analysis computing; security of data; smart meters; smart power grids; vectors; blackout; linear structure matrix; linear-based relaxation approach; low-sparsity unobservable attacks; parallel factor analysis; power outage; smart grid; smart meters; sparse attack vector; two-stage attacking scheme; unobservable false data injection attacks; Artificial intelligence; Boolean functions; Data structures; Topology; Smart grid; cyber security; parallel factor analysis; state estimation; unobservable false data injection (ID#: 16-10446)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7249477&isnumber=7248285

Wang Jianqiao, Chen Cailian and Guan Xinping, “An Overlapping Distributed State Estimation and Detection Method in Smart Grids,” Wireless Communications & Signal Processing (WCSP), 2015 International Conference on, Nanjing, 2015, pp. 1-5. doi:10.1109/WCSP.2015.7341180
Abstract: This paper proposes a novel distributed state estimation and detection algorithm in smart grids. By decomposing a whole power system into several overlapping interconnected areas, the centralized state estimation algorithm turns into a distributed state estimation algorithm. And by iteratively exchanging information with neighboring areas, the result of distributed state estimation can reach convergence and each subsystem can derive the states of the entire power system. When an attacker injects false data into measurements in any area, the neighboring honest areas can quickly detect this abnormality and decrease the mutual weights of their exchanging information between the suspicious area. When all the estimated state vectors converge, each control area can determine whether its neighboring area is intruded or not by using information from shared buses. The proposed approach not only proposes a distributed state estimation structure but also a detection method which has the capacity to detects false data injection (FDI) attacks. The performance of proposed algorithm is demonstrated on the IEEE 14-bus system.
Keywords: power system interconnection; power system state estimation; smart power grids; vectors; FDI attacks; IEEE 14-bus system; centralized state estimation algorithm; detection method; distributed state estimation; false data injection attacks; interconnected areas; smart grids; state vectors; Convergence; Pollution measurement; Power grids; State estimation; Transmission line measurements (ID#: 16-10447)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7341180&isnumber=7340966

Xiaofei He, X. Yang, J. Lin, Linqiang Ge, W. Yu and Q. Yang, “Defending Against Energy Dispatching Data Integrity Attacks in Smart Grid,” Computing and Communications Conference (IPCCC), 2015 IEEE 34th International Performance, Nanjing, China, 2015, pp. 1-8. doi:10.1109/PCCC.2015.7410291
Abstract: The smart grid is a new type of energy-based cyber-physical system (CPS), which enables interactions between the utility provider and customers through smart meters and advanced metering infrastructures (AMI). Nonetheless, an adversary can inject misleading energy usage information to the utility provider through compromised smart meters and disrupt the grid and electricity market operations. To address this issue, in this paper, we propose an Energy Dispatching False Data Defense (EDF2D) approach, which can effectively detect the forged interactive information between customers and the utility provider with a great accuracy and mitigate the damage raised by attacks on grid operations. Particularly, EDF2D uses the historical interactive information of normal users to determine the conditional probabilities of data anomalies. Based on these conditional probabilities, a Bayesian network designed for detecting false data can be established by EDF2D, and this network is then used to confirm the authenticity of interactive information received by the utility provider originally transmitted from customers. Through a combination of theoretical analysis and performance evaluation, our experimental data shows that EDF2D can effectively detect harmful false interactive data forged by the adversary and mitigate false data injection attacks on smart grid operations.
Keywords: Bayes methods; Dispatching; Energy measurement; Generators; Smart grids; Smart meters; Wireless communication; Data integrity attacks; Smart grid; Smart measurement devices (ID#: 16-10448)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7410291&isnumber=7410258

S. Gao, L. Xie, A. Solar-Lezama, D. Serpanos and H. Shrobe, “Automated Vulnerability Analysis of AC State Estimation Under Constrained False Data Injection in Electric Power Systems,” Decision and Control (CDC), 2015 IEEE 54th Annual Conference on, Osaka, Japan, 2015, pp. 2613-2620. doi:10.1109/CDC.2015.7402610
Abstract: We introduce new methods for the automatic vulnerability analysis of power grids under false data injection attacks against nonlinear (AC) state estimation. We encode the analysis problems as logical decision problems that can be solved automatically by SMT solvers. To do so, we propose an analysis technique named “symbolic propagation,” which is inspired by symbolic execution methods for finding bugs and exploits in software programs. We show that the proposed methods can successfully analyze vulnerability of AC state estimation in realistic power grid models. Our approach is generalizable towards many other applications such as power flow analysis and state estimation.
Keywords: Mathematical model; Monitoring; Power grids; Power measurement; Power transmission lines; State estimation; Transmission line measurements (ID#: 16-10449)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7402610&isnumber=7402066

A. Teixeira, H. Sandberg and K. H. Johansson, “Strategic Stealthy Attacks: The Output-To-Output L2-Gain,” Decision and Control (CDC), 2015 IEEE 54th Annual Conference on, Osaka, Japan, 2015, pp. 2582-2587. doi:10.1109/CDC.2015.7402605
Abstract: In this paper, we characterize and analyze the set of strategic stealthy false-data injection attacks on discrete-time linear systems. In particular, the threat scenarios tackled in the paper consider adversaries that aim at deteriorating the system’s performance by maximizing the corresponding quadratic cost function, while remaining stealthy with respect to anomaly detectors. As opposed to other work in the literature, the effect of the adversary’s actions on the anomaly detector’s output is not constrained to be zero at all times. Moreover, scenarios where the adversary has uncertain model knowledge are also addressed. The set of strategic attack policies is formulated as a non-convex constrained optimization problem, leading to a sensitivity metric denoted as the output-to-output L2-gain. Using the framework of dissipative systems, the output-to-output gain is computed through an equivalent convex optimization problem. Additionally, we derive necessary and sufficient conditions for the output-to-output gain to be unbounded, with and without model uncertainties, which are tightly related to the invariant zeros of the system.
Keywords: Computational modeling; Computer security; Control systems; Detectors; Optimization; Uncertainty (ID#: 16-10450)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7402605&isnumber=7402066

S. Weerakkody and B. Sinopoli, “Detecting Integrity Attacks on Control Systems using a Moving Target Approach,” Decision and Control (CDC), 2015 IEEE 54th Annual Conference on, Osaka, Japan, 2015, pp. 5820-5826. doi:10.1109/CDC.2015.7403134
Abstract: Maintaining the security of control systems in the presence of integrity attacks is a significant challenge. In literature, several possible attacks against control systems have been formulated including replay, false data injection, and zero dynamics attacks. The detection and prevention of these attacks require the defender to possess a particular subset of trusted communication channels. Alternatively, these attacks can be prevented by keeping the system model secret from the adversary. In this paper, we consider an adversary who has the ability to modify and read all sensor and actuator channels. To thwart this adversary, we introduce external states dependent on the state of the control system, with linear time-varying dynamics unknown to the adversary. We also include sensors to measure these states. The presence of unknown time-varying dynamics is leveraged to detect an adversary who simultaneously aims to identify the system and inject stealthy outputs. Potential attack strategies and bounds on the attacker’s performance are provided.
Keywords: Actuators; Communication channels; Detectors; Kalman filters; Security; Time-varying systems (ID#: 16-10451)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7403134&isnumber=7402066

A. Naderi-Afooshteh, Anh Nguyen-Tuong, M. Bagheri-Marzijarani, J. D. Hiser and J. W. Davidson, “Joza: Hybrid Taint Inference for Defeating Web Application SQL Injection Attacks,” Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, Rio de Janeiro, 2015, pp. 172-183. doi:10.1109/DSN.2015.13
Abstract: Despite years of research on taint-tracking techniques to detect SQL injection attacks, taint tracking is rarely used in practice because it suffers from high performance overhead, intrusive instrumentation, and other deployment issues. Taint inference techniques address these shortcomings by obviating the need to track the flow of data during program execution by inferring markings based on either the program’s input (negative taint inference), or the program itself (positive taint inference). We show that existing taint inference techniques are insecure by developing new attacks that exploit inherent weaknesses of the inferencing process. To address these exposed weaknesses, we developed Joza, a novel hybrid taint inference approach that exploits the complementary nature of negative and positive taint inference to mitigate their respective weaknesses. Our evaluation shows that Joza prevents real-world SQL injection attacks, exhibits no false positives, incurs low performance overhead (4%), and is easy to deploy.
Keywords: SQL; Web services; inference mechanisms; security of data; Joza; SQL injection attack detection; Web application SQL injection attacks; data flow tracking; hybrid taint inference approach; intrusive instrumentation; negative-taint inference; positive-taint inference; program execution; taint-tracking techniques; Approximation algorithms; Databases; Encoding; Inference algorithms; Optimization; Payloads; Security; SQL injection; Taint inference; Taint tracking; Web application security (ID#: 16-10452)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266848&isnumber=7266818

Tuan Phan Vuong, G. Loukas, D. Gan and A. Bezemskij, “Decision Tree-Based Detection of Denial of Service and Command Injection Attacks on Robotic Vehicles,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, pp. 1-6. doi:10.1109/WIFS.2015.7368559
Abstract: Mobile cyber-physical systems, such as automobiles, drones and robotic vehicles, are gradually becoming attractive targets for cyber attacks. This is a challenge because intrusion detection systems built for conventional computer systems tend to be unsuitable. They can be too demanding for resource-restricted cyber-physical systems or too inaccurate due to the lack of real-world data on actual attack behaviours. Here, we focus on the security of a small remote-controlled robotic vehicle. Having observed that certain types of cyber attacks against it exhibit physical impact, we have developed an intrusion detection system that takes into account not only cyber input features, such as network traffic and disk data, but also physical input features, such as speed, physical jittering and power consumption. As the system is resource-restricted, we have opted for a decision tree-based approach for generating simple detection rules, which we evaluate against denial of service and command injection attacks. We observe that the addition of physical input features can markedly reduce the false positive rate and increase the overall accuracy of the detection.
Keywords: control engineering computing; cyber-physical systems; decision trees; mobile robots; security of data; telerobotics; vehicles; attack behaviours; automobiles; command injection attacks; computer systems; cyber attacks; decision tree-based detection; denial of service attacks; detection rules; disk data; drones; false positive rate; intrusion detection systems; mobile cyber-physical systems; network traffic; physical input features; physical jittering; power consumption; security ;small remote-controlled robotic vehicle; Computer crime; Decision trees; Feature extraction; Intrusion detection; Robot kinematics; Vehicles; Command injection; Cyber-physical attack; Cyber-physical systems; Decision tree; Denial of service (DoS); Intrusion detection; Mobile robots; Network security (ID#: 16-10453) 
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7368559&isnumber=7368550

Yang Zhong, H. Asakura, H. Takakura and Y. Oshima, “Detecting Malicious Inputs of Web Application Parameters Using Character Class Sequences,” Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual, Taichung, 2015, pp. 525-532. doi:10.1109/COMPSAC.2015.73
Abstract: Web attacks that exploit vulnerabilities of web applications are still major problems. The number of attacks that maliciously manipulate parameters of web applications such as SQL injections and command injections is increasing nowadays. Anomaly detection is effective for detecting these attacks, particularly in the case of unknown attacks. However, existing anomaly detection methods often raise false alarms with normal requests whose parameters differ slightly from those of learning data because they perform strict feature matching between characters appeared as parameter values and those of normal profiles. We propose a novel anomaly detection method using the abstract structure of parameter values as features of normal profiles in this paper. The results of experiments show that our approach reduced the false positive rate more than existing methods with a comparable detection rate.
Keywords: Internet; security of data; SQL injections; Web application parameters; Web attacks; anomaly detection; character class sequences; command injections; malicious input detection; Accuracy; Electronic mail; Feature extraction; Payloads; Servers; Training; Training data; Anomaly detection; Attack detection; HTTP; Web application (ID#: 16-10454)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7273662&isnumber=7273573

Sang Wu Kim, “Detection and Mitigation of False Data Injection in Cooperative Communications,” Signal Processing Advances in Wireless Communications (SPAWC), 2015 IEEE 16th International Workshop on, Stockholm, 2015, pp. 321-325. doi:10.1109/SPAWC.2015.7227052
Abstract: We propose a likelihood ratio based physical-layer technique for detecting and mitigating the false data injection attack in cooperative communication systems. We present the optimum detection method that minimizes the end-to-end outage probability and the minmax detection method that minimizes the maximum possible outage probability under unknown attack probability. We show that the optimum detection technique can provide almost the same end-to-end outage probability that can be provided by the ideal cryptographic technique that perfectly detects the false injection at the expense of high computational cost and bandwidth overhead. The proposed solution can be used as an additional layer of protection or can complement to the conventional cryptographic techniques.
Keywords: cooperative communication; cryptography; minimax techniques; probability; telecommunication network reliability; telecommunication security; cooperative communication; cryptographic technique; end-to-end outage probability; end-to-end outage probability minimization; false data injection detection; false data injection mitigation; likelihood ratio based physical layer technique; minmax detection method; optimum detection method; Access control; Cryptography; Generators; Indexes; Relays; Reliability; Simulation; False data injection; cooperative communications; likelihood ratio detection; minmax detection; optimum detection (ID#: 16-10455)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7227052&isnumber=7226983

R. Zhang and P. Venkitasubramaniam, “Stealthy Control Signal Attacks in Scalar LQG Systems,” 2015 IEEE Global Conference on Signal and Information Processing (GlobalSIP), Orlando, FL, USA, 2015, pp. 240-244. doi:10.1109/GlobalSIP.2015.7418193
Abstract: The problem of false data injection in a scalar LQG system is studied in this work. An attacker compromises the input stream and modifies the control signals transmitted with the objective of increasing the quadratic cost incurred by the controller. The optimal adversarial control signals are characterized for a finite horizon LQG problem under a stealthiness/detectability constraint. The tradeoff between the increase in quadratic cost, and the detectability of data injection, as measured by the K-L divergence between legitimate and falsified data dynamics, is derived analytically. The optimal adversarial control signals are shown to be Gaussian with the sequence of variances derived as a function of system parameters and the desired cost increase.
Keywords: Conferences; Cyber-physical systems; Information processing; Intrusion detection; Linear systems; Optimal control (ID#: 16-10456)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7418193&isnumber=7416920

F. A. Saputra, I. Winarno and M. B. Muliawan, “Implementing Network Situational Awareness in Matagaruda,” Electronics Symposium (IES), 2015 International, Surabaya, 2015, pp. 268-273. doi:10.1109/ELECSYM.2015.7380853
Abstract: Matagaruda is an Intrusion Detection System Application Framework. It provides four capabilities: seeing not only attacking phase, learning the local traffic and generating local rules, adapting the framework programming and reducing false alarm by using intelligence. In this research we develop a new features called Network Situational Awareness which represent the seeing capabilities in Matagaruda. This research creates 4 features supports in web-based and interactive user interface. We use two attacking scenarios: SQL Injection and DOS for testing purpose. We found that our module meets the requirement of network situational awareness implementation.
Keywords: security of data; user interfaces; Matagaruda; intrusion detection system application framework; network situational awareness; seeing capability; user interface; Data collection; IP networks; Performance evaluation; Ports (Computers); Programming; Real-time systems; Servers; IDS; Matagaruda; NetSA; SiLK (ID#: 16-10457)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7380853&isnumber=7380788

M. I. P. Salas, P. L. D. Geus and E. Martins, “Security Testing Methodology for Evaluation of Web Services Robustness - Case: XML Injection,” Services (SERVICES), 2015 IEEE World Congress on, New York City, NY, 2015, pp. 303-310. doi:10.1109/SERVICES.2015.53
Abstract: A Web Service is a software system designed to support interoperable machine-to-machine interaction over a network, it also provides a standard means of interoperating between different software applications. However, Web Services have raised new challenges on information security, this technology is susceptible to XML Injection attacks, which would allow an attacker to collect and manipulate information to insert malicious code in either server-side or client-side, being one of the most employed attack against web applications according to the OWASP Top 10. Different studies have shown that the current testing techniques -- penetration testing and fuzzy scanning -- generate several false positives and negatives. However, the fault injection technique improve the robustness of web applications, through the greater flexibility to modify the test cases and to find software bugs. This work describes a fault injection technique for the evaluation of Web Services robustness with WS-Security (Username Token) and the development of a set of rules for vulnerability analysis, resulting on the improvement of the vulnerability detector accuracy. Our results show that 82% of web Services tested were vulnerable to XML Injection attacks.
Keywords: Web services; XML; open systems; program testing; security of data; OWASP; Web services; XML injection attacks; client-side; fault injection technique; fuzzy scanning; machine-to-machine interaction; malicious code; penetration testing; security testing methodology; server-side; username token; Fault tolerant systems; Security; Servers; Simple object access protocol; Testing; XML; UsernameToken; WS-Security; Web Services; XML Injection; fault injection (ID#: 16-10458)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7196541&isnumber=7196486
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

IPv6 Security 2015

	IPv6 Security 2015

Internet Protocol Version 6 is gradually being adopted as the replacement for version 4. According to Google Statistics Google reports that IPv6 adoption is now about 11% of all internet traffic on its network. See https://www.google.com/intl/en/ipv6/statistics.html.
Touted as a more secure protocol with increased address space, portability, and greater privacy, research into this and other related protocols has increased, particularly in the context of smart grid, mobile communications, and cloud computing. For the Science of Security community, it is relevant to resiliency, composability, metrics, and policy-based governance. The work cited here was presented in 2015.

V. J. D. Barayuga and W. E. S. Yu, “Packet Level TCP Performance of NAT44, NAT64 and IPv6 Using Iperf in the Context of IPv6 Migration,” IT Convergence and Security (ICITCS), 2015 5th International Conference on, Kuala Lumpur, 2015, pp. 1-3. doi:10.1109/ICITCS.2015.7293006
Abstract: Current allocation rates suggest IPv4 exhaustion by approximately 2011. Hence, this paper will lead the way for the acceptance of Internet Protocol version 6 (IPv6) migration in the Philippines using a similar Network Address Translation (NAT) that there is an apparent means to be taken into consideration and NAT IPv6 to IPv4 (NAT64) can be a good choice for computer networks like the Philippines which is behind NAT44. This paper is a continuation of the previous paper to be published wherein it focused on the packet level UDP performance of NAT44, NAT64 and IPv6 while this paper is focused on the packet level TCP performance of NAT44, NAT64 and IPv6 using iperf. Therefore this paper concluded based on the packet level TCP results wherein overall performance revealed that IPv6 network and NAT64 network offered better performance against the NAT44 network in almost all of instances on the iperf generic TCP mode test. For time transfer, IPv6 had 26% less and NAT64 had 27% less where both executed the transfer in a lesser time compared to NAT44 networks having 45% which is longer than the results of the aforementioned networks. In the bandwidth utilization, it is presented that IPv6 network had 50% and NAT64 network had 33% offered better bandwidth utilization as compared to NAT44 network having 15%. IPv6 network had 43% which showed faster transfer rate along with NAT64 network which had 41% compared to the NAT44 network with only 15% transfer.
Keywords: computer networks; transport protocols; IPv6; IPv6 migration context; Internet protocol; Iperf; NAT44; NAT64; Philippines; computer networks; network address translation; packet level TCP performance; packet level UDP performance; time transfer; transport control protocol; user defined protocol; Bandwidth; Cities and towns; Computers; IP networks; Internet; Payloads; Protocols (ID#: 16-10724)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7293006&isnumber=7292885

V. Aghaei-Foroushani and A. N. Zincir-Heywood, “Deterministic Flow Marking for IPv6 Traceback (DFM6),” Network and Service Management (CNSM), 2015 11th International Conference on, Barcelona, 2015, pp. 270-273. doi:10.1109/CNSM.2015.7367370
Abstract: Although some security threats were taken into consideration in the IPv6 design, DDoS attacks still exist in the IPv6 networks. The main difficulty to counter the DDoS attacks is to trace the source of such attacks, as the attackers often use spoofed source IP addresses to hide their identity. This makes the IP traceback schemes very relevant to the security of the IPv6 networks. Given that most of the current IP traceback approaches are based on the IPv4, they are not suitable to be applied directly on the IPv6 networks. In this research, a modified version of the Deterministic Flow Marking (DFM) approach for the IPv6 networks, called DFM6, is presented. DFM6 embeds a fingerprint in only one packet of each flow to identify the origin of the IPv6 traffic traversing through the network. DFM6 requires only a small amount of marked packets to complete the process of traceback with high traceback rate and no false positives.
Keywords: IP networks; computer network security; DDoS attacks; DFM approach; DFM6; IP traceback approaches; IPv6 design; IPv6 networks; IPv6 traffic; deterministic flow marking approach; marked packets; security threats; spoofed source IP addresses; Computer crime; Data mining; Decoding; Encoding; Network interfaces; DDoS Attacks; Flow Based IP Traceback; IPv6; Network Security (ID#: 16-10725)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7367370&isnumber=7367318

T. Saraj, A. Hanan, M. S. Akbar, M. Yousaf, A. Qayyum, and M. Tufail, “IPv6 Tunneling Protocols: Mathematical and Testbed Setup Performance Analysis,” 2015 Conference on Information Assurance and Cyber Security (CIACS), Rawalpindi, 2015, pp. 62-68. doi:10.1109/CIACS.2015.7395568
Abstract: Unlike the early days of IPv6 deployment, the interest of enterprise organizations, research community and academia in IPv6 is increasing day-by-day. Presence of IPv6 in providers network is very limited and community is adopting alternate methods to experience the IPv6 communication. Tunneling protocols are used over Hybrid IPv4-IPv6 networks to provide end-to-end IPv6 connectivity. These protocols while providing solution for end-to-end IPv6 connectivity also introducing a bad experience of use of IPv6 due to the additional overhead of tunneling. In this paper, we analyze the most common tunneling protocols that are available to configure in most of the network device. Our analysis in this paper is based on mathematical and deployment on a testbed setup in LAN, CAN and MAN only. Further this activity covers the behavior of tunneling protocols with applications that use either TCP or UDP on top of tunneling protocols.
Keywords: IP networks; controller area networks; metropolitan area networks; protocols; CAN; IPv6; LAN; MAN; TCP; UDP; tunneling protocols; Performance analysis; Routing protocols; Servers; Throughput; Tunneling; Wide area networks; End-to-End Delay; Jitter; Overhead; RTT; Throughput; Tunnel; UDP (ID#: 16-10726)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7395568&isnumber=7395552

S. Debbarma and P. Debnath, “Internet Protocol Version 6 (IPv6) Extension Headers: Issues, Challenges and Mitigation,” Computing for Sustainable Global Development (INDIACom), 2015 2nd International Conference on, New Delhi, 2015, pp. 923-928. doi: (not provided)
Abstract: IPv6 extension headers allow for the extension of the IPv6 protocol and provides support for some core functionality such as IPv6 fragmentation. This paper is about the issues surrounding IPv6 Extension Headers and their use on the public Internet. More specifically, it summarize the issues associated with IPv6 EHs (performance, security, etc). To illustrate support of IPv6 EHs in the real world. Summarizes the implications of the filtering at the intermediately nodes.
Keywords: IP networks; Internet; IPv6 EH; IPv6 fragmentation; Internet protocol version 6 extension headers; core functionality; intermediately node filtering; public Internet; Authentication; Cryptography; IP networks; Payloads; Protocols; EHs; ESP; Extension Header; Fragmentation; IPv6; IoT; MTU; Security; Traffic class (ID#: 16-10727)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7100382&isnumber=7100186

F. Najjar and M. M. Kadhum, “Reliable Behavioral Dataset for IPv6 Neighbor Discovery Protocol Investigation,” IT Convergence and Security (ICITCS), 2015 5th International Conference on, Kuala Lumpur, 2015, pp. 1-5. doi:10.1109/ICITCS.2015.7293014
Abstract: Neighbor Discovery Protocol (NDP), which is the main supported protocol for IPv6, has some security issues due to its intuitive trust of every device inside the local area network. Securing NDP becomes an important research area as the Internet is deployed widely in public areas, such as airports, where the trust is not necessary between hosts, which may expose them to attacks. In addition, securing network from inside is necessary, particularly when security hierarchical exist between users. One of the major problems in conducting research on IPv6 security is the absence of a reliable dataset, which is essential in testing and evaluating the proposed solutions. This research develops a reliable dataset of IPv6 NDP by capturing the normal and abnormal behaviors of NDP using specific dependable tools. Reliable dataset helps to understand and distinguish between normal behavior and anomalies in IPv6 NDP.
Keywords: IP networks; computer network security; transport protocols; trusted computing; IPv6 NDP; IPv6 neighbor discovery protocol; IPv6 security; Internet; attacks; local area network; network security; reliable behavioral dataset; reliable dataset; security issues; trust; Intrusion detection; Local area networks; Protocols; Reliability (ID#: 16-10728)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7293014&isnumber=7292885

J. R. P. Sánchez, “Analysis of the Security IPv6 and Comparative Study Between Two Routing Protocols Oriented to IPv6,” Computer Aided System Engineering (APCASE), 2015 Asia-Pacific Conference on, Quito, 2015, pp. 374-379. doi:10.1109/APCASE.2015.73
Abstract: In the next years, IPv6 will inevitably replace the IPv4 protocol. Although, taking consciousness about technical details and aspects of security of this “new” protocol is still being poor in network administrators from different companies in the world. Many security attacks performed in IPv4, exploiting vulnerabilities in a certain network, are also feasible in IPv6. That is why we proposed to evaluate the response from two IPv6 protocols against security attacks. Designed and implemented two virtual networks conformed by routers and hosts. The first one was configured with OPSFv3 protocol and the second one with RIPng. I used server-client model, where clients share information with the server databases, interacting with the services. The implemented model network simulated a business environment, where each node connected to the network represented different branches and matrices that a company could have. Do different types of attacks to the network and then we measure the response from both, taking into consideration the following parameters: Availability, integrality and confidentiality. Statistical data of the tests, which helped us to have a better idea about how security operates in IPv6. These results could help as a source of information for network administrators, so they could know more details about security in IPv6.
Keywords: IP networks; computer network security; routing protocols; IPv6 security; OPSFv3 protocol; RIPng protocol; business environment; client-server system; data availability; data confidentiality; data integrality; routing protocols; Routing; Routing protocols; Security; Servers; Standards; Virtual private networks; IPv6; OSPFv3; RIPng; availability; confidentiality; denial of service; integrality (ID#: 16-10729)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7287049&isnumber=7286975

M. Panwar and A. Kumar, “Security for IoT: An Effective DTLS with Public Certificates,” Computer Engineering and Applications (ICACEA), 2015 International Conference on Advances in, Ghaziabad, 2015, pp. 163-166. doi:10.1109/ICACEA.2015.7164688
Abstract: The IoT (Internet of Things) is a scenario in which things, people, animal or any other object can be identified uniquely and have the ability to send or receive data over a network. With the IPV6 the address space has been increased enormously, favors allocation of IP address to a wide range of objects. In near future the number of things that would be connected to internet will be around 40 million. In this scenario it is expected that it will play a very vital role in business, data and social processes in which devices will interact among themselves and with the surrounding by interchanging information [5]. If this information carries sensitive data then security is an aspect that can never be ignored. This paper discusses some existing security mechanism for IoT and an effective DTLS mechanism that makes the DTLS security more robust by employing public certificates for authentication. We can use a Certificate authority that can give the digital certificates to both the client and server and can increase the effectiveness of this communication. This work aims to introduce a CA for the communication and to provide some results that can show its improved performance in contrast to the pre-shared key communication.
Keywords: IP networks; Internet of Things; computer network security; DTLS mechanism; DTLS security; IP address; IPV6; IoT security; authentication; interchanging information; public certificates; receive data; security mechanism; Authentication; Internet of things; Protocols; Public key; Servers; Certificate Authority (CA); Datagram Transport Layer Security (DTLS); Internet of Things (IoT) (ID#: 16-10730)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7164688&isnumber=7164643

J. L. Santos and R. Kantola, “Transition to IPv6 with Realm Gateway 64,” Communications (ICC), 2015 IEEE International Conference on, London, 2015, pp. 5614-5620. doi:10.1109/ICC.2015.7249217
Abstract: The IPv4 address space has been depleted and the usage of IPv6 is still very limited, however increasing. Smooth coexistence of IPv4 and IPv6 can support the development of the next generation Internet. During the transition there will be IPv4-only, IPv6-only and dual-stack hosts and network segments. This paper presents Realm Gateway 64 (RGW64) ? a solution for interconnecting heterogeneous network realms as defined by the IETF, which does not require changes in end-hosts. RGW64 relies on stateful DNS64/NAT64 translation and DNS resolution for establishing inbound connections. An analysis of the scalability and the security is also presented. The paper shows that RGW64 is suitable for operators who want to gradually migrate customer networks to IPv6 yet maintaining reachability with the IPv4 Internet.
Keywords: IP networks; Internet; next generation networks; DNS64; IETF; IPv4 Internet; IPv4-only; IPv6-only; NAT64; RGW64; Realm Gateway 64; dual-stack hosts; heterogeneous network; next generation Internet; Logic gates; Ports (Computers); Protocols; Security; Servers; IPv6 transition; IPv6 translation; NAT; Realm Gateway (ID#: 16-10731)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7249217&isnumber=7248285

T. Chen, H. Huang, Z. Chen, Y. Wu, and H. Jiang, “A Secure Routing Mechanism Against Wormhole Attack in IPv6-Based Wireless Sensor Networks,” Parallel Architectures, Algorithms and Programming (PAAP), 2015 Seventh International Symposium on, Nanjing, 2015, pp. 110-115. doi:10.1109/PAAP.2015.30
Abstract: The increasing popularity of wireless sensor networks and IPv6 technology is creating varieties of applications for wireless sensor networks based on IPv6. However, IPv6-based Wireless sensor networks are vulnerable to a harmful attack known as the wormhole attack, where a malicious node overhears data packet at one location and tunnels it to a colluding node, which replays it locally. This can have a negative influence on the routing mechanism by preventing nodes from discovering the normal routes. In this paper, we present a secure routing mechanism against wormhole attack in IPv6-based wireless sensor networks. The design of this routing mechanism can be divided into two phases -- wormhole detection and defense, which is based on the average distance per hop in the network and the TTL of IP header. Besides, our proposal does not require special hardware or high computation and storage capacity of the node, which is quite suitable for the resource-constrained IPv6-based wireless sensor networks. The simulation results show that our proposal is effective under the conditions of different network topology and wormhole parameters.
Keywords: IP networks; invasive software; telecommunication network routing; telecommunication security; wireless sensor networks; network topology; resource-constrained IPv6-based wireless sensor networks; routing mechanism security; wormhole attack; wormhole parameters; Encryption; Hardware; Network topology; Routing; Routing protocols; Wireless sensor networks; IPv6; Security; Wireless sensor networks(WSNs); Wormhole attack; Wormhole detection and defense (ID#: 16-10732)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7387310&isnumber=7387279

W. Liu, P. Ren, D. Sun, Y. Zhao, and K. Liu, “Study on Attacking and Defending Techniques in IPv6 Networks,” Digital Signal Processing (DSP), 2015 IEEE International Conference on, Singapore, 2015, pp. 48-53. doi:10.1109/ICDSP.2015.7251328
Abstract: Although widely deployed in recent years, the IPv6 protocols still have many security problems, especially the Man-In-The-Middle (MITM) Attack in IPv6 Local Area Network. This paper presents an IPv6 MITM Attack test system to help users aware the security risks, and then design a defending tool using DNSSEC to avoid session hijack attack in IPv6 Networks.
Keywords: IP networks; computer network security; local area networks; protocols; DNSSEC; IPv6 MITM attack; IPv6 local area network security; defending tool; man-in-the-middle attack; session hijack attack avoidance; Local area networks; Logic gates; Routing protocols; Security; Servers; Web sites; Attack Testing; IPv6; Man-In-The-Middle Attack; Security (ID#: 16-10733)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7251328&isnumber=7251315

S. Schindler, B. Schnor, and T. Scheffler, “Taming the IPv6 Address Space with Hyhoneydv6,” 2015 World Congress on Internet Security (WorldCIS), Dublin, 2015, pp. 113-118. doi:10.1109/WorldCIS.2015.7359425
Abstract: This paper presents a new hybrid honeypot architecture which focuses on the coverage of large IPv6 address spaces. Results from a 15-months darknet experiment verify that attackers and researchers utilise various approaches to scan wide and unforeseeable IPv6 address ranges which cannot be managed with current honeypot solutions. The huge IPv6 address space not only makes it hard for attackers to find target hosts, it also makes it difficult for a honeypot to get found by an attacker. We solve this challenge through the use of dynamically configured high-interaction honeypots that can cover large chunks of the IPv6 address space. A new proxy mechanism is used to transparently handover and forward traffic from low-to high-interaction honeypots on demand to provide the best possible service granularity. Measurements with our prototype implementation show that the proposed approach performs well on off-the-shelf hardware and has low maintenance costs.
Keywords: IP networks; mobility management (mobile radio); Hyhoneydv6; IPv6 address ranges; IPv6 address space; forward traffic; handover; honeypot solutions; hybrid honeypot architecture; maintenance costs; proxy mechanism; service granularity; Hardware; Internet; Operating systems; Protocols; Security; Virtual machining; Visualization; Honeypot Network Security; IPv6 (ID#: 16-10734)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7359425&isnumber=7359393

I. Halcu, G. Stamatescu, and V. Sgârciu, “Enabling Security on 6LoWPAN / IPv6 Wireless Sensor Networks,” Electronics, Computers and Artificial Intelligence (ECAI), 2015 7th International Conference on, Bucharest, 2015, pp. SSS-29-SSS-32. doi:10.1109/ECAI.2015.7301201
Abstract: The increasing interest in the development of open-source, IPv6 platforms for Wireless Sensor Networks (WSN) and the Internet of Things (IoT), offers a significant potential ubiquitous monitoring and control. The usage of IPv6 in WSNs enables the integration of sensing applications with the Internet. For relevant goals, we consider security should properly be addressed as an integral part of high-level layers of the protocol stack. This paper describes and evaluates the usage of new compressed 6LoWPAN security headers, with a focus on the link-layer. Leveraging the Contiki operating system for resource constrained devices, along with link-layer security sublayers and IPv6, helpful insight is achieved for evaluation and deployment.
Keywords: IP networks; operating systems (computers); personal area networks; public domain software; telecommunication security; ubiquitous computing; wireless sensor networks; 6LoWPAN security headers; Contiki operating system; IPv6 wireless sensor networks; WSN; link-layer; link-layer security sublayers; open-source development; resource constrained devices; ubiquitous control; ubiquitous monitoring; Encryption; IEEE 802.15 Standard; Memory management; Payloads; Protocols; Wireless sensor networks; 6LoWPAN; 802.15.4; LLSEC; Security; Wireless Sensor Networks (ID#: 16-10735)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301201&isnumber=7301133

A. Komal, “Performance Evaluation of Tunneling Mechanisms in IPv6 Transition: A Detailed Review,” Advances in Computing and Communication Engineering (ICACCE), 2015 Second International Conference on, Dehradun, 2015, pp. 144-149. doi:10.1109/ICACCE.2015.95
Abstract: It has been quite a long time since we heard of IPv4 address space depletion problem. Today new generation internet protocol, IPv6, has been adopted widely to fulfill the needs of rapidly growing internet population. Nonetheless, many organizations and Internet Service Providers (ISPs) still adhere to IPv4 infrastructure. The co-existence of IPV4 and IPV6 networks has contributed to copious issues related to successful communication between hosts. Internet Engineering Task Force (IETF) suggested numerous transition mechanisms (Dual Stack, Tunneling and Header Translation) to enable communication between hosts working on incompatible network layer protocols-IPv4 and IPv6. Tunneling mechanism enables seamless communication between dual stack nodes of IPV4 and IPv6 network clouds and hence it is widely implemented. This paper discusses various tunneling mechanisms as proposed by IETF with comparative assessment based on different criteria identified. It also addresses the security concerns related to them and evaluates their performance using simulation.
Keywords: IP networks; computer network performance evaluation; protocols; IETF; IPv4 infrastructure; IPv6 transition; ISP; Internet engineering task force; Internet service provider; network layer protocol; performance evaluation; tunneling mechanism; Internet; Ports (Computers); Relays; Routing; Security; Servers; Tunneling; Dual stack; Header Translation; IPv4; IPv6; ISATAP; ISPs; Tunneling; transition (ID#: 16-10736)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7306667&isnumber=7306547

S. Bobade and R. Goudar, “Secure Data Communication Using Protocol Steganography in IPv6,” Computing Communication Control and Automation (ICCUBEA), 2015 International Conference on, Pune, India, 2015, pp. 275-279. doi:10.1109/ICCUBEA.2015.59
Abstract: In secure data communication Network Security is important. Basically in cryptography Encryption is used for data security. Still attacker can attract towards encrypted data due to different form of data. so this limitation could overcome by using steganography. Steganography is the technique of information hiding. In steganography different carriers can be used for information hiding like image, audio, video, network protocols. Network steganography is a new approach for data hiding. In network steganography network layer protocol of TCP/IP suite are used for data hiding. In Network layer covert channels are used for data hiding. Covert channels violate security policies of the system. Covert channels are either used for steal the information or communicate secrete information overt a network. Covert channel in TCP, IPv4 are previously implemented and studied. IPv6 is a new generation protocol which slowly replaces IPv4 in future because IPv4 is rapidly running out. So there is need to examine security issues related IPv6 protocol. Covert channels are present in IPv6 protocol. 20 bit Flow label field of IPv6 protocol can be used as covert channel. RSA algorithm is used for data Encryption. Chaotic method used for data encoding. Secret data communication is possible in IPv6.
Keywords: IP networks; computer network security; cryptographic protocols ;data communication;steganography; transport protocols;IPv6 protocol; RSA algorithm; TCP/IP suite; chaotic method; cryptography encryption; data encoding; data encryption; data hiding; flow label field; information hiding; network layer covert channels; network security; network steganography network layer protocol; protocol steganography; secure data communication; security policy; Chaotic communication; Encoding; IP networks; Logistics; Protocols; Security; Chaos Theory; Covert channel; Network Security; Steganography; TCP/IP (ID#: 16-10737)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7155850&isnumber=7155781

J. Ullrich, P. Kieseberg, K. Krombholz, and E. Weippl, “On Reconnaissance with IPv6: A Pattern-Based Scanning Approach,” Availability, Reliability and Security (ARES), 2015 10th International Conference on, Toulouse, 2015, pp. 186-192. doi:10.1109/ARES.2015.48
Abstract: Today’s capability of fast Internet-wide scanning allows insights into the Internet ecosystem, but the on-going transition to the new Internet Protocol version 6 (IPv6) makes the approach of probing all possible addresses infeasible, even at current speeds of more than a million probes per second. As a consequence, the exploitation of frequent patterns has been proposed to reduce the search space. Current patterns are manually crafted and based on educated guesses of administrators. At the time of writing, their adequacy has not yet been evaluated. In this paper, we assess the idea of pattern-based scanning for the first time, and use an experimental set-up in combination with three real-world data sets. In addition, we developed a pattern-based algorithm that automatically discovers patterns in a sample and generates addresses for scanning based on its findings. Our experimental results confirm that pattern-based scanning is a promising approach for IPv6 reconnaissance, but also that currently known patterns are of limited benefit and are outperformed by our new algorithm. Our algorithm not only discovers more addresses, but also finds implicit patterns. Furthermore, it is more adaptable to future changes in IPv6 addressing and harder to mitigate than approaches with manually crafted patterns.
Keywords: IP networks; Internet; protocols; IPv6 addressing; IPv6 reconnaissance; Internet Protocol version 6; Internet ecosystem; Internet-wide scanning; pattern-based algorithm; pattern-based scanning approach; search space; Ports (Computers); Probes; Protocols; Reconnaissance; Servers; Standards; Addresses; IPv6; Network Security (ID#: 16-10738)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7299913&isnumber=7299862

L. Kypus, L. Vojtech and J. Hrad, “Security of ONS Service for Applications of the Internet of Things and Their Pilot Implementation in Academic Network,” Carpathian Control Conference (ICCC), 2015 16th International, Szilvasvarad, 2015, pp. 271-276. doi:10.1109/CarpathianCC.2015.7145087
Abstract: The aim of the Object name services (ONS) project was to find a robust and stable way of automated communication to utilize name and directory services to support radio-frequency identification (RFID) ecosystem, mainly in the way that can leverage open source and standardized services and capability to be secured. All this work contributed to the new RFID services and Internet of Things (IoT) heterogeneous environments capabilities presentation. There is an increasing demand of transferred data volumes associated with each and every IP or non-IP discoverable objects. For example RFID tagged objects and sensors, as well as the need to bridge remaining communication compatibility issues between these two independent worlds. RFID and IoT ecosystems require sensitive implementation of security approaches and methods. There are still significant risks associated with their operations due to the content nature. One of the reasons of past failures could be lack of security as the integral part of design of each particular product, which is supposed to build ONS systems. Although we focused mainly on the availability and confidentiality concerns in this paper, there are still some remaining areas to be researched. We tried to identify the hardening impact by metrics evaluating operational status, resiliency, responsiveness and performance of managed ONS solution design. Design of redundant and hardened testing environment under tests brought us the visibility into the assurance of the internal communication security and showed behavior under the load of the components in such complex information service, with respect to an overall quality of the delivered ONS service.
Keywords: Internet of Things; radiofrequency identification; telecommunication security; ONS service; RFID; academic network; object name services; radio-frequency identification; Operating systems; Protocols; Radiofrequency identification; Security; Servers; Standards; Virtual private networks; IPv6;  ONS; security hardening (ID#: 16-10739)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7145087&isnumber=7145033

J. L. Shah and J. Parvez, “Impact of IPSec on Real Time Applications in IPv6 and 6to4 Tunneled Migration Network,” Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015 International Conference on, Coimbatore, 2015, pp. 1-6. doi:10.1109/ICIIECS.2015.7193114
Abstract: IPSec is the amalgam of protocols dispensing security in IP networks. It has been the rudimentary security component in IPv4 and IPv6 networks providing for data authentication, integrity and confidentiality. Earlier security was not embedded at the IP level however with emergence of large scale public and corporate internets, the user data became vulnerable to malicious activities like privacy attacks and thefts. To mitigate this and secure network traffic, IETF introduced IPSec for robust network communications. IPSec is a framework that provides sublime options for encryption and authentication of data packets. IPSec architecture provides a flexible and agile approach for securing network traffic. Initially IPSec was introduced as an additional component in IPv4, but in next generation internet protocol IPv6, it’s an inbuilt component implemented as a part of extension header. Although IPSec is the panacea for securing IP protocol, its implementation and management is unequivocally complex in nature. The implementation involves key management and exchange through IKE, protocol negotiations and establishment of security associations which can significantly decrease performance and degrade IP communication. This fact has a significant impact on real time communication. This paper makes an empirical investigation of the parameters that are affected by implementation of IPSec in IPv6 and 6 to 4 Tunneled Migration Networks. The investigation is significant and evaluates about the performance decay that is encountered by incorporating security. The simulation approach is used and measurements are performed in OPNET Simulator ver. 14.5.
Keywords: IP networks; computer network management; computer network security; cryptographic protocols; data integrity; next generation networks; telecommunication traffic; 6to4 tunneled migration network; IETF; IKE; IP protocol management; IPSec; IPv6 tunneled migration network security; OPNET Simulator ver. 14.5; data authentication; data confidentiality; data integrity; data packet encryption; key management; malicious activity; network traffic security; next generation Internet protocol; protocol negotiation; Authentication; Delays; Encryption; Internet; Protocols; 6to4; IPv4; IPv6; OPNET (ID#: 16-10740)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7193114&isnumber=7192777

F. Januário, A. Santos, L. Palma, A. Cardoso, and P. Gil, “A Distributed Multi-Agent Approach for Resilient Supervision over a IPv6 WSAN Infrastructure,” Industrial Technology (ICIT), 2015 IEEE International Conference on, Seville, 2015, pp. 1802-1807. doi:10.1109/ICIT.2015.7125358
Abstract: Wireless Sensor and Actuator Networks has become an important area of research. They can provide flexibility, low operational and maintenance costs and they are inherently scalable. In the realm of Internet of Things the majority of devices is able to communicate with one another, and in some cases they can be deployed with an IP address. This feature is undoubtedly very beneficial in wireless sensor and actuator networks applications, such as monitoring and control systems. However, this kind of communication infrastructure is rather challenging as it can compromise the overall system performance due to several factors, namely outliers, intermittent communication breakdown or security issues. In order to improve the overall resilience of the system, this work proposes a distributed hierarchical multi-agent architecture implemented over a IPv6 communication infrastructure. The Contiki Operating System and RPL routing protocol were used together to provide a IPv6 based communication between nodes and an external network. Experimental results collected from a laboratory IPv6 based WSAN test-bed, show the relevance and benefits of the proposed methodology to cope with communication loss between nodes and the server.
Keywords: Internet of Things; multi-agent systems; routing protocols; wireless sensor networks; Contiki operating system; IP address; IPv6 WSAN infrastructure; IPv6 communication infrastructure; RPL routing protocol; distributed hierarchical multiagent architecture; distributed multiagent approach; external network; intermittent communication; resilient supervision; wireless sensor and actuator networks; Actuators; Electric breakdown; Monitoring; Peer-to-peer computing; Routing protocols; Security (ID#: 16-10741)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7125358&isnumber=7125066

R. Ghafouri, A. Ashrafi, and B. V. Vahdat, “Security Consideration of Migration to IPv6 with NAT (Network Address Translation) Methods,” Electrical Engineering (ICEE), 2015 23rd Iranian Conference on, Tehran, 2015, pp. 746-749. doi:10.1109/IranianCEE.2015.7146312
Abstract: However, the idea of the IPv6 comes from 1990s, but motion towards IPv6 carries out slowly. IPv6 is used in some companies but it has not been used all over the world yet. As a result, these companies are like islands in IPv4 oceans that it is needed to connect these islands with other islands & oceans. To connect these islands with each other, there are three methods: 1. Dual stack 2. NAT 3. Tunneling In this article; first of all, introduced attacks and then after analyzing these attacks. Vulnerability towards migration with NAT method comes out and finally security ways apply for each Vulnerabilities.
Keywords: IP networks; computer network security; IPv6; NAT; dual stack; network address translation method; security attack; tunneling; Conferences; Decision support systems; Electrical engineering; Attack; Migration; Threat; Vulnerability; security (ID#: 16-10742)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7146312&isnumber=7146167

G. B. Satrya, R. L. Chandra and F. A. Yulianto, “The Detection of DDOS Flooding Attack Using Hybrid Analysis in IPv6 Networks,” Information and Communication Technology (ICoICT ), 2015 3rd International Conference on, Nusa Dua, 2015, pp. 240-244. doi:10.1109/ICoICT.2015.7231429
Abstract: DDOS attack is very popular used by attacker to disrupt a computer network. The evolution of attack and the increase of vulnerable hosts on the Internet, have made its improvement more varied and difficult to be detected in real time. Today’s popular IP protocol development is IPv6. IPv6 provides a new technology including vulnerabilities and allows the attacker to attack the system. This issue may be the obstacle to make a DDOS attack detection algorithm more efficient and accurate. Due to that fact, this paper will discuss the development of prototype to detect DDOS attack using source addresses analytical methods and analysis of network flow. This prototype can detect DDOS attacks on IPv6 with 85% accuracy for the most severe test scenarios. For the detection time, the prototype can recognize DDOS within 2 minutes 56 seconds.
Keywords: IP networks; computer network security; DDOS flooding attack detection; Distributed Denial of Service flooding attack detection; IPv6 network; Internet; computer network; network flow analysis; source addresses analytical method; Computer crime; Floods; IP networks; Protocols; Prototypes; DDOS detection; IPv6; hybrid; network flow; source address analysis (ID#: 16-10743)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7231429&isnumber=7231384

C. Matthias, S. Kris, B. An, S. Ruben, M. Nele, and A. Kris, “Study on Impact of Adding Security in a 6LoWPAN Based Network,” Communications and Network Security (CNS), 2015 IEEE Conference on, Florence, 2015, pp. 577-584. doi:10.1109/CNS.2015.7346871
Abstract: 6LoWPAN, a technology for allowing the deployment of IPv6 on Low Power and Lossy Networks enables interoperability and user-friendliness when establishing applications related to the highly popular trend of Internet of Things. In this paper, we investigate the impact of including a low cost security solution into the communication scheme on latency, power and memory requirements. The measurements demonstrate that this impact is acceptable for most applications. They also show that the impact drastically decreases when the number of transmitted messages decreases or the number of hops increases.
Keywords: IP networks; computer network security; 6LoWPAN; IPv6; Internet of Things; low cost security solution; Cryptography; IEEE 802.15 Standard; Internet; Protocols; Servers; Wireless Sensor and Actuator Network; energy consumption; latency; security (ID#: 16-10744)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346871&isnumber=7346791

C. Y. Liu, F. Y. Leu, I. You, A. Castiglione, and F. Palmieri, “The Untrusted Handover Security of the S-PMIPv6 on LTE-A,” Computer Communications Workshops (INFOCOM WKSHPS), 2015 IEEE Conference on, Hong Kong, 2015, pp. 161-166. doi:10.1109/INFCOMW.2015.7179378
Abstract: In this paper, we propose a secure scheme, named the Digital-Signature-based Authentication Method (DiSAM for short), in which two authentication methods, called Homogeneous Network Authentication (HoNA for short) and Untrusted Network Authentication (UNA for short), are proposed to enhance the security of the LTE-A on F-PMIPv6 handover. In the HoNA, when UE enters a network, it obtains its representative identify (RI for short) as the user’s digital signature, and reuses the code for the later authentications. The purpose is to avoid redundantly performing the whole authentication procedure once UE hands over to the next eNB, thus dramatically lowering the LTE-A’s handover delay without scarifying its original security level. Due to creating a special authentication parameter, which contains KASME, the HoNA is suitable for a homogeneous environment provided by the same 4G operator. In the UNA, the MME which is now serving UE, denoted by MME 1, will predict the next eNB/base station (BS) through the assistance of ANDSF. The next eNB/BS can be heterogeneous to the eNB/BS currently serving UE. After that, MME 1 sends an Authentication Request message to the next eNB/BS’s HSS, e.g., HSS 2. HSS 2 will request the HSS of UE’s home network, e.g., HSS 0, to authenticate UE. When successful, HSS 2 notifies its MME, e.g., MME 2 which will allow the UE to access its network resources. Of course, the UNA can also be applied to a homogeneous handover if the two systems before and after handover are untrusted.
Keywords: 4G mobile communication; IP networks; Long Term Evolution; digital signatures; mobile computing; mobility management (mobile radio); telecommunication security; 4G operator; ANDSF; DiSAM; F-PMIPv6 handover; HSS 2; HoNA; KASME; LTE-A handover delay; Long Term Evolution-Advanced; MME 1; MME 2; S-PMIPv6; UNA; authentication procedure; authentication request message; digital-signature-based authentication method; homogeneous handover; homogeneous network authentication; network resources; next eNB-base station; untrusted handover security; untrusted network authentication; user digital signature; Authentication; Databases; Handover; Protocols; IPv6; LTE-A; SCTP; Security; authentication (ID#: 16-10745)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7179378&isnumber=7179273

M. Verovko, O. Verovko, V. Kazymyr, J. N. Davies, and V. Grout, “Performance Concerns When Implementing Infrastructure Security in IPv4/IPv6 Networks,” Internet Technologies and Applications (ITA), 2015, Wrexham, 2015, pp. 186-191. doi:10.1109/ITechA.2015.7317393
Abstract: Internet Service Providers (ISPs) throughout the world are beginning the rollout of IPv6 networks to cater for the increase in the number of devices connected to the Internet. Without the use of this technology the internet would not be able grow at the present rate. Network security has become a very important function of the network infrastructure since it has the ability to limit the packets that can be passed. This functionality is usually implemented as an Access Control List (ACL) within a router. ACLs are created from rules that specify the action to be taken for any packet which is tested and matched against it. Rules are put together to form an ordered. If a match is made on a particular rule the packet is either permitted or denied and no further rules are evaluated. This paper investigates the effect on the delays through a router when ACLs are implemented using an IPv6 addressing scheme. With the increase in the bandwidth of networks the delays through networking equipment can become significant and so this is the main area of research. A comparison is made with similar ACLs implemented in an IPv4 and IPv6 network. Additionally the tests are repeated using an IPv6-IPv4-IPv6 Tunnel to compare the delays with the previous results. To eliminate the uncertainties related to the internet performance a set of experiments were conducted on a laboratory network ensuring that the comparisons are consistent.
Keywords: IP networks; Internet; authorisation; computer network performance evaluation; computer network security; telecommunication network routing; ACL; IPv4-IPv6 networks; IPv6 addressing scheme; IPv6-IPv4-IPv6 tunnel; ISPs; Internet service providers; access control list; infrastructure security; network infrastructure; network security; networking equipment; router; Legged locomotion; Logic gates; Access Control Lists (ACL); IPv4; IPv4 address exhaustion; IPv6; Internet Protocol; Network Security; Tunnels (ID#: 16-10746)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7317393&isnumber=7317353

S. Varakliotis, P. T. Kirstein, and G. Deiana, “The Use of Handle to Aid IoT Security,” Communications (ICC), 2015 IEEE International Conference on, London, 2015, pp. 542-548. doi:10.1109/ICC.2015.7248378
Abstract: This paper describes how the use of Identifiers with an appropriate system of identifier storage, registration and identifier resolution can greatly extend the flexibility of a system dealing with IoT. The features of the CNRI Handle system are shown to match well the requirements of such a IoT system. We have validated our thesis, by applying the system to a smart office environment, and shown how the properties of the IoT devices can be stored securely in a Handle repository including the characteristics of the device, network addresses and security attributes. We have concentrated on the security functionality combined with IPv6 infrastructure and the relevant Internet protocols.
Keywords: IP networks; Internet of Things; computer network security; CNRI handle system; IPv6 infrastructure; Internet protocol; IoT device; IoT system security; handle repository; identifier registration; identifier resolution; identifier storage; smart office environment; Authentication; Authorization; Buildings; Internet; Protocols; Servers; CoAP; DTLS; Digital Object Architecture; Handle System; IPv6; IoT security (ID#: 16-10747)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7248378&isnumber=7248285

Sun Meng and W. Xingwei, “Secure Email System Based on True IPv6 Address Access,” Fuzzy Systems and Knowledge Discovery (FSKD), 2015 12th International Conference on, Zhangjiajie, 2015, pp. 2180-2184. doi:10.1109/FSKD.2015.7382290
Abstract: Network security problems still exist when IPv4 transfers to IPv6. The current Email framework neither authenticates the sender nor traces the source of the mail, so even find a spam, the method is just to reject the mail or insert the mail source into “blacklist”, and both of these methods can’t deracinate the generation of spam. For this reason, this paper designs secure email system based on true IPv6 address access. It divides the authentication to inter-domain and intra-domain authentication. Inter-domain authentication is used to authenticate the mail sender’s domain. It combines path-based authentication, encryption-based authentication and trust and prestige system-based authentication methods in order to support both mail forwarding and mail list. Authentication efficiency can be further improved by organizing authentication order properly. Intra-domain is used to affirm the sender’s IP address which is used to trace the sender. It supports user to move by combining the fixed and changing IP address. After testing, this system is both feasible and effective.
Keywords: IP networks; computer network security; cryptography; unsolicited e-mail; IPv4 transfers; authentication order properly; encryption-based authentication; interdomain authentication; intradomain authentication; mail forwarding; mail list; mail sender domain; network security problem; path-based authentication; prestige system-based authentication method; secure email system; true IPv6 address access; trust system-based authentication method; Authentication; Cryptography; Electronic mail; Postal services; Protocols; Servers; Email; Encryption-based authentication; IPv6; Path-based authentication; Trust and prestige-based authentication (ID#: 16-10748)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7382290&isnumber=7381900

A. S. Ahmed, R. Hassan, and N. E. Othman, “Improving Security for IPv6 Neighbor Discovery,” Electrical Engineering and Informatics (ICEEI), 2015 International Conference on, Denpasar, 2015, pp. 271-274. doi:10.1109/ICEEI.2015.7352509
Abstract: For a successful communication in a LAN network Internet Protocol version 4 (IPv4) has to identify Machine Code Address (MAC) of the target host which was possible via using Address Resolution Protocol (ARP). This is improved in IPv6 in which nodes uses Neighbor Discovery Protocol (NDP) to access MAC address of other nodes. In addition to this it enables accessibility to routers and reachability of information on paths to active neighbor discovery. When NDP was initially defined, there was a belief that the local link would be made up of mutually trusting nodes. On the contrary, this has been rectified in wireless connection of networks in which the situation has radically changed. The lack of authorization and vulnerability to various attacks, various mechanisms have been implemented to counter this effect. These mechanisms are of two types which are Secured Neighbor Discovery Protocol (SEND) and Internet Protocol Security (IPSec). A keen interest is taken to analyze this mechanisms showing how it works including the shortcoming of each and various recommendations. Also we analyze each of NDP attacks in details, define the requirements to mitigate each of them and proposed a conceptual model layout in order to secure NDP.
Keywords: Internet; authorisation; computer network security; local area networks; protocols; trusted computing; ARP; IPSec; IPv6; IPv6 neighbor discovery security; Internet protocol security; LAN network Internet protocol version 4; MAC; NDP attacks; SEND; address resolution protocol; conceptual model layout; machine code address; neighbor discovery protocol; secured neighbor discovery protocol; wireless network connection; Authorization; Computer crime; Internet; Peer-to-peer computing; Routing protocols; NDP; NS; RS (ID#: 16-10749)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7352509&isnumber=7352453

Y. Hong, Y. Choi, M. Shin, and J. Youn, “Analysis of Design Space and Use Case in IPv6 over NFC for Resource-Constrained IoT Devices,” Information and Communication Technology Convergence (ICTC), 2015 International Conference on, Jeju, 2015, pp. 1009-1012. doi:10.1109/ICTC.2015.7354725
Abstract: This paper describes the characteristics of link layer technologies that are used at constrained node networks and typical use cases of IPv6 over networks of resource-constrained nodes. In addition to IEEE 802.15.4, various link layer technologies such as BLE, Z-wave, DECT-ULE, MS/TP, and NFC are widely used at constrained node networks for typical services. Based on these link layer technologies, IPv6 over networks of resource-constrained nodes has various and practical use cases. To efficiently implement typical IoT services, a typical use case and consideration of several design spaces in IPv6 over NFC are described.
Keywords: IP networks; Internet of Things; Zigbee; near-field communication; radio links; IEEE 802.15.4 various link layer technology; IPv6; NFC; constrained node network; design space analysis; resource-constrained IoT device; Bluetooth; Network topology; Quality of service; Reliability; Security; Synchronization; Topology; 6lo; IoT; resource-constrained node (ID#: 16-10750)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7354725&isnumber=7354472

S. U. Rehman and S. Manickam, “Rule-Based Mechanism to Detect Denial of Service (DoS) Attacks on Duplicate Address Detection Process in IPv6 Link Local Communication,” Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), 2015 4th International Conference on, Noida, India, 2015, pp. 1-6. doi:10.1109/ICRITO.2015.7359243
Abstract: Internet Protocol version 6 (IPv6) is currently being deployed progressively around the world and soon will become the de facto IP communication standard. Nevertheless, due to the nature of the protocol design of IPv6, it has brought about various security issues. One of the security issues relates to leveraging the vulnerability that exists in the way Duplicate Address Detection (DAD) process is carried out leading to Denial or Service (DoS) attacks. Such attacks can render the whole network non-functional. Several mechanisms have been introduced to detect this attack. Nevertheless, these mechanisms had some drawbacks. In this paper, we propose a new mechanism that uses rule-based approach that is able to address the shortcomings of existing mechanisms with improved accuracy and performance.
Keywords: Address autoconfiguration; DAD; DoS; IPv6 Security; Intrusion Detection; Neighbor Discovery (ID#: 16-10751)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7359243&isnumber=7359191

S. Ziegler, A. Skarmeta, P. Kirstein and L. Ladid, “Evaluation and Recommendations on IPv6 for the Internet of Things,” Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on, Milan, 2015, pp. 548-552. doi:10.1109/WF-IoT.2015.7389113
Abstract: This article presents some key achievements and recommendations from the IoT6 European research project on IPv6 exploitation for the Internet of Things (IoT). It highlights the potential of IPv6 to support the integration of a global IoT deployment including legacy systems by overcoming horizontal fragmentation as well as more direct vertical integration between communicating devices and the cloud.
Keywords: Internet of Things; cloud computing; service-oriented architecture; software maintenance; IPv6 exploitation; IoT6 European research project; legacy systems; Europe; Interoperability; Object recognition; Protocols; Routing; Security; Standards; 6LoWPAN; CoAP; IPv6; Machine-to-Machine; addressing; integration; interoperability; scalability (ID#: 16-10752)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7389113&isnumber=7389012

Y. Qiu and M. Ma, “An Authentication and Key Establishment Scheme to Enhance Security for M2M in 6LoWPANs,” Communication Workshop (ICCW), 2015 IEEE International Conference on, London, 2015, pp. 2671-2676. doi:10.1109/ICCW.2015.7247582
Abstract: With the rapid development of wireless communication technologies, machine-to-machine (M2M) communications, which is an essential part of the Internet of Things (IoT), allows wireless and wired systems to monitor environments without human intervention. To extend the use of M2M applications, the standard of Internet Protocol version 6 (IPv6) over Low power Wireless Personal Area Networks (6LoWPAN), developed by The Internet Engineering Task Force (IETF), would be applied into M2M communication to enable IP-based M2M sensing devices to connect to the open Internet. Although the 6LoWPAN standard has specified important issues in the communication, security functionalities at different protocol layers have not been detailed. In this paper, we propose an enhanced authentication and key establishment scheme for 6LoWPAN networks in M2M communications. The security proof by the Protocol Composition Logic (PCL) and the formal verification by the Simple Promela Interpreter (SPIN) show that the proposed scheme in 6LoWPAN could enhance the security functionality with the ability to prevent malicious attacks such as replay attacks, man-in-the-middle attacks, impersonation attacks, Sybil attacks, and etc.
Keywords: Internet; Internet of Things; cryptographic protocols; personal area networks; transport protocols; 6LoWPAN; IETF; IPv6; Internet engineering task force; Internet protocol version 6; IoT; M2M communication; PCL; SPIN; authentication scheme; key establishment scheme; low power wireless personal area network; machine-to-machine communication; protocol composition logic; protocol layer; security enhancement; simple Promela interpreter; wireless communication technology; Authentication; Cryptography; Internet of things; Protocols; Servers; M2M (ID#: 16-10753)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7247582&isnumber=7247062

S. Narayan, R. Gupta, A. Kumar, S. Ishrar, and Z. Khan, “Cyber Security Attacks on Network with Transition Mechanisms,” 2015 International Conference on Computing and Network Communications (CoCoNet), Trivandrum, 2015, pp. 163-169. doi:10.1109/CoCoNet.2015.7411182
Abstract: Cyber security is a big part of the Internet nowadays. There are cyber-attacks happening around the world right this very moment. Attacker mainly target national or corporate organizations and use cyber-attacks to attack and penetrate their network, which include the server, routers and computers. Transition mechanisms such as NAT64, 6to4, 4to6, 4in6, 6rd, Dual Stack and ISATAP were developed by Internet Engineering Task Force (IETF) to establish communication between IPv4 and IPv6 standards. There has not been much research done in the past to show how secure these transition mechanism are. This paper shows the performance and comparison between 4to6 transition mechanism and 6to4 transition mechanism when attacked by various cyber-attacks such as the Nmap, Zenmap, Smurf6 and flood router6. This paper also compares how both the transition mechanisms perform when Virtual Private Network (VPN) such as PPTP and IPsec are configured and the different cyber-attacks are executed. The average values of UDP and TCP delay and jitter for each of the tests that was performed are shown in the graphs.
Keywords: IP networks; Internet; computer network security; transport protocols; virtual private networks;4to6 transition mechanism; 6to4 transition mechanism; IETF; IPv4 standard; IPv6 standard; Internet Engineering Task Force; TCP delay; UDP; VPN; cyber security attack; jitter; virtual private network; Computer crime; Computers; Internet; Protocols; Standards; Virtual private networks; 4to6; 6to4; Cyber-attacks; IPsec; PPTP; VPN; performance evaluation; transition mechanism (ID#: 16-10754)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7411182&isnumber=7411155

W. Lee, M. Noh, B. Cho, T. Kim, and H. Kim, “Designing of Healthcare Information Network Using IPv6 Cloud Networks,” IT Convergence and Security (ICITCS), 2015 5th International Conference on, Kuala Lumpur, 2015, pp. 1-3. doi:10.1109/ICITCS.2015.7292969
Abstract: Information networks have emerged a major research area in the interest of healthcare. There are several applications in the R&D field of healthcare. Healthcare Network must ensure the reliability and efficiency because it transfer data of health. We consider distributed cloud systems, which deploy IPv6 and agents that are geographically distributed over a large number of locations in a wide-area network. In this article, we also argue for a healthcare information management model that provides higher-level connectivity and logical network abstraction that are integral parts of wellness applications.
Keywords: cloud computing; health care; medical information systems; research and development; wide area networks; IPv6 cloud networks; Internet protocol; distributed cloud systems; healthcare R-and-D field; healthcare information management model; healthcare information network; research and development; wellness applications; wide-area network; Connectors; IP networks; Measurement; Medical services; Monitoring; Tunneling; Visual databases (ID#: 16-10755)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7292969&isnumber=7292885

Bingqing Luo, Suning Tang, and Zhixin Sun, “Research of Neighbor Discovery for IPv6 over Low-Power Wireless Personal Area Networks,” Heterogeneous Networking for Quality, Reliability, Security and Robustness (QSHINE), 2015 11th International Conference on, Taipei, 2015, pp. 233-238. doi: (not provided)
Abstract: The Ipv6 neighbor discovery protocol is unable to meet the networking and address configuration requirements of the nodes in the wireless sensor network (WSN). To address this problem, the 6lowpan network architecture is presented in this paper, and based on the architecture, a method for configuring addresses of the 6lowpan nodes and a basic process for interaction during neighbor discovery are proposed. A context management and distributing strategy is also proposed to expanded 6lowpan domain, providing an approach to the standard protocol RFC6775. Simulation results show that the proposed 6lowpan neighbor discovery protocol is highly feasible and effective.
Keywords: IP networks; personal area networks; protocols; telecommunication power management; wireless sensor networks;Ipv6 neighbor discovery protocol; WSN; configuration requirements; low power wireless personal area networks; neighbor discovery; wireless sensor network; Context; Logic gates; Routing protocols; Standards; Synchronization; Wireless sensor networks; 6LoWPAN; address configuration; context; header compression; neighbor discovery (ID#: 16-10756)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7332574&isnumber=7332527

M. Udhayamoorthi, S. Karthik, C. Senthilkumar, K. S. Mohan, and P. S. Dinesh, “Enhanced Designing of Network Using IPv6 Protocol and Enabling HSRP for Redundancy,” Soft-Computing and Networks Security (ICSNS), 2015 International Conference on, Coimbatore, 2015, pp. 1-5. doi:10.1109/ICSNS.2015.7292431
Abstract: This project involves finding out a solution through implementation of HSRP (Hot Standby Routing Protocol) which gives robustness to the network and allows load sharing between links. HSRP is a routing protocol used to find out an alternate route to forward a packet to the destination network. Two routers connected to the same network are required to initiate HSRP. To enable HSRP, a dynamic routing protocol called OSPF (Open Shortest Path First) is used. OSPF is based on link state routing algorithm. OSPF selects the best routes by finding the lowest cost path to a destination. OSPF routes IP packets based solely on the destination IP address found in the IP packet header. Whenever OSPF needs to perform its functions, it should transmit certain packets. The main objective of this project is to deliver the packets between the nodes consistently in ipv6 network by using HSRP, to increase the network performance by enabling HSRP and to enhance the auto-redundancy, reliability, and efficiency.
Keywords: IP networks; routing protocols; telecommunication network reliability; HSRP; IP packet header; IP packets; IPv6 protocol; OSPF dynamic routing protocol; destination IP address; hot standby routing protocol; link state routing algorithm; load sharing; open shortest path first; redundancy; reliability; Communication networks; Information technology; Routing; Routing protocols; Security; Convergence; Loops; Metrics; OSPF networks; RIP  (ID#: 16-10757)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7292431&isnumber=7292366

S. Park and Y. Kwon, “Enhanced Scheme for Improving of TCP Performance on Handover in Mobile IPv6 Networks,” Information Science and Security (ICISS), 2015 2nd International Conference on, Seoul, 2015, pp. 1-4. doi:10.1109/ICISSEC.2015.7370999
Abstract: In the TCP over Mobile IPv6 (MIPv6) Networks, TCP responds to losses such as high bit errors and handovers by invoking congestion control and avoidance algorithms. In this paper we propose new handover notification algorithm scheme that is to send an explicit handover notification message to the source host from mobile host when occurring to handover. Upon receipt of explicit handover notification, the source host enters persist mode. This way, data transmissions at the source host during handover are frozen. In numerical result, proposed algorithm scheme provides a little performance improvement compared with general TCP method, and expects to greater performance improvements while having frequent handover in MIPv6 Networks.
Keywords: IP networks; mobile radio; mobility management (mobile radio); telecommunication congestion control; transport protocols; TCP; congestion avoidance; congestion control; handover notification message; mobile IPv6 networks; mobile host; source host; Handover; Loss measurement; Mobile communication; Mobile computing; Protocols; Wireless networks (ID#: 16-10758)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7370999&isnumber=7370954

R. Liu, “Research on IPV6-Based Computer Crime Evidence Dynamic Forensics Technology,” Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on, Gwalior, 2015, pp. 720-724. doi:10.1109/CSNT.2015.201
Abstract: Computer crime is a kind of high-tech crime, it is intelligent and hidden and the traditional internet security technologies cannot be survived with. Therefore, relevant laws and regulations need to be establishing and people’s security awareness should be enhance as soon as possible. This is how computer forensics comes is born. Computer forensics is a combination of technologies including obtaining, conserving, analyzing and presenting the electronic evidence. The main goal is to excavate and collect electronic evidences. Tests shows results can effectively complete the supervision of target host computer, collect electric evidence and safely transfer target data, and the original design goal is realized.
Keywords: IP networks; Internet; computer crime; computer network security; digital forensics; IPv6-based computer crime evidence dynamic forensics technology; Internet security technology; electronic evidence collection; electronic evidence excavation; high-tech crime; target host computer supervision; Computer networks; Databases; Education; Information services; Law; Security; Computer crime; Computer forensics; realized (ID#: 16-10759)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7280013&isnumber=7279856

N. C. Arjuman and S. Manickam, “A Review on ICMPv6 Vulnerabilities and its Mitigation Techniques: Classification and Art,” Computer, Communications, and Control Technology (I4CT), 2015 International Conference on, Kuching, 2015, pp. 323-327. doi:10.1109/I4CT.2015.7219590
Abstract: In IPv4, ICMP was used for error reporting and flow control management among others. Due to lack of security consideration in the design of ICMPv4 protocol leading to numerous vulnerabilities, this has led to exploitation and attacks on a particular network. IPv6 is a new protocol introduced to replace IPv4 in order to circumvent IP address depletion. ICMPv6 now has expanded role, so security measures introduced in ICMPv4 are no longer sufficient to address the security issues potentially inherent in ICMPv6. This paper will review the vulnerabilities and exploitation of ICMPv6. The existing mitigation techniques and approaches used to address these vulnerabilities will also be reviewed to an extent.
Keywords: IP networks; computer network management; computer network security; ICMPv6 vulnerabilities; IP address depletion; IPv6; error reporting; flow control management; mitigation techniques; security consideration; Data structures; Filtering; Internet; Logic gates; Protocols; Security; ICMPv6; Mitigation; Review; Security (ID#: 16-10760)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7219590&isnumber=7219513

I. Coonjah, P. C. Catherine, and K. M. S. Soyjaudah, “6to4 Tunneling Framework Using OpenSSH,” Computing, Communication and Security (ICCCS), 2015 International Conference on, Pamplemousses, 2015, pp. 1-4. doi:10.1109/CCCS.2015.7374134
Abstract: 6to4 tunneling enables IPv6 hosts and routers to connect with other IPv6 hosts and routers over the existing IPv4Internet. The main purpose of IPv6 tunneling is to maintain compatibility with large existing base of IPv4 hosts and routers. OpenSSH VPN tunneling is said to have limitations with numerous IPv6 clients and therefore it is advisable to use OpenVPN. To the best knowledge of the authors, this is the first reported successful implementation of 6to4 tunneling over OpenSSH with more than one client. This proof-of-concept positions OpenSSH therefore as a potential alternative to conventional VPNs.
Keywords: IP networks; cryptographic protocols; virtual private networks; 6to4 tunneling; IPv4Internet; IPv6 tunneling; OpenSSH VPN tunneling; OpenSSH protocol; OpenVPN; open secure shell protocol; traffic encryption; virtual private network; Internet; Protocols; Security; Servers; Tunneling; Virtual private networks; IPV6; OpenSSH; VPN (ID#: 16-10761)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7374134&isnumber=7374113

P. Pongle and G. Chavan, “A Survey: Attacks on RPL and 6LoWPAN in IoT,” Pervasive Computing (ICPC), 2015 International Conference on, Pune, 2015, pp. 1-6. doi:10.1109/PERVASIVE.2015.7087034
Abstract: 6LoWPAN (IPv6 over Low-Power Wireless Personal Area Networks) standard allows heavily constrained devices to connect to IPv6 networks. 6LoWPAN is novel IPv6 header compression protocol, it may go easily under attack. Internet of Things consist of devices which are limited in resource like battery powered, memory and processing capability etc. for this a new network layer routing protocol is designed called RPL (Routing Protocol for low power Lossy network). RPL is light weight protocol and doesn’t have the functionality like of traditional routing protocols. This rank based routing protocol may goes under attack. Providing security in Internet of Things is challenging as the devices are connected to the unsecured Internet, limited resources, the communication links are lossy and set of novel technologies used such as RPL, 6LoWPAN etc. This paper focuses on possible attacks on RPL and 6LoWPAN network, counter measure against them and consequences on network parameters. Along with comparative analysis of methods to mitigate these attacks are done and finally the research opportunities in network layer security are discussed.
Keywords: IP networks; Internet; Internet of Things; computer network security; personal area networks; routing protocols; 6LoWPAN; IPv6 over Low-Power Wireless Personal Area Network standard; IoT; RPL; network layer routing protocol; network layer security; novel IPv6 header compression protocol; rank based routing protocol; routing protocol for low power lossy network; Authentication; Delays; Maintenance engineering; Network topology; Topology; Attacks; Security (ID#: 16-10762)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7087034&isnumber=7086957

Z. Liu, J. Dong, Y. Cui, and C. Zhang, “Dynamic Configuration for IPv4/IPv6 Address Mapping in 4over6 Technology,” 2015 IEEE 9th International Conference on Anti-counterfeiting, Security, and Identification (ASID), Xiamen, 2015, pp. 132-136. doi:10.1109/ICASID.2015.7405677
Abstract: The configuration for address mapping is an important process for IPv4-over-IPv6 (4over6) technology, which is the major scenario of IPv6 transition. However, it is not straightforward to use current configuration methods because they were only designed to solve part of the configuration scenario. In this paper, we first analyze the challenges of current configuration solutions. After that, we propose a dynamic configuration mechanism for address mapping based on the DHCPv4 over DHCPv6 (DHCP4o6) lease query. The boarder router device (BR) in 4over6 transition is able to obtain the IPv4/IPv6 heterogeneous lease of customer premises equipment (CPE) in bulk or in real-time with the help of our method. The lease will then be used to build the address mapping table. We implement the prototype system and verify it in a real 4over6 network at Tsinghua University. The results show that our mechanism satisfies the requirement of quick establishment of address mapping table when BR device is being initiated. Furthermore, our solution reduces the load of BR device comparing to current methods.
Keywords: transport protocols; CPE; IPv4-over-IPv6 technology; Tsinghua University; boarder router device; customer premises equipment; dynamic configuration mechanism; Encapsulation; Internet; Ports (Computers); Protocols; Real-time systems; Resource management; Servers; 4over6; IPv6 transition; address mapping; lease query (ID#: 16-10763)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7405677&isnumber=7405648

A. Shiranzaei and R. Z. Khan, “Internet Protocol Versions — A Review,” Computing for Sustainable Global Development (INDIACom), 2015 2nd International Conference on, New Delhi, 2015, pp. 397-401.
Abstract: Internet contributes to effective communication and exchange the information between people around the world through the easiest and fastest way. TCP/IP (Transmission Control Protocol/Internet Protocol) is a protocol which allocates address to each device for recognition and dispreads packets on the Internet. Over the years the IP has been changed because of user’s requirements. The first IP has been used broadly is IPV4 (Internet Protocol version 4) but it has encountered some problems with growth the number of user who use Internet. Internet Protocol version 6 is the next generation of Internet Protocol which has been used globally. IPv6 eliminates the most important problems of IPv4. This study briefly investigates the key features of IPv4 and IPv6.
Keywords: Internet; protocols; IPv4; IPv6; Internet Protocol version 4; Internet Protocol version 6; Computer science; IP networks; Next generation networking; Protocols; Security; Unicast; History of IP; IP; TCP/IP (ID#: 16-10764)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7100280&isnumber=7100186

J. Santa, P. J. Fernández, F. Pereñíguez, F. Bernal, and A. F. Skarmeta, “A Vehicular Network Mobility Framework: Architecture, Deployment and Evaluation,” Computer Communications Workshops (INFOCOM WKSHPS), 2015 IEEE Conference on, Hong Kong, 2015, pp. 127-132. doi:10.1109/INFCOMW.2015.7179372
Abstract: Research on vehicular networks has increased for more than a decade, however, the maturity of involved technologies has been recently reached and standards/specifications in the area are being released these days. Although there are a number of protocols and network architecture proposals in the literature, above all in the Vehicular Ad-hoc Network (VANET) domain, most of them lack from realistic designs or present solutions far from being interoperable with the Future Internet. Following the ISO/ETSI guidelines in field of (vehicular) cooperative systems, this work addresses this problem by presenting a vehicular network architecture that integrates well-known Internet Engineering Task Force (IETF) technologies successfully employed in Internet. More precisely, this work describes how Internet Protocol version 6 (IPv6) technologies such as Network Mobility (NEMO), Multiple Care-of Address Registration (MCoA), IP Security (IPsec) or Internet Key Exchange (IKE), can be used to provide network access to in-vehicle devices. A noticeable contribution of this work is that it not only offers an architecture/design perspective, but also details a deployment viewpoint of the system and validates its operation under a real performance evaluation carried out in a Spanish highway. The results demonstrate the feasibility of the solution, while the developed testbed can serve as a reference in future vehicular network scenarios.
Keywords: IP networks; Internet; intelligent transportation systems; mobile computing; mobility management (mobile radio); protocols; telecommunication security; vehicular ad hoc networks; IETF technologies; IKE; IP security; IPsec; IPv6 technologies; ISO/ETSI; Internet Protocol version 6; Internet engineering task force technologies; Internet key exchange; MCoA; NEMO; Spanish highway; VANET; cooperative systems; future Internet; multiple care-of address registration; network architecture protocols; vehicular ad-hoc network; vehicular network mobility framework; Computer architecture; Roads; Security; Telecommunication standards; Vehicles; 802.11p; IPv6; Intelligent Transportation Systems; V2I; testbeds; vehicular networks (ID#: 16-10765)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7179372&isnumber=7179273

S. S. Slehat, Z. Chaczko, and A. Kale, “Securing Teredo Client from Nat Holes Vulnerability,” Computer Aided System Engineering (APCASE), 2015 Asia-Pacific Conference on, Quito, 2015, pp. 366-369. doi:10.1109/APCASE.2015.71
Abstract: The aim of paper to presents the contain problem in automatic tunneling. Automatic tunneling has three main components to encapsulate IPv6 packets into IPv4 packets. The components called Teredo, ISATAP, and 6to4. In some cases, these components related problems such as source routing, neighbor discovery and NAT holes. This paper present key issues related to the Teredo tunneling called “Teredo NAT Holes” that increases the attack surface. And thus causes the NAT service to become more vulnerable.
Keywords: IP networks; Internet; computer network security; protocols; telecommunication network routing; telecommunication services; tunnelling; 6to4; IPv4 packets; IPv6 packets; ISATAP; NAT holes vulnerability; NAT service; Teredo NAT holes; Teredo client; Teredo tunneling; attack surface; automatic tunneling; neighbor discovery; source routing; Ports (Computers); Protocols; Relays; Security; Servers; Tunneling; IPv6; Teredo tunneling; Tunneling (ID#: 16-10766)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7287047&isnumber=7286975

O. Kodym, F. Benes, and J. Svub, “EPC Application Framework in the Context of Internet of Things,” Carpathian Control Conference (ICCC), 2015 16th International, Szilvasvarad, 2015, pp. 214-219. doi:10.1109/CarpathianCC.2015.7145076
Abstract: Internet of Things philosophy implementation in conditions of the existing communication networks requires new types of services and interoperability. Once of the desired innovations is communication between existing IP world and the new generation network. Not just networks of smart devices that may not always have IP connectivity, but also other RFID-labeled objects and sensors. Fulfilling the need for high-quality applications for further more specific parameters of these objects internet of things, as may be location, serial number, distinctive and unique characters/connections, can add a proper extension of the existing network and system infrastructure with new information and naming service. Their purpose is not only to assign a unique identifier to the object, but also allow users to new services use other information associated with the selected object. The technology that enables the data processing, filtering and storage is defined in the Electronic Product Code Application Framework (EPCAF) as RFID middleware and EPCIS. One of the implementations of these standards is the Open Source solution Fosstrak. We experimented with Fosstrak system that was developed on Massachusetts Institute of Technology (MIT) by an academic initiative but nowadays we are going to prove its benefits in the context of business environment. The project is aimed also on connection and linking between systems of the EPCIS class made by the ONS systems.
Keywords: IP networks; Internet of Things; filtering theory; middleware; open systems; product codes; radiofrequency identification; storage management; EPC application framework; EPCAF; EPCIS class; Fosstrak system; IP connectivity; IP world; MIT; Massachusetts Institute of Technology; ONS system; RFID middleware; RFID-labeled object; academic initiative; business environment; communication network; data processing; electronic product code application framework; filtering; high-quality application; information service; interoperability; naming service; new generation network; open source solution Fosstrak; smart device; storage; system infrastructure; Artificial neural networks; Interoperability; Product codes; Standards; Technological innovation; Testing; Fosstrak; IPv6; IoT (Internet of Things); ONS (Object name services); RFID security (ID#: 16-10767)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7145076&isnumber=7145033

S. Singh and K. Mittal, “Internet of Everything Smart Environment,” Green Computing and Internet of Things (ICGCIoT), 2015 International Conference on, Noida, 2015, pp. 1309-1311. doi:10.1109/ICGCIoT.2015.7380668
Abstract: The Internet of Things (IoT) poses completely new challenges when compared to the traditional Internet which cannot be faced if the involved objects are just traditional “smart” objects. IoT technologies improve our lives, but along with those benefits bring the real responsibility of securing the systems which have now incorporated a huge amount of data and the ability to control systems across the Internet. In this framework, the key function is the ability of acquiring personal information (i.e., human factors) simultaneously with the information from the social and physical context that constitutes the environment. Hence, in this paper we have tried to bring forward some new and efficient technologies that will help in security of the data and of the individual in a way that has not been thought yet in this world of things.
Keywords: Internet of Things; authorisation; human factors; public transport;  data security; human factors loT technologies; personal information acquisition; physical context; smart objects; social context; system security; systems control; Cooling; Sensors; Switches; Vehicles; ECG sensors; EEG sensors; IPv6; SmartCities; actuators; gyroscopes; sensors (ID#: 16-10768)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7380668&isnumber=7380415

S. Vohra and R. Srivastava, “A Survey on Techniques for Securing 6LoWPAN,” Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on, Gwalior, 2015, pp. 643-647. doi:10.1109/CSNT.2015.163
Abstract: The integration of low power wireless personal area networks (LoWPANs) with the Internet allows the vast number of smart objects to harvest data and information through the Internet. Such devices will also be open to many security threats from Internet as well as local network itself. To provide security from both, along with Cryptography techniques, there also requires certain mechanism which provides anonymity & privacy to the communicating parties in the network in addition to providing Confidentiality & Integrity. This paper provides survey on techniques used for securing 6LoWPAN from different attacks and aims to assist the researchers and application developers to provide baseline reference to further carry out their research in this field.
Keywords: Internet; cryptography; personal area networks; telecommunication security; 6LoWPAN; baseline reference; cryptography techniques; local network; low power wireless personal area networks; security threats; smart objects; Computer crime; IEEE 802.15 Standard; Protocols; Routing; Sensors; IDS; IEEE 802.15.4; IPsec; IPv6; Internet of Thing; MT6D (ID#: 16-10769)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7279997&isnumber=7279856

A. A. Alsaffar, M. Aazam, and E. N. Huh, “Framework of N-Screen Services Based on PVR-Micro Data Center and PMIPv6 in Cloud Computing,” Ubiquitous and Future Networks (ICUFN), 2015 Seventh International Conference on, Sapporo, 2015, pp. 839-841. doi:10.1109/ICUFN.2015.7182661
Abstract: Most of today smart devices (e.g. smart phone, tablets, etc) are mobile and can access the Internet through wireless network which is almost everywhere. For mobility support, IETF developed PMIPv6 to enable user devices to be connected to the Internet without being disconnected when passing by different network areas. Unlike wired network, a wireless network increased the potential threats to every device that is wirelessly connected to Internet. As a result, security threats and attacks are critical issues which are needed to be address. In addition, provides mobility for devices in different network area require different security measures and configuration to be configured such as user device registration and authentication in PMIPv6 inter/intra-domain as well as providing fast delivery of multimedia content. In this paper, we introduce new architecture for N-Screen services which allows the streaming of application based on N-Screen technology using Personal Video Recorder function built-in micro data center and Proxy Mobile IPv6 technology in cloud computing environment. Through utilizing this service, we can clearly solve the issues mentioned above and have a better understanding. We compare our work with others where it shows better performance.
Keywords: IP networks; IPTV; cloud computing; computer centres; computer network security; IETF; N-screen services; PMIPv6; PMIPv6 interdomain; PMIPv6 intradomain; PVR-microdata center; Proxy Mobile IPv6 technology; cloud computing environment; device mobility; mobility support; multimedia content; network areas; personal video recorder function; security attacks; security configuration; security measures; security threats; smart devices; user device authentication; user device registration; user devices; wireless network; Authentication; Cloud computing; Mobile communication; Multimedia communication; Streaming media; N-Screen; PVR; mega data center; micro data center; multimedia delivery protocol (ID#: 16-10770)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7182661&isnumber=7182475

M. A. Gosselin-Lavigne, H. Gonzalez, N. Stakhanova, and A. A. Ghorbani, “A Performance Evaluation of Hash Functions for IP Reputation Lookup Using Bloom Filters,” Availability, Reliability and Security (ARES), 2015 10th International Conference on, Toulouse, 2015, pp. 516-521. doi:10.1109/ARES.2015.101
Abstract: IP reputation lookup is one of the traditional methods for recognition of blacklisted IPs, i.e., IP addresses known to be sources of spam and malware-related threats. Its use however has been rapidly increasing beyond its traditional domain reaching various IP filtering tasks. One of the solutions able to provide a necessary scalability is a Bloom filter. Efficient in memory consumption, Bloom filters provide a fast membership check, allowing to confirm a presence of set elements in a data structure with a constant false positive probability. With the increased usage of IP reputation check and an increasing adoption of IPv6 protocol, Bloom filters quickly gained popularity. In spite of their wide application, the question of what hash functions to use in practice remains open. In this work, we investigate a 10 cryptographic and non-cryptographic functions for on their suitability for Bloom filter analysis for IP reputation lookup. Experiments are performed with controlled, randomly generated IP addresses as well as a real dataset containing blacklisted IP addresses. Based on our results we recommend two hash functions for their performance and acceptably low false positive rate.
Keywords: IP networks; computer network security; cryptography; data structures; probability; table lookup; Bloom filter; IP filtering tasks; IP reputation check; IP reputation lookup; IPv6 protocol; blacklisted IP addresses; constant false positive probability; data structure; hash functions; malware-related threats; membership check; memory consumption; noncryptographic functions; performance evaluation; set elements; spam; Accuracy; Cities and towns; Cryptography; Hardware; Software; Theory; complexity measures; performance measures (ID#: 16-10771)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7299960&isnumber=7299862

B. Liu and J. Bi, “DISCS: A DIStributed Collaboration System for Inter-AS Spoofing Defense,” Parallel Processing (ICPP), 2015 44th International Conference on, Beijing, 2015, pp. 160-169. doi:10.1109/ICPP.2015.25
Abstract: IP spoofing is prevalently used in DDoS attacks for anonymity and amplification, making them harder to prevent. Combating spoofing attacks requires the collaboration of different autonomous systems (ASes). Existing methods either lack flexibility in collaboration or require centralized control in the inter-AS environment. In this paper, we propose a Distributed Collaboration System (DISCS) for inter-AS spoofing defense, which allows ASes to flexibly collaborate in spoofing defense in a distributed manner. Each DISCS-enabled AS implements four defense functions. When a victim AS is under a spoofing attack, it can request other ASes to execute the most appropriate defense functions. We present the distributed and flexible control plane design and the backward compatible and incrementally deployable data plane design for both IPv4 and IPv6. We evaluate DISCS with theoretical proof and simulations using real Internet data. The results show that DISCS has strong deployment incentives, high effectiveness, minimal false positives, modest resource consumption and strong security.
Keywords: IP networks; Internet; centralised control; computer network security; ASes; DDoS attacks; DISCS; IP spoofing; IPv4; IPv6; distributed collaboration system; distributed control plane design; flexible control plane design; inter-AS environment; inter-AS spoofing defense; real Internet data; Bandwidth; Collaboration; Computer crime; Cryptography; DDoS defense;  inter-AS collaboration; spoofing defense (ID#: 16-10772)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7349571&isnumber=7349545

S. Narayan, C. J. Williams, D. K. Hart, and M. W. Qualtrough, “Network Performance Comparison of VPN Protocols on Wired and Wireless Networks,” Computer Communication and Informatics (ICCCI), 2015 International Conference on, Coimbatore, 2015, pp. 1-7. doi:10.1109/ICCCI.2015.7218077
Abstract: VPNs are a well-established method employed by organizations to secure their data communications across un-trusted networks. This is due to their relative low cost and ease with which they can be implemented, VPNs also allow the flexibility for staff to be able to access network resources in a secure manner from anywhere in the world. However performance of the network must be considered alongside the flexibility and security a VPN provides. With the address range of IPv4 all but exhausted organizations are now slowly adopting IPv6 addressing, and alongside this there have also been advances with wireless technologies such as the introduction of IEEE802.11ac. In this research paper we conduct performance evaluations of three VPNs (PPTP, IPSec, and SSTP) in a Windows 7 Windows 2012 Client/Server network environment over wired and wireless media (Ethernet and IEEE802.11ac) using both IP versions and observe their performance. IT is found that IPSec had the worst performance in all network metrics and SSTP had the most consistent performance. PPTP performed well in the IPv4 tests but is incompatible with IPv6.
Keywords: data communication; protocols; telecommunication security; telecommunication standards; virtual private networks; Ethernet; IEEE802.11ac; IPSec; IPv4; IPv6; PPTP; SSTP; VPN protocols; Windows 2012; Windows 7; client/server network; data communications; network performance comparison; un-trusted networks; virtual private networks; wired networks; wireless networks; Computers; Jitter; Protocols; Servers; Throughput; Virtual private networks; Wireless communication; IEEE802.11ac; VPN; performance evaluation (ID#: 16-10773)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218077&isnumber=7218046

P. Singh and S. Manickam, “Design and Deployment of OpenStack-SDN Based Test-bed for EDoS,” Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), 2015 4th International Conference on, Noida, 2015, pp. 1-5. doi:10.1109/ICRITO.2015.7359327
Abstract: High fidelity experimental facilities play an important role in evaluating new technologies such as cloud computing and software defined network (SDN). In this paper, we highlight how OpenDaylight can be integrated with OpenStack to provide a powerful SDN-based networking solution for OpenStack Clouds. It provides practical application of the future network standards leveraging SDN technology. We will discuss the important elements of designing and implementing OpenStack-SDN testbed for virtual networks that integrates additional capabilities compared to existing SDN testbeds. We will also provide an overview of setting up the testbed with the necessary hardware and components required to build this testbed.
Keywords: cloud computing; computer network security; open systems; software defined networking; virtual private networks; EDoS; OpenDaylight; OpenStack clouds; OpenStack-SDN based test-bed; SDN technology; SDN-based networking solution; software defined network; virtual networks; Cloud computing; Computer architecture; Computer crime; Control systems; Monitoring; Random access memory; Servers; DDoS; OpenStack; SDN; Test Bed (ID#: 16-10774)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7359327&isnumber=7359191

K. Iuchi, T. Matsunaga, K. Toyoda, and I. Sasase, “Secure Parent Node Selection Scheme in Route Construction to Exclude Attacking Nodes from RPL Network,” 2015 21st Asia-Pacific Conference on Communications (APCC), Kyoto, 2015, pp. 299-303. doi:10.1109/APCC.2015.7412530
Abstract: The IPv6 Routing Protocol for Low-power and Lossy networks (RPL) is a standard routing protocol to realize the Internet of Things (IoT). Since RPL is a tree-based topology network, an attacking node may falsely claim its rank towards neighbor nodes in order to be chosen as a parent of them and to collect more packets to tamper. In this paper, we propose a secure parent selection scheme so that each child node can select a legitimate node as its parent. In the proposed scheme, each node chooses a parent after excluding the best candidate if multiple parent candidates exist. Our scheme utilizes the fact that an attacking node claims falsely a lower rank than that of a legitimate nodes. We show that attacking nodes have no merits to claim lower ranks than true ones in a secure parent node selection scheme. By the computer simulation, we show that the proposed scheme reduces the total number of child nodes attached to attacking nodes in comparison with the conventional RPL scheme.
Keywords: IP networks; Internet of Things; computer network security; routing protocols; telecommunication network topology; trees (mathematics); IPv6 routing protocol for low-power and lossy networks; IoT; RPL network attacking node; computer simulation; multiple parent candidates; route construction; secure parent node selection scheme; tree-based topology network; Authentication; Complexity theory; Monitoring; Network topology; Routing protocols; Topology (ID#: 16-10775)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7412530&isnumber=7412489

Li Xue and Sun Zhixin, “An Improved 6LoWPAN Hierarchical Routing Protocol,” Heterogeneous Networking for Quality, Reliability, Security and Robustness (QSHINE), 2015 11th International Conference on, Taipei, 2015, pp. 318-322. doi: (not provided)
Abstract: IETF 6LoWPAN working group is engaged in the IPv6 protocol stack research work based on IEEE802.15.4 standard. In this working group, the routing protocol is one of the important research contents. In the 6LoWPAN, HiLow is a well-known layered routing protocol. This paper puts forward an improved hierarchical routing protocol GHiLow by improving HiLow parent node selection and path restoration strategy. GHiLow improves the parent node selection by increasing the choice of parameters. Simultaneously, it also improves path recovery by analysing different situations to recovery path. Therefore, GHiLow contributes to the enhancement of network performance and the decrease of network energy consumption.
Keywords: personal area networks; routing protocols; 6LoWPAN hierarchical routing protocol; IEEE802.15.4 standard; IETF 6LoWPAN working group; IPv6 protocol; node selection; parent node selection; path restoration strategy; Artificial neural networks; Protocols; Routing; 6LoWPAN; HiLow; path recovery (ID#: 16-10776)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7332588&isnumber=7332527
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Information Forensics and Security 2015

	Information Forensics and Security 2015

Forensics is an important tool for tracking and evaluating past attacks and using the information gained to resolve hard problems in the Science of Security. The work cited here, which looks at policies, methodologies, and tools, was presented in 2015.

S. Sarkar and S. Das, “Secure E-Governance: From Observation to Policy Formulation,” 2015 Third International Conference on Image Information Processing (ICIIP), Waknaghat, 2015, pp. 208-213. doi:10.1109/ICIIP.2015.7414767
Abstract: This paper proposes to introduce a security policy as part of forensic readiness for a State who is or will be providing Digital Forensics as a Service (DFaaS) integrated with e-Government services. A few of the constituents of DFaaS are the investigating services for crimes which may even be committed by the Infrastructure Providers (IFP) in Cloud Computing Environment (CCE). The policy proposes to acquire a guarantee from IFP that it will not establish any direct connection with its Virtual Machine (VM)s while providing computing resources to any Cloud Service Provider (CSP) or end user. The basic objective of this policy is to maintain Confidentiality, Integrity and Availability (CIA) of information contained in any CCE in connection with possible threats from the IFP side. A few scenarios are depicted in this paper to show that an IFP can easily establish a connection with one or many VM(s) of a CCE and can violate the basic principles of CIA. In view of this, we have also proposed a few techniques in this paper to make the CSP and end user forensically ready so that such system can raise an immediate alert only when an unauthorized connection is established by a host towards its VM(s).
Keywords: cloud computing; data integrity; data privacy; government data processing; security of data; virtual machines; CCE; CSP; DFaaS; IFP; VM; cloud computing environment; cloud service provider; digital forensics as a service; e-governance security; e-government services; forensic readiness; information availability; information confidentiality; information integrity; infrastructure providers; policy formulation; virtual machine; Bridges; Cloud computing; Games; Government; Cloud Computing Environment; Cyber Crime; Digital forensics; E-Governance; Security (ID#: 16-10777)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7414767&isnumber=7414696

C. T. Christou, G. M. Jacyna, F. J. Goodman, D. G. Deanto and D. Masters, “Geolocation Analysis Using Maxent and Plant Sample Data,” Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, Waltham, MA, 2015, pp. 1-6. doi:10.1109/THS.2015.7225273
Abstract: A study was conducted to assess the feasibility of geolocation based on correctly identifying pollen samples found on goods or people for purposes of compliance with U.S. import laws and criminal forensics. The analysis was based on Neotropical plant data sets from the Global Biodiversity Information Facility. The data were processed through the software algorithm Maxent that calculates plant probability geographic distributions of maximum entropy, subject to constraints. Derivation of single and joint continuous probability densities of geographic points, for single and multiple taxa occurrences, were performed. Statistical metrics were calculated directly from the output of Maxent for single taxon probabilities and were mathematically derived for joint taxa probabilities. Predictions of likeliest geographic regions at a given probability percentage level were made, along with the total corresponding geographic ranges. We found that joint probability distributions greatly restrict the areas of possible provenance of pollen samples.
Keywords: entropy; geographic information systems; law; sampled data systems; statistical distributions; Maxent; Neotropical plant data sets; U.S. import laws; criminal forensics; geolocation analysis; global biodiversity information facility; joint probability distributions; maximum entropy; plant sample data; pollen samples; probability geographic distributions; software algorithm; statistical metrics; Geology; Joints; Logistics; Measurement; Probability distribution; Standards; Neotropics; environmental variables; forensics geolocation; marginal and joint probability distributions; maximum entropy; plant occurrences; pollen analyses; statistical metrics (ID#: 16-10778)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7225273&isnumber=7190491

B. Lee, A. Awad and M. Awad, “Towards Secure Provenance in the Cloud: A Survey,” 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC), Limassol, Cyprus, 2015, pp. 577-582. doi:10.1109/UCC.2015.102
Abstract: Provenance information are meta-data that summarize the history of the creation and the actions performed on an artefact e.g. data, process etc. Secure provenance is essential to improve data forensics, ensure accountability and increase the trust in the cloud. In this paper, we survey the existing cloud provenance management schemes and proposed security solutions. We investigate the current related security challenges resulting from the nature of the provenance model and the characteristics of the cloud and we finally identify potential research directions which we feel necessary t should be covered in order to build a secure cloud provenance for the next generation.
Keywords: Cloud computing; Data models; Data privacy; Encryption; History; cloud computing; provenance; security; trust (ID#: 16-10779)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7431477&isnumber=7431374

S. Sarkar and S. Das, “Secure e-Governance: From Observation to Policy Formulation,” 2015 Third International Conference on Image Information Processing (ICIIP), Waknaghat, 2015, pp. 208-213. doi:10.1109/ICIIP.2015.7414767
Abstract: This paper proposes to introduce a security policy as part of forensic readiness for a State who is or will be providing Digital Forensics as a Service (DFaaS) integrated with e-Government services. A few of the constituents of DFaaS are the investigating services for crimes which may even be committed by the Infrastructure Providers (IFP) in Cloud Computing Environment (CCE). The policy proposes to acquire a guarantee from IFP that it will not establish any direct connection with its Virtual Machine (VM)s while providing computing resources to any Cloud Service Provider (CSP) or end user. The basic objective of this policy is to maintain Confidentiality, Integrity and Availability (CIA) of information contained in any CCE in connection with possible threats from the IFP side. A few scenarios are depicted in this paper to show that an IFP can easily establish a connection with one or many VM(s) of a CCE and can violate the basic principles of CIA. In view of this, we have also proposed a few techniques in this paper to make the CSP and end user forensically ready so that such system can raise an immediate alert only when an unauthorized connection is established by a host towards its VM(s).
Keywords: cloud computing; data integrity; data privacy; government data processing; security of data; virtual machines; CCE; CSP; DFaaS; IFP; VM; cloud computing environment; cloud service provider; digital forensics as a service; e-governance security; e-government services; forensic readiness; information availability; information confidentiality; information integrity; Infrastructure providers; policy formulation; virtual machine; Bridges; Cloud computing; Games; Government; Cloud Computing Environment; Cyber Crime; Digital forensics; E-Governance; Security (ID#: 16-10780)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7414767&isnumber=7414696

Z. Erkin, “Private Data Aggregation with Groups for Smart Grids in a Dynamic Setting Using CRT,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, pp. 1-6. doi:10.1109/WIFS.2015.7368584
Abstract: Computing the total consumption within a neighbourhood or of a single households in smart grids is important for billing and statistical analysis. Fine granular data used for this purpose, unfortunately, leaks too much privacy sensitive information on the inhabitants and thus raise serious concerns. In this paper, we propose a cryptographic protocol that protects the privacy sensitive measurements while it enables the utility provider to obtain the desired statistical information. Our protocols improves the state-of-the-art in three dimensions. Firstly, from a single execution of the protocol, the utility provider can obtain the total consumption of the whole neighbourhood as well as smaller groups that are created based on their features, e.g. schools, hospitals, etc. Secondly, to the best our knowledge, our protocol is the first one that cope with missing measurements without invoking other protocols or relying on third parties. Thirdly, our protocol relies on simple primitives that can be implemented efficiently even on limited devices, particularly on smart meters. We achieve our goal of having a simple, efficient protocol that is suitable for groups in a dynamic setting by combining the Chinese Remainder Theorem with modified homomorphic encryption. The simplicity and the capabilities of our protocol make it very promising to be deployed in practice as shown in the analysis.
Keywords: cryptographic protocols; data aggregation; data privacy; electricity supply industry ;energy consumption; power engineering computing; smart meters; smart power grids; statistical analysis; CRT; Chinese remainder theorem; cryptographic protocol; energy consumption readings; modified homomorphic encryption; privacy sensitive measurements; private data aggregation; smart grids; smart meters; statistical analysis; Encryption; Proposals; Protocols; Smart meters; Time measurement (ID#: 16-10781)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7368584&isnumber=7368550

S. Rane, J. Freudiger, A. E. Brito and E. Uzun, “Privacy, Efficiency & Fault Tolerance in Aggregate Computations on Massive Star Networks,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, pp. 1-6. doi:10.1109/WIFS.2015.7368608
Abstract: We consider the challenge of performing efficient, fault-tolerant, privacy-preserving aggregate computations in a star topology, i.e., a massive number of participants connected to a single untrusted aggregator. The privacy constraints are that the participants do not discover each other's data, and the aggregator obtains the final results while remaining oblivious to each participant's individual contribution to the aggregate. In achieving these goals, previous approaches have either assumed a trusted dealer that distributes keys to the participants and the aggregator, or introduced additional parties that withhold the decryption key from the aggregator, or applied secret sharing with either pairwise communication amongst the participants or O(N2) ciphertext overhead at the aggregator. In contrast, we describe a protocol based on Shamir secret sharing and homomorphic encryption without assuming any additional parties. We also eliminate all pairwise communication amongst the participants and still require only O(N1+ε) overhead at the aggregator, where ε ≪ 1 can be achieved for massively multiparty computation. Our protocol arranges the star-connected participants into a logical hierarchy that facilitates parallelization, while allowing for user churn, i.e., a specified number of participants can go offline after providing their data, and new participants can join at a later stage of the computation.
Keywords: computational complexity; cryptography; data privacy; fault tolerant computing; topology; Shamir secret sharing; ciphertext overhead; decryption key; fault-tolerant aggregate computations; homomorphic encryption; massive star networks; massively multiparty computation; pairwise communication; privacy-preserving aggregate computations; star topology; untrusted aggregator; Aggregates; Encryption; Fault tolerance; Fault tolerant systems; Privacy; Protocols (ID#: 16-10782)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7368608&isnumber=7368550

A. Grigorescu, H. Boche and R. F. Schaefer, “Robust PUF Based Authentication,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, pp. 1-6. doi:10.1109/WIFS.2015.7368560
Abstract: Physical Unclonable Functions (PUFs) can be seen as the fingerprint of a device. PUFs are ideal objects for device authentication due to its uniqueness. In this paper, PUF based authentication is studied from an information theoretical perspective considering compound sources, which models uncertainty in the PUF knowledge and some attack classes. It is shown, that authentication is robust against source uncertainty and a special class of attacks. The secrecy privacy capacity region is derived.
Keywords: data privacy; information theory; message authentication; PUF; attack class;device authentication; information theoretical perspective; physical unclonable function; secrecy privacy capacity region; source uncertainty; Authentication; Compounds; Privacy; Probability distribution; Reliability; Uncertainty; Yttrium (ID#: 16-10783)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7368560&isnumber=7368550

M. Conti, V. Cozza, M. Petrocchi and A. Spognardi, “TRAP: Using Targeted Ads to Unveil Google Personal Profiles,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, pp. 1-6. doi:10.1109/WIFS.2015.7368607
Abstract: In the last decade, the advertisement market spread significantly in the web and mobile app system. Its effectiveness is also due thanks to the possibility to target the advertisement on the specific interests of the actual user, other than on the content of the website hosting the advertisement. In this scenario, became of great value services that collect and hence can provide information about the browsing user, like Facebook and Google. In this paper, we show how to maliciously exploit the Google Targeted Advertising system to infer personal information in Google user profiles. In particular, the attack we consider is external from Google and relies on combining data from Google AdWords with other data collected from a website of the Google Display Network. We validate the effectiveness of our proposed attack, also discussing possible application scenarios. The result of our research shows a significant practical privacy issue behind such type of targeted advertising service, and call for further investigation and the design of more privacy-aware solutions, possibly without impeding the current business model involved in online advertisement.
Keywords: Web sites; advertising data processing; data privacy; Google AdWords; Google Display Network; Google Targeted Advertising system; Google personal profiles; Google user profiles; TRAP; Web site; World Wide Web; advertisement market; mobile app system; online advertisement; privacy-aware solutions; Advertising; Google; Monitoring; Navigation; Patents; Visualization (ID#: 16-10784)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7368607&isnumber=7368550

M. H. Saad, A. Serageldin and G. I. Salama, “Android Spyware Disease and Medication,” 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), Cape Town, South Africa, 2015, pp. 118-125. doi:10.1109/InfoSec.2015.7435516
Abstract: Android-based smartphones are gaining significant advantages on its counterparts in terms of market share among users. The increasing usage of Android OS make it ideal target for attackers. There is an urgent need to develop solutions that guard the user's privacy and can monitor, detect and block these Eavesdropping applications. In this paper, two proposed paradigm are presented. The first proposed paradigm is a spyware application to highlight the security weaknesses ???disease???. The spy-ware application has been used to deeply understand the vulnerabilities in the Android operating system, and to study how the spy-ware can be developed to abuse these vulnerabilities for intercepting victim's privacy such as received SMS, incoming calls and outgoing calls. The spy-ware abuses the Internet service to transfer the intercepted information from victim's cell phone illegally to a cloud database. The Android OS permission subsystem and the broadcast receiver subsystem contribute to form a haven for the spy-ware by granting it absolute control to listen, intercept and track the victim privacy. The second proposed paradigm is a new detection paradigm “medication” based on fuzz testing technique to mitigate known vulnerabilities. In this proposal, anti-spy-ware solution “DroidSmartFuzzer” has been designed. The implementation of the anti-spy-ware application has been used to mitigate the risks of the mentioned attacks. It should be noted that the proposed paradigm “DroidSmart-Fuzzer” and its fuzzing test cases are designed not only to catch the proposed spy-ware application but also to catch any similar malicious application designed to intercept one or more of the listed privacies.
Keywords: Libraries; Malware; Mobile communication; Operating systems; Privacy; Receivers; Smart phones; Android spyware; android smart fuzzer; anti spy-ware; fuzz testing; malware behavior analysis (ID#: 16-10785)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7435516&isnumber=7435496

N. Moorosi and V. Marivate, “Privacy in Mining Crime Data from Social Media: A South African Perspective,” 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), Cape Town, South Africa, 2015, pp. 171-175. doi:10.1109/InfoSec.2015.7435524
Abstract: Social Media has changed the way we communicate as friends, family and citizens. Social media has allowed individuals with shared interest, regardless of geographical location, to form communities and discussion forums to share tips and tricks of their trade. As a result, platforms such as Twitter and Facebook have become major sources of information for current events and community interests. In this paper we discuss privacy issues related to mining South African crime and public safety incidents from social media posts. The paper touches on matters related to ownership of social media data, privacy preservation challenges when several types of data from different sources can be integrated as well as legal protection of the processing of personal information. Finally, this paper will discuss ethical issues that arise when the data reveals information such as witnesses to a crime.
Keywords: Companies; Data privacy; Facebook; Media; Privacy; Twitter; POPI; anonymity; privacy; social media (ID#: 16-10786)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7435524&isnumber=7435496

F. Parker, J. Ophoff, J. P. Van Belle and R. Karia, “Security Awareness and Adoption of Security Controls by Smartphone Users,” 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), Cape Town, South Africa, 2015, pp. 99-104. doi:10.1109/InfoSec.2015.7435513
Abstract: Growth in smartphone functionality and adoption makes such devices tempting targets for criminals. The device, but to a greater extent the information it contains, presents a valuable target for attack. It is therefore critical for smartphone users to take precautionary measures against threats, which may come from potential criminals or negligence by the user. Measures include awareness of vulnerabilities and threats as well as adoption of security controls. This study adds to the body of knowledge in this area by empirically exploring these measures. Using a survey approach an analysis of 510 respondents examines security awareness and adoption of security controls. Previous studies claim that smartphone users do not possess good security awareness, which was mostly not the case in our sample. We report on perceived efficacy and adoption of authentication and anti-theft controls, finding several correlations with smartphone OS, language, and gender. We propose that user education using a simple, non-technical design is key to encourage security awareness and adoption of security controls, especially in emerging markets.
Keywords: Authentication; Encryption; Malware; Mobile handsets; Privacy; Software; anti-theft; authentication; security awareness; security controls; smartphone (ID#: 16-10787)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7435513&isnumber=7435496

S. Parker and J. P. Van Belle, “Lifelogging and Lifeblogging: Privacy Issues and Influencing Factors in South Africa,” 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), Cape Town, South Africa, 2015, pp. 111-117. doi:10.1109/InfoSec.2015.7435515
Abstract: Although blogging has been around for years, lifelogging and lifeblogging takes this technology and behaviour to the next level. Lifelogging is based on portable mini or even disguised devices which can capture and record everything the eye sees. This technology, coupled with the option of posting everything online, offers both benefits and privacy threats. Very few studies have been completed regarding this topic as it is a newly emerging technology, soon to reach South Africa. This study was therefore aimed at finding out if students were willing to accept this technology and behaviour, given both the benefits and disadvantages which it poses. A positivist stance was taken, and survey data was collected in order to test a number of hypotheses. From 232 respondents, a minority was eager to adopt this technology due to the performance and effort expectancy; however, privacy concerns play a major role in negating this decision.
Keywords: Blogs; Cameras; Glass; Internet; Privacy; Sensors; Videos; Lifelogging; UTAUT; lifeblogging; privacy (ID#: 16-10788)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7435515&isnumber=7435496

A. Rabie and U. Handmann, “Biometric for Home Environment Challenges, Modalities and Applications,” Information Technology and Computer Applications Congress (WCITCA), 2015 World Congress on, Hammamet, 2015, pp. 1-4. doi:10.1109/WCITCA.2015.7367059
Abstract: Utilizing biometric traits for privacy-and security-applications is receiving an increasing attention. Applications such as personal identification, access control, forensics applications, e-banking, e-government, e-health and recently personalized human-smart-home and human-robot interaction present some examples. In order to offer person-specific services for/of specific person a pre-identifying step should be done in the run-up. Using biometric in such application is encountered by diverse challenges. First, using one trait and excluding the others depends on the application aimed to. Some applications demand directly touch to biometric sensors, while others don't. Second challenge is the reliability of used biometric arrangement. Civilized application demands lower reliability comparing to the forensics ones. And third, for biometric system could only one trait be used (uni-modal systems) or multiple traits (Bi-or Multi-modal systems). The latter is applied, when systems with a relative high reliability are expected. The main aim of this paper is providing a comprehensive view about biometric and its application. The above mentioned challenges will be analyzed deeply. The suitability of each biometric sensor according to the aimed application will be deeply discussed. Detailed comparison between uni-modal and Multi-modal biometric system will present which system where to be utilized. Privacy and security issues of biometric systems will be discussed too. Three scenarios of biometric application in home-environment, human-robot-interaction and e-health will be presented.
Keywords: biometrics (access control); data privacy; health care; home computing; human-robot interaction; security of data; biometric sensor; biometric system ;e-health; home environment; human-robot-interaction; privacy application; security application; Biomedical imaging; Biometrics (access control); Biosensors; Feature extraction; Reliability; Veins (ID#: 16-10789)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7367059&isnumber=7367013

R. Uda, “Method for Anonymity of Authenticated Messages in SNS,” 2015 World Congress on Sustainable Technologies (WCST), London, 2015, pp. 89-94. doi:10.1109/WCST.2015.7415125
Abstract: Anonymity in SNS is one of the important things for protecting privacy. We proposed a method in which nouns are replaced with other nouns in consideration of semantic relations. For example, some nouns in the sentence “I go to Tokyo University of Technology with Alice“ are replaced such as “I go to university with her.” The method prevents the author from leaking privacy of his/her friends to the third party. Levels of obscurity are decided by the relationship between the author and readers. When the relationship is weaker than that in the example above, the message changes such as “I go to school with a friend.” In the method, proper nouns and some specific nouns are automatically replaced with other appropriate nouns by hi-speed filtering with Bloom filter. We also proposed an additional method in which messages are authenticated. In the method messages are signed with sanitizable signature since some nouns have possibility to be replaced. The combination of the two proposals provides anonymity and integrity and authentication at the same time. However, I found the latter method has vulnerability. If attackers have knowledge of privacy of victims, original nouns can be specified with one hundred percent correctness. Therefore, in this paper, I propose an improve method for anonymity. The method provides perfect obscurity with anonymity although messages are authenticated.
Keywords: data privacy; data structures; digital signatures; social networking (online); Bloom filter; SNS; anonymity method; authenticated message; hi-speed filtering; privacy protection; sanitizable signature; semantic relation; social networking service; Cities and towns; Computer science; Digital forensics; Filtering; Privacy; Public key; Digital Forensics; Information Security; Privacy Protection (ID#: 16-10790)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7415125&isnumber=7414834

O. J. Adebayo, I. ASuleiman, A. Y. Ade, S. O. Ganiyu and I. O. Alabi, “Digital Forensic Analysis for Enhancing Information Security,” Cyberspace (CYBER-Abuja), 2015 International Conference on, Abuja, 2015, pp. 38-44. doi:10.1109/CYBER-Abuja.2015.7360517
Abstract: Digital Forensics is an area of Forensics Science that uses the application of scientific method toward crime investigation. The thwarting of forensic evidence is known as anti-forensics, the aim of which is ambiguous in the sense that it could be bad or good. The aim of this project is to simulate digital crimes scenario and carry out forensic and anti-forensic analysis to enhance security. This project uses several forensics and anti-forensic tools and techniques to carry out this work. The data analyzed were gotten from result of the simulation. The results reveal that although it might be difficult to investigate digital crime but with the help of sophisticated forensic tools/anti-forensics tools it can be accomplished.
Keywords: digital forensics; antiforensic analysis; antiforensic tool; data analysis; digital crime scenario; digital forensic analysis; forensic evidence; forensics science; information security enhancement; Analytical models; Computers; Cyberspace; Digital forensics; Information security; Operating systems; Digital forensic; anti-digital forensic; image acquisition; image integrity; privacy (ID#: 16-10791)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7360517&isnumber=7360499

B. P. Gopularam, S. Dara and N. Niranjan, “Experiments in Encrypted and Searchable Network Audit Logs,” Emerging Information Technology and Engineering Solutions (EITES), 2015 International Conference on, Pune, 2015, pp. 18-22. doi:10.1109/EITES.2015.13
Abstract: We consider the scenario where a consumer can securely outsource their network telemetry data to a Cloud Service Provider and enable a third party to audit such telemetry for any security forensics. Especially we consider the use case of privacy preserving search in network log audits. In this paper we experiment with advances in Identity Based Encryption and Attribute-Based encryption schemes for auditing network logs.
Keywords: cloud computing; cryptography; data privacy; digital forensics; telemetry; attribute-based encryption; cloud service provider; encrypted network audit logs; identity based encryption; network telemetry data; privacy preserving search; searchable network audit logs; security forensics; Encryption; Privacy; Public key; Servers; Telemetry; audit log privacy; identity based encryption; network telemetry (ID#: 16-10792)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7083378&isnumber=7082065

S. Acharya, W. Glenn and M. Carr, “A Grreat Framework for Incident Response in Healthcare,” Bioinformatics and Biomedicine (BIBM), 2015 IEEE International Conference on, Washington, DC, 2015, pp. 776-778. doi:10.1109/BIBM.2015.7359784
Abstract: This research seeks to examine the use of Google Rapid Response (GRR) in the healthcare setting and the general necessity for a more in-depth approach to malware incident response in healthcare organizations in general. GRR is a scalable framework that allows for data to be gathered from many machines at once, through multiple clients, single server architecture, in order to detect incidents of malware or malicious activity. With the increase in malware incidents and the sensitivity of healthcare data, it is important to make sure this information is secure. GRR is examined for its uses in the detection of malware, along with its meeting of HIPAA requirements such as privacy and the detection and notification of breaches (security being handled through the detection of this malware). It was determined that GRR has some great potential within this field, albeit it has some flaws and limitations that should be accounted for before implementing it within a healthcare organization. The biggest issue is making sure that the access control and privacy settings are correctly implemented to prevent a breach of information from GRR itself, due to the power of this tool to allow great access to any of the client computers connected to it.
Keywords: authorisation; client-server systems; data privacy; health care; invasive software; medical administrative data processing; GRR; GRReat framework; Google Rapid Response; HIPAA requirements; access control; client computers; healthcare data sensitivity; healthcare organizations; malicious activity; malware incident response; privacy settings; single server architecture; Forensics; Lead; Monitoring; Servers; GRR; HIPAA; OpenEMR; incident response; malware (ID#: 16-10793)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7359784&isnumber=7359638

A. Rabie and U. Handmann, “Biometrie for Home Environment Challenges, Modalities and Applications,” Information Technology and Computer Applications Congress (WCITCA), 2015 World Congress on, Hammamet, Tunisia, 2015, pp. 1-4. doi:10.1109/WCITCA.2015.7367021
Abstract: Utilizing biometrie traits for privacy- and security-applications is receiving an increasing attention. Applications such as personal identification, access control, forensics appli-cations, e-banking, e-government, e-health and recently person-alized human-smart-home and human-robot interaction present some examples. In order to offer person-specific services for/of specific person a pre-identifying step should be done in the run-up. Using biometric in such application is encountered by diverse challenges. First, using one trait and excluding the others depends on the application aimed to. Some applications demand directly touch to biometric sensors, while others don't. Second challenge is the reliability of used biometric arrangement. Civilized application demands lower reliability comparing to the forensics ones. And third, for biometric system could only one trait be used (uni-modal systems) or multiple traits (Bi- or Multi-modal systems). The latter is applied, when systems with a relative high reliability are expected. The main aim of this paper is providing a comprehensive view about biometric and its application. The above mentioned challenges will be analyzed deeply. The suitability of each biometric sensor according to the aimed application will be deeply discussed. Detailed com-parison between uni-modal and Multi-modal biometric system will present which system where to be utilized. Privacy and security issues of biometric systems will be discussed too. Three scenarios of biometric application in home-environment, human-robot-interaction and e-health will be presented.
Keywords: Biomedical imaging; Biometrics (access control); Biosensors; Feature extraction; Reliability; Veins (ID#: 16-10794)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7367021&isnumber=7367013

Songyang Wu and Yong Zhang, “Secure Logging Monitor Service for Cloud Forensics,” 2015 IEEE 16th International Conference on Communication Technology (ICCT), Hangzhou, 2015, pp. 757-762. doi:10.1109/ICCT.2015.7399942
Abstract: Logs are one of the most important pieces in forensics, which can be leveraged to extract critical evidences or help drastically speed up the investigation. Nevertheless, collecting the logs from cloud infrastructure is extremely difficult, since the investigators almost totally lack of control over the cloud. In this work, we introduce the notion of secure logging monitor service, which is deployed in the cloud and generates integrity proofs of cloud logs in real time. Once a proof entry has been produced, a dishonest cloud service provider (CSP) even colludes with the investigator, can't fake or remove the corresponding logs without being detected. Compared with related works, the proposed scheme can simultaneously meet the most major requirements of cloud forensics, including the integrity of log evidences, privacy protection and low computational burden.
Keywords: cloud computing; data integrity; data privacy; digital forensics; system monitoring; cloud forensics; cloud infrastructure; critical evidence extraction; dishonest cloud service provider; integrity proof integration; log evidence integrity; logs collection; privacy protection; secure logging monitor service; Bismuth; Indexes; Monitoring; Cloud Forensics; Forensic Investigation; Information Security (ID#: 16-10795)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7399942&isnumber=7399781

S. Zafar and M. B. Tiwana, “Discarded Hard Disks: A Treasure Trove for Cybercriminals: A Case Study of Recovered Sensitive Data from a Discarded Hard Disk,” Anti-Cybercrime (ICACC), 2015 First International Conference on, Riyadh, 2015, pp. 1-6. doi:10.1109/Anti-Cybercrime.2015.7351956
Abstract: The modern malware poses serious security threats because of its evolved capability of using staged and persistent attack while remaining undetected over a long period of time to perform a number of malicious activities. The challenge for malicious actors is to gain initial control of the victim's machine by bypassing all the security controls. The most favored bait often used by attackers is to deceive users through a trusting or interesting email containing a malicious attachment or a malicious link. To make the email credible and interesting the cybercriminals often perform reconnaissance activities to find background information on the potential target. To this end, the value of information found on the discarded or stolen storage devices is often underestimated or ignored. In this paper, we present the partial results of analysis of one such hard disk that was purchased from the open market. The data found on the disk contained highly sensitive personal and organizational data. The results from the case study will be useful in not only understanding the involved risk but also creating awareness of related threats.
Keywords: data protection; digital forensics; hard discs; invasive software; unsolicited e-mail; background information; cybercriminals; discarded hard disks; discarded storage devices; e-mail credibility; malicious activities; malicious actors; malicious attachment; malicious link; malware; reconnaissance activities; recovered sensitive data; security controls; security threats; sensitive-personal organizational data; stolen storage devices; trust management; Electronic mail; Hard disks; Malware; Media; Organizations; Software; Advanced Persistent Threat; Cybercrime; Data Recovery; Digital Forensics; Security and Privacy Awareness; Social Network Analysis; Spear-phishing (ID#: 16-10796)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7351956&isnumber=7351910

C. Vielhauer and J. Dittmann, “From Biometric to Forensic Hashing: Challenges in Digital Crime Scene Trace Analysis,” Signal Processing Conference (EUSIPCO), 2015 23rd European, Nice, 2015, pp. 764-768. doi:10.1109/EUSIPCO.2015.7362486
Abstract: The known BioHash concept introduced e.g. for handwriting biometrics offers possibility of template protection or to derive individual keys (e.g. crypto keys for further protection). In our paper we introduce two forensic use cases: (A) the forensic investigation of a BioHash found during digital forensics and (B) the application of the BioHash to latent crime scene traces in digitized forensics. Firstly, we elaborate the design of the BioHash in the known two operation modes with their essential parameter settings. Secondly we analyze, which forensic information can be derived and interpreted from publicly available data by introducing four investigation purposes. Further, we show that the BioHash can be used for a privacy-preserving search or to enhance reproducibility of varying features in crime scene forensics.
Keywords: biometrics (access control); digital forensics; police data processing; BioHash concept; biometric hashing; crime scene forensics; digital crime scene trace analysis; digital forensics; forensic hashing; forensic information; privacy-preserving search; template protection; Error analysis; Forensics; Robustness; Semantics; Sensitivity; TV; Writing; Biometrics; Passive forensic analysis (ID#: 16-10797)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7362486&isnumber=7362087

A. S. Shinde and V. Bendre, “An Embedded Fingerprint Authentication System,” Computing Communication Control and Automation (ICCUBEA), 2015 International Conference on, Pune, 2015, pp. 205-208. doi:10.1109/ICCUBEA.2015.45
Abstract: Fingerprint authentication is one of the most reliable and widely used personal identification method. However, manual fingerprint authentication is tedious, inaccurate, time-consuming and costly that it is not capable of meeting today's increasing performance necessities. An automatic fingerprint authentication system (AFAS) is widely needed. It plays a very essential role in forensic and civilian applications such as criminal identification, access control, and ATM card verification. This paper describes the design and implementation of an Embedded Fingerprint Authentication system which operates in two stages: minutia extraction and minutia matching. The present technological era is demanding reliable and cost-effective personal authentication systems for large number of daily use applications where security and privacy performance of the information is required. Biometrics authentication techniques in combination with embedded systems technologies give a demanding solution to this need. This paper explains the hardware-software co-design responsible for matching two fingerprint minutiae sets and suggests the use of reconfigurable architectures for Automatic Fingerprint Authentication System. Moreover, this paper explains the implementation of a fingerprint algorithm using a Spartan-6FPGA, as an appropriate portable and low cost device. The experimental results show that system meets the response time requirements of Automatic Fingerprint Authentication System with high speed using hardware-software co-design.
Keywords: data privacy; digital forensics; embedded systems; field programmable gate arrays; hardware-software codesign; message authentication; AFAS; ATM card verification; Spartan-6 FPGA; access control; and applications; automatic fingerprint authentication system; biometrics authentication techniques; criminal identification; daily use applications; embedded system; field programmable gate array; fingerprint minutiae sets; forensic applications; hardware-software codesign; manual fingerprint authentication; minutia extraction; minutia matching; personal identification method; privacy performance; reconfigurable architectures; response time requirements; security performance; Authentication; Coprocessors; Databases; Field programmable gate arrays; Fingerprint recognition; Hardware; Portable computers; Biometrics; Embedded system; Reconfigurable; fingerprint; hardware-software co-design; matching; minutia (ID#: 16-10798)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7155835&isnumber=7155781

N. Raza, “Challenges to Network Forensics in Cloud Computing,” 2015 Conference on Information Assurance and Cyber Security (CIACS), Rawalpindi, 2015, pp. 22-29. doi:10.1109/CIACS.2015.7395562
Abstract: The digital forensics refers to the application of scientific techniques in investigation of a crime, specifically to identify or validate involvement of some suspect in an activity leading towards that crime. Network forensics particularly deals with the monitoring of network traffic with an aim to trace some suspected activity from normal traffic or to identify some abnormal pattern in the traffic that may give clue towards some attack. Network forensics, quite valuable phenomenon in investigation process, presents certain challenges including problems in accessing network devices of cloud architecture, handling large amount network traffic, and rigorous processing required to analyse the huge volume of data, of which large proportion may prove to be irrelevant later on. Cloud Computing technology offers services to its clients remotely from a shared pool of resources, as per clients customized requirement, any time, from anywhere. Cloud Computing has attained tremendous popularity recently, leading to its vast and rapid deployment, however Privacy and Security concerns have also increased in same ratio, since data and application is outsourced to a third party. Security concerns about cloud architecture have come up as the prime barrier hindering the major shift of industry towards cloud model, despite significant advantages of cloud architecture. Cloud computing architecture presents aggravated and specific challenges in the network forensics. In this paper, I have reviewed challenges and issues faced in conducting network forensics particularly in the cloud computing environment. The study covers limitations that a network forensic expert may confront during investigation in cloud environment. I have categorized challenges presented to network forensics in cloud computing into various groups. Challenges in each group can be handled appropriately by either Forensic experts, Cloud service providers or Forensic tools whereas leftover challenges are declared as beyond the control.
Keywords: cloud computing; digital control; digital forensics; outsourcing; software architecture; cloud architecture; cloud computing; data outsourcing; data privacy; digital forensics; network forensics; Cloud computing; Computational modeling; Computer architecture; Digital forensics; Security; Telecommunication traffic; challenges to network forensics in cloud; network forensics; network forensics in cloud (ID#: 16-10799)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7395562&isnumber=7395552
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Network Accountability 2015

	Network Accountability 2015

The term “accountability” suggests that an entity should be held responsible for its own specific actions. Once an event has transpired, the events that took place need to be traceable so that the causes can be determined afterwards. The goal of network accountability research is to provide accountability within networks and computers by building trace files of events. For the Science of Security community, it is relevant to composability, resilience, and metrics.  The research cited here was presented in 2015.

 
C. Gao and N. Iwane, “A Social Network Model for Big Data Privacy Preserving and Accountability Assurance,” Consumer Communications and Networking Conference (CCNC), 2015 12th Annual IEEE, Las Vegas, NV, 2015, pp. 19-22. doi:10.1109/CCNC.2015.7157940
Abstract: Social networks have become valuable resources of big data exploration for individual users as well as for researchers and commercial organizations. However, how to protect user privacy while assure data credibility at the same time is still a big challenge both in practice and in academic research. This study presents a social network model for the purpose of big data privacy preserving and credibility assurance. In this paper, we discuss the mechanism of the model and present practical implementation designs on achieving the goals. Applications of the model in healthcare social network are also discussed.
Keywords: Big Data; data privacy; health care; social networking (online); Big Data privacy preserving; credibility assurance; healthcare social network model; Big data; Conferences; Data models; Data privacy; Medical services; Privacy; Social network services; big data; credibility; network model; privacy; social network (ID#: 16-10487)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7157940&isnumber=7157933

M. Gambhir, M. N. Doja, and Moinuddin, “Novel Trust Computation Architecture for Users Accountability in Online Social Networks,” Computational Intelligence & Communication Technology (CICT), 2015 IEEE International Conference on, Ghaziabad, 2015, pp. 725-731. doi:10.1109/CICT.2015.104
Abstract: The Online Social Network (OSN) is a growing platform which enables people to get hold of news, communicate with family and old friends with whom they have lost contact, to promote a business, to invite to an event of friends and to get people to collaborate to create something magical. With the increasing popularity in OSNs, Researchers have been finding out ways to stop the negative activities over the social media by imposing the privacy settings in the leading OSNs. The privacy settings let the user to control who can access what information in his/her profile. None of these have given the entity of trust enough thought. Very less number of trust management models has been implemented in the OSNs for use by the common users. This paper proposes a new 3 Layer secured architecture with a novel mechanism for ensuring more safer online world. It provides a unique global id for each user, evaluates and computes the Trust Factor for a user, thereby measuring the credibility of a user in the OSN space.
Keywords: authorisation; data privacy; social networking (online); trusted computing; OSN; access control; layer secured architecture; online social networks; privacy settings; social media; trust computation architecture; trust factor; trust management models; users accountability; Authentication; Business; Computer architecture; Databases; Servers; Social network services; Global id; Online Social Networks; OpenID; Trust Factor; Trust management (ID#: 16-10488)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7078798&isnumber=7078645

R. Sathya and R. Thangarajan, “Efficient Anomaly Detection and Mitigation in Software Defined Networking Environment,” Electronics and Communication Systems (ICECS), 2015 2nd International Conference on, Coimbatore, 2015, pp. 479-484. doi:10.1109/ECS.2015.7124952
Abstract: A Computer network or data communication network is a telecommunication network that allows computers to exchange data. Computer networks are typically built from a large number of network devices such as routers, switches and numerous types of middle boxes with many complex protocols implemented on them. They need to accomplish very complex tasks with access to very limited tools. As a result, network management and performance tuning is quite challenging. Software-Defined Networking (SDN) is an emerging architecture purporting to be adaptable, cost-effective, dynamic and manageable pursuing to be suitable for the high-bandwidth, changing nature of today’s applications. SDN architectures decouples network control and forwarding functions, making network control to become directly programmable and the underlying infrastructure to be abstracted from applications and network services. The network security is a prominent feature of the network ensuring accountability, confidentiality, integrity, and protection against many external and internal threats. An Intrusion Detection System (IDS) is a type of security software designed to automatically alert administrators when someone or something is trying to compromise information system through malicious activities or through security policy violations. Security violation in SDN environment needs to be identified to prevent the system from an attack. The proposed work aims to detect the attacks on SDN environment. Detecting anomalies on SDN environment will be more manageable and efficient.
Keywords: computer network management; computer network security; software defined networking; IDS; SDN architectures; anomaly detection; anomaly mitigation; complex protocols; computer networks; data communication network; external threats; forwarding functions; internal threats; intrusion detection system; malicious activities; network accountability; network confidentiality; network control; network control functions; network devices; network integrity; network management; network performance tuning; network protection; network security; network services; security policy violations; security software; software defined networking environment; telecommunication network; Classification algorithms; Computer architecture; Computer networks; Control systems; Entropy; Feature extraction; Protocols; Entropy based detection; Feature Selection; Flow Table; Intrusion Detection System; Software Defined Networking (ID#: 16-10489)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7124952&isnumber=7124722

R. John, J. P. Cherian, and J. J. Kizhakkethottam, “A Survey of Techniques to Prevent Sybil Attacks,” Soft-Computing and Networks Security (ICSNS), 2015 International Conference on, Coimbatore, 2015, pp. 1-6. doi:10.1109/ICSNS.2015.7292385
Abstract: Any decentralized, distributed network is vulnerable to the Sybil attack wherein a malicious node masquerade as several different nodes, called Sybil nodes disrupting the proper functioning of the network. A Sybil attacker can create more than one identity on a single physical device in order to launch a coordinated attack on the network or can switch identities in order to weaken the detection process, thus promoting lack of accountability in the network. In this paper, different types of Sybil attacks, including those occurring in peer-to-peer reputation systems, self-organizing networks and social network systems are discussed. Also, various methods that have been suggested over time to decrease or eliminate their risk completely are also analysed.
Keywords: computer network security; Sybil attack prevention; Sybil nodes; coordinated attack; decentralized-distributed network; malicious node; peer-to-peer reputation systems; physical device; self-organizing networks; social network systems; Access control; Ad hoc networks; Computers; Peer-to-peer computing; Social network services; Wireless sensor networks; Identity-based attacks; MANET; Sybil attack (ID#: 16-10490)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7292385&isnumber=7292366

Z. Jafarov, “The Use of Cryptography in Network Security,” Application of Information and Communication Technologies (AICT), 2015 9th International Conference on, Rostov on Don, 2015, pp. 229-232. doi:10.1109/ICAICT.2015.7338552
Abstract: Network Security is the most vital component in information security because it is responsible for securing all information passed through networked computers. Network Security refers to all hardware and software functions, characteristics, features, operational procedures, accountability, measures, access control, and administrative and management policy required to provide an acceptable level of protection for Hardware and Software, and information in a network. Only one particular element underlies many of the security mechanisms in use: Cryptographic techniques; hence our focus is on this area Cryptography. Cryptography is an emerging technology, which is important for network security. Research on cryptography is still in its developing stages and a considerable research effort is still required for secured communication.
Keywords: authorisation; cryptography; access control; cryptographic techniques; cryptography; information security; management policy; network security; networked computers; secured communication; security mechanisms; software functions; Algorithm design and analysis; Ciphers; Communication networks; Encryption; Internet; Network Security; access control; accountability (ID#: 16-10491)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7338552&isnumber=7338496

J. E. Mtingwi, “Mobile Government in African Least Developed Countries (LDCs): Proposed Implementing Framework,” IST-Africa Conference, 2015, Lilongwe, 2015, pp. 1-14. doi:10.1109/ISTAFRICA.2015.7190566
Abstract: Mobile government (M-government) is being used in some developed and developing countries. It facilitates the main stakeholders and government officials to perform their responsibilities with speed and accuracy to enhance the desired transparency and accountability. The major goals of mobile E-government are to enhance accountability and to deliver essential services to general public by government officials at a reduced cost. Many Least Developed Countries (LDCs) are struggling to implement E-government but have access to mobile technologies especially cellular phones in their respective residential areas (rural and urban). The Case study for M-government Proposed Implementing framework is Malawi. Mobile network coverage in most LDCs is above 85% which means M-government is the likely alternative in areas where E-government is failing. It is important for LDCs to leapfrog E-government to M-government using the modern technologies such as mobile/wireless network and mobile devices. The research has proposed M-government Implementing Framework due to absence of a specific LDCs’ M-government implementing framework. It is important that LDCs’ leadership should ensure to shift to M-government because it does not require massive investments since private sector has already deployed the enabling infrastructures. Many government’s operations will simple and accurate. Mobile government enables stakeholders to interact with governments directly. Stakeholders will be comfortable to have their contributions to the management of governments using mobile technologies (applications and devices). LDCs governments should increase their national Information Communication Technology (ICT) budget lines and improve national ICT literacy levels. There are also relevant instruments to regulate use of mobile technologies. Culture is not a hindrance to the acquisition mobile technologies
Keywords: cellular radio; government data processing; mobile computing; African least developed countries; LDC governments; LDC leadership; Malawi; accountability; cellular phones; developing countries; general public; government officials; governments management; m-government; mobile devices; mobile e-government; mobile network coverage; mobile technologies; national ICT budget lines; national ICT literacy levels; national information communication technology budget lines; private sector; rural residential areas; stakeholders; transparency; urban residential areas; wireless network; Electronic government; Mobile communication; Mobile computing; Mobile handsets; Stakeholders; Culture; E-government; Mobile government; Mobile government framework; Mobile government interactions; Mobile government services (ID#: 16-10492)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7190566&isnumber=7190513

D. Shehada, Chan Yeob Yeun, M. J. Zemerly, M. Al-Qutayri, and Y. Al Hammadi, “A Secure Mobile Agent Protocol for Vehicular Communication Systems,” Innovations in Information Technology (IIT), 2015 11th International Conference on, Dubai, 2015,
pp. 92-97. doi:10.1109/INNOVATIONS.2015.7381521
Abstract: A Mobile agent (MA) is an intelligent software that performs tasks on behalf of its owner. MAs collect results migrating from one node to another. MAs have a small size and a low requirement of network bandwidth, they also reduce the load of the network making a Mobile Agent System (MAS) a preferred solution in distributed applications. Intelligent Vehicular Communication Systems are an excellent exemplary candidate for such applications. Although MAs flexibility is a great add on to application however, ensuring their security is considered a challenging task due to its network openness. In this paper, a novel Secure Mobile Agent Protocol (SMAP) dedicated for Vehicular Communication Systems is proposed. SMAP provides the essential security requirements e.g. mutual authentication, confidentiality, integrity, accountability, non repudiation and authorization. Using SMAP owner vehicles receive results as soon as they are requested and therefore, providing fast information retrieval process. Moreover, another important feature of SMAP is that unlike other protocols the loss of the MA does not necessary mean the loss of all the collected data. Furthermore, SMAP guarantees protection from many security attacks such as, Man in the Middle (MITM), replay, masquerade, modification and unauthorized access attacks. Verified using the well known formal verification tool Scyther, SMAP is proven to be a suitable protocol for securing vehicular communication links from malicious actions.
Keywords: authorisation; automobiles; cryptographic protocols; data integrity; data protection; formal verification; information retrieval; mobile agents; traffic engineering computing; vehicular ad hoc networks; MAS; MITM attack; SMAP; Scyther formal verification tool; data accountability; data authorization; data confidentiality; data nonrepudiation; distributed applications; information retrieval process; intelligent software; intelligent vehicular communication systems; man-in-the-middle attack; masquerade attack; mobile agent system; modification attack; mutual authentication; network bandwidth; network load reduction; replay attack; secure mobile agent protocol; unauthorized access attack; Authentication; Authorization; Mobile agents; Protocols; Vehicles (ID#: 16-10493)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381521&isnumber=7381480

J. Wei, G. Yang, and Y. Mu, “Comments on ‘Accountable and Privacy-Enhanced Access Control in Wireless Sensor Networks,’” in IEEE Transactions on Wireless Communications , vol. 15, no. 4, pp. 3097-3099, 2015. doi:10.1109/TWC.2015.2507124
Abstract: In a recent paper (IEEE Trans. Wireless Communications, vol. 14, no. 1, 2015), He et al. proposed an accountable and privacy-enhanced access control (APAC) protocol which aimed to provide privacy for honest users against network owners and accountability against misbehaving users without the involvement of any trusted third party. However, the level of trust on the network owner has not been clearly defined in He et al.’s paper, and we demonstrate in this letter that in the case where the network owners cannot be trusted to correctly generate the system parameters, then the APAC protocol cannot ensure user privacy.
Keywords: Access control; Privacy; Protocols; Wireless communication; Wireless sensor networks; Zirconium; accountability; user privacy; wireless sensor network (ID#: 16-10494)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7350163&isnumber=4656680

R. Bhumkar and D. J. Pete, “Reduction of Error Rate in Sybil Attack Detection for MANET,” Intelligent Systems and Control (ISCO), 2015 IEEE 9th International Conference on, Coimbatore, 2015, pp. 1-6. doi:10.1109/ISCO.2015.7282328
Abstract: Mobile ad hoc networks (MANETs) require a unique, distinct, and persistent identity per node in order for their security protocols to be viable, Sybil attacks pose a serious threat to such networks. Fully self-organized MANETs represent complex distributed systems that may also be part of a huge complex system, such as a complex system-of-systems used for crisis management operations. Due to the complex nature of MANETs and its resource constraint nodes, there has always been a need to develop security solutions. A Sybil attacker can either create more than one identity on a single physical device in order to launch a coordinated attack on the network or can switch identities in order to weaken the detection process, thereby promoting lack of accountability in the network. In this research, we propose a scheme to detect the new identities of Sybil attackers without using centralized trusted third party or any extra hardware, such as directional antennae or a geographical positioning system. Through the help of extensive simulations, we are able to demonstrate that our proposed scheme detects Sybil identities with 95% accuracy (true positive) and about 5% error rate (false positive) even in the presence of mobility.
Keywords: emergency management; mobile ad hoc networks; protocols; telecommunication security; MANET; Sybil attack detection; complex distributed system; crisis management operation; error rate reduction; identity-based attack; mobile ad hoc network; resource constraint node; security protocol; Handheld computers; IEEE 802.11 Standard; Mobile ad hoc networks; Mobile computing; Identity-based attacks; Sybil attacks; intrusion detection; mobile ad hoc networks (ID#: 16-10495)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282328&isnumber=7282219

N. Mora, S. Caballé, and T. Daradoumis, “Improving e-Assessment in Collaborative and Social Learning Settings,” Intelligent Networking and Collaborative Systems (INCOS), 2015 International Conference on, Taipei, 2015, pp. 288-293. doi:10.1109/INCoS.2015.76
Abstract: Cognitive assessment in collaborative and social learning requires assessment processes that achieve significant effect on collaborative learning and engage learners through accountability and constructive feedback. In order to design a coherent and efficient assessment system for collaborative and social learning it is necessary to design an enriched learning experience that predisposes the feedback and awareness in the group. This research focuses on e-assessment of collaborative learning and extends it with Social Network Analysis (SNA) techniques that are able to analyze and represent social network interaction during the live collaborative sessions. The interaction data extracted from social and collaborative networking must be integrated into a general assessment system to produce an efficient and personalized awareness and feedback about the collaborative activity and the social behavior of the participants. In previous work we provided a conceptual and methodological research approach of e-assessment applications and tools that meet the mentioned requirements and goals. In this paper we provide empirical data and interpretation to validate the approach.
Keywords: educational administrative data processing; groupware; social networking (online); SNA techniques; assessment processes; assessment system design; cognitive assessment; collaborative activity; collaborative learning settings; collaborative networking; e-assessment; interaction data; learners accountability; learners constructive feedback; learning experience; live collaborative sessions; personalized awareness; personalized feedback; social behavior; social learning settings; social network analysis; social network interaction; social networking; Atmospheric measurements; Collaboration; Collaborative work; Computers; Context; Peer-to-peer computing; Social network services; collaborative learning; software infrastructure; software reuse; virtualized collaborative sessions (ID#: 16-10496)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7312086&isnumber=7312007

N. Mora, S. Caballé, and T. Daradoumis, “A Methodology to Evaluate Complex Learning Resources to Improve e-Assessment from Collaborative and Networking Settings,” Complex, Intelligent, and Software Intensive Systems (CISIS), 2015 Ninth International Conference on, Blumenau, 2015, pp. 164-171. doi:10.1109/CISIS.2015.22
Abstract: Cognitive assessment in collaborative and social learning requires a broad perspective about learning and the involved processes. Assessment processes have a significant effect on collaborative learning because they engage learners through accountability and constructive feedback. However, in order to design a coherent and efficient assessment system for collaborative and social learning it is necessary to design an enriched learning experience that predisposes the feedback and awareness in the group. This paper focuses on e-assessment of collaborative learning and extends it with Social Network Analysis (SNA) techniques that are able to analyze and represent social network interaction during the live sessions of collaboration by using collaborative complex learning resources (CC-LR). The knowledge extracted from analyzing the large amounts of interaction data related to social and collaborative networking is then integrated into a general assessment system to produce an efficient and personalized awareness and feedback about the collaborative activity and the social behavior of the participants to ultimately enhance and improve the collaborative learning experience with CC-LRs. The conceptual and methodological research approach is provided along with the evaluation design of e-assessment applications and tools that meet the mentioned requirements and goals.
Keywords: Internet; cognition; computer aided instruction; social sciences computing; CC-LR; SNA techniques; cognitive assessment; collaborative complex learning resources; collaborative settings; complex learning resource evaluation; constructive feedback; e-assessment process; general assessment system; networking settings; social learning; social network analysis; social network interaction; Atmospheric measurements; Collaboration; Collaborative work; Context; Particle measurements; Peer-to-peer computing; Social network services; collaborative learning; software infrastructure; software reuse; virtualized collaborative sessions (ID#: 16-10497)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7185181&isnumber=7185122

F. Garay, E. Rosas, and N. Hidalgo, “Reliable Routing Protocol for Delay Tolerant Networks,” Parallel and Distributed Systems (ICPADS), 2015 IEEE 21st International Conference on, Melbourne, VIC, 2015, pp. 320-327. doi:10.1109/ICPADS.2015.48
Abstract: On post disaster scenarios, communication infrastructure can be seriously compromised, generating intermittent or null Internet access. Delay Tolerant Networks (DTNs) are a promising communication mechanism able to deal with connection disruptions enabling communication for affected people. DTNs forward messages through untrusted devices, which have better probability to reach destination. However, they are susceptible to attacks where participants forge their metrics in order for them to appear as a better alternative to route messages, thus most traffic is attracted to them. This problem is known as the blackhole attack. In this work we propose a routing protocol that verifies participants’ interactions using the Guy Fawkes protocol for an encounter-based routing protocol which routes messages based on the interactions of nodes. We propose a transmission ticket in order to achieve accountability in the actions of nodes. Routing decisions are based on the past tickets collected by the nodes. Our protocol creates a more reliable routing path by preventing the creation of fake interactions, and therefore blackhole attacks. Results show that our protocol reduces the number of messages attracted by malicious peers performing a blackhole attack, maintaining good delivery rates and low overhead for different network scenarios.
Keywords: Internet; delay tolerant networks; disasters; reliability; routing protocols; DTN; Guy Fawkes protocol; Internet access; blackhole attack; communication infrastructure; communication mechanism; disaster scenarios; encounter-based routing protocol; malicious peers; reliable routing protocol; route messages; routing path; traffic; Context; Measurement; Peer-to-peer computing; Routing; Routing protocols; Security; blackhole attacks; security (ID#: 16-10498)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7384311&isnumber=7384203

L. Bahri, B. Carminati, and E. Ferrari, “CARDS - Collaborative Audit and Report Data Sharing for A-Posteriori Access Control in DOSNs,” 2015 IEEE Conference on Collaboration and Internet Computing (CIC), Hangzhou, China, 2015, pp. 36-45. doi:10.1109/CIC.2015.18
Abstract: Accountability and transparency have been commonly accepted to deter bad acts and to encourage compliance to rules. For this, auditing has been largely, and since ancient times, adopted to ensure the well running of systems and businesses within which duties are governed by set rules. Recently, an a-posteriori approach to data access control has been investigated for information systems as well across number of critical domains (e.g., Healthcare systems). Besides, privacy advocates started calling for the necessity of accountability and transparency in managing users’ privacy in nowadays connected and proliferated web data. Following this line of thought, we suggest a system for collaborative a-posteriori access control to data dissemination in decentralized online social networks based on reporting and auditing. We demonstrate the usability of our suggested model using a real OSN graph.
Keywords: Access control; Collaboration; Data privacy; Monitoring; Peer-to-peer computing; Registers; Social network services; A-posteriori access control; Collaborative audit; Collaborative data sharing; DOSNs; Data accountability (ID#: 16-10499)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7423063&isnumber=7423045

T. C. Piliouras et al., “The Rise of Mobile Technology in Healthcare: The Challenge of Securing Teleradiology,” Emerging Technologies for a Smarter World (CEWIT), 2015 12th International Conference & Expo on, Melville, NY, 2015, pp. 1-6. doi:10.1109/CEWIT.2015.7338167
Abstract: There are many potential security risks associated with viewing, accessing, and storage of DICOM files on mobile devices. Digital Imaging and Communications in Medicine (DICOM) is the industry standard for the communication and management of medical imaging. DICOM files contain multidimensional image data and associated meta-data (e.g., patient name, date of birth, etc.) designated as electronic protected health information (e-PHI). The HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule, the HIPAA Security Rule, the ARRA (American Recovery and Reinvestment Act), the Health Information Technology for Economic and Clinical Health Act (HITECH), and applicable state law mandate comprehensive administrative, physical, and technical security safeguards to protect e-PHI, which includes (DICOM) medical images. Implementation of HIPAA security safeguards is difficult and often falls short. Mobile device use is proliferating among healthcare providers, along with associated risks to data confidentiality, integrity, and availability (CIA). Mobile devices and laptops are implicated in wide-spread data breaches of millions of patients’ data. These risks arise in many ways, including: i) inherent vulnerabilities of popular mobile operating systems (e.g., iOS, Android, Windows Phone); ii) sharing of mobile devices by multiple users; iii) lost or stolen devices; iv) transmission of clinical images over public (unsecured) wireless networks; v) lack of adequate password protection; vi) failure to use recommended safety precautions to protect data on a lost device (e.g., data wiping); and vi) use of personal mobile devices while accessing or sharing e-PHI. Analysis of commonly used methods for DICOM image sharing on mobile devices elucidates areas of vulnerability and points to the need for holistic security approaches to ensure HIPAA compliance within and across clinical settings. Innovative information governance strategies and new security approaches are nee- ed to protect against data breaches, and to aid in the collection and analysis of compliance data. Generally, it is difficult to share DICOM images across different HIPAA-compliant Picture Archive and Communication Systems (PACS) and certified electronic health record (EHR) systems - while it is easy to share images using non-FDA approved, personal devices on unsecured networks. End-users in clinical settings must understand and strictly adhere to recommended mobile security precautions, and should be held to greater standards of personal accountability when they fail to do so.
Keywords: data integrity; data protection; electronic health records; health care; medical image processing; mobile computing; radiology; risk management; smart phones; telemedicine; CIA; DICOM image; EHR; HIPAA; HITECH; Health Information Technology for Economic and Clinical Health Act; Health Insurance Portability and Accountability Act; PACS; data confidentiality integrity and availability; digital imaging and communications in medicine; e-PHI; electronic health record; electronic protected health information; medical imaging; mobile device; mobile operating system; mobile technology; password protection; picture archive and communication systems; teleradiology; DICOM; Medical services; Mobile communication; Mobile handsets; Picture archiving and communication systems; Security; DICOM file sharing; DICOM mobile and cloud solutions; EHRs; HIPAA violation avoidance; PACS; information governance; mobile applications management; mobile device management (ID#: 16-10500)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7338167&isnumber=7338153

Q. H. Cao, G. Madhusudan, R. Farahbakhsh, and N. Crespi, “Usage Control for Data Handling in Smart Cities,” 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, CA, USA, 2015, pp. 1-6. doi:10.1109/GLOCOM.2015.7417270
Abstract: Data in smart cities is commonly generated by a large variety of participants including institutional actors, equipment manufacturers, network operators, infrastructure providers, service providers, and end users. This data potentially undergoes several transformations such as aggregation and/or composition before finally being consumed. In this context of sharing data between diverse consumers, it is essential to provide the data producers the means by which they can exercise control over how and by whom the data is used. To date, usage control has received attention in the domains of the web and social networks, in terms of confidentiality, privacy and access control aspects. However, it has not yet been fully applied in a rigorous manner in the context of smart cites. In this paper we study usage control with the goal to address the problem of providing stakeholders more control over their data and enforcing accountable management of such data. We first propose a new data usage policy, called DUPO, which captures the diversity of obligations and constraints resulting from the usage control requirements for smart cities. Next, we apply a defeasible logic based approach on DUPO to formally define rule language, solve rule conflicts, and elaborate reasoning. We then introduce the data handling mechanism, which provides useful functionality to process consumer’s request, ensuring the accountability of the policy enforcement, and traceability of the data usage. To this end we benefit from SPINdle reasoner to implement the proposed usage control module covered main functionalities of the mechanism.
Keywords: Context; Data handling; Data models; Smart cities; Waste management; XML (ID#: 16-10501)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7417270&isnumber=7416057

P. Madhubala R, “Survey on Security Concerns in Cloud Computing,” Green Computing and Internet of Things (ICGCIoT), 2015 International Conference on, Noida, 2015, pp. 1458-1462. doi:10.1109/ICGCIoT.2015.7380697
Abstract: Cloud consists of vast number of servers. Cloud contains tremendous amount of information. There are various problems in cloud computing such as storage, bandwidth, environment problems like availability, Heterogeneity, scalability and security problems like reliability and privacy. Though so many efforts are taken to solve these problems there are still some security problems[1]. Ensuring security to this data is important issue in cloud Storage. Cloud computing security can be defined as broad set of technologies, policies and controls deployed to protect applications, data and corresponding infrastructure of cloud computing. Due to tremendous progress in technology providing security to customers data becomes more and more important. This paper will tell the need of third party auditor in security of cloud. This paper will give brief idea about what are the security threats in cloud computing. This paper will analyze the various security objectives such as confidentiality, integrity, authentication, auditing, accountability, availability, authorization. This paper also studies the various data security concerns such as various reconnaissance techniques, denial of service, account cracking, hostile and self-replicating codes, system or network penetration, Buffer overflow, SQL injection attack.
Keywords: cloud computing; security of data; storage allocation; cloud computing security; cloud storage; Cloud computing; Computer crime; Data privacy; Reconnaissance; Servers; Data security concerns; Security objectives; Third party audit (ID#: 16-10502)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7380697&isnumber=7380415

C. I. Setiawati and P. M. Pratiwi, “Conceptual Model of Citizen’s Intention Associated to E-Government and Internet Behavior: Why do Bandung Citizens Follow the Mayor’s Social Media?,” Information and Communication Technology (ICoICT ), 2015 3rd International Conference on, Nusa Dua, 2015, pp. 336-341. doi:10.1109/ICoICT.2015.7231447
Abstract: Electronic government (e-government) has begun to supplement, replace and restructure conventional system for public services delivering process. Basically, the success of the e-government implementation is depending on the government support and high willingness of citizens to accept then adopt it. User of e-government can obtain benefits such as better access to information, efficiency, citizen participation, reducing cost, accountability and transparency value in delivering public services. In actualizing citizen participation, government can create social media technologies that facilitate two direction dialogue and conversation timeless. For instance, mayor of Bandung city, Ridwan Kamil, who active in social networking sites (SNS) such as Facebook, Twitter, Youtube and Instagram to report and capture what he and his government adjust based on determined programs. Large Bandung citizens follow and enjoy his status, report and photos on social media then become an important factor that influence their intent to use the social media as the main resource to get the government’s report. Their intentions then create a behavior to participate on e-government. This way became a breakthrough initiative in attempting an open government as the form of services process in public. Research discuss regarding on citizen participation related to member government social media based on user perspective is rarely. Therefore, this research is conceptual model which aims to present what the factors of Bandung citizen’s intention to follow the Mayor’s social media. In crafting model, this research adopted Theory of Planned Behavior (TPB) approach as nearest theory regards on intention and behavior on technology using (include social media using behavior). This research used descriptive method by analyzing secondary data then proposes factors to present a complete model. This research is expected the basis for future research confirms the model by doing empirical study directly of Bandung citizens in term of the social media using behavior.
Keywords: Internet; cost reduction; public administration; social networking (online); Bandung citizens; Bandung city mayor; Facebook; Instagram; Internet behavior; SNS; TPB; Twitter; Youtube; citizen intention; citizen participation; e-government; electronic government; public service delivery; public services delivering process; secondary data; social media technologies; social media using behavior; social networking sites; theory of planned behavior approach; two direction dialogue; Cities and towns; Electronic government; Hardware; Media; Bandung; E-government; Mayor’s social media; citizen’s intention (ID#: 16-10503)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7231447&isnumber=7231384

S. Elena, G. Stalker, C. E. Jimenez, F. V. Schalkwyk, and M. Canares, “Open Government and Open Data a Global Perspective,” eDemocracy & eGovernment (ICEDEG), 2015 Second International Conference on, Quito, 2015, pp. 9-13. doi:10.1109/ICEDEG.2015.7114477
Abstract: Civil society organizations (CSOs) are investing in new technologies and are increasingly working in networks and coalitions (such as Open Parliament, Open Contracting and Open Government) to develop standards for effective accountability through transparency and disclosure. These initiatives hold the promise of transforming the way government and societies work together to improve governance. There is therefore an opportunity to better support those governments seeking to commit to transparency through international eGovernment initiatives. Similarly, there is an opportunity to leverage the increased understanding of the role of technology including the public release of government data in enhancing disclosure and public access to information, and to build the capacity of the CSOs to connect best practice with transparency reforms. However, in line with the vision of open government, the benefits to citizens should always take precedence over other returns when designing and developing software systems, and this involves new and innovative software architectures.
Keywords: government data processing; software architecture; CSO; civil society organization; global perspective; international egovernment initiatives; open data; open government; transparency reform; Africa; Government; Law; Monitoring; Tutorials (ID#: 16-10504)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7114477&isnumber=7114453

C. Techapanupreeda, R. Chokngamwong, C. Thammarat, and S. Kungpisdan, “An Accountability Model for Internet Transactions,” Information Networking (ICOIN), 2015 International Conference on, Cambodia, 2015, pp. 127-132. doi:10.1109/ICOIN.2015.7057869
Abstract: Internet transaction is increasing significantly due to very fast grown of mobile devices, electronic commerce, and electronic records. Many researchers proposed several protocols to analyze the accountability in Internet transaction. In this paper we propose accountability model and protocol in Internet transaction that have advantages over existing protocols and satisfies essential security properties: Confidentiality, Integrity, Authorization, Authentication, Non-repudiation, Liability and Responsiveness. The protocol is designed using asymmetric cryptography and hash function to ensure that it meets all above accountability properties. The proposed protocol is also analyzed and compared with existing accountability protocols.
Keywords: Internet; cryptographic protocols; electronic commerce; mobile computing; mobile handsets; Internet transactions; accountability model; accountability properties; accountability protocols; asymmetric cryptography; electronic commerce; electronic records; hash function; mobile devices; security properties; Authentication; Authorization; Electronic commerce; Protocols; Public key; Accountability; Liability; Network Security; Payment Protocol; Responsiveness; Security Protocols (ID#: 16-10505)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7057869&isnumber=7057846

H. Ulusoy, M. Kantarcioglu, E. Pattuk, and L. Kagal, “AccountableMR: Toward Accountable MapReduce Systems,” Big Data (Big Data), 2015 IEEE International Conference on, Santa Clara, CA, 2015, pp. 451-460. doi:10.1109/BigData.2015.7363786
Abstract: Traditional security techniques (e.g., authorization and encryption) have been extensively used in data management systems to provide security and privacy for many years. However, recent security breaches (e.g., WikiLeaks) showed that even if perfect access control is achieved, malicious insiders can still infer sensitive information and can misuse this sensitive information. To address this issue, accountability is introduced to deter inappropriate use of data through provision of usage control, privacy-aware interfaces, and careful monitoring and auditing. In this paper, we propose an accountable MapReduce architecture, where specific data usage is allowed after fine-grained transparent authorizations (i.e., individual record level), and such data usage are subject to effective accountability assessments by those who seek to assure privacy and security policy compliance. Our architecture enhances the MapReduce systems with the purpose concept (i.e., usage restrictions), authorize the users in fine-grained manner, and verifies the output of previously run jobs at post authorization time for detecting authorization and purpose breaches. Our empirical results show that in combination with traditional security features, AccountableMR can efficiently enhance the security and accountability of MapReduce model.
Keywords: authorisation; cryptography; data handling; parallel processing; software architecture; AccountableMR; MapReduce architecture; access control; authorization; data management system; encryption; Authorization; Data privacy; IP networks; Organizations; Privacy (ID#: 16-10506)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7363786&isnumber=7363706

J. Lebrón, K. Escalante, J. Coppola, and C. Gaur, “Activity Tracker Technologies for Older Adults: Successful Adoption via Intergenerational Telehealth,” Systems, Applications and Technology Conference (LISAT), 2015 IEEE Long Island, Farmingdale, NY, 2015, pp. 1-6. doi:10.1109/LISAT.2015.7160200
Abstract: Over the last few decades, telehealth has emerged as another segment of the healthcare continuum. People are now able to gain more control over the care that is provided to them because telehealth technologies allow people to monitor and report the data that is collected to their healthcare providers. It is the providers of healthcare who then interpret the results and take necessary action. This study will observe how the provision of a wireless activity tracker influences the conscious health attitudes and behaviors in a sample of elderly participants who reside in an assisted living facility. This study will focus on the attitudes of the participants as determined by a self-report before the launch of an eight-week telehealth program, as well as at the conclusion of the program. To measure health behaviors, data was collected in regards to weight and blood pressure, as well as daily steps taken, calories burned, and distance travelled. This study is unique, thus any findings should be further studied and developed to better understand the efficacy, as well as outcomes of introducing a wireless activity tracker to any telehealth program. All information that was collected was with the consent of each individual resident, in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The information collected by the wireless activity tracker was synchronized to the Fitbit® website (fitbit.com). The health vitals were taken by using a Bluetooth scale and an automated blood pressure cuff. The information was then recorded by the college students and entered into MyHealthPoint charts (myhealthpoint.com). This paper is to present the information gathered regarding the resident’s weight and blood pressure; steps taken, calories burned, and distance travelled; demographics; various health conditions, as well as each resident’s opinions regarding the activity tracker and the program in general. The goal of the research is to see how participants respond to the use of the wireless activity trackers and how the use of such a device affects their conscious health decisions and ultimately, the health of the residents.
Keywords: Bluetooth; biomedical telemetry; blood pressure measurement; geriatrics; health care; patient monitoring; telemedicine; wireless sensor networks; Bluetooth scale; Fitbit website; Health Insurance Portability-and-Accountability Act 1996; MyHealthPoint charts; activity tracker technologies; automated blood pressure cuff; conscious health decisions; data collection; demographics; healthcare continuum; intergenerational telehealth technologies; older adults; time 8 week; wireless activity tracker; Aging; Assisted living; Biomedical monitoring; Blood pressure; Monitoring; Wireless communication; elderly; gerontechnology; gerotechnology; remote patient monitoring (RPM); senior citizen; telemedicine (ID#: 16-10507)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7160200&isnumber=7160171

M. A. Khan and K. M. Shahriar, “ASTERISK Based Open Source IP-PBX System for Accountable Customer Support Service,” Computational and Business Intelligence (ISCBI), 2015 3rd International Symposium on, Bali, 2015, pp. 85-88. doi:10.1109/ISCBI.2015.22
Abstract: Customer support service has now become an integral part of every large enterprise since customer satisfaction is largely determined by the quality of service he/she receives after purchase of a product/service. Traditionally legacy phone based PBX systems are deployed to provide customer support service where operators are appointed to receive calls and respond to customers’ queries or complaints. Unfortunately such a system severely lacks accountability from the support service personnel. There are often cases such as operator is not in his desk while the phone is ringing or may deliberately leave the phone unattended, misbehaving with customers, not registering complaints and doing the necessary follow-ups etc. There is very little system support for the management to monitor and track such inappropriate conducts from the support service employees. However all these desirable features can be achievable if the legacy PBX system is replaced by an IP-PBX system. In this paper, we propose a solution for accountable customer support service using Asterisk based open source IP-PBX system. Being open source, Asterisk given the flexibility to create rich features set for customer support service at a very low cost.
Keywords: Internet telephony; customer satisfaction; customer services; private telephone exchanges; quality of service; Asterisk based open source IP-PBX system; accountable customer support service; customer complaints; customer queries; customer satisfaction; large enterprise; legacy phone based PBX systems; private branch exchange; quality of service; support service employees; support service personnel; Artificial intelligence; Customer satisfaction; IP networks; Media; Servers; Telephony; Asterisk; Call escalation; Customer support service; IP-PBX system; Open source (ID#: 16-10508)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7383542&isnumber=7383520

M. M. Bany Taha, S. Chaisiri, and R. K. L. Ko, “Trusted Tamper-Evident Data Provenance,” Trustcom/BigDataSE/ISPA, 2015 IEEE, Helsinki, 2015, pp. 646-653. doi:10.1109/Trustcom.2015.430
Abstract: Data provenance, the origin and derivation history of data, is commonly used for security auditing, forensics and data analysis. While provenance loggers provide evidence of data changes, the integrity of the provenance logs is also critical for the integrity of the forensics process. However, to our best knowledge, few solutions are able to fully satisfy this trust requirement. In this paper, we propose a framework to enable tamper-evidence and preserve the confidentiality and integrity of data provenance using the Trusted Platform Module (TPM). Our framework also stores provenance logs in trusted and backup servers to guarantee the availability of data provenance. Tampered provenance logs can be discovered and consequently recovered by retrieving the original logs from the servers. Leveraging on TPM’s technical capability, our framework guarantees data provenance collected to be admissible, complete, and confidential. More importantly, this framework can be applied to capture tampering evidence in large-scale cloud environments at system, network, and application granularities. We applied our framework to provide tamper-evidence for Progger, a cloud-based, kernel-space logger. Our results demonstrate the ability to conduct remote attestation of Progger logs’ integrity, and uphold the completeness, confidential and admissible requirements.
Keywords: cloud computing; data analysis; digital forensics; file servers; trusted computing; Progger log integrity; TPM; backup server; cloud environments; cloud-based logger; data provenance confidentiality; data provenance integrity; forensic process analysis; kernel-space logger; provenance logger integrity; security auditing; trusted platform module; trusted server; trusted tamper-evident data provenance; Cloud computing; Generators; Kernel; Reliability; Runtime; Servers; Virtual machining; Accountability in Cloud Computing; Cloud Computing; Data Provenance; Data Security; Remote Attestation; Tamper Evidence; Trusted Computing; Trusted Platform Module (ID#: 16-10509)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7345338&isnumber=7345233

S. D. Taru and V. B. Maral, “Object Oriented Accountability Approach in Cloud for Data Sharing with Patchy Image Encryption,” Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, Kochi, 2015, pp. 1688-1693. doi:10.1109/ICACCI.2015.7275856
Abstract: Cloud computing presents a new approach for delivery model and consumption of different IT services based on internet. Highly scalable and virtualized resources are provided as a service on demand basis. Cloud computing provides flexibility for deploying applications at lower cost while increasing business agility. The main feature of using cloud services is that user’s data are more often processed at remote machines which are unknown to user. As user do not own these remote machine used for speed up data processing or operate them in cloud, users can lose control of own confidential data. Despite of all of advantages of cloud this remains a challenge and acts as a barrier to the large scale adoption of cloud. To address above problem in this paper we present object oriented approach that performs automated logging mechanism to ensure any access to user’s data will trigger authentication with use of decentralized information accountability framework called as CIA (Cloud Information Accountability) [1]. We use the JAR (JAVA Archive File) programmable capabilities to create dynamic travelling object containing user’s data. To strengthen the distributed data security we use the chaos image encryption technique specific to image files. Chaos is patchy image encryption technique based on pixel shuffling. Randomness of the chaos is made utilized to scramble the position of the pixel of image.
Keywords: Java; chaos; cloud computing; cryptography; image coding; message authentication; object-oriented programming; CIA; JAR; JAVA archive file; automated logging mechanism; chaos image encryption technique; cloud computing; cloud information accountability; data sharing; distributed data security; object oriented accountability approach; pixel shuffling; user authentication; Authentication; Chaos; Ciphers; Cloud computing; Encryption; Accountability; Chaos encryption; Cloud computing; Data sharing; Logging mechanism (ID#: 16-10510)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7275856&isnumber=7275573

S. Rao, S. N. Suma, and M. Sunitha, “Security Solutions for Big Data Analytics in Healthcare,” Advances in Computing and Communication Engineering (ICACCE), 2015 Second International Conference on, Dehradun, 2015, pp. 510-514. doi:10.1109/ICACCE.2015.83
Abstract: Today data is a strategic asset and organizational goal is to maximize the value of their information. A growing number of companies are using technology to store and analyze petabytes of data including web logs, click stream data and social media content to gain better insights about their customers and their business. Big Data analytics provides enormous competitive advantage for corporations, helping the businesses, tailor their products to consumer needs. Big data in healthcare refers to electronic health data sets that are related to patient healthcare and well-being. In healthcare sector the privacy and security issues of big data are a major concern as data is bound by international regulations like the Health Insurance Portability and Accountability Act (HIPAA), The Health Information Technology for Economic and Clinical Health (HITECH), HCSC, FTC (Federal Trade Commission) etc. In Hospital Information System the applications/modules that are impacted by big data are genomics, pharmacovigilance, patient care etc. The aim of this paper is to present various viable security solutions to harness the potential of big data pertaining to healthcare in a highly regulated environment.
Keywords: Big Data; data analysis; health care; medical information systems; security of data; social networking (online); FTC; Federal Trade Commission; HCSC; HIPAA; HITECH; Health Insurance Portability and Accountability Act; The Health Information Technology for Economic and Clinical Health; Web logs; big data analytics; big data privacy issues; big data security issues; consumer needs; electronic health datasets; healthcare sector; hospital information system; organizational goal; patient healthcare; patient well-being; pharmacovigilance; security solutions; social media content; Big data; Business; Data models; Data privacy; Databases; Medical services; Security; Big Databases; De-Identification; Encryption; Healthcare Analytics; Jujutsu Security; Masking (ID#: 16-10511)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7306738&isnumber=7306547   
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Network Coding 2015

	Network Coding 2015

Network coding methods are used to improve a network’s throughput, efficiency, and scalability. They can also be a method for dealing with attacks and eavesdropping. For the Science of Security community, research into network coding is relevant to the general network problems associated with the hard problems of resiliency, composability, and predictive metrics, as well as cyber physical systems. The articles cited here were presented in 2015.

F. Chen, T. Xiang, Y. Yang, and S. Chow, “Secure Cloud Storage Meets with Secure Network Coding,” in IEEE Transactions on Computers, vol. 65, no. 6, pp.1936-1948, 2016. doi:10.1109/TC.2015.2456027
Abstract: This paper reveals an intrinsic relationship between secure cloud storage and secure network coding for the first time. Secure cloud storage was proposed only recently while secure network coding has been studied for more than ten years. Although the two areas are quite different in their nature and are studied independently, we show how to construct a secure cloud storage protocol given any secure network coding protocol. This gives rise to a systematic way to construct secure cloud storage protocols. Our construction is secure under a definition which captures the real world usage of the cloud storage. Furthermore, we propose two specific secure cloud storage protocols based on two recent secure network coding protocols. In particular, we obtain the first publicly verifiable secure cloud storage protocol in the standard model. We also enhance the proposed generic construction to support user anonymity and third-party public auditing, which both have received considerable attention recently. Finally, we prototype the newly proposed protocol and evaluate its performance. Experimental results validate the effectiveness of the protocol.
Keywords: Authentication; Cloud computing; Network coding; Protocols; Receivers; Secure storage; Cloud storage auditing; network coding; security; third-party public auditing; user anonymity (ID#: 16-10318)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7155492&isnumber=4358213

Y. J. Chen, L. C. Wang, and C. H. Liao, “Eavesdropping Prevention for Network Coding Encrypted Cloud Storage Systems,” in IEEE Transactions on Parallel and Distributed Systems, vol. 27, no. 8, pp. 2261-2273, 2016. doi:10.1109/TPDS.2015.2486772
Abstract: Network coding is an important cloud storage technique, which can recover data with small repair bandwidth and high reliability compared to the existing erasure coding and replication methods. However, regardless of which data recovery technique is used, the repaired data in a geographically distributed cloud storage system are easy to be eavesdropped at the transmission link between the local datacenter and its remote backup site. This kind of network security issue is called link eavesdropping in this paper. For a network coded cloud storage system, we propose a systematic design methodology to determine the important data recovery system parameters for any specified security level. Through analysis, we present the performance curves to relate the remote repair bandwidth and the number of coded data fragments. Consequently, all the important system parameters of a network coded data recovery system, including the number of storage nodes and the link capacity between the datacenter and the backup site, can be precisely designed for satisfying different security level requirements.
Keywords: Bandwidth; Cloud computing; Distributed databases; Encoding; Maintenance engineering; Network coding; Security; Data security; Distributed storage; Network coding (ID#: 16-10319)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7289458&isnumber=4359390

M. Sipos, J. Heide, D. Lucani, M. Pedersen, F. Fitzek, and H. Charaf, “Adaptive Network Coded Clouds: High Speed Downloads and Cost-Effective Version Control,” in IEEE Transactions on Cloud Computing, vol. PP, no.99, pp. 1-1, 2015. doi:10.1109/TCC.2015.2481433
Abstract: Although cloud systems provide a reliable and flexible storage solution, the use of a single cloud service constitutes a single point of failure, which can compromise data availability, download speed, and security. To address these challenges, we advocate for the use of multiple cloud storage providers simultaneously using network coding as the key enabling technology. Our goal is to study two challenges of network coded storage systems. First, the efficient update of the number of coded fragments per cloud in a system aggregating multiple clouds in order to boost the download speed of files. We developed a novel scheme using recoding with limited packets to trade-off storage space, reliability, and data retrieval speed. Implementation and measurements with commercial cloud providers show that up to 9x less network use is needed compared to other network coding schemes, while maintaining similar download speeds and reliability. Second, the ability to update coded fragments from a linear erasure code when the original file is modified. We exploit code structure to provide efficient representations of the evolution of the file. Evaluations using file changes on software library repositories show that a five-order of magnitude reduction in network and storage use is possible compared to state-of-the-art.
Keywords: Bandwidth; Cloud computing; Control systems; Decoding; Encoding; Network coding; Reliability; Distributed systems; Error control codes; Information Storage and Retrieval (ID#: 16-10320)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7274724&isnumber=6562694

A. Le, A. Markopoulou, and A. G. Dimakis, “Auditing for Distributed Storage Systems,” in IEEE/ACM Transactions on Networking, vol. PP, no. 99, pp. 1-1, 2015. doi:10.1109/TNET.2015.2450761
Abstract: Distributed storage codes have recently received a lot of attention in the community. Independently, another body of work has proposed integrity-checking schemes for cloud storage, none of which, however, is customized for coding-based storage or can efficiently support repair. In this work, we bridge the gap between these two currently disconnected bodies of work. We propose {ssr NC {mathchar , a novel cryptography-based remote data integrity-checking scheme, designed specifically for network-coding-based distributed storage systems. {ssr NC {mathchar  combines, for the first time, the following desired properties: 1) efficient checking of data integrity; 2) efficient support for repairing failed nodes; and 3) protection against information leakage when checking is performed by a third party. The key ingredient of the design of {ssr NC {mathchar  is a novel combination of {ssr SpaceMac} , a homomorphic message authentication code (MAC) scheme for network coding, and {ssr NCrypt} , a novel chosen-plaintext attack (CPA) secure encryption scheme that preserves the correctness of {ssr SpaceMac} . Our evaluation of {ssr NC {mathchar  based on a real Java implementation shows that the proposed scheme has significantly lower overhead compared to the state-of-the-art schemes for both auditing and repairing of failed nodes.
Keywords: Bandwidth; Cloud computing; Cryptography; Distributed databases; Encoding; Maintenance engineering; Protocols; Auditing; distributed storage; encryption; integrity; network coding; security (ID#: 16-10321)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7169623&isnumber=4359146

Z. Ren, L. Wang, Q. Wang, and M. Xu, “Dynamic Proofs of Retrievability for Coded Cloud Storage Systems,” in IEEE Transactions on Services Computing, vol. PP, no. 99, pp. 1-1, 2015. doi:10.1109/TSC.2015.2481880
Abstract: Cloud storage allows users to store their data in a remote server to get rid of expensive local storage and management costs and then access data of interest anytime anywhere. A number of solutions have been proposed to tackle the verification of remote data integrity and retrievability in cloud storage systems. Most of existing schemes, however, do not support efficient data dynamics and/or suffer from security vulnerabilities when involving dynamic data operations. In this paper, we propose a dynamic proof of retrievability scheme supporting public auditability and communication-efficient recovery from data corruptions. To this end, we split up the data into data blocks and encode each data block individually using outer code and inner code before outsourcing so that i) an update inside any data block only affects a few codeword symbols and ii) communication-efficient data repair for a breakdown server can be achieved and communication overhead for small data corruptions within a server can be eliminated. Based on the encoded data blocks, we utilize rb23Tree to enforce the data sequence for dynamic operations, preventing the cloud service provider from manipulating data block to pass the integrity check in the dynamic scenario. We also analyze the effectiveness of the proposed construction in defending against pollution attacks during data recovery. Formal security analysis and extensive experimental evaluations are conducted, showing that the proposed scheme is practical for use in cloud storage systems.
Keywords: Cloud computing; Encoding; Metadata; Network coding; Redundancy; Security; Servers; Cloud storage; Data availability; Data dynamics; Data integrity; Public audit (ID#: 16-10322)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7275163&isnumber=4629387

T. Hayajneh, S. Ullah, B. J. Mohd, and K. Balagani, “An Enhanced WLAN Security System with FPGA Implementation for Multimedia Applications,” in IEEE Systems Journal, vol. PP, no. 99, pp. 1-10, 2015. doi:10.1109/JSYST.2015.2424702
Abstract: Maintaining a high level of data security with a low impact on system performance is more challenging in wireless multimedia applications. Protocols that are used for wireless local area network (WLAN) security are known to significantly degrade performance. In this paper, we propose an enhanced security system for a WLAN. Our new design aims to decrease the processing delay and increase both the speed and throughput of the system, thereby making it more efficient for multimedia applications. Our design is based on the idea of offloading computationally intensive encryption and authentication services to the end systems’ CPUs. The security operations are performed by the hosts’ central processor (which is usually a powerful processor) before delivering the data to a wireless card (which usually has a low-performance processor). By adopting this design, we show that both the delay and the jitter are significantly reduced. At the access point, we improve the performance of network processing hardware for real-time cryptographic processing by using a specialized processor implemented with field-programmable gate array technology. Furthermore, we use enhanced techniques to implement the Counter (CTR) Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) and the CTR protocol. Our experiments show that it requires timing in the range of 20–40 \mumbox{s}  to perform data encryption and authentication on different end-host CPUs (e.g., Intel Core i5, i7, and AMD 6-Core) as compared with 10–50 ms when performed using the wireless card. Furthermore, when compared with the standard WiFi protected access II (WPA2), results show that our proposed security system improved the speed to up to 3.7 times.
Keywords: Authentication; Encryption; Multimedia communication; Protocols; Throughput; Wireless LAN; Field-programmable gate array (FPGA); IEEE 802.11i; WiFi protected access II (WPA2); multimedia security; wireless local area network (WLAN) (ID#: 16-10323)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7104061&isnumber=4357939

H. C. Chen, “TCABRP: A Trust-Based Cooperation Authentication Bit-Map Routing Protocol Against Insider Security Threats in Wireless Ad Hoc Networks,” in IEEE Systems Journal, vol. PP, no. 99, pp. 1-11, 2015. doi:10.1109/JSYST.2015.2437285
Abstract: In recent years, threats in wireless ad hoc networks (WANETs) could be further divided into outside and insider threats. It is important to consider that the majority of insider threats come from the users who are fully authorized to use the systems they are accessing. This new situation would greatly inhibit the normal activity for data communications, and cause the WANETs to spend a longer time for delivering the same data volumes. Therefore, a Trust-Based Cooperation Authentication Bit-Map Routing Protocol (TCABRP) against insider threats in WANETs is proposed in this paper. It could reduce the damages away from the insider threats in a WANET. Specifically, the cooperation evaluations are employed that include three factors: cooperative scores, cooperative trust values and authenticated codes. The routing protocol is not only a type of behavioral-based technique but also a kind of efficient cryptographic protocol. The cooperative evaluations route vector could protect the chain of the router vector authentication codes for verifying the delivery process and determining whether it is correct or incorrect. Moreover, the proposed routing protocol in WANET could not only prevent InTs efficiently, but also evaluate the behaviors of the compromised node or a selfish node as well.
Keywords: Authentication; Communication system security; Nickel; Public key; Routing protocols; Wireless communication; Cooperative routing protocol; route vector authentication code (RVAC); trusted routing protocol; wireless ad hoc networks (WANETs) (ID#: 16-10324)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7131456&isnumber=4357939

A. K. Sood, S. Zeadally, and R. Bansal, “Exploiting Trust: Stealthy Attacks Through Socioware and Insider Threats,” in IEEE Systems Journal, vol. PP, no. 99, pp. 1-12, 2015. doi:10.1109/JSYST.2015.2388707
Abstract: Online social networks (OSNs) provide a new dimension to people’s lives by giving birth to online societies. OSNs have revolutionized the human experience, but they have also created a platform for attackers to distribute infections and conduct cybercrime. An OSN provides an opportunistic attack platform for cybercriminals through which they can spread infections at a large scale. We describe a category of malware (or attacks) known as socioware that exploits OSN environments for performing unauthorized and nefarious activities. Socioware can be an executable, an extension, an exploit code, etc., that conducts malicious operations in OSNs with serious impact on users. Furthermore, we discuss the socioware taxonomy highlighting the characteristics of socioware to illustrate the design and exploitation tactics of OSN malware. In contrast, insider threats (employees or contractors) are posing a grave threat to organizations, with a motivation to steal critical data and monetize it for financial gains. Insider threats have become a serious concern for many organizations today. We present a complete attack model to demonstrate how an insider threat exploits the online trust and confidentiality by transforming an OSN into a socioware distribution platform that infects other employees’ systems. Finally, we discuss security defenses that can be adopted to defend against socioware.
Keywords: Browsers; Facebook; Malware; Organizations; Servers; Taxonomy; Attack; cybercrime; insider threats; malware; online social networks (OSNs); vulnerability (ID#: 16-10325)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7042925&isnumber=4357939

C. Fachkha and M. Debbabi, “Darknet as a Source of Cyber Intelligence: Survey, Taxonomy and Characterization,” in IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1197-1227, Secondquarter, 2016. doi:10.1109/COMST.2015.2497690
Abstract: Today, the Internet security community is largely emphasizing on cyberspace monitoring for the purpose of generating cyber intelligence. In this paper, we present a survey on darknet. The latter is an effective approach to observe Internet activities and cyber attacks via passive monitoring. We primarily define and characterize darknet and indicate its alternative names. We further list other trap-based monitoring systems and compare them to darknet. Moreover, in order to provide realistic measures and analysis of darknet information, we report case studies, namely, Conficker worm in 2008 and 2009, Sality SIP scan botnet in 2011 and the largest amplification attack in 2014. Finally, we provide a taxonomy in relation to darknet technologies and identify research gaps that are related to three main darknet categories: deployment, traffic analysis, and visualization. Darknet projects are found to monitor various cyber threat activities and are distributed in one third of the global Internet. We further identify that Honeyd is probably the most practical tool to implement darknet sensors, and future deployment of darknet will include mobile-based VOIP technology. In addition, as far as darknet analysis is considered, computer worms and scanning activities are found to be the most common threats that can be investigated throughout darknet; Code Red and Slammer/Sapphire are the most analyzed worms. Furthermore, our study uncovers various lacks in darknet research. For instance, less than 1% of the contributions tackled Distributed Reflection Denial of Service (DRDoS) amplification investigations and at most 2% of research works pinpointed spoofing activities. Last but not least, our survey identifies specific darknet areas, such as IPv6 darknet, event monitoring and game engine visualization methods that require a significantly greater amount of attention from the research community.
Keywords: Computer crime; IP networks; Internet; Monitoring; Sensors; Taxonomy; Botnet; Cyber; Cyber Attacks; Darknet; Distributed Denial of Service (DDoS); Distributed Reflection Denial of Service (DRDoS); Intelligence; Probing; Security; Threats; Worms (ID#: 16-10326)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7317717&isnumber=5451756

R. Koch, M. Golling, L. Stiemert, and G. D. Rodosek, “Using Geolocation for the Strategic Preincident Preparation of an IT Forensics Analysis,” in IEEE Systems Journal, vol. PP, no. 99, pp. 1-12, 2015. doi:10.1109/JSYST.2015.2389518
Abstract: Attack traceability and attribution are two of the main tasks of IT forensics. To support this, IT forensics is not limited to investigate data after the attack has taken place. Already before the attack, an optimal environment for a subsequent investigation has to be created. While this is primarily focused on ordinary logging, we propose to set both degree and characteristics of logging, based on geolocation. Thus, for conspicuous locations, more knowledge is gathered and stored in advance (georeputation). Next to this, due to the fact that the distribution of IP addresses is not static, additional information is stored to, e.g., determine the Internet service provider, which was responsible for the IP at the time the crime was committed. This additional data also contains geoinformation that can be used later to reconstruct attack routes and to identify and analyze distributed attacks. For these purposes, however, the IP localization mechanisms, i.e., the underlying method for geolocation, must be very accurate. Therefore, next to highlighting, the benefits of including geobased information and providing our architecture in order to do so, this publication also investigates accuracy and reliability of geoinformation and provides its own geolocation architecture and a corresponding prototype, including an evaluation.
Keywords: Accuracy; Forensics; Geology; IP networks; Internet; Reliability; Security; Attribution; IT forensics; geolocation; georeputation; preincident preparation (ID#: 16-10327)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7042787&isnumber=4357939

W. Zhang and Q. Yin, “Blind Carrier Frequency Offset Estimation for MIMO-OFDM with Constant Modulus Constellations via Rank Reduction Criterion,” in IEEE Transactions on Vehicular Technology, vol. PP, no. 99, pp. 1-1, 2015. doi:10.1109/TVT.2015.2481727
Abstract: In this paper, we propose a new blind carrier frequency offset (CFO) estimator for multi-input multi-output orthogonal frequency-division multiplexing (MIMO-OFDM) systems with constant modulus constellation. The proposed estimator exploits a rank reduction criterion and works in the general MIMO scenarios where no space-time block coding is assumed. As compared to several existing competitors, the proposed estimator does not suffer from performance error floor as signal-to-noise (SNR) increases, and thus it can behave better under the moderate and high SNR region. The Cramer- Rao bound of CFO estimation for MIMO-OFDM with constant modulus constellation is derived and the numeral results are provided to corroborate the proposed studies.
Keywords: Cost function; Estimation; Frequency division multiplexing; OFDM; Receiving antennas; Signal to noise ratio; Transmitting antennas; Carrier frequency offset (CFO); constant modulus constellations; multi-input multi-output (MIMO); orthogonal frequency division multiplexing (OFDM) (ID#: 16-10328)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7274772&isnumber=4356907

T. Chanyour, R. Saadane, and M. Belkasmi, “Secure Sparse Network Coding for Reliable Routing in Large Scale DTMN,” RFID And Adaptive Wireless Sensor Networks (RAWSN), 2015 Third International Workshop on, Agadir, 2015, pp. 57-62. doi:10.1109/RAWSN.2015.7173280
Abstract: Security issue occupies an important part in all communication system and especially for new generation networks. Among these networks, we find Delay Tolerant Mobile Networks (DTMNs) which are a class of useful but challenging networks. Combining Network Coding (NC) and clustering for routing in such networks gives more efficiency and copes with routing reliability problem among large scale networks. Our work’s concern is to build a secure network coding scheme in the presence of eavesdroppers in large-scale DTMNs. Therefore, we used a cluster based routing protocol dedicated to DTMN specificities. In addition, we used Sparse Random Linear Network Coding (SRLNC) to feat low computational capabilities requirement in such networks. Furthermore, we addressed the packets retransmission decision problem for SRLNC with a fair trade-off throughput/overhead. The results are very encouraging and the proposed routing scheme has the advantage to be reliable as well as secure for large scale DTMN.
Keywords: delay tolerant networks; mobile communication; network coding; routing protocols; telecommunication network reliability; cluster based routing protocol; delay tolerant mobile networks; large scale DTMN; reliable routing; routing reliability problem; secure network coding scheme; secure sparse network coding; sparse random linear network coding; Decoding; Delays; Encoding; Logic gates; Network coding; Reliability; Routing; DTMN; clustering; large scale DTMN; routing; secure network coding; sparse random linear network coding (ID#: 16-10329)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7173280&isnumber=7173261

Xuan Guang, Jiyong Lu, and Fang-Wei Fu, “Variable-Security-Level Secure Network Coding,” Information Theory Workshop – Fall (ITW), 2015 IEEE, Jeju, 2015, pp. 34-38. doi:10.1109/ITWF.2015.7360729
Abstract: In network coding theory, when wiretapping attacks occur, secure network coding is introduced to prevent information from being leaked to adversaries. In practical network communications, secure constraints vary with time. How to effectively deal with information transmission and information security simultaneously under different security-levels is introduced in this paper as variable-security-level secure network coding problem. In order to solve this problem efficiently, we propose the concept of local-kernel-preserving variable-security-level secure linear network codes, which have the same local encoding kernel at each internal node. We further present an approach to construct such a family of SLNCs and give an algorithm for efficient implementation. This approach saves the storage space at both source node and internal nodes, and resources and time on networks. Subsequently, an example is given to illustrate our constructive algorithm. Finally, the performance of the proposed algorithm is analyzed, including the field size, computational and storage complexities.
Keywords: cryptography; network coding; information security; information transmission; internal node; internal nodes; linear network codes; local kernel preserving variable security; network coding theory; secure constraints; source node; storage space; variable security level secure network coding; wiretapping attacks; Complexity theory; Conferences; Encoding; Information rates; Kernel; Network coding (ID#: 16-10330)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7360729&isnumber=7360717

Xinran Li, Fang-Wei Fu, Xiufeng Zhao, and Guangxia Wang, “Two Improved Homomorphic MAC Schemes in Network Coding,” Fuzzy Systems and Knowledge Discovery (FSKD), 2015 12th International Conference on, Zhangjiajie, 2015, pp. 2214-2219. doi:10.1109/FSKD.2015.7382296
Abstract: Network coding provides the advantage of maximizing the usage of network resources, but the natural properties of network coding also make the pollution attack more threatening. Much work on resisting pollution attacks is through homomorphic MACs. But majority have same security parameter 1/q. In this paper, we present two ways to construct homomorphic MAC which improve the performance of previous schemes. The security parameters of our MACs are 1/ql1 and 1/ql2, respectively. Besides the higher security, our MAC schemes have lower computational complexity.
Keywords: access protocols; computational complexity; network coding; computational complexity; homomorphic MAC schemes; network resources; Computational complexity; Electronics packaging; Encoding; Games; Network coding; Pollution; Security; Homomorphic MACs; attack game; pollution attacks (ID#: 16-10331)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7382296&isnumber=7381900

V. Forutan and R. F. H. Fischer, “Security-Enhanced Network Coding Through Public-Key Cryptography,” Communications and Network Security (CNS), 2015 IEEE Conference on, Florence, 2015, pp. 717-718. doi:10.1109/CNS.2015.7346901
Abstract: Information-theoretic security through linear network coding (LNC) is achievable only when a limited number of network links with linearly-independent global coding vectors are attacked, while security is not guaranteed otherwise. We incorporate LNC-based security and asymmetric-key cryptography to provide data protection in more realistic cases where the wiretapper attacks an arbitrary number of links. Therefore, LNC-based security protects network irrespective of the computing power of the adversary when the number of attacked links falls below a certain amount r, whereas computational security enters into the scene to protect data against computationally-bounded attackers capable of tapping any number of links.
Keywords: network coding; public key cryptography; telecommunication security; LNC-based security; asymmetric-key cryptography; computational security; information-theoretic security; linear network coding; linearly-independent global coding vector; public-key cryptography; security-enhanced network coding; wiretapper attack; Data protection; Encoding; Encryption; Network coding; Public key (ID#: 16-10332)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346901&isnumber=7346791

S. Pfennig, E. Franz, J. Richter, C. Scheunert, and E. A. Jorswieck, “Confidential Network Coding: Physical Layer vs. Network Layer,” Ubiquitous Wireless Broadband (ICUWB), 2015 IEEE International Conference on, Montreal, QC, 2015, pp. 1-5. doi:10.1109/ICUWB.2015.7324428
Abstract: In all kind of information exchange, security is essential. One protection goal that has to be enforced is confidentiality. In state-of-the-art protocols, messages are encrypted before they are transmitted to ensure their confidentiality. However, incorporating novel technologies like network coding allows for more efficient solutions. Within this article, we compare different solutions for confidential communication by means of network coding at physical layer and at network layer. We discuss security, efficiency, and computational complexity of these approaches. The results allow to draw conclusions about the choice of a suited communication scheme depending on the system model and the relevant parameters.
Keywords: computer network security; network coding; computational complexity; confidential communication; confidential network coding; network layer; physical layer; Computational modeling; Cryptography; Lattices; Network coding; Physical layer; Relays (ID#: 16-10333)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7324428&isnumber=7324387

J. Rodriguez Parra, T. Chan, I. Land, and Siu-Wai Ho, “Authentication for Two-Way Relay Channel with Physical-Layer Network Coding,” Information Theory Workshop - Fall (ITW), 2015 IEEE, Jeju, 2015, pp. 49-53. doi:10.1109/ITWF.2015.7360732
Abstract: Physical Layer Network coding (PLNC) can significantly improve network performance, but some security issues arise due to the limited information available to the forwarders. This paper analyses authentication in networks with PLNC and show theoretical and practical security limits. In particular, we obtain a lower bound for the probability of an attacker being able to insert a false message such that the message is believed to come from a legitimate source. We prove that an information-theoretic bound similar to the one for point-to-point communication systems can be achieved in networks employing PLNC. Necessary and sufficient conditions to achieve the bound are identified. Finally, a simple but important modification of a previous scheme is proposed to achieve the obtained bound.
Keywords: network coding; probability; relay networks (telecommunication); telecommunication security; PLNC; legitimate source; physical layer network coding; point-to-point communication systems; probability; two way relay channel authentication; Authentication; Encoding; Network coding; Receivers; Relays; Uplink; Information security; Network Coding; Relay Networks (ID#: 16-10334)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7360732&isnumber=7360717

Ta-Yuan Liu, Shih-Chun Lin, and Y. W. P. Hong, “Multicasting with Untrusted Relays: A Noncoherent Secure Network Coding Approach,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, pp. 1-6. doi:10.1109/WIFS.2015.7368574
Abstract: We consider the problem of multicasting information from a source to a destination over a multihop network of intermediate relays. However, some of the relays are untrustworthy and may be subject to eavesdropping. The source wishes to enlist their help while keeping the message secret against the eavesdropper. By employing random linear network coding at the relays, the problem is modeled as a noncoherent wiretap channel and is examined in terms of its secrecy capacity. The input distribution is optimized using an efficient projection-based gradient decent algorithm. The untrusted relay recruitment problem is also examined based on the derived secrecy capacity. An interesting scenario is analyzed where each potentially insecure relay may be randomly eavesdropped with a certain probability. Our asymptotic analysis reveals that, with enough untrusted relays, there exists a threshold on the eavesdropping probability below which all untrusted relays should be recruited.
Keywords: linear codes; multicast communication; network coding; probability; random codes; relay networks (telecommunication); telecommunication security; asymptotic analysis; eavesdropper; eavesdropping probability; intermediate relays; multicasting information; multihop network; noncoherent wiretap channel; projection-based gradient decent algorithm; random linear network coding; secrecy capacity; untrusted relay recruitment problem; untrusted relays; Encoding; Multicast communication; Network coding; Recruitment; Relays; Spread spectrum communication; Yttrium (ID#: 16-10335)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7368574&isnumber=7368550

Chia-Nan Kao et al., “A Retargetable Multiple String Matching Code Generation for Embedded Network Intrusion Detection Platforms,” Communication Software and Networks (ICCSN), 2015 IEEE International Conference on, Chengdu, 2015, pp. 93-99. doi:10.1109/ICCSN.2015.7296134
Abstract: The common means of defense for network security systems is to block the intrusions by matching the signatures. Intrusion-signature matching is the critical operation. However, small and medium-sized enterprise (SME) or Small Office Home Office (SOHO) network security systems may not have sufficient resources to maintain good matching performance with full-set rules. Code generation is a technique used to convert data structures or instruction to other forms to obtain greater benefits within execution environments. This study analyzes intrusion detection system (IDS) signatures and discovers character occurrence to be significantly uneven. Based on this property, this study designs a method to generate a string matching source code according to the state table of AC algorithm for embedded network intrusion detection platforms. The generated source code requires less memory and relies not only on table lookup, but also on the ability of processor. This method can upgrade the performance by compiling optimization and contribute to the application of network processors and DSP-like based platforms. From evaluation, this method requires use of only 20% memory and can achieve 86% performance in clean traffic compared to the original Aho-Corasick algorithm (AC).
Keywords: computer network security; digital signatures; program compilers; string matching; AC algorithm; DSP-like based platforms; character occurrence discovery; data structures; embedded network intrusion detection platforms; intrusion detection system signatures; intrusion-signature matching; network security systems; optimization compilation; processor ability; retargetable multiple string matching code generation; table lookup; Arrays; Intrusion detection; Memory management; Optimization; Switches; Table lookup; Thyristors; Code Generation; Intrusion Detection System; String Matching (ID#: 16-10336)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7296134&isnumber=7296115

M. B. Nirmala and A. S. Manjunath, “Mobile Agent Based Secure Code Update in Wireless Sensor Networks,” Information Networking (ICOIN), 2015 International Conference on, Cambodia, 2015, pp. 75-80. doi:10.1109/ICOIN.2015.7057860
Abstract: Most of the sensor nodes are battery powered and energy utilization is one of the important criteria. At the same time Securing code update is very much essential for military, health care and environmental applications. But to send the code updates in a distributed, multihop sensor networks, most of the energy will be consumed in forwarding the packets to next hop sensor nodes. In order to avoid this and save energy consumption at sensor nodes, a small number of mobile agents are used to distribute the code. Mobile agents traverse along the desired path to disseminate the code. Sensor nodes have to authenticate the mobile agent and at the same time they have to check the integrity of the packets. Mobile agents are more vulnerable for adversaries, hence measures are taken to detect the attacks and rectify them. Secure code update using mobile agents provides confidentiality and immediate authentication. This protocol is implemented on Tiny OS platform, tested using Tossim simulator and evaluated the Performance.
Keywords: mobile agents; telecommunication computing; telecommunication security; wireless sensor networks; Tiny OS platform; Tossim simulator; mobile agent based secure code update; multihop sensor networks; wireless sensor networks; Authentication; Base stations; Cryptography; Energy consumption; Mobile agents; Protocols; Wireless sensor networks; Code update; Mobile Agent; Security; TinyOS; Wireless Sensor Networks (ID#: 16-10337)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7057860&isnumber=7057846

S. Rahman Sabuj, M. Hamamura, and S. Kuwamura, “Detection of Intelligent Malicious User in Cognitive Radio Network by Using Friend or Foe (FoF) Detection Technique,” Telecommunication Networks and Applications Conference (ITNAC), 2015 International, Sydney, NSW, 2015, pp. 155-160. doi:10.1109/ATNAC.2015.7366805
Abstract: In a cognitive radio network, dynamic spectrum must be shared with an unlicensed user because of the limited bandwidth of the wireless spectrum. As a regulation of cognitive radio networks, a secondary user is allowed to utilize the unoccupied spectrum when it is not being used by the primary user. However, an intelligent malicious user can attack a cognitive radio network and block the permitted channel for the secondary user. The invasion of an intelligent malicious user is a serious problem in the deployment of such networks. In this paper, we introduce a novel scheme based on friend or foe (FoF) detection with physical-layer network coding to detect a secondary user and an intelligent malicious user. The entire cognitive radio network is protected while the secondary user and intelligent malicious user are accurately detected. The effectiveness of the proposed approach is analyzed theoretically and by MATLAB simulation. It is shown that with the FoF detection technique and the proposed algorithm, the base station can detect the secondary user and intelligent malicious user with high accuracy. Computer simulations show that the probability of detection is almost 100% and that the probability of the false alarm is almost 0% for a low Eb/N0. Consequently, the proposed technique can be applied to a cognitive radio network to protect the entire network and ensure appropriate channel utilization by the secondary user.
Keywords: cognitive radio; network coding; telecommunication security; FoF detection; Matlab simulation; cognitive radio network; detection probability; false alarm probability; friend or foe detection; intelligent malicious user detection; physical layer network coding; secondary user; Base stations; Binary phase shift keying; Cognitive radio; Electronic mail; Network coding; Cognitive radio network; Cross-correlation; Friend or foe detection; Physical-layer network coding (ID#: 16-10338)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7366805&isnumber=7366770

A. Esfahani, G. Mantas, V. Monteiro, K. Ramantasy, E. Datsikay, and J. Rodriguez, “Analysis of a Homomorphic MAC-Based Scheme Against Tag Pollution in RLNC-Enabled Wireless Networks,” Computer Aided Modelling and Design of Communication Links and Networks (CAMAD), 2015 IEEE 20th International Workshop on, Guildford, 2015, pp. 156-160. doi:10.1109/CAMAD.2015.7390500
Abstract: Network Coding-enabled wireless networks are vulnerable to data pollution attacks where adversary nodes inject into the network polluted (i.e. corrupted) packets that prevent the destination nodes from decoding correctly. Even a small proportion of pollution can quickly propagate into other packets via re-coding, occurred at the intermediate nodes, and lead to resource waste. Therefore, during the past few years, several solutions have been proposed to provide resistance against data pollution attacks. One of the most well-known solutions is Homomorphic Message Authentication Code (HMAC). However, HMAC is susceptible to a new type of pollution attacks, called tag pollution attacks, in which a malicious node randomly modifies MAC tags appended at the end of the transmitted packets. To address this issue, we have recently proposed an HMAC-based scheme making use of two types of MAC tags to provide resistance against both data pollution attacks and tag pollution attacks. In this paper, we steer our focus on improving the resistance of our proposed scheme against tag pollution attacks by decreasing the number of MACs. Finally, we analyze the impact of the total number of MACs on the bandwidth overhead of the proposed scheme.
Keywords: decoding; linear codes; message authentication; network coding; radio networks; random codes; telecommunication security; RLNC-enabled wireless network; data pollution attack; decoding; homomorphic MAC-based scheme; homomorphic message authentication code; network coding-enabled wireless network; random linear network coding; tag pollution attack; Bandwidth; Computational modeling; Computers; Conferences; Pollution; Resistance; Wireless networks; Network coding; data pollution attack; homomorphic message authentication code; tag pollution attack (ID#: 16-10339)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7390500&isnumber=7390465

K. Matsumoto, O. Takyu, T. Fujii, T. Ohtsuki, F. Sasamori, and S. Handa, “Evaluation of Information Leak by Robustness Evaluation of Countermeasure to Disguised CSI in PLNC Considering Physical Layer Security,” Radio and Wireless Symposium (RWS), 2015 IEEE, San Diego, CA, 2015, pp. 123-125. doi:10.1109/RWS.2015.7129751
Abstract: In Physical Layer Network Coding (PLNC), the two information sources access to the relay station, simultaneously and thus the transmitted signals are combined, together. Since the relay station hardly decodes each information single, the security for avoiding the information leak to the relay station is maintained. Therefore, the PLNC is attracting much attention in terms of physical layer security (PLS). However, the information source needs the transmit power control based on the channel state information (CSI). If the relay station is untrusted, it camouflages the real CSI for stealing the information. This paper considers the camouflaging of CSI is modeled as the liner programming problem in the subject to the statistic of CSI following the model of propagation. We clarify the maximal capacity of tapping by the relay station.
Keywords: network coding; power control; radiowave propagation; relay networks (telecommunication); telecommunication control; telecommunication security; CSI camouflaging; PLNC; PLS; channel state information; information leak evaluation; information source; physical layer network coding; physical layer security; propagation model; relay station; robustness evaluation; tapping maximal capacity; transmit power control; transmitted signals; Interference; Physical layer; Probability density function; Quantization (signal); Relays; Security; Transfer functions; Physical Layer Network Coding (PLNC); Physical Layer Security (PLS) (ID#: 16-10340)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7129751&isnumber=7129708

M. Alajeely, A. Ahmad, and R. Doss, “Malicious Node Traceback in Opportunistic Networks Using Merkle Trees,” 2015 IEEE International Conference on Data Science and Data Intensive Systems, Sydney, NSW, 2015, pp. 147-152. doi:10.1109/DSDIS.2015.86
Abstract: Security is a major challenge in Opportunistic Networks because of its characteristics, such as open medium, dynamic topology, no centralized management and absent clear lines of defense. A packet dropping attack is one of the major security threats in OppNets since neither source nodes nor destination nodes have the knowledge of where or when the packet will be dropped. In this paper, we present a malicious nodes detection mechanism against a special type of packet dropping attack where the malicious node drops one or more packets and then injects new fake packets instead. Our novel detection and traceback mechanism is very powerful and has very high accuracy. Each node can detect and then traceback the malicious nodes based on a solid and powerful idea that is, Merkle tree hashing technique. In our defense techniques we have two stages. The first stage is to detect the attack, and the second stage is to find the malicious nodes. We have compared our approach with the acknowledgement based mechanisms and the networks coding based mechanism which are well known approaches in the literature. Simulation results show this robust mechanism achieves a very high accuracy and detection rate.
Keywords: computer network security; cryptography; Merkle tree hashing technique; acknowledgement based mechanisms; destination nodes; malicious node traceback; malicious nodes detection mechanism; networks coding based mechanism; opportunistic networks; packet dropping attack; source nodes; Australia; Electronic mail; Information technology; Network coding; Routing; Security; Wireless communication; Denial-of-Service; Malicious Node Detection; OppNets; Opportunistic Networks; Packet Dropping Attacks; Security (ID#: 16-10341)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7396496&isnumber=7396460

M. M. Mojahedian, A. Gohari, and M. R. Aref, “Perfectly Secure Index Coding,” Information Theory (ISIT), 2015 IEEE International Symposium on, Hong Kong, 2015, pp. 1432-1436. doi:10.1109/ISIT.2015.7282692
Abstract: In this paper, we investigate the index coding problem in the presence of an eavesdropper. Messages are to be sent from one transmitter to a number of legitimate receivers who have side information about the messages, and share a set of secret keys with the transmitter. We assume perfect secrecy, meaning that the eavesdropper should not be able to retrieve any information about the message set. This problem is a generalization of the Shannon’s cipher system. We study the minimum key lengths for zero-error and perfectly secure index coding problems.
Keywords: encoding; private key cryptography; radio receivers; radio transmitters; Shannon cipher system; legitimate receivers; perfectly secure index coding; radio transmitter; secret keys; side information; Channel coding; Indexes; Network coding; Receivers; Transmitters; Index coding; Shannon cipher system; common and private keys; perfect secrecy; zero-error communication (ID#: 16-10342)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282692&isnumber=7282397

K. Jayasinghe, P. Jayasinghe, N. Rajatheva, and M. Latva-aho, “Physical Layer Security for Relay Assisted MIMO D2D Communication,” Communication Workshop (ICCW), 2015 IEEE International Conference on, London, 2015, pp. 651-656. doi:10.1109/ICCW.2015.7247255
Abstract: This paper presents a secure beamforming design to prevent eavesdropping on multiple-input multiple-output (MIMO) device-to-device (D2D) communication. The devices communicate via a trusted relay which performs physical layer network coding (PNC), and multiple eavesdroppers are trying to intercept the device information. The beamforming design is based on minimizing mean square error of the D2D communication while employing signal-to-interference-plus-noise ratio (SINR) threshold constraints to prevent possible eavesdropping. The channel state information of the device-to-eavesdropper and relay-to-eavesdropper channels is imperfect at the devices and relay. The channel estimation errors are assumed with Gaussian Markov uncertainty model. Consequently, robust optimization problems are formulated considering the multiple access and broadcasting stages of the D2D communication. These problems are non-convex, and two algorithms are proposed to solve them. In the numerical analysis, we discuss the convergence of the proposed algorithms, impact of the number of eavesdroppers on the performance, and the SINR distributions at eavesdroppers.
Keywords: Gaussian processes; MIMO communication; Markov processes; array signal processing; broadcast communication; concave programming; convergence of numerical methods; mean square error methods; network coding; relay networks (telecommunication); telecommunication security; wireless channels; Gaussian Markov uncertainty model; SINR; broadcasting stage; channel state information; device information interception; device-to-eavesdropper channels; eavesdropping prevention; mean square error minimization; multiple access stage; multiple-input multiple-output device-to-device communication; nonconvex problem; numerical analysis; physical layer network coding; physical layer security; relay assisted MIMO D2D communication; relay-to-eavesdropper channels; robust optimization problems; secure beamforming design; signal-to-interference-plus-noise ratio threshold constraints; Algorithm design and analysis; Array signal processing; Interference; Optimization; Physical layer; Relays; Signal to noise ratio (ID#: 16-10343)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7247255&isnumber=7247062

S. J. Ahmad and P. R. Krishna, “Security on MANETs Using Block Coding,” Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, Kochi, 2015, pp. 2054-2060. doi:10.1109/ICACCI.2015.7275919
Abstract: Security is a challenging task in Mobile Adhoc Networks (MANETs) due to its dynamic network topology. Since MANETs do not have any centralized coordination, the distribution of keys between two nodes becomes an issue. In this paper, we provide security on MANETs without using key distribution schemes between the nodes. Our approach uses linear block coding to generate the security code vector at source node that facilitates efficient matching of code words for identifying the malicious nodes in the network. When a source node is ready for data transmission, a security code vector is appended to the packet header. Then, the complete message block, consisting of both data bits and security block, is forwarded to the next node. The data is transmitted to the next node only if code vector bits of current node and source node matches. For this purpose, a separate block called security block is reserved in the packet header. Our approach based on linear block coding also saves the energy, because of less computational analysis when compared with the existing approaches. We validate our approach through simulations.
Keywords: block codes; linear codes; mobile ad hoc networks; telecommunication network topology; telecommunication security; MANET; data transmission; key distribution schemes; linear block coding; message block; mobile ad hoc networks; network topology; packet header; security block; security code vector; Ad hoc networks; Block codes; Mobile computing; Routing protocols; Security; Transmitters; Authentication; MANET; Security code vector; dynamic topology; malicious node (ID#: 16-10344)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7275919&isnumber=7275573

D. Ravilla and C. S. R. Putta, “Implementation of HMAC-SHA256 Algorithm for Hybrid Routing Protocols in MANETs,” Electronic Design, Computer Networks & Automated Verification (EDCAV), 2015 International Conference on, Shillong, 2015, pp. 154-159. doi:10.1109/EDCAV.2015.7060558
Abstract: The purpose of a hash function is to produce a “fingerprint” of a message or data for authentication. The strength of the Hash code against brute-force attacks depends on the length of the hash code produced by the algorithm. Constructing the Message Authentication Codes (MAC) from Cryptographic hash functions (SHA-256) gives faster execution in software than symmetric block ciphers like Data Encryption Standard (DES) and also the library code for cryptographic hash functions are widely available. Here we implemented the HMAC-SHA 256 Algorithm for the message authentication and Data Integrity. This algorithm is introduced in hybrid routing protocol for Mobile network environment and the performance of the protocol is analyzed by calculating throughput, packet delivery ration and end-to-end delays of the network The simulation is carried out using Network Simulator 2 (NS2). We observed that there is an improvement in throughput and packet delivery ratio at the cost of more processing time.
Keywords: cryptography; data integrity; message authentication; mobile ad hoc networks; routing protocols; telecommunication security; DES; HMAC-SHA256 algorithm; MAC; MANET; brute-force attacks; cryptographic hash functions; data encryption standard; data integrity; hash code length; hybrid routing protocols; message authentication codes; mobile ad hoc networks; mobile network environment; network end-to-end delays; network simulator 2; packet delivery ration; throughput calculation; Ad hoc networks; Authentication; Cryptography; Delays; Message authentication; Protocols; Cryptographic Hash function; Data Encryption Standard (DES); Data Integrity; Message Authentication Code (MAC); Network Simulator; Packet Delivery ratio (ID#: 16-10345)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7060558&isnumber=7060520

R. Grewal and K. S. Saini, “A Defense Mechanism Against Clone Wars in Hierarchical Based Wireless Sensor Networks,” Next Generation Computing Technologies (NGCT), 2015 1st International Conference on, Dehradun, 2015, pp. 166-170. doi:10.1109/NGCT.2015.7375105
Abstract: Wireless sensor networks are susceptible to clone attack due to open deployment of sensor nodes in hostile environment and lack of physical shielding. Node clone is an attempt where an adversary physically compromises a node, extract all the credentials such as keys, identity and stored codes, make hardware replicas with the captured information and introduce them at specified positions in the network. If no detection mechanism is employed then the network is vulnerable to many insidious attacks such as signal jamming, insert false information, cluster reformation and network monitoring that challenge the sensor applications. In this work we propose a mechanism based on the use of node ID and location information to detect replicated nodes by the base station in hierarchical based networks. The scheme is based on the centralized approach. The security analysis of the protocol is also presented that detects the attack in different cases.
Keywords: protocols; telecommunication security; wireless sensor networks; base station; clone attack; clone wars; cluster reformation; defense mechanism; detect replicated nodes; detection mechanism; hardware replicas; hostile environment; insert false information; insidious attacks; network monitoring; physical shielding; protocol; sensor nodes; signal jamming; wireless sensor networks; Base stations; Cloning; Cryptography; Protocols; Routing; Wireless sensor networks; WSNs; hierarchical; node clone; replication (ID#: 16-10346)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7375105&isnumber=7375067

Z. H. Awan and A. Sezgin, “Fundamental Limits of Caching in D2D Networks with Secure Delivery,” Communication Workshop (ICCW), 2015 IEEE International Conference on, London, 2015, pp. 464-469. doi:10.1109/ICCW.2015.7247223
Abstract: We study the problem of secure transmission over a caching D2D network. In this model, end users can prefetch a part of popular contents in their local cache. Users make arbitrary requests from the library of available files and interact with each other to deliver requested contents from the local cache to jointly satisfy their demands. The transmission between the users is wiretapped by an external eavesdropper from whom the communication needs to be kept secret. For this model, by exploiting the flexibility offered by the local cache storage, we establish a coding scheme that not only conforms to the demands of all users but also delivers the contents securely. In comparison to the insecure caching schemes, the coding scheme that we develop in this work illustrates that for large number of files and users, the loss incurred due to the imposed secrecy constraints is insignificant. We illustrate our result with the help of some examples.
Keywords: cache storage; computer networks; encoding; telecommunication security; arbitrary request; cache storage; caching D2D network; coding scheme; delivery security; device-to-device network; eavesdropper; wiretapping; Cache memory; Communication system security; Conferences; Encoding; Security; Servers; Upper bound (ID#: 16-10347)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7247223&isnumber=7247062

A. Yedilkhan, A. Saule, K. Aliya, Z. Saule, and K. Ainur, “Using The EZ-Cryptosystem for Data Transmission in Virtual Private Networks (VPN),” 2015 Twelve International Conference on Electronics Computer and Computation (ICECCO), Almaty, Kazakhstan, 2015, pp. 1-6. doi:10.1109/ICECCO.2015.7416910
Abstract: The aim of the article is to research the process of information security in transmission between virtual subnets which are realized on data encryption algorithms of EZ-cryptosystem and secret key that protects the information from interception. In fact, the data to be intersegmental transfer coded output from one network, and decoded at the other input network, wherein the data encryption algorithm allows secure distribution between their endpoints. All data manipulations are transparent to the user working on the network.
Keywords: Ciphers; Encryption; Finite element analysis; Local area networks; Servers; Virtual private networks; EZ-cryptosystem; VPN; decryption; encryption (ID#: 16-10348)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7416910&isnumber=7416865

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Network Intrusion Detection 2015

	Network Intrusion Detection 2015

Network intrusion detection (NID) is one of the chronic problems in cybersecurity. The growth of cellular and ad hoc networks has increased the threat, and risks and research into this area of concern reflect its importance. For the Science of Security community, NID is relevant to metrics, composability, and resilience. The articles cited here were presented in 2015.

S. Choudhury and A. Bhowal, “Comparative Analysis of Machine Learning Algorithms Along with Classifiers for Network Intrusion Detection,” Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), 2015 International Conference on, Chennai, 2015, pp. 89-95. doi:10.1109/ICSTM.2015.7225395
Abstract: Intrusion detection is one of the challenging problems encountered by the modern network security industry. A network has to be continuously monitored for detecting policy violation or suspicious traffic. So an intrusion detection system needs to be developed which can monitor network for any harmful activities and generate results to the management authority. Data mining can play a massive role in the development of a system which can detect network intrusion. Data mining is a technique through which important information can be extracted from huge data repositories. In order to spot intrusion, the traffic created in the network can be broadly categorized into following two categories- normal and anomalous. In our proposed paper, several classification techniques and machine learning algorithms have been considered to categorize the network traffic. Out of the classification techniques, we have found nine suitable classifiers like BayesNet, Logistic, IBK, J48, PART, JRip, Random Tree, Random Forest and REPTree. Out of the several machine learning algorithms, we have worked on Boosting, Bagging and Blending (Stacking) and compared their accuracies as well. The comparison of these algorithms has been performed using WEKA tool and listed below according to certain performance metrics. Simulation of these classification models has been performed using 10-fold cross validation. NSL-KDD based data set has been used for this simulation in WEKA.
Keywords: data mining; learning (artificial intelligence); pattern classification; security of data; BayesNet classifiers; IBK classifiers; J48 classifiers; JRip classifiers; NSL-KDD based data set; PART classifiers; REPTree classifiers; WEKA tool; classification techniques; data mining; data repository; logistic classifiers; machine learning algorithms; management authority; network intrusion detection; network security industry; network traffic; policy violation detection; random forest classifiers; random tree classifiers; Accuracy; Classification algorithms; Intrusion detection; Logistics; Machine learning algorithms; Prediction algorithms; Training; classification; intrusion detection; machine learning; network (ID#: 16-10512)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7225395&isnumber=7225373

T. Probst, E. Alata, M. Kaaniche, and V. Nicomette, “Automated Evaluation of Network Intrusion Detection Systems in IaaS Clouds,” Dependable Computing Conference (EDCC), 2015 Eleventh European, Paris, 2015, pp. 49-60. doi:10.1109/EDCC.2015.10
Abstract: This paper describes an approach for the automated security evaluation of operational Network Intrusion Detection Systems (NIDS) in Infrastructure as a Service (IaaS) cloud computing environments. Our objective is to provide automated and experimental methods to execute attack campaigns and analyze NIDS reactions, in order to highlight the ability of the NIDS to protect clients' virtual infrastructures and find potential weaknesses in their placement and configuration. To do so, we designed a three-phase approach. It is composed of the cloning of the target client's infrastructure to perform the subsequent audit operations on a clone, followed by the analysis of network access controls to determine the network accessibilities in the cloned infrastructure. Using evaluation traffic we modeled and generated, the last phase of the approach, presented in this paper, focuses on executing attack campaigns following an optimized algorithm. The NIDS alerts are analyzed and evaluation metrics are computed. Our approach is sustained by a prototype and experiments carried out on a VMware-based cloud platform.
Keywords: authorisation; cloud computing; virtual machines; IaaS cloud computing; VMware-based cloud platform; automated security evaluation; client virtual infrastructures; cloned infrastructure; infrastructure as a service; network access controls; network intrusion detection systems; Access control; Algorithm design and analysis; Automata; Cloning; Cloud computing; Computational modeling; NIDS; attacks; cloud; evaluation; security (ID#: 16-10513)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371954&isnumber=7371940

P. Singh and A. Tiwari, “An Efficient Approach for Intrusion Detection in Reduced Features of KDD99 Using ID3 and Classification with KNNGA,” Advances in Computing and Communication Engineering (ICACCE), 2015 Second International Conference on, Dehradun, 2015, pp. 445-452. doi:10.1109/ICACCE.2015.49
Abstract: KDDCUP 1999 Dataset widely used dataset of data mining in the field of intrusion detection by various researchers. This dataset are publicly available for the users. Intrusion detection is the key challenges for the users because the intrusion may corrupt or destroy the network services. The intrusion detection system is classified into two categories: Network based intrusion detection system and Misuse intrusion detection system. In this paper, novel method is for intrusion detection with feature reduction using partially ID3 algorithm to find higher information gain for attribute selection and KNN based GA (genetic algorithm) is applied for classification and detection of intrusions on KDD dataset. The simulation & analysis of the method is done on MATLAB2012A. The experimental scenario of proposed methodology produces better result when it compared with some existing approaches, for the measurement of the result comparing with the different performance metrics parameters such as sensitivity, specificity and accuracy.
Keywords: data mining; genetic algorithms; mathematics computing; security of data; ID3; KDD99; KNNGA; Matlab2012A; genetic algorithm; misuse intrusion detection system; Computers; Decision trees; Feature extraction; Genetic algorithms; Intrusion detection; Probes; Training; KDDCUP dataset; Misuse detection; KNN; GA (ID#: 16-10514)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7306727&isnumber=7306547

K. Elekar, M. M. Waghmare, and A. Priyadarshi, “Use of Rule Base Data Mining Algorithm for Intrusion Detection,” Pervasive Computing (ICPC), 2015 International Conference on, Pune, 2015, pp. 1-5. doi:10.1109/PERVASIVE.2015.7087051
Abstract: Due increased growth of Internet, number of network attacks has been increased. Which emphasis need for intrusion detection systems(IDS) for secureing network. In this process network traffic is analyzed and monitored for detecting security flaws. Many researchers working on number of data mining techniques for developing an intrusion detection system. For detecting the intrusion, the network traffic can be classified into normal and anomalous. In this paper we have evaluated five rule base classification algorithms namely Decision Table, JRip, OneR, PART, and ZeroR. The comparison of these rule based classification algorithms is presented in this paper based upon their performance metrics using WEKA tools and KDD-CUP dataset to find out the best suitable algorithm available. The classification performance is evaluated using crossvalidation and test dataset. Considering overall higher correct and lower false attack detection PART classifier performs better than other classifiers.
Keywords: Internet; computer network security; data mining; decision tables; knowledge based systems; pattern classification; telecommunication traffic; IDS; Internet; JRip; OneR; PART; ZeroR; decision table; higher correct attack detection; intrusion detection system; lower false attack detection; network attacks; network security; network traffic analysis; network traffic classification; performance metrics; rule base classification algorithm; rule base data mining algorithm; security flaw detection; Classification algorithms; Computers; Data mining; Decision trees; Intrusion detection; Probes; Classification; Data Mining; DecisionTable; IDS; Intrusion Detection; JRip; KDD CUP dataset; Network Security; OneR; PART; WEKA; ZeroR (ID#: 16-10515)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7087051&isnumber=7086957

YooJin Kwon, Huy Kang Kim, Yong Hun Lim, and Jong In Lim, “A Behavior-Based Intrusion Detection Technique for Smart Grid Infrastructure,” PowerTech, 2015 IEEE Eindhoven, Eindhoven, 2015, pp. 1-6. doi:10.1109/PTC.2015.7232339
Abstract: A smart grid is a fully automated electricity network, which monitors and controls all its physical environments of electricity infrastructure being able to supply energy in an efficient and reliable way. As the importance of cyber-physical system (CPS) security is growing, various intrusion detection algorithms to protect SCADA system and generation sector have been suggested, whereas there were less consideration on distribution sector. Thus, this paper first highlights the significance of CPS security, especially the availability as the most important factor in smart grid environment. Then this paper classifies various modern intrusion detection system (IDS) techniques for securing smart grid network. In our approach, we propose a novel behavior-based IDS for IEC 61850 protocol using both statistical analysis of traditional network features and specification-based metrics. Finally, we present the attack scenarios and detection methods applicable for IEC 61850-based digital substation in Korean environment.
Keywords: IEC standards; SCADA systems; power engineering computing; power system security; security of data; smart power grids; statistical analysis; substation protection; CPS security; IEC 61850 protocol; Korean environment; SCADA system protection; behavior-based IDS; behavior-based intrusion detection technique; cyber physical system security; digital substation; electricity infrastructure physical environment; fully automated electricity network reliability; smart grid infrastructure; statistical analysis; Clustering algorithms; Indexes; Inductors; Measurement; Security; Cyber-physical system; IEC 61850; anomaly detection; intrusion detection; smart grid (ID#: 16-10516)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232339&isnumber=7232233

M. Ennahbaoui, H. Idrissi, and S. El Hajji, “Secure and Flexible Grid Computing Based Intrusion Detection System Using Mobile Agents and Cryptographic Traces,” Innovations in Information Technology (IIT), 2015 11th International Conference on, Dubai, 2015, pp. 314-319. doi:10.1109/INNOVATIONS.2015.7381560
Abstract: Grid Computing is one of the new and innovative information technologies that attempt to make resources sharing global and more easier. Integrated in networked areas, the resources and services in grid are dynamic, heterogeneous and they belong to multiple spaced domains, which effectively enables a large scale collection, sharing and diffusion of data. However, grid computing stills a new paradigm that raises many security issues and conflicts in the computing infrastructures where it is integrated. In this paper, we propose an intrusion detection system (IDS) based on the autonomy, intelligence and independence of mobile agents to record the behaviors and actions on the grid resource nodes to detect malicious intruders. This is achieved through the use of cryptographic traces associated with chaining mechanism to elaborate hashed black statements of the executed agent code, which are then compared to depict intrusions. We have conducted experiments basing three metrics: network load, response time and detection ability to evaluate the effectiveness of our proposed IDS.
Keywords: cryptography; grid computing; mobile agents; IDS; chaining mechanism; cryptographic traces; data collection; data diffusion; data sharing; detection ability metric; intrusion detection system; mobile agents; network load metric; resources sharing; response time metric; security issues; Computer architecture; Cryptography; Grid computing; Intrusion detection; Mobile agents; Monitoring (ID#: 16-10517)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381560&isnumber=7381480

R. Sanches Miani, B. Bogaz Zarpelao, B. Sobesto, and M. Cukier, “A Practical Experience on Evaluating Intrusion Prevention System Event Data as Indicators of Security Issues,” Reliable Distributed Systems (SRDS), 2015 IEEE 34th Symposium on, Montreal, QC, 2015, pp. 296-305. doi:10.1109/SRDS.2015.17
Abstract: There are currently no generally accepted metrics for information security issues. One reason is the lack of validation using empirical data. In this practical experience report, we investigate whether metrics obtained from security devices used to monitor network traffic can be employed as indicators of security incidents. If so, security experts can use this information to better define priorities on security inspection and also to develop new rules for incident prevention. The metrics we investigate are derived from intrusion detection and prevention system (IDPS) alert events. We performed an empirical case study using IDPS data provided by a large organization of about 40,000 computers. The results indicate that characteristics of alerts can be used to depict trends in some security issues and consequently serve as indicators of security performance.
Keywords: computer network security; IDPS alert events; incident prevention; intrusion detection and prevention system; intrusion prevention system event data; security incident indicators; security inspection; security performance indicators; Computers; IP networks; Intrusion detection; Market research; Measurement; Organizations; empirical study; intrusion detection and prevention systems; network and security management; security incidents; security metrics (ID#: 16-10518)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371594&isnumber=7371451

D. Adenusi, B. K. Alese, B. M. Kuboye, and A. F. B. Thompson, “Development of Cyber Situation Awareness Model,” Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2015 International Conference on, London, 2015, pp. 1-11. doi:10.1109/CyberSA.2015.7166135
Abstract: This study designed and simulated cyber situation awareness model for gaining experience of cyberspace condition. This was with a view to timely detecting anomalous activities and taking proactive decision safeguard the cyberspace. The situation awareness model was modelled using Artificial Intelligence (AI) technique. The cyber situation perception sub-model of the situation awareness model was modelled using Artificial Neural Networks (ANN). The comprehension and projection submodels of the situation awareness model were modelled using Rule-Based Reasoning (RBR) techniques. The cyber situation perception sub-model was simulated in MATLAB 7.0 using standard intrusion dataset of KDD'99. The cyber situation perception sub-model was evaluated for threats detection accuracy using precision, recall and overall accuracy metrics. The simulation result obtained for the performance metrics showed that the cyber-situation sub-model of the cybersituation model better with increase in number of training data records. The cyber situation model designed was able to meet its overall goal of assisting network administrators to gain experience of cyberspace condition. The model was capable of sensing the cyberspace condition, perform analysis based on the sensed condition and predicting the near future condition of the cyberspace.
Keywords: artificial intelligence; inference mechanisms; knowledge based systems; mathematics computing; neural nets; security of data; AI technique; ANN; Matlab 7.0; RBR techniques; anomalous activities detection; artificial neural networks; cyber situation awareness model; cyberspace condition; proactive decision safeguard; rule-based reasoning; training data records; Artificial neural networks; Computational modeling; Computer security; Cyberspace; Data models; Intrusion detection; Mathematical model; Artificial Intelligence; Awareness; cyber-situation; cybersecurity; cyberspace (ID#: 16-10519)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7166135&isnumber=7166109

O. Rottenstreich and J. Tapolcai, “Lossy Compression of Packet Classifiers,” Architectures for Networking and Communications Systems (ANCS), 2015 ACM/IEEE Symposium on, Oakland, CA, 2015, pp. 39-50. doi:10.1109/ANCS.2015.7110119
Abstract: Packet classification is a building block in many network services such as routing, filtering, intrusion detection, accounting, monitoring, load-balancing and policy enforcement. Compression has gained attention recently as a way to deal with the expected increase of classifiers size. Typically, compression schemes try to reduce a classifier size while keeping it semantically-equivalent to its original form. Inspired by the advantages of popular compression schemes (e.g. JPEG and MPEG), we study in this paper the applicability of lossy compression to create packet classifiers requiring less memory than optimal semantically-equivalent representations. Our objective is to find a limited-size classifier that can correctly classify a high portion of the traffic so that it can be implemented in commodity switches with classification modules of a given size. We develop optimal dynamic programming based algorithms for several versions of the problem and describe how a small amount of traffic that cannot be classified can be easily treated, especially in software-defined networks. We generalize our solutions for a wide range of classifiers with different similarity metrics. We evaluate their performance on real classifiers and traffic traces and show that in some cases we can reduce a classifier size by orders of magnitude while still classifying almost all traffic correctly.
Keywords: data compression; pattern classification; software defined networking; lossy compression scheme; optimal dynamic programming based algorithms; packet classifiers; software-defined networks; Approximation algorithms; Approximation methods; Binary trees; Encoding; Image coding; Optimization; Transform coding (ID#: 16-10520)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7110119&isnumber=7110105

A. Springall, C. DeVito, Shou-Hsuan, and S. Huang, “Per Connection Server-Side Identification of Connections via Tor,” Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, Gwangiu, 2015, pp. 727-734. doi:10.1109/AINA.2015.260
Abstract: This paper presents two new and novel methods to separate network connections between those that have originated behind the Tor network and those that have not. Our methods identify Tor inbound connections through the use of two distinct timing signatures, delay and round-trip time, that can be used to create effective metrics. In order to evaluate our methods' ability to correctly identify Tor connections, we present the results of two small-scale experiments, one testing performance with HTTP traffic and the other testing SSH. These experiments resulted in very high accuracy rates (100% and 98.99% respectively) when partitioning network connections into Tor and non-Tor originating connections. Through the use of our techniques, we believe that inbound connections that have traversed the Tor network can be identified on a per-connection basis rather than the current per-IP basis.
Keywords: computer network security; HTTP traffic; SSH; Tor inbound connections; Tor network; computer security; connection server-side identification; intrusion detection; the onion router; Browsers; Cryptography; Delays; IP networks; Protocols; Relays; Servers; HTTP; Intrusion detection; Tor; computer security; stepping-stone (ID#: 16-10521)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098045&isnumber=7097928

A. B. Emami, S. Samet, A. Azarpira, and A. Farrokhtala, “SNACK: An Efficient Intrusion Detection System in Mobile Ad-Hoc Network Based on the Selective-Negative Acknowledgement Algorithm,” Electrical and Computer Engineering (CCECE), 2015 IEEE 28th Canadian Conference on, Halifax, NS, 2015, pp. 903-907. doi:10.1109/CCECE.2015.7129395
Abstract: The Mobile Ad-Hoc Network (MANET) consists of independent devices connected together, which can change their locations and configure themselves without being controlled by a central unit. This autonomous topology of MANET makes it vulnerable against the internal attacks, such as black hole, wormhole, and flooding, from inside the system. One existing solution to this problem has been achieved by using Negative Acknowledgement (NACK) as an Intrusion Detection System (IDS). NACK method is easy to implement and has a high level of packet delivery with lightweight security monitoring. However, although packet delivery is guaranteed in NACK, its high rate of routing overhead and high level of energy consumption become as two big weaknesses of the network, especially when it comes to increasing the mobility and the number of insider attacks. In this study the performance of NACK in this regard has been challenged and investigated in different scenarios. Then a new approach, called Selective Negative Acknowledgement (SNACK), based on NACK and Selective Acknowledgement (SACK) is proposed. It is shown that the proposed acknowledgement method outperforms NACK with much less packet overhead, by comparing the results of simulations in Network Simulator v-2.35 (NS-2).
Keywords: mobile ad hoc networks; mobility management (mobile radio); security of data; telecommunication network routing; telecommunication security; IDS; MANET; Network Simulator v-2.35; SACK; SNACK method; black hole; independent devices; intrusion detection system; lightweight security monitoring; mobile ad-hoc network; packet delivery; selective acknowledgement; selective-negative acknowledgement algorithm; wormhole; Cryptography; Mobile ad hoc networks; Monitoring; Nickel; Protocols; Routing; Internal Attacker; Intrusion Detection System; Mobile Ad-Hoc Network; Negative/Selective-Acknowledgement (ID#: 16-10522)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7129395&isnumber=7129089

N. Soms, R. Saji Priya, A. S. Banu and P. Malathi, “A Comprehensive Performance Analysis of Zone Based Intrusion Detection System in Mobile AD Hoc Networks,” Signal Processing, Communication and Networking (ICSCN), 2015 3rd International Conference on, Chennai, 2015, pp. 1-8. doi:10.1109/ICSCN.2015.7219887
Abstract: Wireless networking is currently the medium of choice for several applications. Mobile ad hoc networks (MANETs) are networks that combine wireless communication with a high degree of node mobility. Hence they are vulnerable and are subjected to new security risks. Intrusion Detection Systems (IDS) are an important area of research which acts as a second line of defense against unauthorized activities in networks. The effectiveness of IDS is measured by the response it generates specific to the type of intrusion detected. In this paper, we have proposed and simulated an enhanced detection mechanism in a Zone based Intrusion Detection System (ZBIDS). An extensive simulation is carried out to study the performance of ZBIDS under various routing attacks like blackhole, greyhole, wormhole and impersonation. The simulation results are based on the proposed architecture and shows that the enhanced ZBIDS has achieved desirable performance to meet the security requirement of MANETs.
Keywords: mobile ad hoc networks; mobility management (mobile radio); security of data; telecommunication network routing; telecommunication security; MANET; ZBIDS; blackhole; greyhole; mobile ad hoc networks; wireless communication; wireless networking; wormhole; zone based intrusion detection system; Ad hoc networks; Color; Computer architecture; Engines; Intrusion detection; Mobile computing; Routing; Zone based intrusion detection system; blackhole attack; grayhole attack; impersonation; wormhole attack (ID#: 16-10523)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7219887&isnumber=7219823

B. H. Dang and W. Li, “Impact of Baseline Profile on Intrusion Detection in Mobile Ad Hoc Networks,” SoutheastCon 2015, Fort Lauderdale, FL, 2015, pp. 1-7.  doi:10.1109/SECON.2015.7133013
Abstract: Dynamic topology and limited resources are major limitations that make intrusion detection in mobile ad hoc network (MANET) a difficult task. In recent years, several anomaly detection techniques were proposed to detect malicious nodes using static and dynamic baseline profiles, which depict normal MANET behaviors. In this research, we investigated different baseline profile methods and conducted a set of experiments to evaluate their effectiveness and efficiency for anomaly detection in MANETs using C-means clustering technique. The results indicated that a static baseline profile delivers similar results to other baseline profile methods. However, it requires the least resource usage while a dynamic baseline profile method requires the most resource usage of all the baseline models.
Keywords: mobile ad hoc networks; mobile computing; pattern clustering; security of data; MANET behaviors; c-means clustering technique; dynamic baseline profiles; intrusion detection; malicious nodes; mobile ad hoc networks; resource usage; static baseline profiles; Ad hoc networks; Adaptation models; Computational modeling; Mobile computing; Routing protocols; Mobile ad hoc networks; anomaly detection; baseline profile; clustering technique; unsupervised learning techniques (ID#: 16-10524)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7133013&isnumber=7132866

A. Amouri, L. G. Jaimes, R. Manthena, S. D. Morgera, and I. J. Vergara-Laurens, “A Simple Scheme for Pseudo Clustering Algorithm for Cross Layer Intrusion Detection in MANET,” 2015 7th IEEE Latin-American Conference on Communications (LATINCOM), Arequipa, Peru, 2015, pp. 1-6. doi:10.1109/LATINCOM.2015.7430139
Abstract: The Mobile AdHoc Network (MANET) is a type of wireless network that does not require infrastructure for its operation; therefore, MANETs lack a centralized architecture which affects the level of security inside the network and increases vulnerability. Although encryption helps to increase network security level, it is not sufficient to protect against malicious intruders. An intrusion detection scheme is proposed in this paper based on cross layer feature collection from the medium access control (MAC) and network layers. The proposed method employs an hierarchical configuration that avoids using a clustering algorithm and, instead, sequentially activates the promiscuity (ability to sniff all packets transmitted by nodes within radio range) of the node based on its location in the network. The node in this case acts as a pseudo cluster head (PCH) that collects data from its neighboring nodes in each quadrant in the field and then uses this information to calculate an anomaly index (AI) in each quadrant. The mechanism uses a C4.5 decision tree to learn the network behavior under blackhole attack and is able to recognize blackhole attacks with up to 97% accuracy. The presented approach is twofold — it is energy efficient and has a high degree of intrusion detection with low overhead.
Keywords:  (not provided) (ID#: 16-10525)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7430139&isnumber=7430110

S. Banerjee, R. Nandi, R. Dey, and H. N. Saha, “A Review on Different Intrusion Detection Systems for MANET and Its Vulnerabilities,” Computing and Communication (IEMCON), 2015 International Conference and Workshop on, Vancouver, BC, 2015, pp. 1-7. doi:10.1109/IEMCON.2015.7344466
Abstract: In recent years, Mobile Ad hoc NETwork (MANET) have become a very popular research topic. By providing communications in the absence of a fixed infrastructure MANET are an attractive technology for many applications such as resource app, military app, environmental monitoring and conferences. However, this flexibility introduces new security threats due to the vulnerable nature of MANET, there will be the necessity of protecting the data, information from the attackers as it is an infrastructure-less network. Thus, securing such demanding network is a big challenge. At this point, IDS came into existence to secure MANET in detecting at what point they are getting weak. In this review paper, we will discuss, MANET and its vulnerabilities, and how we can tackle it using different techniques of IDS (Intrusion Detection System).
Keywords: data protection; mobile ad hoc networks; security of data; IDS; data protection; fixed infrastructure MANET vulnerability; information protection; infrastructure-less network; intrusion detection system; mobile ad hoc network security; security threat; Intrusion detection; Mobile ad hoc networks; Monitoring; Protocols; Routing; Anomaly Detection; EAACK; MANET (ID#: 16-10526)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7344466&isnumber=7344420

P. Joshi, P. Nande, A. Pawar, P. Shinde, and R. Umbare, “EAACK — A Secure Intrusion Detection and Prevention System for MANETs,” Pervasive Computing (ICPC), 2015 International Conference on, Pune, 2015, pp. 1-6. doi:10.1109/PERVASIVE.2015.7087032
Abstract: Wireless networks are been used now-a-days. The most important fact about wireless network is it is mobile. It is thus used in many fields. One of the most important applications of wireless networks is Mobile Ad hoc NETwork (MANET) in which all the nodes work as both transmitter and receiver. MANETs are used in various fields like military, industry and emergency recovery. So it is important to have a firsthand knowledge about MANETs. But there is a certain drawback in MANETs, that it becomes prone to malicious attacks very fast. To avoid such attacks a good intrusion detection and prevention system is needed. In this paper, we have proposed a system which can detect as well as prevent the malicious attacks. The system is named as Enhanced Adaptive ACKnowledgment (EAACK). EAACK gives a better malicious-behavior-detection than the traditional approaches.S
Keywords: mobile ad hoc networks; security of data; telecommunication security; EAACK; MANET; enhanced adaptive acknowledgment; malicious attacks; mobile ad hoc network; prevention system; secure intrusion detection; Ad hoc networks; Mobile computing; Peer-to-peer computing; Receivers; Routing; Routing protocols; Wireless networks; Enhanced Adaptive ACKnowledgment (EAACK); Mobile Ad hoc NETwork (MANET); Packet Delivery Ratio (PDR); Received Signal Strength (RSS); Rivest Shamir Adleman (RSA) (ID#: 16-10527)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7087032&isnumber=7086957

G. Gowthaman and G. Komarasamy, “A Study on Secure Intrusion Detection System in Wireless MANETs to Increase the Performance of Eaack,” Electrical, Computer and Communication Technologies (ICECCT), 2015 IEEE International Conference on, Coimbatore, 2015, pp. 1-5. doi:10.1109/ICECCT.2015.7226169
Abstract: Mobile Ad hoc Network (MANET) has been pervasive in many applications, including some procedures such as security in critical applications has been a major threats in MANETs. This exceptional characteristic of MANETs, anticipation methodologies lonely cannot able to be secure the data. In this circumstance secure acknowledgment of each data should have a defensive force before the attackers violate the system. The mechanism of Intrusion Detection System (IDS) is normally used to protect the wireless networks for security purposes in MANETs. In case of MANETs, intrusion detection system is favored since the first day of their invention. Communication is restricted to the transmitters within a radio frequency range. Owing to the superior technology that reduces the cost of infrastructure services to gain more importance in autonomous topology of mobile nodes. A novel IDS, EAACK is mainly a secure authentication method using acknowledgment for MANETs to transmit packets in mobility nodes. In this case, out of range in mobile nodes cases security issues while transmitting data from source to destination nodes. This results that the communication of each mobility nodes takes place in radio frequency range and the out of range in communication leads the parties to relay data transmissions to reach the destination node.
Keywords: cryptography; mobile ad hoc networks; safety systems; telecommunication security; EAACK; mobile ad hoc network; mobile nodes; secure authentication method; secure intrusion detection system; wireless MANET; Access control; Ad hoc networks; Communication system security; Conferences; Cryptography; Mobile computing; Digital signature; Enhanced Adaptive Acknowledgment (EAACK); Hybrid Cryptographic Key Exchange Algorithm (ID#: 16-10528)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7226169&isnumber=7225915

T. A. Ghaleb, “Would an Intrusion Detection System Perform Alike with the Change of the Number of Mobile Nodes? An Experimental Evaluation,” Cloud Computing (ICCC), 2015 International Conference on, Riyadh, 2015, pp. 1-5. doi:10.1109/CLOUDCOMP.2015.7149666
Abstract: Intrusion Detection Systems (IDSs) have recently been introduced to protect MANETs from malicious attacks that can reduce their performance. The performance of the IDSs proposed in the literature have been evaluated under certain network conditions such as the change of mobility speed, simulation time, mobility models, etc. However, none of these IDSs have been evaluated across the variation of mobile nodes (MNs). The increase of mobility nodes may directly impact the performance of the network and, consequently, the accuracy of the IDS. When the number of mobiles nodes goes up, intruders have better opportunity to spread over the existing paths and can trick the IDS. In this paper, we evaluate the effect of the increase/decrease of mobile nodes on the performance of IDSs. The IDS chosen in this paper is the Adaptive Acknowledgment (AACK). Our experiments are accomplished in NS2 and configured in a way all parameters set to be fixed during the entire simulation, except the number of mobile nodes (cooperative and malicious), which repeatedly kept increasing. Experimental results demonstrate the cases in which the performance of AACK is either improved or degraded when the number of MNs changes.
Keywords: mobile ad hoc networks; mobile computing; security of data; AACK; IDS; MANETs; MNs; NS2; adaptive acknowledgment; intrusion detection system; malicious attacks; mobile nodes; Ad hoc networks; Delays; Mobile computing; Mobile nodes; Routing; Routing protocols (ID#: 16-10529)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7149666&isnumber=7149613

N. Kashyap, “Smart Intrusion Detection System for MANET,” Computer Engineering and Applications (ICACEA), 2015 International Conference on Advances in, Ghaziabad, 2015, pp. 252-177. doi:10.1109/ICACEA.2015.7164690
Abstract: Mobile Ad hoc networks (MANET) are infrastructure less networks which consist of self organized & self configured multihop nodes. The topology of these networks change with time. The nodes in the network not only act as routers but also as hosts. Two main issues in MANET are challenging namely, optimized routing and security. The approach followed in this paper suggests use of data mining techniques such as clustering and classification in developing intrusion detection system for MANET. We will use Zone routing protocol (ZRP) for packet flow which is hybrid in nature. Then various properties of the malicious, selfish and loyal nodes are used to identify the cluster heads. Cluster head is one of the loyal nodes which are having sufficient energy to transmit the message in the mobile Ad hoc networks and also guarantees successful transmission of data from source to destination.
Keywords: mobile ad hoc networks; routing protocols; security of data; telecommunication network topology; telecommunication security; MANET; cluster heads; data mining; packet flow; routers; smart intrusion detection system; zone routing protocol; Data mining; Intrusion detection; Knowledge based systems; Mobile ad hoc networks; Routing; Routing protocols; Classification; Clustering; Mining; Zone routing protocol (ID#: 16-10530)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7164690&isnumber=7164643

Ing-Ray Chen, R. Mitchell, and Jin-Hee Cho, “On Modeling of Adversary Behavior and Defense for Survivability of Military MANET Applications,” Military Communications Conference, MILCOM 2015 – 2015 IEEE, Tampa, FL, 2015, pp. 629-634. doi:10.1109/MILCOM.2015.7357514
Abstract: In this paper we develop a methodology and report preliminary results for modeling attack/defense behaviors for achieving high survivability of military mobile ad hoc networks (MANETs). Our methodology consists of 3 steps. The first step is to model adversary behavior of capture attackers and inside attackers which can dynamically and adaptively trigger the best attack strategies while avoiding detection and eviction. The second step is to model defense behavior of defenders utilizing intrusion detection and tolerance strategies to reactively and proactively counter dynamic adversary behavior. We leverage game theory to model attack/defense dynamics with the players being the attackers/defenders, the actions being the attack/defense strategies identified, and the payoff for each outcome being related to system survivability. The 3rd and final step is to identify and apply proper solution techniques that can effectively and efficiently analyze attack/defense dynamics as modeled by game theory for guiding the creation of effective defense strategies for assuring high survivability in military MANETs. The end product is a tool that is capable of analyzing a myriad of attacker behaviors and seeing the effectiveness of countering adaptive defense strategies which incorporate attack/defense dynamics.
Keywords: game theory; military communication; mobile ad hoc networks; security of data; capture attackers; game theory; inside attackers; intrusion detection; military MANET applications; military mobile ad hoc networks; Adaptation models; Analytical models; Game theory; Intrusion detection; Mathematical model; Mobile ad hoc networks; Vehicle dynamics; adversary modeling; defense behavior modeling; reliability; survivability (ID#: 16-10531)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7357514&isnumber=7357245

M. E. Sherine, “Effective Intrusion Detection Method for Manets Using EAACK,” Circuit, Power and Computing Technologies (ICCPCT), 2015 International Conference on, Nagercoil, 2015, pp. 1-6. doi:10.1109/ICCPCT.2015.7159354
Abstract: The movement to remote system from wired system has been a worldwide pattern in the recent decades. The versatility what's more adaptability brought by remote system made it conceivable in numerous applications. Among all the contemporary remote systems, Mobile Ad hoc Network (MANET) is a standout amongst the most imperative and special applications. On the in spite of conventional system structural engineering, MANET does not oblige an altered system base; each and every hub functions as both a transmitter and a collector. Hubs correspond specifically with one another when they are both inside the same correspondence range. Else, they depend on their neighbors to transfer messages. The planning toward oneself capacity of hubs in MANET made it prominent among basic mission applications like military utilization or crisis recuperation. On the other hand, the open medium and wide dissemination of hubs make MANET defenseless against malignant assailants. For this situation, it is essential to create proficient interruption identification instruments to ensure MANET from assaults. With the changes of the innovation furthermore cut in equipment costs, we are seeing a current pattern of growing Manets into mechanical applications. To acclimate to such pattern, we unequivocally accept that it is crucial to address its potential security issues. In this paper, we propose and actualize another interruption recognition framework named Enhanced Adaptive Acknowledgment (EAACK) uniquely intended for Manets using JAVA programming platform. Analyzed to contemporary methodologies, EAACK shows higher malevolent conduct location rates in specific circumstances while does not significantly influence the system exhibitions.
Keywords: Java; channel capacity; electronic messaging; mobile ad hoc networks; radio transmitters; telecommunication computing; telecommunication network planning; telecommunication security; EAACK; JAVA programming; MANET; collector; effective intrusion detection method; enhanced adaptive acknowledgment; hub capacity; hub functions; mechanical applications; message transfer; mobile ad hoc network; planning; potential security issue; proficient interruption identification instruments; remote system; transmitter; wired system; Computers; Intrusion detection; Mobile ad hoc networks; Mobile computing; Servers; AACK; Digital signature; Digital signature algorithm (DSA); Enhanced Adaptive Acknowledgment (EAACK); Intrusion Detection; Mobile Ad hoc Networks (MANET); TwoACK; Watchdog (ID#: 16-10532)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7159354&isnumber=7159156

S. V. Shirbhate, S. S. Sherekar, and V. M. Thakare, “A Novel Framework of Dynamic Learning Based Intrusion Detection Approach in MANET,” Computing Communication Control and Automation (ICCUBEA), 2015 International Conference on, Pune, 2015, pp. 209-213. doi:10.1109/ICCUBEA.2015.46
Abstract: With the growth of security and surveillance system, a huge amount of audit or network data is being generated. It is immense challenge for researcher to protect the mobile ad hoc network from the malicious node as topology of the network dynamically changes. A malicious node can easily inject false routes into the network. A traditional method to detect such malicious nodes is to establish a base profile of normal network behavior and then identify a node's behavior to be anomalous if it deviates from the established profile. As the topology of a MANET constantly changes over time, the simple use of a static base profile is not efficient. In this paper, a novel framework is proposed to detect the malicious node in MANET. In proposed method k-means clustering-based anomaly detection approach is used in which the profile is dynamically updated. The approach consists of three main phases: training, testing and updating. In training phase, the K-means clustering algorithm is used in order to establish a normal profile. In testing phase, check whether the current traffic of the node is normal or anomalous. If it is normal then update the normal profile otherwise isolate the malicious node and ignore that node from the network. To update the normal profile periodically, weighted coefficients and a forgetting equation is used.
Keywords: mobile ad hoc networks; telecommunication security; MANET; anomaly detection approach; dynamic learning; intrusion detection approach; k-means clustering; malicious nodes; mobile ad hoc network; network data; novel framework; security system; static base profile; surveillance system; topology node; Heuristic algorithms; Intrusion detection; Mobile ad hoc networks; Network topology; Routing; Testing; Training; Dynamic Intrusion Detection System; K-means clustering (ID#: 16-10533)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7155836&isnumber=7155781

R. Bhumkar and D. J. Pete, “Reduction of Error Rate in Sybil Attack Detection for MANET,” Intelligent Systems and Control (ISCO), 2015 IEEE 9th International Conference on, Coimbatore, 2015, pp. 1-6. doi:10.1109/ISCO.2015.7282328
Abstract: Mobile ad hoc networks (MANETs) require a unique, distinct, and persistent identity per node in order for their security protocols to be viable, Sybil attacks pose a serious threat to such networks. Fully self-organized MANETs represent complex distributed systems that may also be part of a huge complex system, such as a complex system-of-systems used for crisis management operations. Due to the complex nature of MANETs and its resource constraint nodes, there has always been a need to develop security solutions. A Sybil attacker can either create more than one identity on a single physical device in order to launch a coordinated attack on the network or can switch identities in order to weaken the detection process, thereby promoting lack of accountability in the network. In this research, we propose a scheme to detect the new identities of Sybil attackers without using centralized trusted third party or any extra hardware, such as directional antennae or a geographical positioning system. Through the help of extensive simulations, we are able to demonstrate that our proposed scheme detects Sybil identities with 95% accuracy (true positive) and about 5% error rate (false positive) even in the presence of mobility.
Keywords: emergency management; mobile ad hoc networks; protocols; telecommunication security; MANET; Sybil attack detection; complex distributed system; crisis management operation; error rate reduction; identity-based attack; mobile ad hoc network; resource constraint node; security protocol; Handheld computers; IEEE 802.11 Standard; Mobile ad hoc networks; Mobile computing; Identity-based attacks; Sybil attacks; intrusion detection; mobile ad hoc networks (ID#: 16-10534)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282328&isnumber=7282219

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Networked Control Systems 2015

	Networked Control Systems 2015

Network control systems (NCS) offer a relatively inexpensive way for communications networks to provide diagnostics, flexibility, and robustness. To the Science of Security community, NCS research is relevant to the hard problems of resiliency, composability, and predictive metrics. The research work cited here was presented in 2015.

K. Sawada, T. Sasaki, S. Shin, and S. Hosokawa, “A Fallback Control Study of Networked Control Systems for Cybersecurity,” Control Conference (ASCC), 2015 10th Asian, Kota Kinabalu, 2015, pp. 1-6. doi:10.1109/ASCC.2015.7244676
Abstract: Recent control systems of critical infrastructures are networked systems, which are exposed to the infection of the computer malwares. This paper considers a cybersecurity technology of networked control systems in terms of availability. Architecture of fallback control is proposed, which consists of the remote controller and the local controller. The former achieves the high control performance and the latter guarantees the minimum required control performance. If the malicious behavior of the remote controller is detected by the local controller, the local controller breaks the network communication between the plant and the remote controller and takes over the plant control. This framework aims to prevent the spread of the damage caused by the infection of the computer malwares. As a first step of the research, a prototype fallback control system is applied to a simple automation system simulating the defective discriminator.
Keywords: control engineering computing; critical infrastructures; invasive software; networked control systems; telecontrol; computer malware infection;  cybersecurity technology; fallback control architecture; local controller; minimum required control performance; network communication; networked control systems; prototype fallback control system; remote controller; Computer architecture; Computer security; Control systems; Logic gates; Observers; Sorting; Availability; Cybersecurity; Fallback control; Networked control system (ID#: 16-10369)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7244676&isnumber=7244373

A. Cioraca, I. Voloh, and M. Adamiak, “What Protection Engineers Need to Know About Networking,” Protective Relay Engineers, 2015 68th Annual Conference for, College Station, TX, 2015, pp. 597-607. doi:10.1109/CPRE.2015.7102197
Abstract: The communications infrastructure of the electric grid has been evolving rapidly in the last decades due to the need for transporting ever more sophisticated information, both data and control. More recently Ethernet based networks have been added into the picture, as modern relays need to communicate with control and dispatch centers and centralized management systems over local and wide area networks. Notably, the need to support IEC 61850 standards encouraged relay vendors into speeding up the development of Ethernet as a preferred method of communication. The benefits of Ethernet networking are huge. Flexibility and easy deployment are only two of them. However Ethernet networking comes with features that protection engineers need to be aware of, if they wish to take full advantage of its capabilities. It also comes with new challenges that protection engineers need to be aware of. Network latency and availability must be carefully considered for. Cybersecurity must be planned, the risk of cyberattacks evaluated and protection measures implemented. This paper explores the network architecture of the modern protection and control (P&C) systems including protective relays themselves. It discusses aspects such as the use and benefits of routing, the need and solutions for maximum availability and real time response, as well as security measures that can be taken to reduce the risk of cyberattacks inherent when connecting over Ethernet. The paper also highlights some of the best practices when using Ethernet networking in the grid, providing examples drawn from the protective relaying and cybersecurity practice. It offers simple solutions to typical security challenges possibly encountered during the commissioning phase and in the daily operations of relay devices.
Keywords: local area networks; power engineering computing; power grids; power system security; relay protection; Ethernet networking; commissioning phase; cyber attacks; cybersecurity practice; network architecture; network routing; power grid; protection and control systems; protection engineer; protective relays; IP networks; Network topology; Protocols; Redundancy; Relays; Routing; Switches; AAA = Authentication, Authorization, Accounting; GOOSE = Generic Object Oriented Substation Events; HSR = High-availability Seamless Redundancy; IEC = International Electrotechnical Commission; IP = Internet Protocol; IT = Information Technology; LDAP = Lightweight Directory Access Protocol; P&C = Protection and Control; PDC = Phasor Data Concentrator; PMU = Phasor Measurement Unit; PRP = Parallel Redundancy Protocol; RADIUS = Remote Authentication Dial In User Service; RBAC = Role Based Access Control; SEM = Security Event Management; TCP/IP = Transmission Control Protocol/Internet Protocol (ID#: 16-10370)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7102197&isnumber=7102153

E. Pricop and S. F. Mihalache, “Fuzzy Approach on Modelling Cyber Attacks Patterns on Data Transfer in Industrial Control Systems,” Electronics, Computers and Artificial Intelligence (ECAI), 2015 7th International Conference on, Bucharest, 2015, pp. SSS-23-SSS-28. doi:10.1109/ECAI.2015.7301200
Abstract: Cybersecurity of industrial control system is a very complex and challenging research topic, due to the integration of these systems in national critical infrastructures. The control systems are now interconnected in industrial networks and frequently to the Internet. In this context they are becoming targets of various cyber attacks conducted by malicious people such as hackers, script kiddies, industrial spies and even foreign armies and intelligence agencies. In this paper the authors propose a way to model the most frequent attacker profiles and to estimate the success rate of an attack conducted in given conditions. The authors use a fuzzy approach for generating attacker profiles based on attacker attributes such as knowledge, technical resources and motivation. The attack success rate is obtained by using another fuzzy inference system that analyzes the attacker profile and system intrinsic characteristics.
Keywords: electronic data interchange; fuzzy reasoning; industrial control; security of data; Internet; attack success rate; cyber attack; data transfer; fuzzy inference system; industrial control systems; industrial networks; national critical infrastructures; Computer hacking; Control systems; Fuzzy logic; Industrial control; Mathematical model; Shape; Terrorism; attack success rate; attacker profile; cyberattack modeling; fuzzy system (ID#: 16-10371)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301200&isnumber=7301133

J. Spring, S. Kern, and A. Summers, “Global Adversarial Capability Modeling,” Electronic Crime Research (eCrime), 2015 APWG Symposium on, Barcelona, 2015, pp. 1-21. doi:10.1109/ECRIME.2015.7120797
Abstract: Intro: Computer network defense has models for attacks and incidents comprised of multiple attacks after the fact. However, we lack an evidence-based model the likelihood and intensity of attacks and incidents. Purpose: We propose a model of global capability advancement, the adversarial capability chain (ACC), to fit this need. The model enables cyber risk analysis to better understand the costs for an adversary to attack a system, which directly influences the cost to defend it. Method: The model is based on four historical studies of adversarial capabilities: capability to exploit Windows XP, to exploit the Android API, to exploit Apache, and to administer compromised industrial control systems. Result: We propose the ACC with five phases: Discovery, Validation, Escalation, Democratization, and Ubiquity. We use the four case studies as examples as to how the ACC can be applied and used to predict attack likelihood and intensity.
Keywords: Android (operating system); application program interfaces; computer network security; risk analysis; ACC; Android API; Apache; Windows XP; adversarial capability chain; attack likelihood prediction; compromised industrial control systems; computer network defense; cyber risk analysis; evidence-based model; global adversarial capability modeling; Analytical models; Androids; Biological system modeling; Computational modeling; Humanoid robots; Integrated circuit modeling; Software systems; CND; cybersecurity; incident response; intelligence; intrusion detection; modeling; security (ID#: 16-10372)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120797&isnumber=7120794

V. Neumann, C. Lyra Gomes, C. Unsihuay-Vila, K. V. Fonseca, and P. Rodrigues Torres, “Parameterization of IPSec Framework for Security in the Smart Grid Interoperability,” Innovative Smart Grid Technologies Latin America (ISGT LATAM), 2015 IEEE PES, Montevideo, 2015, pp. 780-785. doi:10.1109/ISGT-LA.2015.7381254
Abstract: The infrastructure of the Smart Grid communication will require the use of security protocols based on standards of the state-of-the-art. This work proposes a method of parameterization of the IPsec protocol framework, aimed at security of data interoperability in Smart Grid, according to the requirement levels for the security services: Integrity, Confidentiality and Availability, recommended by the SGIRM (Smart Grid Interoperability Reference Model [1]). The methodology can be used for VPN IPsec Site-to-Site implementations between any pair of the seven domains of the SGIRM: Generation, Transmission, Distribution, Service Providers, Markets, Control / Operations and Customers. The methodology proposed for the VPN Ipsec implementation was applied as step-by-step tasks and implemented in a test bed network. Each test was repeated twenty times aimed at data analysis and statistical evaluation of the results. The field tests allowed us to measure jitter (latency variation) and data flow throughput resulting from the parameterization of IPsec to compare the results with the limits set out in SGIRM, aiming to validate the methodology.
Keywords: power system security; protocols; security of data; smart power grids; IPsec protocol framework; data analysis; data flow throughput; security of data interoperability; security protocols; smart grid communication; smart grid interoperability; Encryption; Logic gates; Network topology; Protocols; Smart grids; Virtual private networks; Confidentiality; Cybersecurity; IPsec protocol; Integrity; Latency; Programming CLI (Command Line Interface); SGIRM; Security Services; Smart Grid; Throughput (ID#: 16-10373)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381254&isnumber=7381114

P. Jafary, S. Repo, M. Salmenpera, and H. Koivisto, “OPC UA Security for Protecting Substation and Control Center Data Communication in the Distribution Domain of the Smart Grid,” Industrial Informatics (INDIN), 2015 IEEE 13th International Conference on, Cambridge, 2015, pp. 645-651. doi:10.1109/INDIN.2015.7281811
Abstract: The distribution domain of the smart grid incorporates advantages of the newest substation automation standards in order to enhance distribution network automation. State-of-the-art distribution automation solutions use the public Internet for exchanging data between substation and control center. This presents challenges for cybersecurity, particularly for critical data determining distribution network operation. Therefore, Internet communication between substation and control center should be carried out via a secure communication protocol. OPC Unified Architecture (UA) is an interoperable communication standard supports Internet protocols from one hand and obtains benefits from mature built-in security mechanisms from other hand. This paper describes a solution for secure data transmission between modern substation and control center over the Internet. In this approach, circuit breaker position data is chosen as the data example that is defined in respect to the IEC 61850 data model and securely transmitted to OPC UA client application at remote control center by employing the OPC UA security architecture functions.
Keywords: IEC standards; Internet; circuit breakers; power distribution protection; power engineering computing; power system security; security of data; smart power grids; substation automation; substation protection; telecontrol; IEC 61850 data model; Internet communication; Internet protocol; OPC UA security; OPC unified architecture; circuit breaker position data; control center data communication; cybersecurity; distribution network automation enhancement; interoperable communication standard; remote control center; secure communication protocol; secure data transmission; smart grid distribution domain; substation automation standard; substation protection; IEC Standards; Internet; Logic gates; Protocols; Security; Substation automation; IEC 61850; OPC UA security model; distribution automation; smart grid; substation automation (ID#: 16-10374)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7281811&isnumber=7281697

A. Patrascu and V. V. Patriciu, “Cyber Protection of Critical Infrastructures Using Supervised Learning,” Control Systems and Computer Science (CSCS), 2015 20th International Conference on, Bucharest, 2015, pp. 461-468. doi:10.1109/CSCS.2015.34
Abstract: Interconnected computing units are used more and more in our daily lives, starting from the transportation systems and ending with gas and electricity distribution, together with tenths or hundreds of systems and sensors, called critical infrastructures. In this context, cyber protection is vital because they represent one of the most important parts of a country's economy thus making them very attractive to cyber criminals or malware attacks. Even though the detection technologies for new threats have improved over time, modern malware still manage to pass even the most secure and well organized computer networks, firewalls and intrusion detection equipments, making all systems vulnerable. This is the main reason that automatic learning is used more often than any other detection algorithms as it can learn from existing attacks and prevent newer ones. In this paper we discuss the issues threatening critical infrastructures systems and propose a framework based on machine learning algorithms and game theory decision models that can be used to protect such systems. We present the results taken after implementing it using three distinct classifiers - k nearest neighbors, decision trees and support vector machines.
Keywords: decision trees; game theory; learning (artificial intelligence); pattern classification; security of data; support vector machines; computer networks; critical infrastructure; cyber criminals; cyber protection; firewalls; game theory decision models; interconnected computing units; intrusion detection equipments; k nearest neighbors; machine learning algorithms; malware attacks; supervised learning; support vector machines; Biological system modeling; Game theory; Security; Sensors; Support vector machines; Testing; Training; critical infrastructure protection; cybersecurity framework; game theory decision engine; machine learning (ID#: 16-10375)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7168469&isnumber=7168393

H. Gao, Y. Peng, K. Jia, Z. Wen, and H. Li, “Cyber-Physical Systems Testbed Based on Cloud Computing and Software Defined Network,” 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), Adelaide, Australia, 2015, pp. 337-340. doi:10.1109/IIH-MSP.2015.50
Abstract: More standardized, networked and intelligentized nature of industry 4.0 has intensified critical infrastructures cyberthreats. According to cyber-physical systems (CPS) layered architecture and security requirements in industry 4.0, a cyber-physical systems testbed based on cloud computing and software defined network (SDN), or CPSTCS is proposed. The CPSTCS uses a network testbed based on cloud computing and SDN to recreate the cyber elements of cyber-physical systems and real-world physical devices for the physical components. The CPSTCS helps assess cyberthreats against the cyber and physical dimensions of critical infrastructures.
Keywords: Cloud computing; Control systems; Cyber-physical systems; Industries; Production; Protocols; Security; Cloud Computing; Critical infrastructures; Cyber-physical systems; Industry 4.0;Testbed (ID#: 16-10376)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7415825&isnumber=7415733

K. G. Lyn, L. W. Lerner, C. J. McCarty, and C. D. Patterson, “The Trustworthy Autonomic Interface Guardian Architecture for Cyber-Physical Systems,” Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, Liverpool, 2015, pp. 1803-1810. doi:10.1109/CIT/IUCC/DASC/PICOM.2015.263 
Abstract: The growing connectivity of cyber-physical systems (CPSes) has led to an increased concern over the ability of cyber-attacks to inflict physical damage. Current cyber-security measures focus on preventing attacks from penetrating control supervisory networks. These reactive techniques, however, are often plagued with vulnerabilities and zero-day exploits. Embedded processors in CPS field devices often possess little security of their own, and are easily exploited once the network is penetrated. We identify four possible outcomes of a cyber-attack on a CPS embedded processor. We then discuss five trust requirements that a device must satisfy to guarantee correct behavior through the device's lifecycle. Next, we examine the Trustworthy Autonomic Interface Guardian Architecture (TAIGA) which monitors communication between the embedded controller and physical process. This autonomic architecture provides the physical process with a last line of defense against cyber-attacks. TAIGA switches process control to a trusted backup controller if an attack causes a system specification violation. We conclude with experimental results of an implementation of TAIGA on a hazardous cargo-carrying robot.
Keywords: cyber-physical systems; trusted computing; CPS embedded processor; TAIGA; cyber-attacks; cyber-security measures; embedded controller; physical process; reactive techniques; trusted backup controller; trustworthy autonomic interface guardian architecture; Control systems; Process control; Program processors; Sensors; Trojan horses; Cyber-physical systems; autonomic control; embedded device security; resilience; trust (ID#: 16-10377)  
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7363316&isnumber=7362962

E. Penera and D. Chasaki, “Packet Scheduling Attacks on Shipboard Networked Control Systems,” Resilience Week (RWS), 2015, Philadelphia, PA, 2015, pp. 1-6. doi:10.1109/RWEEK.2015.7287421
Abstract: Shipboard networked control systems are based on a distributed control system architecture that provides remote and local control monitoring. In order to allow the network to scale a hierarchical communication network is composed of high speed Ethernet based network switches. Ethernet is the prevalent medium to transfer control data, such as control signals, alarm signal, and sensor measurements on the network. However, communication capabilities bring new security vulnerabilities and make communication links a potential target for various kinds of cyber/physical attacks. The goal of this work is to implement and demonstrate a network layer attack against networked control systems, by tampering with temporal characteristics of the network, leading to time varying delays and packet scheduling abnormalities.
Keywords: computer network security; delay systems; local area networks; networked control systems; scheduling; ships; telecommunication control; time-varying systems; alarm signal; communication capability; communication link; control data; control signal; cyber attack; distributed control system architecture; hierarchical communication network; high speed Ethernet based network switch; network layer attack; packet scheduling abnormality; packet scheduling attack; physical attack; remote and local control monitoring; security vulnerability; sensor measurement; shipboard networked control system; temporal characteristics; time varying delay; Delays; IP networks; Network topology; Networked control systems; Security; Topology (ID#: 16-10378)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7287421&isnumber=7287407

Z. Xu and Q. Zhu, “A Cyber-Physical Game Framework for Secure and Resilient Multi-Agent Autonomous Systems,” Decision and Control (CDC), 2015 IEEE 54th Annual Conference on, Osaka, Japan, 2015, pp. 5156-5161. doi:10.1109/CDC.2015.7403026
Abstract: The increasing integration of autonomous systems with publicly available networks exposes them to cyber attackers. An adversary can launch a man-in-the-middle attack to gain control of the system and inflict maximum damages with collision and suicidal attacks. To address this issue, this work establishes an integrative game and control framework to incorporate security into the automatic designs, and take into account the cyber-physical nature and the real-time requirements of the system. We establish a cyber-physical signaling game to develop an impact-aware cyber defense mechanism and leverage model-predictive control methods to design cyber-aware control strategies. The integrative framework enables the co-design of cyber-physical systems to minimize the inflicted systems, leading to online updating the cyber defense and physical layer control decisions. We use unmanned aerial vehicles (UAVs) to illustrate the algorithm, and corroborate the analytical results in two case studies.
Keywords: Control systems; Games; Physical layer; Predictive control; Real-time systems; Receivers; Security (ID#: 16-10379)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7403026&isnumber=7402066

Xingyu Shi, Yong Li, Yijia Cao, Yi Tan, Zhisheng Xu, and Min Wen, “Model Predictive Control Considering Cyber-Physical System to Dampen Low Frequency Oscillation of Interconnected Power Systems,” Power and Energy Engineering Conference (APPEEC), 2015 IEEE PES Asia-Pacific, Brisbane, QLD, 2015, pp. 1-5. doi:10.1109/APPEEC.2015.7380996
Abstract: With the infusion of information communication technology (ICT) and power infrastructures, the power systems is becoming a large and complex cyber physical system (CPS). In the CPS, a crucial problem for the evaluation of control systems to face disturbances/faults is transmission time delay in the communication network. In this paper, a hybrid simulation model is established to simulate the operation of CPS, and the time delay is considered in the design process of model predictive control (MPC) based low-frequency oscillation (LFO) damping controller. In the proposed model, the IEEE benchmark two areas interconnected power system with a flexible ac transmission system (FACTS) device is established in the MATLAB/Simulink environment, and the information systems with advanced cyber control center is established in the Microsoft Visual Studio environment. The utility communication network of 3G and fiber optic access is adopted to transmit operation and control data between the aforementioned environments, and the communication time delay is considered sufficiently. In this way, a CPS closed- loop control is formed. Finally, a case study is used to validate the established hybrid simulation model as well as the performance of cyber control center.
Keywords: 3G mobile communication; cyber-physical systems; flexible AC transmission systems; information technology; power system interconnection; power system reliability; power system security; power system stability; power transmission control; power transmission faults; predictive control; 3G; CPS; FACTS device; ICT; LFO; MATLAB/Simulink environment; MPC; Microsoft Visual Studio environment; closed- loop control; cyber control center; cyber-physical system; fiber optic access; flexible ac transmission system; information communication technology; interconnected power systems; low frequency oscillation model predictive control; power infrastructures; transmission time delay; Benchmark testing; Communication networks; Computers; Delay effects; Mathematical model; Power system stability (ID#: 16-10380)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7380996&isnumber=7380859

K. Pochiraju and S. Narain, “Cyber Physical System Integration and Configuration Guided by Satisfiability Modulo Theories,” Information Reuse and Integration (IRI), 2015 IEEE International Conference on, San Francisco, CA, 2015, pp. 589-592. doi:10.1109/IRI.2015.93
Abstract: Cyber Physical Systems (CPS) are increasingly required to address sophisticated and complex set of stakeholder, security, regulatory policy and physical requirements. CPS employ numerous and interacting software, hardware, control and communication sub-systems that collectively address the system requirements. This paper describes a methodology that applies Satisfiability (SAT) or Satisfiability Modulo Theory (SMT) solvers to guide system architects during the integration, diagnosis, reconfiguration and/or redesign of sub-systems. The system integration problem is posed as search for a feasible configuration in a constraint-based representation. Physical, software and control behaviors of the system and the governing physical laws are translated into a network of interconnected parametric models and as algebraic and symbolic constraints. The methodology entails solving the complete set of constraints for feasible configurations. In the absence of feasible configurations, either the conflicting requirements are renegotiated or a maximally satisfiable subset of constraints is found, that then drives a redesign of sub-systems.
Keywords: algebra; computability; constraint handling; security of data; systems analysis; CPS; SAT; SMT; algebraic constraints; constraint-based representation; cyber physical system configuration; cyber physical system integration; interconnected parametric models; physical requirements; regulatory policy; satisfiability modulo theories; security; stakeholder; symbolic constraints; Batteries; Hardware; Modeling; Rotors; Software; Stakeholders; System integration; Configuration; Constraint-based Representation; Redesign; Satisfiability Solvers; System Requirements (ID#: 16-10381)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301031&isnumber=7300933

S. M. Djouadi, A. M. Melin, E. M. Ferragut, J. A. Laska, Jin Dong, and A. Drira, “Finite Energy and Bounded Actuator Attacks on Cyber-Physical Systems,” Control Conference (ECC), 2015 European, Linz, 2015, pp. 3659-3664. doi:10.1109/ECC.2015.7331099
Abstract: As control system networks are being connected to enterprise level networks for remote monitoring, operation, and system-wide performance optimization, these same connections are providing vulnerabilities that can be exploited by malicious actors for attack, financial gain, and theft of intellectual property. Much effort in cyber-physical system (CPS) protection has focused on protecting the borders of the system through traditional information security techniques. Less effort has been applied to the protection of cyber-physical systems from intelligent attacks launched after an attacker has defeated the information security protections to gain access to the control system. In this paper, attacks on actuator signals are analyzed from a system theoretic context. The threat surface is classified into finite energy and bounded attacks. These two broad classes encompass a large range of potential attacks. The effect of theses attacks on a linear quadratic (LQ) control are analyzed, and the optimal actuator attacks for both finite and infinite horizon LQ control are derived, therefore the worst case attack signals are obtained. The closed-loop system under the optimal attack signals is given and a numerical example illustrating the effect of an optimal bounded attack is provided.
Keywords: actuators; closed loop systems; infinite horizon; linear quadratic control; networked control systems; security of data; signal processing; CPS protection; actuator signals; bounded actuator attacks; closed-loop system; control system networks; cyber-physical system protection; enterprise level networks; finite energy actuator attacks; infinite horizon LQ control; information security protections; information security techniques; intelligent attacks; linear quadratic control; optimal actuator attacks; optimal attack signals; remote monitoring; system theoretic context; system-wide performance optimization; Actuators; Closed loop systems; Computer science; Cyber-physical systems; Information security; Sensors (ID#: 16-10382)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7331099&isnumber=7330515

J. O. Malchow, D. Marzin, J. Klick, R. Kovacs, and V. Roth, “PLC Guard: A Practical Defense Against Attacks on Cyber-Physical Systems,” Communications and Network Security (CNS), 2015 IEEE Conference on, Florence, 2015, pp. 326-334. doi:10.1109/CNS.2015.7346843
Abstract: Modern societies critically depend on cyberphysical systems that control most production processes and utility distribution networks. Unfortunately, many of these systems are vulnerable to attacks, particularly advanced ones. While researchers are investigating sophisticated techniques in order to counter these risks, there is a need for solutions that are practical and readily deployable. In this paper, we adapt the classic ACCAT Guard concept to the protection of programmable logic controllers (PLCs), which are an essential ingredient of existing cyber-physical systems. A PLC Guard intercepts traffic between a, potentially compromised, engineering workstation and a PLC. Whenever code is transferred to a PLC, the guard intercepts the transfer and gives the engineer an opportunity to compare that code with a previous version. The guard supports the comparison through various levels of graphical abstraction and summarization. By operating a simple and familiar interface, engineers can approve or reject the transfer using a trusted device that is significantly harder to subvert by attackers. We developed a PLC Guard prototype in order to reify our ideas on how it should be designed. In this paper, we describe the guard's design and its implementation. In order to arrive at realistic PLC code examples, we implemented a miniature packaging plant as well as attacks on it.
Keywords: cyber-physical systems; engineering workstations; programmable controllers; security of data; trusted computing; PLC Guard intercept traffic; PLC Guard prototype; classic ACCAT Guard; cyber-physical system; engineering workstation; graphical abstraction; graphical summarization; miniature packaging plant; programmable logic controller protection; trusted device; utility distribution network; Conferences; Malware; Production; Software; Visualization; Workstations (ID#: 16-10383)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346843&isnumber=7346791

G. Mois, S. Folea, T. Sanislav, and L. Miclea, “Communication in Cyber-Physical Systems,” System Theory, Control and Computing (ICSTCC), 2015 19th International Conference on, Cheile Gradistei, 2015, pp. 303-307. doi:10.1109/ICSTCC.2015.7321310
Abstract: This paper discusses the aspects concerning the communication between the components of cyber-physical systems (CPSs). The characteristics and the requirements concerning the transfer of information within CPSs and the related open issues are presented. In this context, a CPS solution for environmental monitoring (temperature and relative humidity), based on the IEEE 802.11 b/g standards, was developed and is presented as a case study. This consists in the use of Wi-Fi sensors that have the ability of connecting to an existent Wireless LAN and of a server that provides access to data which can be recorded at any place where IEEE 802.11 b/g network coverage exists, from any device connected to the Internet.
Keywords: wireless LAN; CPS; IEEE 802.11 b/g standards; Internet; Wi-Fi sensors; Wireless LAN; cyber-physical system communication; environmental monitoring; network coverage; relative humidity; temperature humidity; Communication system security; IEEE 802.11 Standard; Protocols; Sensors; Wireless communication; Wireless sensor networks; Cyber-Physical Systems; IEEE 802.11 Standards; Sensor systems; Wireless communication (ID#: 16-10384)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7321310&isnumber=7321255

M. Elattar and J. Jasperneite, “Using LTE as an Access Network for Internet-Based Cyber-Physical Systems,” Factory Communication Systems (WFCS), 2015 IEEE World Conference on, Palma de Mallorca, 2015, pp. 1-7. doi:10.1109/WFCS.2015.7160560
Abstract: Cyber-physical systems (CPSs) represent a new generation of control systems where distributed local control systems are connected not only physically, but also computationally by means of communication networks. CPSs target introducing intelligence beside traditional monitoring and control functionalities in a way that optimize the performance of the overall system. However, the realization of many CPS applications requires reliable communication systems that provide quality of service (QoS) control. In this domain, Long Term Evolution (LTE) standard offers a comprehensive QoS frame work. Nevertheless, commercial implementations of the standard provide only best effort type of service. In this paper, we demonstrated the benefits of using LTE networks with QoS support for CPSs by comparing the performance of a CPS application over LTE network with and without QoS support. The results clearly indicate the benefit to enable the QoS features in commercial implementations of LTE in order to realize reliable CPS applications.
Keywords: Internet; Long Term Evolution; computer network security; control engineering computing; distributed control; quality of service; CPS applications; Internet-based cyber physical system; LTE communication system reliability; QoS; access network; distributed local control system; quality of service control; Delay effects; Delays; IP networks; Phasor measurement units; Quality of service (ID#: 16-10385)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7160560&isnumber=7160536

S. Z. Yong, M. Zhu, and E. Frazzoli, “Resilient State Estimation Against Switching Attacks on Stochastic Cyber-Physical Systems,” Decision and Control (CDC), 2015 IEEE 54th Annual Conference on, Osaka, Japan, 2015, pp. 5162-5169. doi:10.1109/CDC.2015.7403027
Abstract: In this paper, we address the resilient state estimation problem for some relatively unexplored security issues for cyber-physical systems, namely switching attacks and the presence of stochastic process and measurement noise signals, in addition to attacks on actuator and sensor signals. We model the systems under attack as hidden mode stochastic switched linear systems with unknown inputs and propose the use of the multiple model inference algorithm developed in [1] to tackle these issues. We also furnish the algorithm with the lacking asymptotic analysis. Moreover, we characterize fundamental limitations to resilient estimation (e.g., upper bound on the number of tolerable attacks) and discuss the issue of attack detection under this framework. Simulation examples of switching attacks on benchmark and power systems show the efficacy of our approach to recover unbiased state estimates.
Keywords: Actuators; Circuit breakers; Inference algorithms; Network topology; State estimation; Stochastic processes; Switches (ID#: 16-10386)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7403027&isnumber=7402066

G. Lontorfos, K. D. Fairbanks, L. Watkins, and W. H. Robinson, “Remotely Inferring Device Manipulation of Industrial Control Systems via Network Behavior,” Local Computer Networks Conference Workshops (LCN Workshops), 2015 IEEE 40th, Clearwater Beach, FL, 2015, pp. 603-610. doi:10.1109/LCNW.2015.7365904
Abstract: This paper presents preliminary findings on a novel method to remotely fingerprint a network of Cyber Physical Systems and demonstrates the ability to remotely infer the functionality of an Industrial Control System device. A monitoring node measures the target device's response to network requests and statistically analyzes the collected data to build and classify a profile of the device's functionality via machine learning. As ICSs are used to control critical infrastructure processes such as power generation and distribution, it is vital to develop methods to detect tampering. A system employing our measurement technique could discover if an insider has made unauthorized changes to a device's logic. Our architecture also has advantages because the monitoring node is separate from the measured device. Our results indicate the ability to accurately infer (i.e., using a tunable threshold value) discrete ranges of task cycle periods (i.e., CPU loads) that could correspond to different functions.
Keywords: learning (artificial intelligence); process control; production engineering computing; statistical analysis; ICSs; critical infrastructure process control; cyber physical systems; industrial control system device; industrial control systems; machine learning; measurement technique; monitoring node; network behavior; power distribution; power generation; profile classification; remote network fingerprinting; remotely inferring device manipulation; statistical analysis; tampering detection; Central Processing Unit; Delays; Feature extraction; Fingerprint recognition; Monitoring; Telecommunication traffic; Time factors; cyber-physical systems; device fingerprinting machine learning; network traffic analysis; processor workload; security; tampering (ID#: 16-10387)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7365904&isnumber=7365758

Tuan Phan Vuong, G. Loukas, D. Gan, and A. Bezemskij, “Decision Tree-Based Detection of Denial of Service and Command Injection Attacks on Robotic Vehicles,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, pp. 1-6. doi:10.1109/WIFS.2015.7368559
Abstract: Mobile cyber-physical systems, such as automobiles, drones and robotic vehicles, are gradually becoming attractive targets for cyber attacks. This is a challenge because intrusion detection systems built for conventional computer systems tend to be unsuitable. They can be too demanding for resource-restricted cyber-physical systems or too inaccurate due to the lack of real-world data on actual attack behaviours. Here, we focus on the security of a small remote-controlled robotic vehicle. Having observed that certain types of cyber attacks against it exhibit physical impact, we have developed an intrusion detection system that takes into account not only cyber input features, such as network traffic and disk data, but also physical input features, such as speed, physical jittering and power consumption. As the system is resource-restricted, we have opted for a decision tree-based approach for generating simple detection rules, which we evaluate against denial of service and command injection attacks. We observe that the addition of physical input features can markedly reduce the false positive rate and increase the overall accuracy of the detection.
Keywords: control engineering computing; cyber-physical systems; decision trees; mobile robots; security of data; telerobotics; vehicles; attack behaviours; automobiles; command injection attacks; computer systems; cyber attacks; decision tree-based detection; denial of service attacks; detection rules; disk data; drones; false positive rate; intrusion detection systems; mobile cyber-physical systems; network traffic; physical input features; physical jittering; power consumption; security; small remote-controlled robotic vehicle; Computer crime; Decision trees; Feature extraction; Intrusion detection; Robot kinematics; Vehicles; Command injection; Cyber-physical attack; Cyber-physical systems; Decision tree; Denial of service (DoS); Intrusion detection; Mobile robots; Network security (ID#: 16-10388)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7368559&isnumber=7368550

E. E. Miciolino, G. Bernieri, F. Pascucci, and R. Setola, “Communications Network Analysis in a SCADA System Testbed Under Cyber-Attacks,” Telecommunications Forum Telfor (TELFOR), 2015 23rd, Belgrade, 2015, pp. 341-344. doi:10.1109/TELFOR.2015.7377479
Abstract: Cyber-Physical Systems become more and more complex due to the technological evolution of components and interconnections. The network assessment of these systems becomes complicated due to the significant consequences of possible incidents, as Critical Infrastructure represent remarkable systems. Thus, despite the large literature on cyber-attacks, few works address the network unavailability in industrial control systems. In this paper, the results of several cyber-attacks against a Cyber-Physical testbed, in terms of communications, are investigated.
Keywords: SCADA systems; critical infrastructures; cyber-physical systems; industrial control; security of data; SCADA system testbed; communications network analysis; critical infrastructure; cyber-attack; cyber-physical system; cyber-physical testbed; industrial control system; network assessment; network unavailability; technological evolution; Monitoring; Protocols; Security; Sensors; Standards; Valves; Automation Protocols; Critical Infrastructures; Cyber-Attacks; Cyber-Physical Systems; Industrial Communications; Man-In-The-Middle; Testbed (ID#: 16-10389)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7377479&isnumber=7377376

Chao Yang, Xiaoqiang Ren, Wen Yang, Hongbo Shi, and Ling Shi, “Jamming Attack in Centralized State Estimation,” Control Conference (CCC), 2015 34th Chinese, Hangzhou, 2015, pp. 6530-6535. doi:10.1109/ChiCC.2015.7260666
Abstract: To understand the behavior of potential network invaders, this paper considers a system attack problem from the perspective of an invader. The invader intends to attack a system, where a group of sensors measure a process state and send the measurements to a remote estimator for state estimation, by launching Denial-of-Service (DoS) attacks to block the communication channels. As the invader has a power budget and cannot block all the channels, he needs to decide which sensors to attack so that the estimation performance can be mostly affected, which is studied in this paper. In the scenario where the sensing abilities of the sensors have a full order, an explicit solution is provided. When the order does not exist, the problem is transformed into a convex optimization problem and is solved using efficient numerical algorithms.
Keywords: computer network security; convex programming; estimation theory; jamming; numerical analysis; Denial-of-Service; DoS attacks; centralized state estimation; communication channels; convex optimization problem; jamming attack; numerical algorithms; potential network invaders; power budget; process state; remote estimator; state estimation; Channel estimation; Estimation; Jamming; Sensor systems; Time measurement; Tin; Networked control systems; convex optimization; jamming attack; security in cyber-physical systems (ID#: 16-10390)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7260666&isnumber=7259602

Song Tan, Wen-Zhan Song, S. Yothment, Junjie Yang, and Lang Tong, “ScorePlus: An Integrated Scalable Cyber-Physical Experiment Environment for Smart Grid,” Sensing, Communication, and Networking (SECON), 2015 12th Annual IEEE International Conference on, Seattle, WA, 2015, pp. 381-389. doi:10.1109/SAHCN.2015.7338338
Abstract: Smart Grid is a complex cyber-physical system that modernizes the traditional electric power infrastructure by sensing, control, computation and communication. Validating the functionality, security and reliability of Smart Grid applications within such a system requires the modeling and emulation of both power networks and communication networks, as well as the interactions between them. In this paper, we present the design, implementation and evaluation of an integrated scalable cyber-physical experiment environment for Smart Grid, called ScorePlus. Compared with previous related works, ScorePlus fills the gap by: 1) Creating and integrating both software emulator and hardware testbed, such that they all follow the same architecture and interface, and the same Smart Grid application program can be tested on either of them without any modification; 2) Providing remote access to the hardware testbed such that users can configure physical devices of the hardware testbed through Internet; 3) Supporting scalable distributed experiments such that multiple software emulators and hardware testbeds running at different locations are able to connect and form a larger Smart Grid system.
Keywords: power engineering computing; smart power grids; Internet; ScorePlus; electric power infrastructure; hardware testbed; integrated scalable cyber-physical experiment environment; smart grid; software emulator; Analytical models; Emulation; Hardware; Linux; Mathematical model; Smart grids; Software; Cyber-Physical System; Smart Grid; Testbed (ID#: 16-10391)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7338338&isnumber=7338280

YooJin Kwon, Huy Kang Kim, Yong Hun Lim, and Jong In Lim, “A Behavior-Based Intrusion Detection Technique for Smart Grid Infrastructure,” PowerTech, 2015 IEEE Eindhoven, Eindhoven, 2015, pp. 1-6. doi:10.1109/PTC.2015.7232339
Abstract: A smart grid is a fully automated electricity network, which monitors and controls all its physical environments of electricity infrastructure being able to supply energy in an efficient and reliable way. As the importance of cyber-physical system (CPS) security is growing, various intrusion detection algorithms to protect SCADA system and generation sector have been suggested, whereas there were less consideration on distribution sector. Thus, this paper first highlights the significance of CPS security, especially the availability as the most important factor in smart grid environment. Then this paper classifies various modern intrusion detection system (IDS) techniques for securing smart grid network. In our approach, we propose a novel behavior-based IDS for IEC 61850 protocol using both statistical analysis of traditional network features and specification-based metrics. Finally, we present the attack scenarios and detection methods applicable for IEC 61850-based digital substation in Korean environment.
Keywords: IEC standards; SCADA systems; power engineering computing; power system security; security of data; smart power grids; statistical analysis; substation protection; CPS security; IEC 61850 protocol; Korean environment; SCADA system protection; behavior-based IDS; behavior-based intrusion detection technique; cyber physical system security; digital substation; electricity infrastructure physical environment; fully automated electricity network reliability; smart grid infrastructure; Clustering algorithms; Indexes; Inductors; Measurement; Security; Cyber-physical system; IEC 61850; anomaly detection; intrusion detection; smart grid (ID#: 16-10392)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232339&isnumber=7232233

P. Lee, A. Clark, B. Alomair, L. Bushnell, and R. Poovendran, “Jamming-Based Adversarial Control of Network Flow Allocation: A Passivity Approach,” American Control Conference (ACC), 2015, Chicago, IL, 2015, pp. 4710-4716. doi:10.1109/ACC.2015.7172071
Abstract: Wireless cyber-physical systems are vulnerable to jamming attacks, in which an adversary broadcasts an interfering signal in the vicinity of a receiver, causing packet decoding errors and reducing the throughput of the communication. Reduced throughput and increased delay could violate the real-time constraints of cyber-physical systems. In a flow redirection attack, an adversary jams a set of network links in order to cause network sources to divert traffic to links that are controlled by the adversary, enabling higher-layer attacks. In this paper, we introduce a passivity approach for modeling the flow redirection attack. Using our approach, we identify a class of dynamic jamming strategies for flow redirection, in which the adversary updates the probability of jamming based on the rate of flow traversing the link. We provide sufficient conditions for feasibility of the jamming strategies for energy-constrained adversaries, and develop an efficient algorithm for deriving an optimal jamming strategy for a given network and desired flow allocation. Our results are illustrated via a numerical study.
Keywords: decoding; jamming; radio networks; radio receivers; telecommunication security; adversary jams; communication throughput reduction; dynamic jamming strategies; energy-constrained adversaries; flow redirection attack modeling; higher-layer attacks; interfering signal; jamming attacks; jamming-based adversarial control; network flow allocation; optimal jamming strategy; packet decoding errors; passivity approach; receiver; wireless cyber-physical systems; Convergence; Cyber-physical systems; Delays; Dynamic scheduling; Jamming; Resource management; Throughput (ID#: 16-10393)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7172071&isnumber=7170700

D. Senejohnny, P. Tesi, and C. De Persis, “Self-Triggered Coordination over a Shared Network Under Denial-of-Service,” Decision and Control (CDC), 2015 IEEE 54th Annual Conference on, Osaka, Japan, 2015, pp. 3469-3474. doi:10.1109/CDC.2015.7402756
Abstract: The issue of security has become ever more prevalent in the analysis and design of cyber-physical systems. In this paper, we analyze a consensus network in the presence of Denial-of-Service (DoS) attacks, namely attacks that prevent communication among the network agents. By introducing a notion of Persistency-of-Communication (PoC), we provide a characterization of DoS frequency and duration such that consensus is not destroyed. An example is given to substantiate the analysis.
Keywords: Clocks; Computer crime; Cyber-physical systems; Jamming; Time-frequency analysis; Topology (ID#: 16-10394)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7402756&isnumber=7402066

R. K. Abercrombie and F. T. Sheldon, “Security Analysis of Smart Grid Cyber Physical Infrastructures Using Game Theoretic Simulation,” Computational Intelligence, 2015 IEEE Symposium Series on, Cape Town, 2015, pp. 455-462. doi:10.1109/SSCI.2015.74
Abstract: Cyber physical computing infrastructures typically consist of a number of interconnected sites including both cyber and physical components. In this analysis we studied the various types and frequency of attacks that may be levied on smart grid cyber physical systems. Our information security analysis utilized a dynamic Agent Based Game Theoretic (ABGT) simulation. Such simulations can be verified using a closed form game theory analytic approach to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. We concentrated our study on the electric sector failure scenarios from the NESCOR Working Group Study. We extracted four generic failure scenarios and grouped them into three specific threat categories (confidentiality, integrity, and availability) to the system. These specific failure scenarios serve as a demonstration of our simulation. The analysis using our ABGT simulation demonstrates how to model the electric sector functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the cyber physical infrastructure network with respect to CIA.
Keywords: cyber-physical systems; game theory; power engineering computing; power system security; security of data; smart power grids; ABGT simulation; agent based game theoretic simulation; closed form game theory analytic approach; electric sector failure; electric sector functional domain; information assets; information security analysis; rationalized game theoretic rules; security analysis; smart grid cyber physical computing infrastructures; Analytical models; Computer security; Control systems; Games; Government; Smart grids (ID#: 16-10395)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7376647&isnumber=7376572

P. Singh, S. Garg, V. Kumar, and Z. Saquib, “A Testbed for SCADA Cyber Security and Intrusion Detection,” Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, Shanghai, 2015, pp. 1-6. doi:10.1109/SSIC.2015.7245683
Abstract: Power grid is an important element of the cyber physical systems. Attacks on such infrastructure may have catastrophic impact and hence the mitigation solutions for the attacks are necessary. It is impractical to test attacks and mitigation strategies on real networks. A testbed as a platform bridges the cyber-physical divide by bringing in the physical system inside the cyber domain, and test the attack scenarios. We are proposing such a testbed here that can simulate power systems Supervisory Control and Data Acquisition (SCADA). The testbed consists of traffic generator, simulated devices like Remote Terminal Units (RTUs), Master Terminal Unit (MTU), Human Machine Interface (HMI) etc. and the communication channel wrapped around industrial communication protocols such as IEC-60870-5-101 and DNP3. The proposed testbed includes with a comparator module which helps in detecting potential intrusions at RTU. A compromised RTU can be manipulated to send fabricated commands in the grid or to send polled responses from the grid. Detecting compromised systems at early stages helps in reducing damage to Industrial Control System (ICS) and providing higher security measures.
Keywords: SCADA systems; human computer interaction; power grids; security of data; HMI; ICS; MTU; RTU; SCADA; SCADA cyber security; cyber physical systems; cyber-physical divide; human machine interface; industrial control system; intrusion detection; master terminal unit; power grid; remote terminal units; supervisory control and data acquisition; Computer security; Generators; Process control; Protocols; Industrial Control Systems; Intrusion Detection; Power System Simulation; SCADA Security; Test-bed (ID#: 16-10396)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245683&isnumber=7245317

J. Smith, B. Krikeles, D. K. Wittenberg, and M. Taveniku, “Applied Vulnerability Detection System,” Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, Waltham, MA, 2015, pp. 1-6. doi:10.1109/THS.2015.7225296
Abstract: In [1], we presented a Vulnerability Detection System (VDS) that can detect emergent vulnerabilities in complex Cyber Physical Systems (CPS). It used the attacker's point of view by collecting a target system's vulnerability information from varied sources, and populating a Attack Point (AP) database. From these APs, a Hierarchical Task Network generated the set of composite device-level attack scenarios. The VDS used Alloy [2] to reduce the cardinality of the generated space by evaluating the feasibility of each attack. This paper specializes prior research by submitting the generated prioritized list to an automotive-specific Attack Evaluation Process (AAEP). With a combination of simulation and vehicle instrumented real-time execution, the AAEP confirms each candidate attack. The AAEPs output is used as feedback to refine the Alloy model. VDS is designed to support short product release cycles. The AAEP separates domain-specific from domain-independent aspects so the VDS can be rapidly retargeted.
Keywords: automobiles; control engineering computing; security of data; AAEP; AP; Alloy model; CPS; VDS; applied vulnerability detection system; attack point database; automotive-specific attack evaluation process; complex cyber physical systems; composite device-level attack scenarios; domain-independent aspects; domain-specific aspects; emergent vulnerabilities; hierarchical task network; short product release cycles; vulnerability information; Automotive engineering; Irrigation; Semantics (ID#: 16-10397)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7225296&isnumber=7190491

I. Kiss, B. Genge, P. Haller, and G. Sebestyen, “A Framework for Testing Stealthy Attacks in Energy Grids,” Intelligent Computer Communication and Processing (ICCP), 2015 IEEE International Conference on, Cluj-Napoca, 2015, pp. 553-560. doi:10.1109/ICCP.2015.7312718
Abstract: The progressive integration of traditional Information and Communication Technologies (ICT) hardware and software into the supervisory control of modern Power Grids (PG) has given birth to a unique technological ecosystem. Modern ICT handles a wide variety of advantageous services in PG, but in turn exposes PG to significant cyber threats. To ensure security, PG use various anomaly detection modules to detect the malicious effects of cyber attacks. In many reported cases the newly appeared targeted cyber-physical attacks can remain stealthy even in presence of anomaly detection systems. In this paper we present a framework for elaborating stealthy attacks against the critical infrastructure of power grids. Using the proposed framework, experts can verify the effectiveness of the applied anomaly detection systems (ADS) either in real or simulated environments. The novelty of the technique relies in the fact that the developed “smart” power grid cyber attack (SPGCA) first reveals the devices which can be compromised causing only a limited effect observed by ADS and PG operators. Compromising low impact devices first conducts the PG to a more sensitive and near unstable state, which leads to high damages when the attacker at last compromises high impact devices, e.g. breaking high demand power lines to cause blackout. The presented technique should be used to strengthen the deployment of ADS and to define various security zones to defend PG against such intelligent cyber attacks. Experimental results based on the IEEE 14-bus electricity grid model demonstrate the effectiveness of the framework.
Keywords: computer network security; power engineering computing; power system control; power system reliability; power system simulation; smart power grids; ADS; ICT hardware; IEEE 14-bus electricity grid model; PG operators; SPGCA; anomaly detection modules; anomaly detection systems; cyber threats; cyber-physical attacks; energy grids; information and communication technologies; intelligent cyber attacks; power grids; power lines; smart power grid cyber attack; stealthy attacks; supervisory control; Actuators; Phasor measurement units; Power grids; Process control; Sensors; Voltage measurement; Yttrium; Anomaly Detection; Control Variable; Cyber Attack; Impact Assessment; Observed Variable; Power Grid (ID#: 16-10398)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7312718&isnumber=7312586

BooJoong Kang et al., “Investigating Cyber-Physical Attacks Against IEC 61850 Photovoltaic Inverter Installations,” Emerging Technologies & Factory Automation (ETFA), 2015 IEEE 20th Conference on, Luxembourg, 2015, pp. 1-8. doi:10.1109/ETFA.2015.7301457
Abstract: Cyber-attacks against Smart Grids have been found in the real world. Malware such as Havex and BlackEnergy have been found targeting industrial control systems (ICS) and researchers have shown that cyber-attacks can exploit vulnerabilities in widely used Smart Grid communication standards. This paper addresses a deep investigation of attacks against the manufacturing message specification of IEC 61850, which is expected to become one of the most widely used communication services in Smart Grids. We investigate how an attacker can build a custom tool to execute man-in-the-middle attacks, manipulate data, and affect the physical system. Attack capabilities are demonstrated based on NESCOR scenarios to make it possible to thoroughly test these scenarios in a real system. The goal is to help understand the potential for such attacks, and to aid the development and testing of cyber security solutions. An attack use-case is presented that focuses on the standard for power utility automation, IEC 61850 in the context of inverter-based distributed energy resource devices; especially photovoltaics (PV) generators.
Keywords: distributed power generation; invasive software; invertors; photovoltaic power systems; power system control; power system security; BlackEnergy; Havex; ICS; IEC 61850 photovoltaic inverter installations; NESCOR; cyber physical attacks; cyber security; industrial control systems; inverter based distributed energy resource devices; malware; man-in-the-middle attacks; photovoltaic generators; power utility automation; smart grid communication standards; Density estimation robust algorithm; IEC Standards; IP networks; Inverters; Object oriented modeling; Protocols; IEC 61850; Smart Grid security; man-in-the-middle attack; photovoltaics (ID#: 16-10399)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301457&isnumber=7301399

D. Gantsou, “On the Use of Security Analytics for Attack Detection in Vehicular Ad Hoc Networks,” Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, Shanghai, 2015, pp. 1-6. doi:10.1109/SSIC.2015.7245674
Abstract: A vehicular ad hoc network (VANET) is a special kind of mobile ad hoc network built on top of the IEEE802.11p standard for a better adaptability to the wireless mobile environment. As it is used for both supporting vehicle-to-vehicle (V2V) as well as vehicle-to-infrastructure (V2I) communications, and connecting vehicles to external resources including cloud services, Internet, and user devices while improving the road traffic conditions, VANET is a Key component of intelligent transportation systems (ITS). As such, VANET can be exposed to cyber attacks related to the wireless environment, and those of traditional information technologies systems it is connected to. However, when looking at solutions that have been proposed to address VANET security issues, it emerges that guaranteeing security in VANET essentially amounts to resorting to cryptographic-centric mechanisms. Although the use of public key Infrastructure (PKI) fulfills most VANET' security requirements related to physical properties of the wireless transmissions, simply relying on cryptography does not secure a network. This is the case for vulnerabilities at layers above the MAC layer. Because of their capability to bypass security policy control, they can still expose VANET, and thus, the ITS to cyber attacks. Thereby, one needs security solutions that go beyond cryptographic mechanisms in order cover multiple threat vectors faced by VANET. In this paper focusing on attack detection, we show how using an implementation combining observation of events and incidents from multiple sources at different layers Sybil nodes can be detected regardless of the VANET architecture.
Keywords: intelligent transportation systems; telecommunication security; vehicular ad hoc networks; IEEE802.11p standard; VANET; attack detection; cryptographic-centric mechanisms; cyber attacks; intelligent transportation systems; mobile ad hoc network; security analytics; vehicular ad hoc networks; wireless mobile environment; Communication system security; Cryptography; IP networks; Vehicles; Vehicular ad hoc networks; Intelligent Transportation Systems (ITS); Vehicular ad hoc network (VANET) security; attack detection (ID#: 16-10400)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245674&isnumber=7245317

R. Czechowski, “Cyber-Physical Security for Low-Voltage Smart Grids HAN Security within Smart Grids,” Electric Power Engineering (EPE), 2015 16th International Scientific Conference on, Kouty nad Desnou, 2015, pp. 77-82. doi:10.1109/EPE.2015.7161077
Abstract: Smart Grid is both a concept and a way to mitigate infrastructural Deficiencies and counteract the effects of the growing demand for electrical energy. One of the ways ensuring an increase in power grid's management efficiency is utilization of the latest communication solutions that use of IT technologies. These technologies will help customers and prosumers in the future, in a more efficient management of electricity and the use compatible devices with smart grid technology with the ability to control these devices from a public network (often wireless), users of these devices can meet the same threats as in a typical IT network.
Keywords: power meters; power system management; power system security; smart meters; smart power grids; HAN security; IT technology; cyber-physical security; electrical energy; electricity management; low-voltage smart grids; power grid management efficiency; smart grid technology; Home automation; IP networks; Modems; Object recognition; Protocols; Security; Smart grids; digital security; home area network; security policy; smart metering; smart power grid (ID#: 16-10401)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7161077&isnumber=7161042
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Peer to Peer 2015

	Peer to Peer 2015

In a peer-to-peer (P2P) network, tasks such as searching for files or streaming audio or video are shared among multiple interconnected nodes—peers who share resources with other network participants without the need for centralized coordination by servers. Peer-to-peer systems pose considerable challenges for computer security. Like other forms of software, P2P applications can contain vulnerabilities, but what makes security particularly dangerous for P2P software is that peer-to-peer applications act as servers as well as clients, making them more vulnerable to remote exploits. For the Science of Security community, the issues relate to the hard problems of human behavior, metrics, composability, and resiliency. The work cited here was presented in 2015.

A. Reiter, “Enabling Secure Communication over Existing Peer-to-Peer Frameworks,” Parallel, Distributed and Network-Based Processing (PDP), 2015 23rd Euromicro International Conference on, Turku, 2015, pp. 575-582. doi:10.1109/PDP.2015.10
Abstract: Peer-to-peer technologies are, due to their distributed nature and the absence of a single point of failure, most promising in the field of providing privacy and security if appropriate mechanisms are in place. Currently security and privacy in peer-to-peer networks is tightly bound to specific frameworks. In this paper a flexible and modular approach for existing peer-to-peer frameworks to enable a secure communication using well-established and proven protocols and algorithms called SP2P is proposed. An interoperability layer is introduced where existing peer-to-peer frameworks, transport security protocols, different types of identities and appropriate identity authentication services can be plugged in seamlessly. The identity authentication service is designed to be compatible with existing quality level assurance frameworks which can be chosen depending on the deployment environment and requirements. Further the different components of end-to-end security protocols and their impact on the overall security and privacy level is analysed. This enables developers to use proven and well established security mechanisms without diving in the very specifics of different peer-to-peer framework specifications.
Keywords: computer network security; peer-to-peer computing; protocols; data privacy; enabling secure communication; end-to-end security protocols; existing peer-to-peer frameworks; identity authentication services; peer-to-peer frameworks; peer-to-peer technologies; transport security protocols; Authentication; Encryption; Interoperability; Peer-to-peer computing; Privacy; Protocols; End to end security; Identity authentication; Identity provisioning; Peer to peer networks; Secure communication; Transport security (ID#: 16-10631)  
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7092777&isnumber=7092002

Q. Han, H. Wen, G. Feng, L. Wang, and F. Pan, “Secure Interdependent Networks for Peer-to-Peer and Online Social Network,” 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, CA, 2015, pp. 1-6. doi:10.1109/GLOCOM.2015.7417048
Abstract: Peer-to-peer (P2P) systems and online social network (OSN) both have achieved tremendous success. Recent studies suggest that the cooperation of P2P and OSN can achieve better efficiency and security. Unfortunately, novel security problems are emerging as the mutual cooperation and dependence contributes to forming the interdependent networks which are more vulnerable for malicious attack as well as rumor propagation. In this paper, we examined the security environment for P2P and OSN, respectively, and analyzed the security problem derived from the cooperation and interdependence of two networks. The spreader-ignorant-recaller-stifler (SICR) is leveraged to model the rumor spreading in the interdependent networks. In order to enhance the security, we proposed two security schemes named authentication intervening and splitting target and their performance summaries indicate to be effective, simple, and potentially transformative way to guarantee the security for interdependent networks of P2P and OSN.
Keywords: peer-to-peer computing; social networking (online); telecommunication security; OSN; P2P; authentication; online social network; peer-to-peer; secure interdependent networks; security problems; splitting target; spreader-ignorant-recaller-stifler; Complex networks; Peer-to-peer computing; Privacy; Security; Social network services; Topology (ID#: 16-10632)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7417048&isnumber=7416057

N. Hwang and S. Lee, “Privacy Preserving Intersection of Neighbor Sets Exploiting Cross Checking Capability in a Peer to Peer Social Network Service,” 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, CA, 2015, pp. 1-6. doi:10.1109/GLOCOM.2015.7416985
Abstract: Due to the privacy concerns on the data generated by the users, Peer to Peer Social Network Services are getting popular these days because the data is kept in a distributed manner. In some cases, the list of neighbors of a node should be kept private, too. However, for some applications, we may need to compute the list of common neighbors between two nodes without revealing the whole list of neighbors. In this paper, we propose a Bloom filter based approach to compute the intersection of neighbors between two nodes in SNSes. We exploit the cross-checking property enabled by the neighbor relationships to simplify the computation while getting more accurate results. Our proposed method can get a near perfect intersection with mostly zero or one false common neighbors. Furthermore, the Bloom filter can successfully hide the neighbor information from attackers. We show the performance through numerical analysis and extensive simulations.
Keywords: computer network security; data privacy; data structures; peer-to-peer computing; set theory; social networking (online); Bloom filter based approach; SNS; cross checking capability; neighbor intersection computation; neighbor sets; numerical analysis; peer-to-peer social network services; privacy preserving intersection; Data privacy; Distributed databases; Encryption; Numerical analysis; Peer-to-peer computing; Privacy; Social network services (ID#: 16-10633)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7416985&isnumber=7416057

G. Nguyen, S. Roos, T. Strufe, and M. Fischer, “RBCS: A Resilient Backbone Construction Scheme for Hybrid Peer-to-Peer Streaming,” Local Computer Networks (LCN), 2015 IEEE 40th Conference on, Clearwater Beach, FL, 2015, pp. 261-269. doi:10.1109/LCN.2015.7366319
Abstract: Hybrid Peer-to-Peer streaming systems combine the advantages of an efficient push-based with a more resilient pull-based system to deliver video streams over the Internet. In this manner, hybrid systems offer low latency and an increased robustness to failures and node churn. However, current hybrid systems is vulnerable to misbehaving nodes and deliberate attacks. By taking central positions in the overlay, malicious nodes can perform extremely harmful Denial-of-Service (DoS) attacks. We propose RBCS, a novel backbone construction scheme, that is highly resilient against DoS attacks while maintaining fast content dissemination. RBCS incorporates stable peers into a manipulation-resistant multi-tree backbone overlay, which is resilient against both attacks and node churn. Additionally, RBCS securely identifies stable peers by using only local knowledge about the participation time of others. Extensive simulations indicate that RBCS outperforms the state-of-the-art in being more resilient against attacks at the price of a slightly increased overhead.
Keywords: Internet; computer network security; video streaming; DoS attacks;  RBCS; denial-of-service attacks; hybrid peer-to-peer streaming systems; manipulation-resistant multitree backbone overlay; node churn; pull-based system; resilient backbone construction scheme; video streams; Bandwidth; Computer crime; Peer-to-peer computing; Resilience; Streaming media; Switches; Topology (ID#: 16-10634)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7366319&isnumber=7366232

J. Miguel, S. Caballé, F. Xhafa, and V. Snasel, “A Data Visualization Approach for Trustworthiness in Social Networks for On-line Learning,” Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, Gwangiu, 2015, pp. 490-497. doi:10.1109/AINA.2015.226
Abstract: Up to now, the problem of ensuring collaborative activities in e-Learning against dishonest students’ behaviour has been mainly tackled with technological security solutions. Over the last years, technological security solutions have evolved from isolated security approaches based on specific properties, such as privacy, to holistic models based on technological security comprehensive solutions, such as public key infrastructures, biometric models and multidisciplinary approaches from different research areas. Current technological security solutions are feasible in many e-Learning scenarios but on-line assessment involves certain requirements that usually bear specific security challenges related to e-Learning design. In this context, even the most advanced and comprehensive technological security solutions cannot cope with the whole scope of e-Learning vulnerabilities. To overcome these deficiencies, our previous research aimed at incorporating information security properties and services into on-line collaborative e-Learning by a functional approach based on trustworthiness assessment and prediction. In this paper, we present a peer-to-peer on-line assessment approach carried out in a real on-line course developed in our real e-Learning context of the Open University of Catalonia. The design presented in this paper is conducted by our trustworthiness security methodology with the aim of building peer-to-peer collaborative activities, which enhances security e-Learning requirements. Eventually, peer-to-peer visualizations methods are proposed to manage security e-Learning events, as well as on-line visualization through peer-to-peer tools, intended to analyse collaborative relationship.
Keywords: computer aided instruction; data visualisation; social networking (online); trusted computing; Open University of Catalonia; biometric models; data visualization approach; e-learning; holistic models; information security properties; information security services; multidisciplinary approaches; online learning; peer-to-peer collaborative activities; peer-to-peer on-line assessment; public key infrastructures; social networks; student behaviour; technological security; technological security comprehensive solutions; trustworthiness assessment; trustworthiness security methodology; Collaboration; Context; Electronic learning; Peer-to-peer computing; Security; Social network services; Visualization; Information security; computer-supported collaborative learning; on-line assessment; peer-to-peer analysis; trustworthiness (ID#: 16-10635)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098011&isnumber=7097928

D. Frey, R. Guerraoui, A. M. Kermarrec, A. Rault, F. Taïani, and J. Wang, “Hide & Share: Landmark-Based Similarity for Private KNN Computation,” Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, Rio de Janeiro, 2015, pp. 263-274. doi:10.1109/DSN.2015.60
Abstract: Computing k-nearest-neighbor graphs constitutes a fundamental operation in a variety of data-mining applications. As a prominent example, user-based collaborative-filtering provides recommendations by identifying the items appreciated by the closest neighbors of a target user. As this kind of applications evolve, they will require KNN algorithms to operate on more and more sensitive data. This has prompted researchers to propose decentralized peer-to-peer KNN solutions that avoid concentrating all information in the hands of one central organization. Unfortunately, such decentralized solutions remain vulnerable to malicious peers that attempt to collect and exploit information on participating users. In this paper, we seek to overcome this limitation by proposing H&S (Hide & Share), a novel landmark-based similarity mechanism for decentralized KNN computation. Landmarks allow users (and the associated peers) to estimate how close they lay to one another without disclosing their individual profiles. We evaluate H&S in the context of a user-based collaborative-filtering recommender with publicly available traces from existing recommendation systems. We show that although landmark-based similarity does disturb similarity values (to ensure privacy), the quality of the recommendations is not as significantly hampered. We also show that the mere fact of disturbing similarity values turns out to be an asset because it prevents a malicious user from performing a profile reconstruction attack against other users, thus reinforcing users’ privacy. Finally, we provide a formal privacy guarantee by computing an upper bound on the amount of information revealed by H&S about a user’s profile.
Keywords: collaborative filtering; data mining; data privacy; graph theory; pattern clustering; peer-to-peer computing; recommender systems; security of data; data-mining applications; decentralized peer-to-peer KNN solutions; formal privacy; hide & share; item identification; k-nearest-neighbor graph computation; landmark-based similarity mechanism; malicious user prevention; private KNN computation; profile reconstruction attack; similarity values; user-based collaborative-filtering recommender; Approximation methods; Context; Electronic mail; Measurement; Peer-to-peer computing; Privacy; Protocols; Data privacy; Nearest neighbor searches; Peer-to-peer computing; Recommender systems (ID#: 16-10636)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266856&isnumber=7266818

F. d. A. López-Fuentes and S. Balleza-Gallegos, “Evaluating Sybil Attacks in P2P Infrastructures for Online Social Networks,” High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, New York, NY, 2015, pp. 1262-1267. doi:10.1109/HPCC-CSS-ICESS.2015.252
Abstract: In recent years, online social networks (OSN) have become very popular. These types of networks have been useful to find former classmates or to improve our interaction with friends. Currently, a huge amount of information is generated and consumed by millions of people from these types of networks. Most popular online social networks are based on centralized servers, which are responsible for the management and storage all information. Although online social networks introduce several benefits, these networks still face many challenges such as central control, privacy or security. P2P infrastructures have emerged as an alternative platform to deploy decentralized online social networks. However, decentralized distributed systems are vulnerable to malicious peers. In this work, we evaluate P2P infrastructures against Sybil attacks. In particular, we simulate and evaluate hybrid and distributed P2P architectures.
Keywords: computer network security; file servers; peer-to-peer computing; social networking (online); OSN; P2P infrastructure; Sybil attack evaluation; centralized server; decentralized distributed systems; decentralized online social network; distributed P2P architecture; hybrid P2P architecture; malicious peers; Bandwidth; Computational modeling; Flowcharts; Peer-to-peer computing; Protocols; Servers; Social network services; Sybil attack; online-social networks; peer-to-peer networks (ID#: 16-10637)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7336341&isnumber=7336120

M. Zahak, M. Alizadeh, and M. Abbaspour, “Collaborative Privacy Management in P2P Online Social Networks,” Information Security and Cryptology (ISCISC), 2015 12th International Iranian Society of Cryptology Conference on, Rasht, 2015, pp. 64-72. doi:10.1109/ISCISC.2015.7387900
Abstract: Online Social Networks (OSNs) have become widely popular in recent years. In spite of users’ interest to join OSNs, sharing vast amounts of personal information and resources in these networks might result in privacy issues for them. In the centralized OSNs, access control policies defined by users are enforced by OSN providers. Moreover, as these shared resources are stored by providers, they can access them. To avoid such problems, various architectures for decentralized OSNs are proposed. But the proposed architectures for P2P OSNs yet do not support any mechanism for collaborative privacy management on the shared content. By increasing the amount of resources such as photos which is shared by friends or family members, privacy of a user in these networks does not depend on the resources shared by him anymore. In this case, users should be able to collaborate in control of the accessibility of all the resources belong to them. In this paper, using secret sharing scheme, we propose a collaborative access control model which all the users tagged in a content are able to define the privacy policy for it. Based on the various parameters such as sensitivity scores and privacy policies defined by each controller, an aggregated policy is assigned to a shared resource. To the best of our knowledge this is the first time such a collaborative privacy management model has been proposed for P2P based OSNs. Additionally, to demonstrate the applicability of the proposed model a prototype is implemented.
Keywords: data privacy; peer-to-peer computing; social networking (online); P2P based OSN; P2P online social networks; collaborative access control model; collaborative privacy management model; Access control; Collaboration; Cryptography; Decision support systems; Privacy; Proposals; Servers; collaborative; data sharing; peer-to-peer systems; privacy; social networking (ID#: 16-10638)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7387900&isnumber=7387888

F. Burgstaller, A. Derler, S. Kern, G. Schanner, and A. Reiter, “Anonymous Communication in the Browser via Onion-Routing,” 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Krakow, Poland, 2015, pp. 260-267. doi:10.1109/3PGCIC.2015.22
Abstract: Every single communication on the Internet reveals private and sensitive information of the communicating parties if no further measures are applied. Various applications and measures are already available to e.g. tunnel traffic through other nodes to obscure the original sender and receiver. Existing frameworks require external applications, running on the particular nodes. We propose a flexible architecture for an anonymous communication framework that supports the interoperability among different platforms. Our proof-of-concept implementation, based on web standards and web technologies shows the feasibility of the framework in terms of usability and interoperability. The framework is running completely in the web-browser and does not have requirements on external applications. The evaluation results show that our framework brings great benefits to user’s privacy and security.
Keywords: Browsers; Peer-to-peer computing; Protocols; Public key; Servers; WebRTC; WebRTC; anonymous communication; end-to-end security; onion routing; peer-to-peer; security (ID#: 16-10639)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7424573&isnumber=7424499

C. N. Kayembe, “Ubiquitous Social Sensor Networking System,” Consumer Electronics - Berlin (ICCE-Berlin), 2015 IEEE 5th International Conference on, Berlin, 2015, pp. 256-259. doi:10.1109/ICCE-Berlin.2015.7391250
Abstract: Social Networking Sites (SNS) require a centralized system accessible via Internet. SNS’ owners are in control of user’s data; this often leads to data theft, piracy and privacy issues. This paper proposes a way of socializing with people in surrounding places by using a ubiquitous social sensor network system (USSNS) where Wireless Sensor Node interact in a peer-to-peer mode without the need of Internet. Sensor Node are programed in order to exchange selected social information (e.g. status availability, emergency) to their peer sensor node within a predefine network coverage area (~ 10 indoor to 100 meter outdoor) via a multicast request. The result of this system could allow node’s user to find their peer via nodes’ LED lightening and engage in a face-to-face conversation if they are willing to. The USSNS aims to promote face-to-face interaction instead of current virtual interaction on SNS. The system was tested on two K-mote B2 devices using CoAP protocol.
Keywords: data privacy; peer-to-peer computing; protocols; social networking (online); ubiquitous computing; wireless sensor networks; CoAP protocol; ED lightening; Internet; USSNS; data piracy; data theft; peer-to-peer mode; social networking sites; ubiquitous social sensor networking system; wireless sensor node; Internet; Peer-to-peer computing; Protocols; Security; Social network services; Wireless communication; Wireless sensor networks; Sensor Node; Ubiquitous Social Sensor Networking (USSN); Wireless Sensor Network (ID#: 16-10640)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7391250&isnumber=7391194

F. Jacob, J. Mittag, and H. Hartenstein, “A Security Analysis of the Emerging P2P-Based Personal Cloud Platform MaidSafe,” Trustcom/BigDataSE/ISPA, 2015 IEEE, Helsinki, 2015, pp. 1403-1410. doi:10.1109/Trustcom.2015.538
Abstract: The emergence of decentralized crypto currencies such as Bitcoin and the success of the anonymizing network TOR lead to an increased interest in peer-to-peer based technologies lately - not only due to the prevalent deployment of mass network surveillance technologies by authorities around the globe. While today’s application services typically employ centralized client/server architectures that require the user to trust the service provider, new decentralized platforms that eliminate this need of trust are on their rise. In this paper we critically analyze a fully decentralized alternative to today’s digital ecosystem - MaidSafe - that drops most of the commonly applied principles. The MaidSafe network implements a fully decentralized personal data storage platform on which user applications can be built. The network is made up by individual users who contribute storage, computing power and bandwidth. All communication between network nodes is encrypted, yet users only have to remember a username and password. To guarantee these objectives, MaidSafe combines mechanisms such as Self-Authentication, Self-Encryption, and a P2P-based public key infrastructure. This paper provides a condensed description of MaidSafe’s key protocol mechanisms, derives the underlying identity and access management architecture, and evaluates it with respect to security and privacy aspects.
Keywords: client-server systems; cloud computing; peer-to-peer computing; public key cryptography; security of data; Bitcoin; MaidSafe key protocol mechanisms; MaidSafe network; P2P-based personal cloud platform MaidSafe; P2P-based public key infrastructure; access management architecture; centralized client-server architectures; decentralized crypto currencies; digital ecosystem; fully decentralized personal data storage platform; mass network surveillance technologies; network TOR; peer-to-peer based technologies; security analysis; self-authentication mechanism; self-encryption mechanism; service provider; Internet; Online banking; Peer-to-peer computing; Privacy; Public key; Cloud; Decentralization; Distributed System; MaidSafe; P2P; Self-Authentication; Self-Encryption (ID#: 16-10641)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7345446&isnumber=7345233

A. Biryukov and I. Pustogarov, “Bitcoin over Tor Isn’t a Good Idea,” Security and Privacy (SP), 2015 IEEE Symposium on, San Jose, CA, 2015, pp. 122-134. doi:10.1109/SP.2015.15
Abstract: Bit coin is a decentralized P2P digital currency in which coins are generated by a distributed set of miners and transactions are broadcasted via a peer-to-peer network. While Bit coin provides some level of anonymity (or rather pseudonymity) by encouraging the users to have any number of random-looking Bit coin addresses, recent research shows that this level of anonymity is rather low. This encourages users to connect to the Bit coin network through anonymizers like Tor and motivates development of default Tor functionality for popular mobile SPV clients. In this paper we show that combining Tor and Bit coin creates a new attack vector. A low-resource attacker can gain full control of information flows between all users who chose to use Bit coin over Tor. In particular the attacker can link together user’s transactions regardless of pseudonyms used, control which Bit coin blocks and transactions are relayed to user and can delay or discard user’s transactions and blocks. Moreover, we show how an attacker can fingerprint users and then recognize them and learn their IP addresses when they decide to connect to the Bit coin network directly.
Keywords: IP networks; peer-to-peer computing; security of data; Bit coin network; Bitcoin; IP address; decentralized P2P digital currency; default Tor functionality; information flow; low-resource attacker; peer-to-peer network; popular mobile SPV client; pseudonymity; random-looking Bit coin address; user transactions; Bandwidth; Databases; IP networks; Online banking; Peer-to-peer computing; Relays; Servers; Anonymity; P2P; Security; Tor; cryptocurrency (ID#: 16-10642)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163022&isnumber=7163005

K. Kalaivani and C. Suguna, “Efficient Botnet Detection Based n Reputation Model and Content Auditing in P2P Networks,” Intelligent Systems and Control (ISCO), 2015 IEEE 9th International Conference on, Coimbatore, 2015, pp. 1-4. doi:10.1109/ISCO.2015.7282358
Abstract: Botnet is a number of computers connected through internet that can send malicious content such as spam and virus to other computers without the knowledge of the owners. In peer-to-peer (p2p) architecture, it is very difficult to identify the botnets because it does not have any centralized control. In this paper, we are going to use a security principle called data provenance integrity. It can verify the origin of the data. For this, the certificate of the peers can be exchanged. A reputation based trust model is used for identifying the authenticated peer during file transmission. Here the reputation value of each peer can be calculated and a hash table is used for efficient file searching. The proposed system can also verify the trustworthiness of transmitted data by using content auditing. In this, the data can be checked against trained data set and can identify the malicious content.
Keywords: authorisation; computer network security; data integrity; information retrieval; invasive software; peer-to-peer computing; trusted computing; P2P networks; authenticated peer; botnet detection; content auditing; data provenance integrity; file searching; file transmission; hash table; malicious content; peer-to-peer architecture; reputation based trust model; reputation model; reputation value; security principle; spam; transmitted data trustworthiness; virus; Computational modeling; Cryptography; Measurement; Peer-to-peer computing; Privacy; Superluminescent diodes; Data provenance integrity; content auditing; reputation value; trained data set (ID#: 16-10643)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282358&isnumber=7282219

T. Amft, B. Guidi, K. Graffi, and L. Ricci, “FRoDO: Friendly Routing over Dunbar-Based Overlays,” Local Computer Networks (LCN), 2015 IEEE 40th Conference on, Clearwater Beach, FL, 2015, pp. 356-364. doi:10.1109/LCN.2015.7366330
Abstract: Centralized Online Social Networks (OSNs) have become the main communication channel in both the personal and the business domain. A current trend for developing OSN services is towards the distribution of the social network infrastructure by using P2P architectures as basis for Distributed Online Social Networks (DOSNs). One of the main challenges of DOSNs comes from guaranteeing privacy and protection of private data. In previous work [18], we proposed a Dunbar-based approach to preserve data availability in DOSNs. Using Dunbar’s circles of intimacy a certain level of trust is ensured which bases on the users confidence in their friends. Now, to achieve privacy and anonymity, we focus on the incorporation of social contacts into existing Peer-to-Peer Overlays and show that a naive integration of social links into existing Overlays like Chord and Pastry is not satisfactory. In order to address drawbacks of the naive approach we introduce goLLuM, a general solution which can be used on top of existing structured and unstructured P2P networks. Our protocol enables to route messages via friendly nodes only, even if only few friends per node exist. By using synthetic models and real-data traces for the representation of friendship relationships we highlight the drawbacks of the naive solution and show the functionality of goLLuM.
Keywords: data privacy; overlay networks; peer-to-peer computing; routing protocols; security of data; social networking (online); trusted computing; Chord; DOSN; Dunbar circles of intimacy; FRoDO; Friendly Routing over Dunbar-based Overlays; OSN service; P2P architectures; Pastry; anonymity; centralized online social network; communication channel; data availability preservation; distributed online social network; friendly nodes; goLLuM; message routing protocol; peer-to-peer overlays; privacy guarantee; private data protection; social contact; social links; social network infrastructure; trust level; unstructured P2P network; user confidence; Data privacy; Distributed databases; Overlay networks; Peer-to-peer computing; Privacy; Routing; Social network services (ID#: 16-10644)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7366330&isnumber=7366232

G. Paul, P. L. Dubouilh, and J. Irvine, “Performance Challenges of Decentralised Services,” Vehicular Technology Conference (VTC Fall), 2015 IEEE 82nd, Boston, MA, 2015, pp. 1-4. doi:10.1109/VTCFall.2015.7391073
Abstract: Decentralised, peer-to-peer based services present a variety of security and privacy benefits for their users, and highly scalable to cater for a growing numbers of users, without extra servers being required of the service operator. This presents a significant advantage for newly emerging mobile applications (with high numbers of users, and limited funds for infrastructure), although performance is a challenge when accessing decentralised services. In this paper, we firstly show the performance of our implementation of a decentralised chunk-based storage platform is constrained by the network. We show the impact of network latency on the performance of this decentralised storage solution, and propose our solution to this, in the form of a federated, intermediary server, thus creating a hybrid decentralised service. This approach offers relatively constant performance as latency increases, due to the use of TCP connectivity, while ensuring the advantages of the decentralised service are not lost in the process.
Keywords: mobile communication; peer-to-peer computing; transport protocols; TCP connectivity; decentralised chunk-based storage platform; decentralised peer-to-peer based services; mobile applications; Computer architecture; Distributed databases; Internet; Mobile handsets; Peer-to-peer computing; Performance evaluation; Servers (ID#: 16-10645)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7391073&isnumber=7390768

J. M. Reddy and C. Hota, “Heuristic-Based Real-Time P2P Traffic Identification,” Emerging Information Technology and Engineering Solutions (EITES), 2015 International Conference on, Pune, India, 2015, pp. 38-43. doi:10.1109/EITES.2015.16
Abstract: Peer-to-Peer (P2P) networks have seen a rapid growth, spanning diverse applications like online anonymity (Tor), online payment (Bit coin), file sharing (Bit Torrent), etc. However, the success of these applications has raised concerns among ISPs and Network administrators. These types of traffic worsen the congestion of the network, and create security vulnerabilities. Hence, P2P traffic identification has been researched actively in recent times. Early P2P traffic identification approaches were based on port-based inspection. Presently, Deep Packet Inspection (DPI) is a prominent technique used to identify P2P traffic. But it relies on payload signatures which are not resilient against port masquerading, traffic encryption and NATing. In this paper, we propose a novel P2P traffic identification mechanism based on the host behaviour from the transport layer headers. A set of heuristics was identified by analysing the off-line datasets collected in our test bed. This approach is privacy preserving as it does not examine the payload content. The usefulness of these heuristics is shown on real-time traffic traces received from our campus backbone, where in the best case only 0.20% of flows were unknown.
Keywords: cryptography; data privacy; peer-to-peer computing; telecommunication security; telecommunication traffic; Bit coin; DPI; ISP; NATing; P2P network; P2P traffic identification mechanism; bit torrent; deep packet inspection; file sharing; heuristic-based real-time P2P traffic identification; network administrator; off-line dataset; online anonymity; online payment; payload signature; peer-to-peer network; port masquerading; port-based inspection; privacy preserving; real-time traffic; security vulnerability; traffic encryption; transport layer header; Accuracy; Internet; Payloads; Peer-to-peer computing; Ports (Computers); Protocols; Servers (ID#: 16-10646)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7083382&isnumber=7082065

M. R. Abdmeziem, D. Tandjaoui, and I. Romdhani, “A Decentralized Batch-Based Group Key Management Protocol for Mobile Internet of Things (DBGK),” Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, Liverpool, 2015, pp. 1109-1117. doi:10.1109/CIT/IUCC/DASC/PICOM.2015.166
Abstract: It is anticipated that constrained devices in the Internet of Things (IoT) will often operate in groups to achieve collective monitoring or management tasks. For sensitive and mission-critical sensing tasks, securing multicast applications is therefore highly desirable. To secure group communications, several group key management protocols have been introduced. However, the majority of the proposed solutions are not adapted to the IoT and its strong processing, storage, and energy constraints. In this context, we introduce a novel decentralized and batch-based group key management protocol to secure multicast communications. Our protocol is simple and it reduces the rekeying overhead triggered by membership changes in dynamic and mobile groups and guarantees both backward and forward secrecy. To assess our protocol, we conduct a detailed analysis with respect to its communication and storage costs. This analysis is validated through simulation to highlight energy gains. The obtained results show that our protocol outperforms its peers with respect to the rekeying overhead and the mobility of members.
Keywords: Internet of Things; cryptographic protocols; data privacy; mobile computing; multicast communication; backward secrecy; communication costs; decentralized batch-based group key management protocol; dynamic groups; energy constraints; energy gains; forward secrecy; group communication security; membership changes; mobile Internet of Things; mobile groups; multicast applications; rekeying overhead reduction; sensitive mission-critical sensing tasks; storage costs; Context; Encryption; Mobile communication; Peer-to-peer computing; Protocols; Servers; Data confidentiality; Group key Management; Internet Of Things; Multicast communications; Security and Privacy (ID#: 16-10647)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7363210&isnumber=7362962

R. Moore, C. Morrell, R. Marchany, and J. G. Tront, “Utilizing the BitTorrent DHT for Blind Rendezvous and Information Exchange,” Military Communications Conference, MILCOM 2015 - 2015 IEEE, Tampa, FL, 2015, pp. 1560-1565. doi:10.1109/MILCOM.2015.7357667
Abstract: This paper introduces a moving target blind rendezvous system leveraging the BitTorrent Distributed Hash Table (DHT) to securely locate other nodes in a distributed system and to exchange information without a single point of failure. We leverage cryptographic constructions such as Elliptic Curve Diffie-Hellman key exchange and secure hashing functions, as well as the immense size of the BitTorrent DHT swarm to build this secure system. We require a minimal amount of pre-shared information and additionally allow that pre-shared information to be publicly available in the form of public keys. Our goal in this work is to provide a means of secure information dissemination that improves the capability of privacy focused and censorship avoidance systems.
Keywords: peer-to-peer computing; public key cryptography; BitTorrent DHT swarm; BitTorrent distributed hash table; censorship avoidance systems; cryptographic constructions; distributed system; elliptic curve Diffie-Hellman key exchange; information exchange; moving target blind rendezvous system; pre-shared information; public keys; secure hashing functions; secure information dissemination; Internet; Peer-to-peer computing; Privacy; Protocols; Security; Servers; Target tracking; Distributed Systems; Key Agreement; Mobile Privacy; Mobile Security; Moving Target Defense; Session Establishment (ID#: 16-10648)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7357667&isnumber=7357245

M. A. U. Nasir, S. Girdzijauskas, and N. Kourtellis, “Socially-Aware Distributed Hash Tables for Decentralized Online Social Networks,” Peer-to-Peer Computing (P2P), 2015 IEEE International Conference on, Boston, MA, 2015, pp. 1-10. doi:10.1109/P2P.2015.7328524
Abstract: Many decentralized online social networks (DOSNs) have been proposed due to an increase in awareness related to privacy and scalability issues in centralized social networks. Such decentralized networks transfer processing and storage functionalities from the service providers towards the end users. DOSNs require individualistic implementation for services, (i.e., search, information dissemination, storage, and publish/subscribe). However, many of these services mostly perform social queries, where OSN users are interested in accessing information of their friends. In our work, we design a socially-aware distributed hash table (DHTs) for efficient implementation of DOSNs. In particular, we propose a gossip-based algorithm to place users in a DHT, while maximizing the social awareness among them. Through a set of experiments, we show that our approach reduces the lookup latency by almost 30% and improves the reliability of the communication by nearly 10% via trusted contacts.
Keywords: file organisation; social networking (online); DHT; DOSN; decentralized online social networks; gossip-based algorithm; socially-aware distributed hash tables; Peer-to-peer computing; Privacy; Relays; Reliability; Scalability; Security; Social network services (ID#: 16-10649)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7328524&isnumber=7328510

Q. Tan, J. Shi, B. Fang, W. Zhang, and X. Wang, “StegoP2P: Oblivious User-Driven Unobservable Communications,” Communications (ICC), 2015 IEEE International Conference on, London, 2015, pp. 7126-7131. doi:10.1109/ICC.2015.7249463
Abstract: With increasing concern for erosion of privacy, privacy preserving and censorship-resistance techniques are becoming more and more important. Anonymous communication techniques offer an important method defending against Internet surveillance, but these techniques don’t conceal themselves when used. In this paper, we propose StegoP2P, an unobservable communication system with Internet users in overlay network that relies on Innocent users’ oblivious data downloading, StegoP2P works by deploying a end-to-middle proxies, which inspect special steganography flows from StegoP2P users to innocent-looking destinations and mirror them to the true destination requested by oblivious P2P users. The hidden communication is indistinguishable from normal network communications to any adversaries without a private key, hence, making the StegoP2P clients unobservable. We have developed a proof-of-concept application based on Vuze and conducted evaluations through experiments.
Keywords: Internet; overlay networks; peer-to-peer computing; steganography; Internet users; StegoP2P; Vuze proof-of-concept application; end-to-middle proxy; hidden communication; innocent users oblivious data downloading; innocent-looking destinations; normal network communications; oblivious user-driven unobservable communications; overlay network; steganography; Censorship; IP networks; Internet; Peer-to-peer computing; Protocols; Security; Servers; Censorship-resistant; Covert channel; Steganography; Unobservable communication (ID#: 16-10650)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7249463&isnumber=7248285

F. Randazzo, D. Croce, I. Tinnirello, C. Barcellona, and M. L. Merani, “Experimental Evaluation of Privacy-Preserving Aggregation Schemes on PlanetLab,” Wireless Communications and Mobile Computing Conference (IWCMC), 2015 International, Dubrovnik, 2015, pp. 379-384. doi:10.1109/IWCMC.2015.7289113
Abstract: New pervasive technologies often reveal many sensitive information about users’ habits, seriously compromising the privacy and sometimes even the personal security of people. To cope with this problem, researchers have developed the idea of privacy-preserving data mining which refers to the possibility of releasing aggregate information about the data provided by multiple users, without any information leakage about individual data. These techniques have different privacy levels and communication costs, but all of them can suffer when some users’ data becomes inaccessible during the operation of the privacy preserving protocols. It is thus interesting to validate the applicability of such architectures in real-world scenarios. In this paper we experimentally evaluate two promising privacy-preserving techniques on PlanetLab, analyzing the execution time and the failure rate that each scheme exhibits.
Keywords: data mining; data privacy; ubiquitous computing; PlanetLab; communication costs; pervasive technologies; privacy preserving protocols; privacy-preserving aggregation schemes; privacy-preserving data mining; Artificial neural networks; Cryptography; Data privacy; Peer-to-peer computing; Protocols; Servers; privacy; secret sharing; secure multi-party computation (ID#: 16-10651)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7289113&isnumber=7288920

A. Sanatinia and G. Noubir, “OnionBots: Subverting Privacy Infrastructure for Cyber Attacks,” Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, Rio de Janeiro, 2015, pp. 69-80. doi:10.1109/DSN.2015.40
Abstract: Over the last decade botnets survived by adopting a sequence of increasingly sophisticated strategies to evade detection and take overs, and to monetize their infrastructure. At the same time, the success of privacy infrastructures such as Tor opened the door to illegal activities, including botnets, ransomware, and a marketplace for drugs and contraband. We contend that the next waves of botnets will extensively attempt to subvert privacy infrastructure and cryptographic mechanisms. In this work we propose to preemptively investigate the design and mitigation of such botnets. We first, introduce OnionBots, what we believe will be the next generation of resilient, stealthy botnets. OnionBots use privacy infrastructures for cyber attacks by completely decoupling their operation from the infected host IP address and by carrying traffic that does not leak information about its source, destination, and nature. Such bots live symbiotically within the privacy infrastructures to evade detection, measurement, scale estimation, observation, and in general all IP-based current mitigation techniques. Furthermore, we show that with an adequate self-healing network maintenance scheme, that is simple to implement, OnionBots can achieve a low diameter and a low degree and be robust to partitioning under node deletions. We develop a mitigation technique, called SOAP, that neutralizes the nodes of the basic OnionBots. In light of the potential of such botnets, we believe that the research community should proactively develop detection and mitigation methods to thwart OnionBots, potentially making adjustments to privacy infrastructure.
Keywords: IP networks; computer network management; computer network security; data privacy; fault tolerant computing; telecommunication traffic; Cyber Attacks; IP-based mitigation techniques; OnionBots; SOAP; Tor; botnets; cryptographic mechanisms; destination information; host IP address; illegal activities; information nature; node deletions; privacy infrastructure subversion; resilient-stealthy botnets; self-healing network maintenance scheme; source information; Cryptography; Maintenance engineering; Peer-to-peer computing; Privacy; Relays; Servers; botnet; cyber security; privacy infrastructure; self-healing network (ID#: 16-10652)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266839&isnumber=7266818

L. Bariah, D. Shehada, E. Salahat, and C. Y. Yeun, “Recent Advances in VANET Security: A Survey,” Vehicular Technology Conference (VTC Fall), 2015 IEEE 82nd, Boston, MA, 2015, pp. 1-7. doi:10.1109/VTCFall.2015.7391111
Abstract: Vehicular ad hoc networks (VANET) are emerging as a prominent form of mobile ad hoc networks (MANETs) and as an effective technology for providing a wide range of safety applications for vehicle passengers. Nowadays, VANETs are of an increasing importance as they enable accessing a large variety of ubiquitous services. Such increase is also associated with a similar increase in vulnerabilities in these inter-vehicular services and communications, and consequently, the number of security attacks and threats. It is of paramount importance to ensure VANETs security as their deployment in the future must not compromise the safety and privacy of their users. The successful defending against such VANETs attacks prerequisite deploying efficient and reliable security solutions and services, and the research in this field is still immature and is continuously and rapidly growing. As such, this paper is devoted to provide a structured and comprehensive overview of the recent research advances on VANETS security services, surveying the state-of-the-art on security threats, vulnerabilities and security services, while focusing on important aspects that are not well-surveyed in the literature such as VANET security assessment tools.
Keywords: data privacy; telecommunication security; vehicular ad hoc networks; MANET; VANET security; intervehicular service; mobile ad hoc network; ubiquitous service; vehicle passenger; vehicular ad hoc networks; Global Positioning System; Peer-to-peer computing; Privacy; Roads; Security; Vehicles; Vehicular ad hoc networks (ID#: 16-10653)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7391111&isnumber=7390768

E. Papapetrou, V. F. Bourgos, and A. G. Voyiatzis, “Privacy-Preserving Routing in Delay Tolerant Networks Based on Bloom Filters,” World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2015 IEEE 16th International Symposium on a, Boston, MA, 2015, pp. 1-9. doi:10.1109/WoWMoM.2015.7158148
Abstract: Privacy preservation in opportunistic networks, such as disruption and delay tolerant networks, constitutes a very challenging area of research. The wireless channel is vulnerable to malicious nodes that can eavesdrop data exchanges. Moreover, all nodes in an opportunistic network can act as routers and thus, gain access to sensitive information while forwarding data. Node anonymity and data protection can be achieved using encryption. However, cryptography-based mechanisms are complex to handle and computationally expensive for the participating (mobile) nodes. We propose SimBet-BF, a privacy-preserving routing algorithm for opportunistic networks. The proposed algorithm builds atop the SimBet algorithm and uses Bloom filters so as to represent routing as well as other sensitive information included in data packets. SimBet-BF provides anonymous communication and avoids expensive cryptographic operations, while the functionality of the SimBet algorithm is not significantly affected. In fact, we show that the required security level can be achieved with a negligible routing performance trade-off.
Keywords: delay tolerant networks; delays; radio networks; telecommunication network routing; telecommunication security; Bloom filters; SimBet algorithm; cryptography based mechanisms; eavesdrop data exchanges; expensive cryptographic operations; malicious nodes; mobile nodes; opportunistic networks; privacy preserving routing algorithm; wireless channel; Cryptography; Measurement; Peer-to-peer computing; Privacy; Protocols; Routing (ID#: 16-10654)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7158148&isnumber=7158105

D. C. M. Segura et al., “Availability in the Flexible and Adaptable Distributed File System,” Parallel and Distributed Computing (ISPDC), 2015 14th International Symposium on, Limassol, 2015, pp. 148-155. doi:10.1109/ISPDC.2015.24
Abstract: The goals of a Distributed File Systems (DFS) may vary broadly. It is impossible to design a DFS attaining every desirable characteristic, such as, transparency, performance, privacy, reliability, and availability, for example. In this paper we describe the improvements achieved with the availability and performance offered by a DFS named FlexA (Flexible and Adaptable Distributed File System), which already proposed an architecture that could provide data security and flexibility. Modifications included a new approach to provide file replication and procedures to prevent system overloads. Details about the modifications introduced to FlexA, as well as results achieved with them, are provided. These results indicate that FlexA can be an important option among the known DFS.
Keywords: data privacy; distributed databases; DFS; FlexA system; data security; file replication; flexible and adaptable distributed file system; Computer crashes; File systems; Nominations and elections; Peer-to-peer computing; Servers; Synchronization; Distributed File Systems; availability; user space file system (ID#: 16-10655)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7165141&isnumber=7165113

S. Gurung and Y. Kim, “Healthcare Privacy: How Secure Are the VOIP/Video-Conferencing Tools for PHI Data?,” Information Technology - New Generations (ITNG), 2015 12th International Conference on, Las Vegas, NV, 2015, pp. 574-579. doi:10.1109/ITNG.2015.96
Abstract: There is a high-tech term called telemedicine, which uses information technologies and telecommunication for exchanging medical information among patients and health service providers from different locations. Many video conferencing tools such as WebEx, Go To Meeting, Skype, Google+ Hangouts, etc. Are commonly used these days. Even though these tools vouch for some level of privacy and secured encrypted connections, there are still security risks and vulnerabilities associated with them such as data leaks, call intrusions, identity theft, etc. The risk is even higher during medical video conferencing as there involves many protected health information (PHI) data exchanges. And, any such violations or breach of PHI data can result in civil and criminal penalties as per the Health Insurance Portability and Accountability Act (HIPAA). In this paper, we conduct a literature survey on the security level of such tools, associated risks and possible alternative methods or tools.
Keywords: cryptography; data communication; electronic data interchange; electronic health records; health care; medical computing; medical information systems; teleconferencing; telemedicine; video communication; GoToMeeting; Google+ Hangouts; HIPAA; Health Insurance Portability and Accountability Act; PHI data breach; PHI data exchange; PHI data violation; Skype; VOIP; WebEx; call intrusion; data leak; healthcare privacy; identity theft; medical video conferencing; privacy level; protected health information data exchange; secured encrypted connection; security risk; telemedicine; video-conferencing tools; Cryptography; Google; Medical services; Peer-to-peer computing; Protocols; Servers; Google Hangout; PHI; Video Conferencing (ID#: 16-10656)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7113534&isnumber=7113432

J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten, “SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies,” Security and Privacy (SP), 2015 IEEE Symposium on, San Jose, CA, 2015, pp. 104-121. doi:10.1109/SP.2015.14
Abstract: Bit coin has emerged as the most successful cryptographic currency in history. Within two years of its quiet launch in 2009, Bit coin grew to comprise billions of dollars of economic value despite only cursory analysis of the system’s design. Since then a growing literature has identified hidden-but-important properties of the system, discovered attacks, proposed promising alternatives, and singled out difficult future challenges. Meanwhile a large and vibrant open-source community has proposed and deployed numerous modifications and extensions. We provide the first systematic exposition Bit coin and the many related crypto currencies or ‘altcoins.’ Drawing from a scattered body of knowledge, we identify three key components of Bit coin’s design that can be decoupled. This enables a more insightful analysis of Bit coin’s properties and future stability. We map the design space for numerous proposed modifications, providing comparative analyses for alternative consensus mechanisms, currency allocation mechanisms, computational puzzles, and key management tools. We survey anonymity issues in Bit coin and provide an evaluation framework for analyzing a variety of privacy-enhancing proposals. Finally we provide new insights on what we term disinter mediation protocols, which absolve the need for trusted intermediaries in an interesting set of applications. We identify three general disinter mediation strategies and provide a detailed comparison.
Keywords: cryptography; data privacy; electronic money; financial data processing; protocols; Bitcoin; computational puzzle; consensus mechanism; cryptocurrency; cryptographic currency; currency allocation mechanism; disinter mediation protocol; key management tool; privacy-enhancing proposal; Communities; Cryptography; Online banking; Peer-to-peer computing; Proposals; Protocols (ID#: 16-10657)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163021&isnumber=7163005

Hongyu Jin and P. Papadimitratos, “Scaling VANET Security Through Cooperative Message Verification,” Vehicular Networking Conference (VNC), 2015 IEEE, Kyoto, 2015, pp. 275-278. doi:10.1109/VNC.2015.7385588
Abstract: VANET security introduces significant processing overhead for resource-constrained On-Board Units (OBUs). Here, we propose a novel scheme that allows secure Vehicular Communication (VC) systems to scale well beyond network densities for which existing optimization approaches could be workable, without compromising security (and privacy).
Keywords: cooperative communication; on-board communications; vehicular ad hoc networks; OBU; VANET security scaling; VC system; cooperative message verification; network density; resource-constrained on-board unit; vehicular ad hoc network; vehicular communication system; Cams; Computer aided manufacturing; Delays; Peer-to-peer computing; Receivers; Security; Vehicles; Security; performance; scalability (ID#: 16-10658)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7385588&isnumber=7385535

L. Chen, L. Xu, X. Yuan, and N. Shashidhar, “Digital Forensics in Social Networks and the Cloud: Process, Approaches, Methods, Tools, and Challenges,” Computing, Networking and Communications (ICNC), 2015 International Conference on, Garden Grove, CA, 2015, pp. 1132-1136. doi:10.1109/ICCNC.2015.7069509
Abstract: As cloud computing and social networks become ubiquitous in our modern world, what come along with the nearly infinite storage and computing power are the security, privacy, and digital forensic challenges. Due to the completely different ways of data storage and processing in the cloud and social networks compared to their traditional counterparts, digital forensics practitioners are in need to establish new forensic process and find novel approaches, methods, and tools to maintain the efficiency and performance of their investigations. This paper examines latest studies of the process, challenges, approaches, methods, and tools of digital forensics in the cloud and social network environments, aiming to provide the audience new perspectives and recommendations in the related fields.
Keywords: cloud computing; digital forensics; social networking (online); data processing; data storage; digital forensics; forensic process; infinite storage; social networks; Conferences; Digital forensics; IEC standards; Peer-to-peer computing; Social network services; Time factors; digital investigation; electronic evidence; (ID#: 16-10659)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7069509&isnumber=7069279

S. Dahal, Junghee Lee, Jungmin Kang, and Seokjoo Shin, “Analysis on End-to-End Node Selection Probability in Tor Network,” Information Networking (ICOIN), 2015 International Conference on, Cambodia, 2015, pp. 46-50. doi:10.1109/ICOIN.2015.7057855
Abstract: Tor is an open network that helps to defend against traffic analysis and thus achieves anonymity and resisting censorship online. Nowadays many researches have been carried out to attack Tor and to break the anonymity. To deanonymize the Tor, the attacker must be able to control both the guard node and exit node of a circuit. In this paper, we present an analysis on end-to-end node selection probability when an attacker adds different types of compromised nodes in the existing Tor network. For accurate Tor simulation, we used Shadow simulator for our experiment. By extensive performance evaluation, we conclude that when guard + exit flagged compromised nodes are added to Tor network, the selection probability of compromised nodes gets higher.
Keywords: computer network security; probability; telecommunication network routing; Shadow simulator; Tor network; Tor simulation; compromised nodes; end-to-end node selection probability; online anonymity; online censorship resistance; open network; selection probability; traffic analysis; Bandwidth; Peer-to-peer computing; Privacy; Relays; Routing; Security; Servers; Shadow; Tor; nodes; selection probability (ID#: 16-10660)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7057855&isnumber=7057846

E. Vasilomanolakis, C. G. Cordero, M. Muhlhauser, and M. Fischer, “SkipMon: A Locality-Aware Collaborative Intrusion Detection System,” 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC), Nanjing, 2015, pp. 1-8. doi:10.1109/PCCC.2015.7410282
Abstract: Due to the increasing quantity and sophistication of cyber-attacks, Intrusion Detection Systems (IDSs) are nowadays considered mandatory security mechanisms for protecting critical networks. Research on cyber-security is moving from such isolated IDSs towards Collaborative IDSs (CIDSs) in order to protect large-scale networks. In CIDSs, a number of IDS sensors work together for creating a holistic picture of the monitored network. Our contribution in this paper is a novel distributed and scalable CIDS, called SkipMon. Our system supports, both, the idea of locality and privacy preserving communication by means of exchanging compact alert data. Furthermore, we propose a mechanism for interconnecting sensors that experience similar traffic patterns. The experimental results suggest that our CIDS, with our technique of connecting monitoring nodes that experience similar traffic, is scalable and offers a good accuracy rate compared to a centralized system with full knowledge of the participating sensors’ data.
Keywords: groupware; security of data; CIDS; SkipMon; cyber-security; locality-aware collaborative intrusion detection system; mandatory security mechanisms; privacy preserving communication; Collaboration; Intrusion detection; Monitoring; Peer-to-peer computing; Routing; Sensors (ID#: 16-10661)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7410282&isnumber=7410258

F. Yang, “The Tale of Deep Packet Inspection in China: Mind the Gap,” Information and Communication Technology (ICoICT ), 2015 3rd International Conference on, Nusa Dua, 2015, pp. 348-351. doi:10.1109/ICoICT.2015.7231449
Abstract: People expect some technologies to help access, share and enjoy the human knowledge and resources via the Internet as the deepening of Internet globalization. Deep packet inspection is a packet sniffing technology on the network traffic, enabling operators to monitor what is happening in real time. It could be applied to management bandwidth, lawful surveillance, copyright enforcement, network security and so forth. However, DPI deployment should be concerned its black boxing results such as ISPs unilateral measure, privacy infringement, advertisement implantation. When ISPs deploy the applications of DPI popularly, it is lack of sufficient attention from users, policy-makers, and researchers to rethink its social adverse impact. This paper seeks to examine the DPI deployment by ISPs in China, and be aware of the unbalanced gap between DPI deployment and social public policy. It is a brief tale of gap between DPI deployment and social public policy in China, hoping more attention could be paid to this domain.
Keywords: Internet; computer network security; copyright; China; DPI deployment; ISP deployment; Internet globalization; Internet service provider; black boxing; copyright enforcement; deep packet inspection; human knowledge; human resources; lawful surveillance; management bandwidth; network security; network traffic; packet sniffing technology; social adverse impact; social public policy; Bandwidth; Broadband communication; Inspection; Internet; Peer-to-peer computing; Privacy; Telecommunications; China; Deep packet inspection; P2P; bandwidth; policy; privacy (ID#: 16-10662)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7231449&isnumber=7231384

J. Classen, J. Braun, F. Volk, M. Hollick, J. Buchmann, and M. Mühlhäuser, “A Distributed Reputation System for Certification Authority Trust Management,” Trustcom/BigDataSE/ISPA, 2015 IEEE, Helsinki, 2015, pp. 1349-1356. doi:10.1109/Trustcom.2015.529
Abstract: In the current Web Public Key Infrastructure (Web PKI), few central instances have the power to make trust decisions. From a system’s perspective, it has the side effect that every Certification Authority (CA) becomes a single point of failure (SPOF). In addition, trust is no individual matter per user, what makes trust decisions hard to revise. Hence, we propose a method to leverage Internet users and thus distribute CA trust decisions. However, the average user is unable to manually decide which incoming TLS connections are trustworthy and which are not. Therefore, we overcome this issue with a distributed reputation system that facilitates sharing trust opinions while preserving user privacy. We assess our methodology using real-world browsing histories. Our results exhibit a significant attack surface reduction with respect to the current Web PKI, and at the same time we only introduce a minimal overhead.
Keywords: Internet; data privacy; decision making; public key cryptography; trusted computing; CA trust decision; Internet users; SPOF; TLS connections; Web PKI; Web public key infrastructure; attack surface reduction; certification authority trust management; distributed reputation system; single point of failure; trust decision making; trust opinion sharing; user privacy preservation; History; Internet; Peer-to-peer computing; Privacy; Protocols; Routing; Security; distributed system; trust management (ID#: 16-10663)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7345437&isnumber=7345233

P. Rad, M. Muppidi, A. S. Jaimes, S. S. Agaian, and M. Jamshidi, “Secure Proxy Service Using p-Fibonacci Transformation of Cosine Coefficients on Cloud File Sharing Environment,” High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, New York, NY, 2015, pp. 1454-1459. doi:10.1109/HPCC-CSS-ICESS.2015.304
Abstract: In this paper, we sketch the idea of double image encryption service to provide the privacy and authentication on big-data image libraries on cloud computing environment. The encoding of the image is done using the P-Fibonacci transform of Discrete Cosine Coefficients “PFCC“ algorithm. First, using Discrete Cosine Transfer (DCT), we transfer an image from the spatial domain to the frequency domain. Second, we utilize the Fibonacci P-code for image bit-plane decomposition and the 2D P-Fibonacci transform for image encryption. Furthermore detailed simulations have been carried out to test the encryption service on cloud file sharing environment such as OpenStack Object Storage and flicker.
Keywords: Big Data; cloud computing; cryptography; data privacy; discrete cosine transforms; image coding; libraries; peer-to-peer computing; 2D P-Fibonacci transform; Big-Data image libraries authentication; Big-Data image libraries privacy; DCT; Fibonacci P-code; cloud computing environment; cloud file sharing environment; discrete cosine coefficients PFCC algorithm; discrete cosine transfer; double image encryption service; frequency domain; image bit-plane decomposition; image encoding; p-Fibonacci transformation; secure proxy service; spatial domain; Discrete cosine transforms; Encryption; Image reconstruction; Cloud computing; Discrete Cosine Transform; Image encryption; OpenStack Object Storage; p-Fibonacci Transform (ID#: 16-10664)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7336373&isnumber=7336120

J. Yanez-Sierra, A. Diaz-Perez, V. Sosa-Sosa, and J. L. Gonzalez, “Towards Secure and Dependable Cloud Storage Based on User-Defined Workflows,” Cyber Security and Cloud Computing (CSCloud), 2015 IEEE 2nd International Conference on, New York, NY, 2015, pp. 405-410. doi:10.1109/CSCloud.2015.28
Abstract: A major concern of users of cloud storage services is the loss of control over security, availability and privacy of their files. That is partially addressed by end-to-end encryption techniques. However, most of the solutions currently available offer rigid functionalities that cannot be rapidly integrated into customized tools to meet user’s requirements like, for example, file sharing with other users. This paper presents an end-to-end architecture that enables users to build secure and resilient work-flows for storing and sharing files in the cloud. The workflows are configurable structures executed on the user-side that perform processing operations on the files through chained stages such as data compression for capacity overhead reduction, file assurance for ensuring confidentiality when sharing files and information dispersion for storing files in n cloud locations and retrieving them even during outages of m cloud storage providers. The users can set up different workflows depending on their requirements because they can organize the processing units of each stage in either pipeline to improve its performance or stack for improving functionality. The stages and their processing units are connected using I/O communication interfaces which ensure a continuous data flow from the user/organization computers to multiple cloud locations. Based on our architecture, we developed a prototype for a private cloud infrastructure. The experimental evaluation revealed the feasibility of enabling flexible file sharing and storage user-defined workflows in terms of performance.
Keywords: cloud computing; cryptography; input-output programs; peer-to-peer computing; software reliability; user interfaces; I/O communication interface; cloud storage dependability; cloud storage security; end-to-end architecture; end-to-end encryption technique; file sharing; user-defined workflow; Cloud computing; Computer architecture; Computers; Encryption; Pipelines; Reliability; cloud security; cloud storage; reliability; workflows (ID#: 16-10665)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371514&isnumber=7371418

X. Liu, Y. Xia, Y. Xiang, M. M. Hassan, and A. Alelaiwi, “A Secure and Efficient Data Sharing Framework with Delegated Capabilities in Hybrid Cloud,” Security and Privacy in Social Networks and Big Data (SocialSec), 2015 International Symposium on, Hangzhou, 2015, pp. 7-14. doi:10.1109/SocialSec2015.13
Abstract: Hybrid cloud is a widely used cloud architecture in large companies that can outsource data to the public cloud, while still supporting various clients like mobile devices. However, such public cloud data outsourcing raises serious security concerns, such as how to preserve data confidentiality and how to regulate access policies to the data stored in public cloud. To address this issue, we design a hybrid cloud architecture that supports data sharing securely and efficiently, even with resource-limited devices, where private cloud serves as a gateway between the public cloud and the data user. Under such architecture, we propose an improved construction of attribute-based encryption that has the capability of delegating encryption/decryption computation, which achieves flexible access control in the cloud and privacy-preserving in data utilization even with mobile devices. Extensive experiments show the scheme can further decrease the computational cost and space overhead at the user side, which is quite efficient for the user with limited mobile devices. In the process of delegating most of the encryption/decryption computation to private cloud, the user can not disclose any information to the private cloud. We also consider the communication security that once frequent attribute revocation happens, our scheme is able to resist some attacks between private cloud and data user by employing anonymous key agreement.
Keywords: cloud computing; cryptography; data privacy; mobile computing; outsourcing; peer-to-peer computing; software architecture; anonymous key agreement; attribute-based encryption; data confidentiality; data security; data sharing framework; encryption/decryption computation; hybrid cloud architecture; mobile device; outsourcing; Cloud computing; Data privacy; Encryption; Mobile handsets; Outsourcing; anonymous key agreement protocol; attribute-based encryption; hybrid cloud (ID#: 16-10666)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371893&isnumber=7371823

T. Loruenser, A. Happe, and D. Slamanig, “ARCHISTAR: Towards Secure and Robust Cloud Based Data Sharing,” 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), Vancouver, BC, 2015, pp. 371-378. doi:10.1109/CloudCom.2015.71
Abstract: Cloud based collaboration gives rise to many new applications and business opportunities in both the private and the business domain. However, building such systems in a secure and robust manner is a challenging task. In this paper, we present a new architecture for secure cloud based data sharing called ARCHISTAR. It builds upon a distributed storage system and thus avoids any single point of trust or failure. Besides providing confidentiality of data, our focus is on availability and in particular on robustness against active attacks or failures. Our system provides full multi-user support and enables advanced sharing scenarios without complex key management and revocation mechanisms. We also present a prototype implementation of the ARCHISTAR system and discuss open issues.
Keywords: cloud computing; data privacy; peer-to-peer computing; security of data; software architecture; ARCHISTAR architecture; cloud based data sharing; data confidentiality; data security; distributed storage system; multiuser support; Cloud computing; Distributed databases; Encryption; Information management; Public key; cloud security; cryptography; distributed systems; information sharing (ID#: 16-10667)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7396179&isnumber=7396111

R. Khan and R. Hasan, “MIDEP: Multiparty Identity Establishment Protocol for Decentralized Collaborative Services,” Services Computing (SCC), 2015 IEEE International Conference on, New York, NY, 2015, pp. 546-553. doi:10.1109/SCC.2015.80
Abstract: Decentralized collaborative architectures are gaining popularity in all application areas, varying from peer-to-peer communication and content management to cloud and ubiquitous services. However, the public identity of the user is still a major concern, in terms of privacy, trace ability, verifiability, masquerading, and other attacks in such environments. We demonstrate two new attacks, identity shadowing and the Man-in-the-Loop (MITL) attacks, which are applicable in particular to multiparty collaborative environments. In this paper, we propose MIDEP, a Multiparty Identity Establishment Protocol for collaborative environments. The proposed protocol allows a client to establish a secure, multiparty, probabilistic, temporal, verifiable, and non-traceable public identity with the collaborating peers in a decentralized architecture. MIDEP allows a client to avoid identity shadowing and protects the service from the resulting threats as well as from colluded information sharing among the collaborating peers. We illustrate how existing collaborative service frameworks can utilize MIDEP to securely establish the public identity prior to beginning the service session. A prototype implementation is utilized to perform extensive experimental analysis. Our results show that MIDEP is highly suitable in terms of overhead to ensure secure identity establishment for underlying decentralized collaborative services.
Keywords: cryptographic protocols; MIDEP; MITL attacks; cloud services; content management; decentralized collaborative architectures; decentralized collaborative services; man-in-the-loop attacks; multiparty collaborative environments; multiparty identity establishment protocol; peer-to-peer communication; public identity; ubiquitous services; Collaboration; Information management; Privacy; Protocols; Prototypes; Security; Shadow mapping; Collaborative; Decentralized; Identity Establishment; Multiparty; Non-Traceable; Security; Temporal (ID#: 16-10668)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7207398&isnumber=7207317

T. Veugen and Z. Erkin, “Content-Based Recommendations with Approximate Integer Division,” Acoustics, Speech and Signal Processing (ICASSP), 2015 IEEE International Conference on, South Brisbane, QLD, 2015, pp. 1802-1806. doi:10.1109/ICASSP.2015.7178281
Abstract: Recommender systems have become a vital part of e-commerce and online media applications, since they increased the profit by generating personalized recommendations to the customers. As one of the techniques to generate recommendations, content-based algorithms offer items or products that are most similar to those previously purchased or consumed. These algorithms rely on user-generated content to compute accurate recommendations. Collecting and storing such data, which is considered to be privacy-sensitive, creates serious privacy risks for the customers. A number of threats to mention are: service providers could process the collected rating data for other purposes, sell them to third parties, or fail to provide adequate physical security. In this paper, we propose a cryptographic approach to protect the privacy of individuals in a recommender system. Our proposal is founded on homomorphic encryption, which is used to obscure the private rating information of the customers from the service provider. Our proposal explores basic and efficient cryptographic techniques to generate private recommendations using a server-client model, which neither relies on (trusted) third parties, nor requires interaction with peer users. The main strength of our contribution lies in providing a highly efficient division protocol which enables us to hide commercially sensitive similarity values, which was not the case in previous works.
Keywords: approximation theory; cryptography; electronic commerce; integer programming; recommender systems; approximate integer division; content based algorithms; content based recommendations; cryptographic approach; cryptographic techniques; e-commerce; homomorphic encryption; online media applications; personalized recommendations; recommender systems; serious privacy risks; server-client model; service providers; user generated content; Computational modeling; Protocols; Recommender systems; homomorphic encryption; privacy; secure division; secure multi-party computation (ID#: 16-10669)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7178281&isnumber=7177909

S. Rizvi and J. Mitchell, “A Semi-Distributed Access Control Management Scheme for Securing Cloud Environment,” Cloud Computing (CLOUD), 2015 IEEE 8th International Conference on, New York City, NY, 2015, pp. 501-507. doi:10.1109/CLOUD.2015.73
Abstract: Despite numerous advantages that cloud computing offer (e.g., Flexibility, elasticity, scalability, etc.), many potential clients are still hesitant to join the cloud due to their security and privacy concerns. Outsourcing the data to a cloud in a multitenant environment brings many security challenges including data leaks, threats, and malicious attacks. The cloud computing platform, virtual servers, and the provider’s services are highly dynamic and diverse in nature, making the traditional access control mechanisms (e.g., Firewalls and VLAN etc.) less effective in controlling the unauthorized access to cloud’s data and resources. Several access control policies and authorization system have been proposed in literature to defend against cloud security threats. Most of these systems are designed to work with one or more access control policies. However, little work has been done to develop generic access control architecture capable to work with most of the available access control policies. In this paper, we present a new access control architecture using a global resource management system (GRMS) to effectively handle both local and remote access requests. The introduction of GRMS makes our proposed architecture semi distributed at the expense of minimal request-response time. In addition, our proposed architecture works effectively with both peered access control module (PACM) and virtual resource manager (VRM) to protect and manage all resources and services of cloud providers from unauthorized access.
Keywords: authorisation; cloud computing; data privacy; file servers; resource allocation; GRMS; PACM; VRM; access control mechanisms; authorization system; cloud computing; cloud environment security; cloud providers; cloud security threats; data leaks; generic access control architecture; global resource management system; malicious attacks; multitenant environment; peered access control module; privacy concerns; security challenges; security concerns; semidistributed access control management scheme; unauthorized access; virtual resource manager; virtual servers; Authorization; Cloud computing; Computer architecture; Containers; Virtualization; Access control; role based access control; side channel attack (ID#: 16-10670)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7214083&isnumber=7212169

G. Cattaneo, L. Catuogno, F. Petagna, and G. Roscigno, “Reliable Voice-Based Transactions over VoIP Communications,” Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2015 9th International Conference on, Blumenau, 2015, pp. 101-108. doi:10.1109/IMIS.2015.20
Abstract: Nowadays, plenty of sensitive transactions are provided through call centers such as bank operations, goods purchase and contracts signing. Beside communication confidentiality, two major issues are raised within this scenario: (1) each peer should be ensured about the identity of the other, (2) each peer should be guaranteed that the other could not cheat about the communication contents. Current telecommunication (TLC) networks offer (built-in) or allow several mechanisms to enhance security and reliability of human conversations, leveraging strong authentication mechanisms and cryptography. However, in most cases these solutions require complex deployments, mainly based on proprietary technologies which are often characterized by high costs and low flexibility. In this paper we present a solution for strong peers authentication and non-repudiability of human conversations through Voice over IP (VoIP) networks. Our solution achieves low costs and high interoperability as it is built on top of open standard technologies. Authentication and key-agreement mechanism are based on X.509 digital certificates and full PKCS#11 compliant cryptographic tokens. As proof of concept, we present and discuss a prototype implementation.
Keywords: Internet telephony; cryptographic protocols; open systems; telecommunication network reliability; telecommunication security; TLC networks; VoIP communications; X.509 digital certificates; authentication mechanisms; call centers; communication confidentiality; cryptographic tokens; cryptography; current telecommunication networks; high interoperability; human conversation reliability; human conversation security; key agreement mechanism; peer authentication; reliable voice-based transactions; voice over IP networks; Authentication; Cryptography; Digital signatures; Protocols; Prototypes; Standards; Non-repudiable Communication; Peer Authentication; Privacy; Smart Card; VoIP (ID#: 16-10671)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7284934&isnumber=7284886

G. Zyskind, O. Nathan, and A. Pentland, “Decentralizing Privacy: Using Blockchain to Protect Personal Data,” Security and Privacy Workshops (SPW), 2015 IEEE, San Jose, CA, 2015, pp. 180-184. doi:10.1109/SPW.2015.27
Abstract: The recent increase in reported incidents of surveillance and security breaches compromising users’ privacy call into question the current model, in which third-parties collect and control massive amounts of personal data. Bit coin has demonstrated in the financial space that trusted, auditable computing is possible using a decentralized network of peers accompanied by a public ledger. In this paper, we describe a decentralized personal data management system that ensures users own and control their data. We implement a protocol that turns a block chain into an automated access-control manager that does not require trust in a third party. Unlike Bit coin, transactions in our system are not strictly financial -- they are used to carry instructions, such as storing, querying and sharing data. Finally, we discuss possible future extensions to block chains that could harness them into a well-rounded solution for trusted computing problems in society.
Keywords: data privacy; trusted computing; auditable computing; automated access-control manager; bit coin; blockchain; decentralized network; decentralized personal data management system; decentralizing privacy; financial space; personal data protection; public ledger; security breaches; surveillance; trusted computing problem; user privacy call; Compounds; Data privacy; Encryption; Online banking; Privacy; Protocols; bitcoin; personal data; privacy (ID#: 16-10672)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163223&isnumber=7163193

S. Raza, P. Misra, Z. He, and T. Voigt, “Bluetooth Smart: An Enabling Technology for the Internet of Things,” Wireless and Mobile Computing, Networking and Communications (WiMob), 2015 IEEE 11th International Conference on, Abu Dhabi, 2015, pp. 155-162. doi:10.1109/WiMOB.2015.7347955
Abstract: The past couple of years have seen a heightened interest in the Internet of Things (IoT), transcending industry, academia and government. As with new ideas that hold immense potential, the optimism of IoT has also exaggerated the underlying technologies well before they can mature into a sustainable ecosystem. While 6LoWPAN has emerged as a disruptive technology that brings IP capability to networks of resource constrained devices, a suitable radio technology for this device class is still debatable. In the recent past, Bluetooth Low Energy (LE) - a subset of the Bluetooth v4.0 stack - has surfaced as an appealing alternative that provides a low-power and loosely coupled mechanism for sensor data collection with ubiquitous units (e.g., smartphones and tablets). When Bluetooth 4.0 was first released, it was not targeted for IP-connected devices but for communication between two neighboring peers. However, the latest release of Bluetooth 4.2 offers features that makes Bluetooth LE a competitive candidate among the available low-power communication technologies in the IoT space. In this paper, we discuss the novel features of Bluetooth LE and its applicability in 6LoWPAN networks. We also highlight important research questions and pointers for potential improvement for its greater impact.
Keywords: Bluetooth; Internet of Things; smart phones; 6LoWPAN networks; Bluetooth low energy; Bluetooth smart; Bluetooth v4.0 stack; IP-connected devices; IoT; low-power communication; resource constrained devices; sensor data collection; smartphones; tablets; ubiquitous units; Internet; Privacy; Protocols; Security; Smart phones; Standards; Bluetooth 4.2; Bluetooth Smart; Low Energy; Research Challenges (ID#: 16-10673)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7347955&isnumber=7347915

K. Thakker, C. H. Lung, and P. Morde, “Secure and Optimal Content-centric Networking Caching Design,” Trustworthy Systems and Their Applications (TSA), 2015 Second International Conference on, Hualien, 2015, pp. 36-43. doi:10.1109/TSA.2015.17
Abstract: Due to accretion demand and size of the contents makes today’s Internet architecture inefficient. This host centric model does not seem effective to cater current communication needs where users focus on desired content. As a result, translation between content information and networking domain should take place, typically consisting of an establishment of a delivery path between the content provider and the content consumer. This translation is generally an inefficient constraint, as data location and data popularity are neglected, which leads to over consumption of network resources. The increasing demands of highly scalable and efficient distribution of contents have motivated the development of future Internet architecture based on named data objects. Currently, Content Centric Networking (CCN) is gaining attention as the future Internet architecture where contents themselves are the primary focus, rather than the location of the content. This paper provides an insight into efficient caching management policies used currently for large file caching, our proposed approach along with its justification and validation behind the idea for designing the best caching strategy in CCN. However, caching policies can be misused if attackers use cache as storage to make their own content available for attacks or privacy leaks. We conclude with the need for security mechanisms for protecting the cache and the security measures to prevent any misuse of it.
Keywords: Internet; cache storage; data privacy; security of data; CCN; Internet architecture; host centric model; named data objects; network resource over-consumption; optimal content-centric networking caching design; privacy leaks; secure content-centric networking caching design; Computer architecture; Computers; Mathematical model; Privacy; Routing protocols; Security; Content delivery networking (CDN); Content-centric networking (CCN); caching; peer-assisted content delivery; software defined networking (SDN) (ID#: 16-10674)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7335942&isnumber=7335925
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Phishing 2015

	Phishing 2015

Phishing remains a primary method for social engineering access to computers and information. Much research work has been done in this area in recent years. For the Science of Security community, phishing is relevant to the hard problem of human behavior. The works cited here were presented in 2015.

Lew May Form, Kang Leng Chiew, San Nah Sze, and Wei King Tiong, “Phishing Email Detection Technique by Using Hybrid Features,” IT in Asia (CITA), 2015 9th International Conference on, Kota Samarahan, 2015, pp. 1-5. doi:10.1109/CITA.2015.7349818
Abstract: Phishing emails is growing at an alarming rate in this few years. It has caused tremendous financial losses to internet users. Phishing techniques getting more advance everyday and this has created great challenge to the existing anti-phishing techniques. Hence, in this paper, we proposed to detect phishing emails through hybrids features. The hybrid features consist of content-based, URL-based, and behavior-based features. Based on a set of 500 phishing emails and 500 legitimate emails, the proposed method achieved overall accuracy of 97.25% and error rate of 2.75%. This promising result verifies the effectiveness of the proposed hybrid features in detecting phishing email.
Keywords: Internet; computer crime; feature extraction; unsolicited e-mail; Internet users; URL-based features; antiphishing techniques; behavior-based features; content-based features; error rate; financial loss; hybrid features; phishing email detection technique; Browsers; Electronic mail; Feature extraction; IP networks; Security; Uniform resource locators; Anti-phishing; behavior-based; classification; emails (ID#: 16-10562)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7349818&isnumber=7349813

B. Harrison, A. Vishwanath, Y. J. Ng, and R. Rao, “Examining the Impact of Presence on Individual Phishing Victimization,” System Sciences (HICSS), 2015 48th Hawaii International Conference on, Kauai, HI, 2015, pp. 3483-3489. doi:10.1109/HICSS.2015.419
Abstract: Research on phishing has implicated users’ heuristic processing as the reason why they fail to recognize deception cues and fall prey to phishing attacks. Other research on online behavior has found that the attributes of the medium activate heuristics that contribute to feelings of presence and enhance the persuasiveness of presented information. The deception literature has, however, yet to examine how such medium attributes lead to victimization in a phishing attack. The present research thus fills an important gap in the literature. The study explores how perceptions of presence in a phishing attack influence its victimization rate. This is examined using an experiment in which participants are subjected to a phishing attack where the amount of social presence in the email is manipulated. In contrast to subjects in the lean information conditions, those in the information-rich condition were more likely to heuristically process presence cues, leading to their victimization.
Keywords: behavioural sciences; computer crime; unsolicited e-mail; deception cues recognition; email; individual phishing victimization; medium activate heuristics; medium attributes; online behavior; phishing attack; presence impact; social presence; users heuristic processing; victimization rate; Analysis of variance; Context; Electronic mail; Graphics; Information processing; Media; Systematics; cognitive processing; heuristic processing; heuristic-systematic processing; information richness; lean media; online consumer psychology; online deception; online victimization; phishing; rich media (ID#: 16-10563)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7070234&isnumber=7069647

M. L. Hale, R. F. Gamble, and P. Gamble, “CyberPhishing: A Game-Based Platform for Phishing Awareness Testing,” System Sciences (HICSS), 2015 48th Hawaii International Conference on, Kauai, HI, 2015, pp. 5260-5269. doi:10.1109/HICSS.2015.670
Abstract: Phishing attacks sap billions of dollars annually from unsuspecting individuals while compromising individual privacy. Companies and privacy advocates seek ways to better educate the populace against such attacks. Current approaches examining phishing include test-based techniques that ask subjects to classify content as phishing or not and inthe- wild techniques that directly observe subject behavior through distribution of faked phishing attacks. Both approaches have issues. Test-based techniques produce less reliable data since subjects may adjust their behavior with the expectation of seeing phishing stimuli, while in-the-wild studies can put subjects at risk through lack of consent or exposure of data. This paper examines a third approach that seeks to incorporate game-based learning techniques to combine the realism of in-thewild approaches with the training features of testing approaches. We propose a three phase experiment to test our approach on our CyberPhishing simulation platform, and present the results of phase one.
Keywords: Internet; computer crime; computer games; data privacy; unsolicited e-mail; CyberPhishing; game-based learning technique; in-the-wild approach; phishing awareness testing; privacy; test-based technique; Browsers; Degradation; Electronic mail; Games; Media; Testing; Training (ID#: 16-10564)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7070447&isnumber=7069647

C. Schäfer, “Detection of Compromised Email Accounts Used for Spamming in Correlation with Mail User Agent Access Activities Extracted from Metadata,” Computational Intelligence for Security and Defense Applications (CISDA), 2015 IEEE Symposium on, Verona, NY, 2015, pp. 1-6. doi:10.1109/CISDA.2015.7208641
Abstract: Every day over 29 billion spam and phishing messages are sent. Commonly the spammers use compromised email accounts to send these emails, which accounted for 57.9 percent of the global email traffic in September 2014. Previous research has primarily focused on the fast detection of abused accounts to prevent the fraudulent use of servers. State-of-the-art spam detection methods generally need the content of the email to classify it as either spam or a regular message. This content is not available within the new type of encrypted phishing emails that have become prevalent since the middle of 2014. The object of the presented research is to detect the anomaly with Mail User Agent Access Activities, which is based on the special behaviour of how to send emails without the knowledge of the email content. The proposed method detects the abused account in seconds and therefore reduces the sent spam per compromised account to less than one percent.
Keywords: authorisation; computer crime; cryptography; meta data; unsolicited e-mail; abused account detection; compromised e-mail account detection; encrypted phishing e-mails; fraudulent server use prevention; global e-mail traffic; mail user agent access activity extraction; meta data; phishing messages; spamming; Authentication; Cryptography; IP networks; Postal services; Servers; Unsolicited electronic mail; MUAAA; Mail User Agent Access Activities; compromised email account; encrypted phishing; hacked; phishing; spam (ID#: 16-10565)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7208641&isnumber=7208613

J. Jansen and R. Leukfeldt, “How People Help Fraudsters Steal Their Money: An Analysis of 600 Online Banking Fraud Cases,” Socio-Technical Aspects in Security and Trust (STAST), 2015 Workshop on, Verona, 2015, pp. 24-31. doi:10.1109/STAST.2015.12
Abstract: This paper presents an analysis of 600 phishing and malware incidents obtained from a Dutch bank. We observed from these cases that the behavior of customers in the fraudulent process entails giving away personal information to fraudsters. Phishing victimization occurred by responding to a false e-mail, a fraudulent phone call or a combination of these. Malware victimization occurred by responding to a pop-up and by installing a malicious application on a mobile device. Customers cooperated because the fraudulent messages were perceived professional and because they were not sufficiently suspicious. Our data suggests that customers have an active role in the fraudulent process. An interesting finding is that customers not always trusted the intention of the fraudster, but were mentally unable to stop the process. They did not read or pay attention to information on their screens that might have prevented the incident. We conclude this paper with recommendations for fraud mitigation strategies.
Keywords: Internet; bank data processing; computer crime; consumer behaviour; fraud; invasive software; unsolicited e-mail; customer behavior; fraud mitigation strategy; malware victimization; online banking fraud; phishing victimization; Databases; Electronic mail; Law enforcement; Malware; Online banking; cognitive aspects; customer behavior; deception; intervention; malware; phishing; victimization (ID#: 16-10566)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7351973&isnumber=7351960

R. Divya and S. Muthukumarasamy, “An Impervious QR-Based Visual Authentication Protocols to Prevent Black-Bag Ccryptanalysis,” Intelligent Systems and Control (ISCO), 2015 IEEE 9th International Conference on, Coimbatore, 2015, pp. 1-6. doi:10.1109/ISCO.2015.7282330
Abstract: Black-bag cryptanalysis is used to acquire the cryptographic secrets from the target computers and devices through burglary or covert installation of keylogging and Trojan horse hardware/software. To overcome black-bag cryptanalysis, the secure authentication protocols are required. It mainly focuses on keylogging where the keylogger hardware or software is used to capture the client's keyboard strokes to intercept the password. They considers various root kits residing in PCs (Personnel Computers) to observe the client's behavior that breaches the security. The QR code can be used to design the visual authentication protocols to achieve high usability and security. The two authentication protocols are Time based One-Time-Password protocol and Password-based authentication protocol. Through accurate analysis, the protocols are proved to be robust to several authentication attacks. And also by deploying these two protocols in real-world applications especially in online transactions, the strict security requirements can be satisfied.
Keywords: QR codes; cryptographic protocols; invasive software; message authentication; QR code; QR-based visual authentication protocol; Trojan horse hardware/software; authentication attack; black-bag cryptanalysis; burglary; covert installation; cryptographic secret; keylogger hardware; keylogger software; keylogging; online transaction; password-based authentication protocol; personnel computer; secure authentication protocol; time based one-time-password protocol; Encryption; Hardware; Keyboards; Personnel; Protocols; Robustness; Android; Attack; Authentication; Black-bag cryptanalysis; Keylogging; Malicious code; Pharming; Phishing; Session hijacking; visualization (ID#: 16-10567)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282330&isnumber=7282219

W. R. Flores, H. Holm, M. Ekstedt, and M. Nohlberg, “Investigating the Correlation Between Intention and Action in the Context of Social Engineering in Two Different National Cultures,” System Sciences (HICSS), 2015 48th Hawaii International Conference on, Kauai, HI, 2015, pp. 3508-3517. doi:10.1109/HICSS.2015.422
Abstract: In this paper, we shed a light on the intention-action relationship in the context of external behavioral information security threats. Specifically, external threats caused by employees’ social engineering security actions were examined. This was done by examining the correlation between employees’ reported intention to resist social engineering and their self-reported actions of hypothetical scenarios as well as observed action in a phishing experiment. Empirical studies including 1787 employees pertaining to six different organizations located in Sweden and USA laid the foundation for the statistical analysis. The results suggest that employees’ intention to resist social engineering has a significant positive correlation of low to medium strength with both self-reported action and observed action. Furthermore, a significant positive correlation between social engineering actions captured through written scenarios and a phishing experiment was identified. Due to data being collected from employees from two different national cultures, an exploration of potential moderating effect based on national culture was also performed. Based on this analysis we identified that the examined correlations differ between Swedish, and US employees. The findings have methodological contribution to survey studies in the information security field, showing that intention and self-reported behavior using written scenarios can be used as proxies of observed behavior under certain cultural contexts rather than others. Hence, the results support managers operating in a global environment when assessing external behavioral information security threats in their organization.
Keywords: behavioural sciences computing; cultural aspects; human factors; personnel; security of data; social sciences computing; statistical analysis; Sweden; Swedish employees; US employees; USA; employee intention; employee social engineering security actions; external behavioral information security threats; information security field; intention-action correlation; intention-action relationship; national cultures; phishing experiment; self-reported action; self-reported behavior; statistical analysis; Context; Correlation; Cultural differences; Information security; Organizations; Resists (ID#: 16-10568)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7070237&isnumber=7069647

Tien-Sheng Lin, I-Long Lin, and Fang-Yie Leu, “Constructing Military Smartphone Usage Criterion of Cloud-DEFSOP for Mobile Security,” Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2015 9th International Conference on, Blumenau, 2015, pp. 420-425. doi:10.1109/IMIS.2015.90
Abstract: Currently, several cloud security threats on smartphones can be found. They often cause users serious financial loss or bring bad reputation to a company or a institute. To detect malicious behaviors on the smartphones, Taiwan military office sets up a measure on cloud-based instruction detection to prevent mobile devices from possible attacks, for example, phishing and man-in-the-middle attacks. This study designs information security measures which are derived from digital evidence forensics standard operating procedure (DEFSOP) and construct military smartphone usage criterion. In cloud computing, digital forensics on smartphones deals with device-related preservation, identification, collection, record and interpretation of digital evidences. In order to keep the original digital evidences on the smartphone so as to be accepted by court judge, the identification process needs to be legal since the integrity of forensic result will be the major referenced evidences in the court. Basically, the process that we developed in the previous study satisfies the principle of ISO 27001. But our newly developed mobile DEFSOP has met ISO 27037 with IACC principle, including integrity, accuracy, consistency, and compliance.
Keywords: cloud computing; digital forensics; military communication; smart phones; IACC principle; ISO 27037; Taiwan military office; cloud security threats; cloud-based instruction detection; construct military smartphone usage criterion; digital evidence forensics standard operating procedure; forensic result integrity; information security measures; malicious behaviors; man-in-the-middle attacks; mobile DEFSOP; mobile devices; phishing; Computers; Forensics; Information security; Military computing; Mobile handsets; Object recognition; Cloud security threats; DEFSOP; IACC; instruction detection (ID#: 16-10569)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7284987&isnumber=7284886

N. Stembert, A. Padmos, M. S. Bargh, S. Choenni, and F. Jansen, “A Study of Preventing Email (Spear) Phishing by Enabling Human Intelligence,” Intelligence and Security Informatics Conference (EISIC), 2015 European, Manchester, 2015, pp. 113-120. doi:10.1109/EISIC.2015.38
Abstract: Cyber criminals use phishing emails in high-volume and spear phishing emails in low volume to achieve their malicious objectives. Hereby they inflict financial, reputational, and emotional damages on individuals and organizations. These (spear) phishing attacks get steadily more sophisticated as cyber criminals use social engineering tricks that combine psychological and technical deceptions to make malicious emails as trustworthy as possible. Such sophisticated (spear) phishing emails are hard for email protection systems to detect. Security researchers have studied users’ ability to perceive, identify and react upon email (spear) phishing attacks. In this study we have surveyed recent works on understanding how to prevent end-users from falling for email (spear) phishing attacks. Based on the survey we design and propose a novice method that combines interaction methods of reporting, blocking, warning, and embedded education to harness the intelligence of expert and novice users in a corporate environment in detecting email (spear) phishing attacks. We evaluate the design based on a qualitative study, in three experimental steps, by using a mockup prototype, and with 24 participants. We report on the insights gained, indicating that the proposed combination of the interaction methods is promising, and on future research directions.
Keywords: computer crime; human computer interaction; unsolicited e-mail; blocking; embedded education; human intelligence; interaction methods; reporting; spear phishing attacks; spear phishing emails; warning; Context; Electronic mail; Security; Sensors; Software; Training (ID#: 16-10577)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7379731&isnumber=7379706

Chih-Hung Lin, Chin-Wei Tien, Chih-Wei Chen, Chia-Wei Tien, and Hsing-Kuo Pao, “Efficient Spear-Phishing Threat Detection Using Hypervisor Monitor,” Security Technology (ICCST), 2015 International Carnahan Conference on, Taipei, 2015,
pp. 299-303. doi:10.1109/CCST.2015.7389700
Abstract: In recent years, cyber security threats have become increasingly dangerous. Hackers have fabricated fake emails to spoof specific users into clicking on malicious attachments or URL links in them. This kind of threat is called a spear-phishing attack. Because spear-phishing attacks use unknown exploits to trigger malicious activities, it is difficult to effectively defend against them. Thus, this study focuses on the challenges faced, and we develop a Cloud-threat Inspection Appliance (CIA) system to defend against spear-phishing threats. With the advantages of hardware-assisted virtualization technology, we use the CIA to develop a transparent hypervisor monitor that conceals the presence of the detection engine in the hypervisor kernel. In addition, the CIA also designs a document pre-filtering algorithm to enhance system performance. By inspecting PDF format structures, the proposed CIA was able to filter 77% of PDF attachments and prevent them from all being sent into the hypervisor monitor for deeper analysis. Finally, we tested CIA in real-world scenarios. The hypervisor monitor was shown to be a better anti-evasion sandbox than commercial ones. During 2014, CIA inspected 780,000 mails in a company with 200 user accounts, and found 65 unknown samples that were not detected by commercial anti-virus software.
Keywords: cloud computing; computer crime; document handling; invasive software; unsolicited e-mail; virtualisation; CIA; PDF format structures; URL links; antievasion sandbox; cloud-threat inspection appliance; commercial antivirus software; cyber security threats; detection engine; document prefiltering algorithm; fake emails; hackers; hardware-assisted virtualization technology; hypervisor kernel; malicious activities; malicious attachments; spear-phishing attack; spear-phishing threat detection; transparent hypervisor monitor; user accounts; Electronic mail; Malware; Monitoring; Portable document format; Virtual machine monitors; Virtualization; cyber security; hardware-assisted virtualization; hypervisor monitor; spear-phishing (ID#: 16-10578)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7389700&isnumber=7389647

S. Zafar and M. B. Tiwana, “Discarded Hard Disks — A Treasure Trove for Cybercriminals: A Case Study of Recovered Sensitive Data from a Discarded Hard Disk,” Anti-Cybercrime (ICACC), 2015 First International Conference on, Riyadh, 2015, pp. 1-6. doi:10.1109/Anti-Cybercrime.2015.7351956
Abstract: The modern malware poses serious security threats because of its evolved capability of using staged and persistent attack while remaining undetected over a long period of time to perform a number of malicious activities. The challenge for malicious actors is to gain initial control of the victim's machine by bypassing all the security controls. The most favored bait often used by attackers is to deceive users through a trusting or interesting email containing a malicious attachment or a malicious link. To make the email credible and interesting the cybercriminals often perform reconnaissance activities to find background information on the potential target. To this end, the value of information found on the discarded or stolen storage devices is often underestimated or ignored. In this paper, we present the partial results of analysis of one such hard disk that was purchased from the open market. The data found on the disk contained highly sensitive personal and organizational data. The results from the case study will be useful in not only understanding the involved risk but also creating awareness of related threats.
Keywords: data protection; digital forensics; hard discs; invasive software; unsolicited e-mail; background information; cybercriminals; discarded hard disks; discarded storage devices; e-mail credibility; malicious activities; malicious actors; malicious attachment; malicious link; malware; reconnaissance activities; recovered sensitive data; security controls; security threats; sensitive-personal organizational data; stolen storage devices; trust management; Electronic mail; Hard disks; Malware; Media; Organizations; Software; Advanced Persistent Threat; Cybercrime; Data Recovery; Digital Forensics; Security and Privacy Awareness; Social Network Analysis; Spear-phishing (ID#: 16-10579)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7351956&isnumber=7351910

M. C. Kotson and A. Schulz, “Characterizing Phishing Threats with Natural Language Processing,” Communications and Network Security (CNS), 2015 IEEE Conference on, Florence, 2015, pp. 308-316. doi:10.1109/CNS.2015.7346841
Abstract: Spear phishing is a widespread concern in the modern network security landscape, but there are few metrics that measure the extent to which reconnaissance is performed on phishing targets. Spear phishing emails closely match the expectations of the recipient, based on details of their experiences and interests, making them a popular propagation vector for harmful malware. In this work we use Natural Language Processing techniques to investigate a specific real-world phishing campaign and quantify attributes that indicate a targeted spear phishing attack. Our phishing campaign data sample comprises 596 emails - all containing a web bug and a Curriculum Vitae (CV) PDF attachment - sent to our institution by a foreign IP space. The campaign was found to exclusively target specific demographics within our institution. Performing a semantic similarity analysis between the senders’ CV attachments and the recipients’ LinkedIn profiles, we conclude with high statistical certainty (p <; 10-4) that the attachments contain targeted rather than randomly selected material. Latent Semantic Analysis further demonstrates that individuals who were a primary focus of the campaign received CVs that are highly topically clustered. These findings differentiate this campaign from one that leverages random spam.
Keywords: computer crime; computer network security; invasive software; natural language processing; statistical analysis; unsolicited e-mail; Web bug; curriculum vitae PDF attachment; foreign IP space; latent semantic analysis; malware; modern network security landscape; natural language processing; propagation vector; recipient LinkedIn profiles; semantic similarity analysis; sender CV attachments; spear phishing emails; spear phishing threat characterization; statistical certainty; Reconnaissance (ID#: 16-10580)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346841&isnumber=7346791

P. Wood, “A Simulated Criminal Attack,” Cyber Security for Industrial Control Systems, London, 2015, pp. 1-21. doi:10.1049/ic.2015.0007
Abstract: Presents a collection of slides covering the following topics: advanced attack; threat analysis; remote information gathering; on-site reconnaissance; spear phishing plan; spear phishing exercise; branch office attack plan; branch office attack exercise; head office attack plan; head office attack exercise.
Keywords: computer crime; firewalls; Red Team exercise; a simulated criminal attack; advanced attack; branch office attack exercise; branch office attack plan; head office attack exercise; head office attack plan; on-site reconnaissance; remote information gathering; spear phishing exercise; spear phishing plan; threat analysis (ID#: 16-10581)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7332809&isnumber=7137498

N. Nassar and Li-Chiou Chen, “Multi Seed Authentication Using S/Key Scheme,” High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conferen on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, New York, NY, 2015, pp. 1225-1229. doi:10.1109/HPCC-CSS-ICESS.2015.104
Abstract: Although using both user name and password is predominantly the main solution for online authentication, it has several drawbacks such as user necessity to memorize different complex passwords, the need to renew password periodically, and the possibility of being victim of spear phishing or social engineering. Most importantly, many users end up saving their passwords in plain text file that could potentially be exploited. In this paper we propose a new method for web applications to enhance user authentication that is less dependent on end users’ memory of passwords. Our approach is to split the login process into two phases, identification phase and authentication phase. Both phases will depend mainly on multiple counts of random numbers to identify and authenticate the user. In this paper, we discussed our proposed method in section III. Section IV detailed our experiment and also analyzed the effectiveness of the proposed method based on the simulation of a hypothesized corporate environment in section V.
Keywords: Internet; message authentication; S/Key scheme; Web applications; authentication phase; identification phase; login process; multiseed authentication; one-time password system; plain text file; social engineering; spear phishing; user authentication; Authentication; Computer science; Generators; Servers; Synchronization; Uniform resource locators; S/Key; authentication; information security; one-time password; pseudo random numbers; user identification (ID#: 16-10582)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7336335&isnumber=7336120

A. Nappa, R. Johnson, L. Bilge, J. Caballero, and T. Dumitras, “The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching,” Security and Privacy (SP), 2015 IEEE Symposium on, San Jose, CA, 2015, pp. 692-708. doi:10.1109/SP.2015.48
Abstract: Vulnerability exploits remain an important mechanism for malware delivery, despite efforts to speed up the creation of patches and improvements in software updating mechanisms. Vulnerabilities in client applications (e.g., Browsers, multimedia players, document readers and editors) are often exploited in spear phishing attacks and are difficult to characterize using network vulnerability scanners. Analyzing their lifecycle requires observing the deployment of patches on hosts around the world. Using data collected over 5 years on 8.4 million hosts, available through Symantec's WINE platform, we present the first systematic study of patch deployment in client-side vulnerabilities. We analyze the patch deployment process of 1,593 vulnerabilities from 10 popular client applications, and we identify several new threats presented by multiple installations of the same program and by shared libraries distributed with several applications. For the 80 vulnerabilities in our dataset that affect code shared by two applications, the time between patch releases in the different applications is up to 118 days (with a median of 11 days). Furthermore, as the patching rates differ considerably among applications, many hosts patch the vulnerability in one application but not in the other one. We demonstrate two novel attacks that enable exploitation by invoking old versions of applications that are used infrequently, but remain installed. We also find that the median fraction of vulnerable hosts patched when exploits are released is at most 14%. Finally, we show that the patching rate is affected by user-specific and application-specific factors, for example, hosts belonging to security analysts and applications with an automated updating mechanism have significantly lower median times to patch.
Keywords: invasive software; software reliability; Symantec WINE platform; application-specific factors; automated updating mechanism; malware delivery; network vulnerability scanners; shared code; software lifecycle analysis; software updating mechanisms; spear phishing attacks; user-specific factors; vulnerability patching; Databases; Delays; Libraries; Security; Sociology; Software; Statistics; client applications; patch deployment; software vulnerabilities; vulnerability exploits
(ID#: 16-10583)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163055&isnumber=7163005
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Physical Layer Security 2015

	Physical Layer Security 2015

Physical layer security presents the theoretical foundation for a new model for secure communications by exploiting the noise inherent to communications channels. Based on information-theoretic limits of secure communications at the physical layer, the concept has challenges and opportunities related to the designing of physical layer security schemes. The works presented here address the information-theoretical underpinnings of physical layer security and present various approaches and outcomes for communications systems. For the Science of Security community, physical layer security relates to resilience, metrics, and composability. The work cited here was presented in 2015.

A. Saad, A. Mohamed, T. M. Elfouly, T. Khattab, and M. Guizani, “Comparative Simulation for Physical Layer Key Generation Methods,” Wireless Communications and Mobile Computing Conference (IWCMC), 2015 International, Dubrovnik, 2015, pp. 120-125. doi:10.1109/IWCMC.2015.7289068
Abstract: The paper cogitates about a comparative simulation for various distillation, reconciliation, and privacy amplification techniques that are used to generate secure symmetric physical layer keys. Elementary wireless model of two mobile nodes in the presence of a passive eavesdropper is used to perform the comparison process. Important modifications are proposed to some phases' techniques in order to increase the performance of the generation process as a whole. Different metrics were used for comparison in each phase, in the distillation phase, we use the Bit Mismatch Rate (BMR) for different SNR values to compare various extracted random strings of the two intended nodes. On the other hand, the messaging rate and process complexity is exploited to estimate the performance of the compared techniques in both reconciliation and privacy amplification phases. The randomness and entropy properties of the keys are verified using the NIST suite, all the generated keys are 128 bits, it is shown that the success rate of the keys passing the randomness tests depends strongly on the techniques that are used through the three generation phases.
Keywords: cryptography; BMR; SNR values; bit mismatch rate; elementary wireless model; messaging rate; mobile nodes; physical layer key generation methods; process complexity; Complexity theory; Phase measurement; Physical layer; Privacy; Receivers; Security; Signal to noise ratio; Physical layer security; cascaded techniques; distillation; physical layer key generation; privacy amplification; reconciliation (ID#: 16-10535)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7289068&isnumber=7288920

M. H. Yilmaz and H. Arslan, “A Survey: Spoofing Attacks in Physical Layer Security,” Local Computer Networks Conference Workshops (LCN Workshops), 2015 IEEE 40th, Clearwater Beach, FL, 2015, pp. 812-817. doi:10.1109/LCNW.2015.7365932
Abstract: Increasing demand on wireless communications also increases the issues related to communication security. Among different security solutions, physical layer security have recently been gaining many interests by the researchers. In this paper, a survey study is provided in one of the most critical attacks, namely spoofing attacks. When a legitimate transmitter stops sending a signal to a legitimate receiver, the spoofer starts to transmit a deceiving signal to the same legitimate receiver by acting as if it is the legitimate transmitter. The aim of the spoofer is to deceive the legitimate receiver. Within this concept, we first review the detection methods and countermeasures to spoofing attacks. To be able to evaluate the proposed techniques, we discuss different metrics provided in the literature. Then, we conclude the paper with the open issues.
Keywords: radio receivers; radio transmitters; telecommunication security; communication security; legitimate receiver; legitimate transmitter; physical layer security; spoofing attack; wireless communication; Jamming; Physical layer; Receivers; Security; Transceivers; Transmitters; Wireless communication; Spoofing attack (ID#: 16-10536)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7365932&isnumber=7365758

Long Kong, G. Kaddoum, and M. Taha, “Performance Analysis of Physical Layer Security of Chaos-Based Modulation Schemes,” Wireless and Mobile Computing, Networking and Communications (WiMob), 2015 IEEE 11th International Conference on, Abu Dhabi, 2015, pp. 283-288. doi:10.1109/WiMOB.2015.7347973
Abstract: Chaos-shift-keying (CSK) and differential CSK (DCSK) are the two popular coherent and non-coherent modulation schemes for ultra wide-band (UWB) communications. However, security of these schemes has never been studied formally from the information-theoretic perspective. In this paper, we investigate the physical layer security of CSK and DCSK modulation schemes over AWGN and Rayleigh fading channels from the information-theoretic manner. For this aim, the average secrecy capacity and outage probability are computed and analyzed by considering the variation of bit energy Eb coming from the use of chaotic signal to convey information. Our results show that CSK has better or close secrecy capacity and outage probability compared with DCSK and the conventional spread-spectrum modulation. Additionally, these metrics favor Rayleigh fading channels over AWGN channels. Finally, we conclude that the non-constant bit energy is useful to enhance the physical layer security.
Keywords: AWGN channels; Rayleigh channels; phase shift keying; ultra wideband communication;  CSK; DCSK; Rayleigh fading channels; UWB communications; chaos-based modulation scheme; chaos-shift-keying; differential CSK; noncoherent modulation scheme; physical layer security; Chaotic communication; Fading; Modulation; Physical layer; Security; Wireless communication; Bit energy;  Outage probability; Secrecy capacity (ID#: 16-10537)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7347973&isnumber=7347915

Yongjue Chen, Wei Li, and Huixi Shu, “Wireless Physical-Layer Security with Multiple Receivers and Eavesdroppers: Outage Probability and Average Secrecy Capacity,” Personal, Indoor, and Mobile Radio Communications (PIMRC), 2015 IEEE 26th Annual International Symposium on, Hong Kong, 2015, pp. 662-667. doi:10.1109/PIMRC.2015.7343381
Abstract: The wiretap channel model in a wireless scenario is analyzed where there is a transmitter, multiple legitimate receivers, non-colluding and colluding eavesdroppers; each of them is equipped with one antenna. Furthermore, all the channels are mutually independent and experiencing quasi-static Nakagami-m fading. We derive closed-form expressions for the exact secrecy outage probability as well as the average secrecy capacity with both non-colluding and colluding eavesdroppers. Such performance metrics are used to analyze the impacts of the number of receivers and eavesdroppers on the system. Remarkably, our results reveal that, for non-colluding eavesdroppers, increasing the number of users will cause greater secrecy degradation than the number of eavesdroppers, especially when the main channel is far superior to the wiretap channel or the value of the fading parameter is high. And for the colluding case, it turns out to be the opposite.
Keywords: Nakagami channels; probability; radio receivers; radio transmitters; telecommunication security; average secrecy capacity; closed-form expressions; colluding eavesdroppers; multiple receivers; noncolluding eavesdroppers; outage probability; quasistatic Nakagami-m fading channels; secrecy degradation; transmitter; wireless physical-layer security; wiretap channel model; Communication system security; Fading; Land mobile radio; Receivers; Security; Signal to noise ratio; Wireless communication (ID#: 16-10538)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7343381&isnumber=7343254

T. Mazloum and A. Sibille, “Performance of Secret Key Generation in Non Stationary Channels,” 2015 9th European Conference on Antennas and Propagation (EuCAP), Lisbon, 2015, pp. 1-6. doi: (not provided)
Abstract: Secret key generation from the randomness provided by random channels is currently considered as one way to improve security in wireless communications at the physical layer level. However, the relation between the performance of SKG schemes and the characteristics of the radio channel has been moderately investigated. In this work, we evaluate the security performance through a simple channel model based on scatterers distributed around the terminals, which enables going beyond the common assumption of spatial stationarity between the legitimate terminal and the eavesdropper. This performance is assessed both from information theory metrics and from a practical key extraction algorithm.
Keywords: electromagnetic wave scattering; private key cryptography; random processes; telecommunication security; wireless channels; SKG scheme; eavesdropper; information theory metrics; legitimate terminal; nonstationary channel model; physical layer level; practical key extraction algorithm; radio channel; random channel; scatterer distribution; secret key generation; spatial stationarity; wireless communication security; Bit error rate; Channel estimation; Channel models; Correlation; Fading; Rician channels; Security; information security; physical layer; propagation; spatial diversity (ID#: 16-10539)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7228938&isnumber=7228134

R. Steinfeld and A. Sakzad, “On Massive MIMO Physical Layer Cyptosystem,” Information Theory Workshop - Fall (ITW), 2015 IEEE, Jeju, 2015, pp. 292-296. doi:10.1109/ITWF.2015.7360782
Abstract: In this paper, we present a zero-forcing (ZF) attack on the physical layer cryptography scheme based on massive multiple-input multiple-output (MIMO). The scheme uses singular value decomposition (SVD) precoder. We show that the eavesdropper can decrypt/decode the information data under the same condition as the legitimate receiver. We then study the advantage for decoding by the legitimate user over the eavesdropper in a generalized scheme using an arbitrary precoder at the transmitter. On the negative side, we show that if the eavesdropper uses a number of receive antennas much larger than the number of legitimate user antennas, then there is no advantage, independent of the precoding scheme employed at the transmitter. On the positive side, for the case where the adversary is limited to have the same number of antennas as legitimate users, we give an O(n2) upper bound on the advantage and show that this bound can be approached using an inverse precoder.
Keywords: MIMO communication; cryptography; radio receivers; singular value decomposition; telecommunication security; SVD precoder; ZF attack; information data; legitimate receiver; massive MIMO physical layer cryptosystem; massive multiple-input multiple-output; physical layer cryptography scheme; singular value decomposition; zero forcing attack; Cryptography; Decoding; MIMO; Receivers; Search problems; Transmitters; Massive MIMO; Physical Layer Cryptography; Precoding; Singular Value; Zero-Forcing (ID#: 16-10540)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7360782&isnumber=7360717

J. Rodriguez Parra, T. Chan, I. Land, and Siu-Wai Ho, “Authentication for Two-Way Relay Channel with Physical-Layer Network Coding,” Information Theory Workshop – Fall (ITW), 2015 IEEE, Jeju, 2015, pp. 49-53. doi:10.1109/ITWF.2015.7360732
Abstract: Physical Layer Network coding (PLNC) can significantly improve network performance, but some security issues arise due to the limited information available to the forwarders. This paper analyses authentication in networks with PLNC and show theoretical and practical security limits. In particular, we obtain a lower bound for the probability of an attacker being able to insert a false message such that the message is believed to come from a legitimate source. We prove that an information-theoretic bound similar to the one for point-to-point communication systems can be achieved in networks employing PLNC. Necessary and sufficient conditions to achieve the bound are identified. Finally, a simple but important modification of a previous scheme is proposed to achieve the obtained bound.
Keywords: network coding; probability; relay networks (telecommunication) telecommunication security; PLNC; legitimate source; physical layer network coding; point-to-point communication systems; probability; two way relay channel authentication; Authentication; Encoding; Network coding; Receivers; Relays; Uplink; Information security; Network Coding; Relay Networks (ID#: 16-10541)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7360732&isnumber=7360717

L. Zhang, H. Zhang, D. Wu, and D. Yuan, “Improving Physical Layer Security for MISO Systems via Using Artificial Noise,” 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, CA, USA, 2015, pp. 1-6. doi:10.1109/GLOCOM.2015.7417842
Abstract: Physical layer security approaches enable secure message transmission without upper layer data encryption and thus draw intensive attention recently years. Following this topic, this paper proposes a novel approach to improve the security of multiple-input single-output (MISO) communications links in the presence of non-colluding passive Poisson distributed eavesdroppers. In the proposed approach, it is assumed that the channel state information (CSI) of the main channel is known and that of the eavesdropper channel is unknown. Through beamforming vectors, the transmitter transmits information signal to the legitimate receiver along with artificial noise (AN) to confuse the eavesdroppers. Secrecy outage probability (SOP) is adopted to describe the secrecy performance, and based on it, security region (SR) is used from the perspective of space to illustrate the security. In obtaining the SOP of the described transmission link, stochastic geometry theory is adopted. It is shown that the stochastic geometry theory provides a powerful tool in obtaining a solution of SOP. Furthermore, the secrecy performance between transmitting approaches with AN and without AN is compared. The SR is plotted and the factors impacting security are analyzed accordingly.
Keywords: Array signal processing; Fading channels; Null space; Receivers; Security; Transmitters (ID#: 16-10542)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7417842&isnumber=7416057

C. Rusu, N. González-Prelcic, and R. W. Heath, “An Attack on Antenna Subset Modulation for Millimeter Wave Communication,” Acoustics, Speech and Signal Processing (ICASSP), 2015 IEEE International Conference on, South Brisbane, QLD, 2015, pp. 2914-2918. doi:10.1109/ICASSP.2015.7178504
Abstract: Antenna subset modulation (ASM) is a physical layer security technique that is well suited for millimeter wave communication systems. The key idea is to vary the radiation pattern at the symbol rate by selecting one from a subset of patterns with a similar main lobe and different side lobes. This paper shows that ASM is not robust to an eavesdropper that makes multiple simultaneous measurements at multiple angles. The measurements are combined and used to formulate an estimation problem to undo the effects of the side lobe randomization. Simulations show the performance of the estimation algorithms and how the eavesdropper can effectively recover the information if the signal-to-noise ratio exceeds a certain threshold. Using fewer active radio frequency chains makes it harder for the attacker to recover the transmit symbol, at the expense of more grating lobes.
Keywords: antenna radiation patterns; estimation theory; millimetre wave antenna arrays; modulation; radio networks; set theory; telecommunication security; ASM; active radio frequency chains; antenna subset modulation; estimation problem; grating lobes; large antenna arrays; millimeter wave communication systems; multiple simultaneous measurements; physical layer security technique; radiation pattern; side lobe randomization; signal-to-noise ratio; symbol rate; transmit symbol recovery; Antenna arrays; Antenna radiation patterns; Estimation; Modulation; Receivers; Security; Antenna subset modulation;millimeter wave communication; physical layer security (ID#: 16-10543)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7178504&isnumber=7177909

L. Zhang, L. Jin, W. Luo, Y. Tang, and D. Yu, “Robust Joint Beamforming and Artificial Noise Design for Amplify-and-Forward Multi-Antenna Relay Systems,” Acoustics, Speech and Signal Processing (ICASSP), 2015 IEEE International Conference on, South Brisbane, QLD, 2015, pp. 1732-1736. doi:10.1109/ICASSP.2015.7178267
Abstract: In this paper, we address physical layer security for amplify-and-forward (AF) multi-antenna relay systems in the presence of multiple eavesdroppers. A robust joint design of cooperative beamforming (CB) and artificial noise (AN) is proposed with imperfect channel state information (CSI) of both the destination and the eavesdroppers. We aim to maximize the worst-case secrecy rate subject to the sum power and the per-antenna power constraints at the relay. Such joint design problem is non-convex. By utilizing the semidefinite relaxation (SDR) technique, S-procedure and the successive convex approximation (SCA) algorithm, the original non-convex optimization problem is recast into a series of semidefinite programs (SDPs) which can be efficiently solved using interior-methods. Simulation results are presented to verify the effectiveness of the proposed design.
Keywords: amplify and forward communication; antenna arrays; approximation theory; array signal processing; concave programming; convex programming; relaxation theory; relay networks (telecommunication); telecommunication security; wireless channels; AF multi-antenna relay system; AN; CB; CSI; S-procedure algorithm; SCA algorithm; SDP; SDR technique; amplify and forward multiantenna relay system; artificial noise design; channel state information; interior method; multiple eavesdropper; nonconvex optimization; physical layer security; robust joint cooperative beamforming; semidefinite program; semidefinite relaxation technique; successive convex approximation algorithm; worst-case secrecy maximization; Algorithm design and analysis; Array signal processing; Joints; Noise; Relays; Robustness; Security; Physical layer security; amplify-and-forward relaying; artificial noise; cooperative beamforming; secrecy rate (ID#: 16-10544)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7178267&isnumber=7177909

T. Mazloum and A. Sibille, “Performance of Secret Key Generation in Non Stationary Channels,” 2015 9th European Conference on Antennas and Propagation (EuCAP), Lisbon, 2015, pp. 1-6. doi: (not provided)
Abstract: Secret key generation from the randomness provided by random channels is currently considered as one way to improve security in wireless communications at the physical layer level. However, the relation between the performance of SKG schemes and the characteristics of the radio channel has been moderately investigated. In this work, we evaluate the security performance through a simple channel model based on scatterers distributed around the terminals, which enables going beyond the common assumption of spatial stationarity between the legitimate terminal and the eavesdropper. This performance is assessed both from information theory metrics and from a practical key extraction algorithm.
Keywords: electromagnetic wave scattering; private key cryptography; random processes; telecommunication security; wireless channels; SKG scheme; eavesdropper; information theory metrics; legitimate terminal; nonstationary channel model; physical layer level; practical key extraction algorithm; radio channel; random channel; scatterer distribution; secret key generation; spatial stationarity; wireless communication security; Bit error rate; Channel estimation; Channel models; Correlation; Fading; Rician channels; Security; information security; physical layer; propagation; spatial diversity (ID#: 16-10545)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7228938&isnumber=7228134

S. R. Aghdam, T. M. Duman, and M. Di Renzo, “On Secrecy Rate Analysis of Spatial Modulation and Space Shift Kkeying,” Communications and Networking (BlackSeaCom), 2015 IEEE International Black Sea Conference on, Constanta, 2015, pp. 63-67. doi:10.1109/BlackSeaCom.2015.7185087
Abstract: Spatial modulation (SM) and space shift keying (SSK) represent transmission methods for low-complexity implementation of multiple-input multiple-output (MIMO) wireless systems in which antenna indices are employed for data transmission. In this paper, we focus our attention on the secrecy behavior of SSK and SM. Using an information-theoretic framework, we derive expressions for the mutual information and consequently compute achievable secrecy rates for SSK and SM via numerical evaluations. We also characterize the secrecy behavior of SSK by showing the effects of increasing the number of antennas at the transmitter as well as the number of antennas at the legitimate receiver and the eavesdropper. We further evaluate the secrecy rates achieved by SM with different sizes of the underlying signal constellation and compare the secrecy performance of this scheme with those of general MIMO and SIMO systems. The proposed framework unveils that SM is capable of achieving higher secrecy rates than the conventional single-antenna transmission schemes. However, it underperfoms compared to a general MIMO system in terms of the achievable secrecy rates.
Keywords: MIMO communication; antenna arrays; information theory; modulation; receiving antennas; transmitting antennas; MIMO wireless system; SIMO system; SM; SSK; antenna index; data transmission; eavesdropper; information-theoretic framework; multiple-input multiple-output wireless system; mutual information; receiving antenna; secrecy behavior; secrecy rate analysis; signal constellation; single-antenna transmission scheme; space shift keying; spatial modulation; transmitting antenna; MIMO; Modulation; Mutual information; Receiving antennas; Signal to noise ratio; Transmitting antennas; MIMO wiretap channel; Physical layer security; secrecy capacity; space shift keying; spatial modulation (ID#: 16-10546)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7185087&isnumber=7185069

C. R. Janda, M. Wiese, J. Nötzel, H. Boche, and E. A. Jorswieck, “Wiretap-Channels Under Constrained Active and Passive Attacks,” Communications and Network Security (CNS), 2015 IEEE Conference on, Florence, 2015, pp. 16-21. doi:10.1109/CNS.2015.7346805
Abstract: In this paper, the pessimistic multi letter common randomness assisted secrecy capacity for the Arbitrarily Varying Wiretap Channel (AVWC) under input and state constraints is derived.
Keywords: channel capacity; information theory; telecommunication security; AVWC; arbitrarily varying wiretap channel; assisted secrecy capacity; constrained active attacks; passive attacks; pessimistic multiletter common randomness; Communication system security; Compounds; Conferences; Decoding; Error probability; Receivers; Yttrium; AVWC; Active Eavesdroppers; Constraints; Physical Layer Secrecy (ID#: 16-10547)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346805&isnumber=7346791

S. M. Shah and V. Sharma, “Achieving Shannon Capacity Region as Secrecy Rate Region in a Multiple Access Wiretap Channel,” Wireless Communications and Networking Conference (WCNC), 2015 IEEE, New Orleans, LA, 2015, pp. 759-764. doi:10.1109/WCNC.2015.7127565
Abstract: We consider a two user multiple-access channel with an eavesdropper at the receiving end. We use previously transmitted messages as a key in the next slot till we achieve the capacity region of the usual multiple access channel (MAC).
Keywords: information theory; telecommunication channels; MAC; Shannon capacity region; multiple access wiretap channel; secrecy rate region; Channel capacity; Conferences; Encoding; Receivers; Security; Transmitters; Zinc; Secret key; multiple access channel; physical layer security; secrecy capacity (ID#: 16-10548)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7127565&isnumber=7127309

J. Zhu, Y. Chen, Y. Nakamura, X. Jiang, O. Takahashi, and N. Shiratori, “Outage Performance of Secure Multicasting in the Presence of Multiple Eavesdroppers,” Mobile Computing and Ubiquitous Networking (ICMU), 2015 Eighth International Conference on, Hakodate, 2015, pp. 138-142. doi:10.1109/ICMU.2015.7061056
Abstract: Recently, there has been a growing interest in applying multiple antennas to achieve information-theoretic security in wireless communication networks. In this paper, we consider the transmission of common confidential data from a single-antenna transmitter to multiple multi-antenna receivers in the presence of multiple multi-antenna eavesdroppers. Both the receivers and eavesdroppers employ maximal-ratio combining (MRC) to combine the signals received at multiple antennas. For the considered system, we derive its connection outage probability and secrecy outage probability to characterize the reliability level and the security level, respectively. Numerical results are also provided to analyze the tradeoff among the reliability and security performances and the number of antennas (or nodes) of either receivers or eavesdroppers.
Keywords: data communication; diversity reception; information theory; multicast communication; probability; radio networks; radio receivers; radio transmitters; receiving antennas; security of data; telecommunication network reliability; telecommunication security; transmitting antennas; MRC; confidential data; connection outage probability; information-theoretic security; maximal-ratio combining; multiantenna eavesdroppers; multiantenna receivers; secrecy outage probability; secure multicasting; single-antenna transmitter; wireless communication networks; Fading; Multicast communication; Receiving antennas; Security; Transmitters; Physical layer security; multicast; multiple antennas; secrecy outage probability (ID#: 16-10549)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7061056&isnumber=7061015

S. Farhang, Y. Hayel, and Quanyan Zhu, “PHY-Layer Location Privacy-Preserving Access Point Selection Mechanism in Next-Generation Wireless Networks,” Communications and Network Security (CNS), 2015 IEEE Conference on, Florence, 2015, pp. 263-271. doi: 10.1109/CNS.2015.7346836
Abstract: The deployment of small-cell base stations in 5G wireless networks is an emerging technology to meet an increasing demand for high data rates of a growing number of heterogeneous devices. The standard algorithms designed for the physical layer communications exhibit security and privacy vulnerabilities. As a 5G network consists of increasingly small cells to improve the throughput, the knowledge of which cell a mobile user communicates to can easily reveal valuable information about the user's location. This paper investigates the location privacy of the access point selection algorithms in 5G mobile networks, and we show that the stable matching of mobile users to access points at the physical layer reveals information related to users' location and their preferences. Traditional location privacy is mainly treated at the application or network layer but the investigation from the physical layer is missing. In this work, we first establish a matching game model to capture the preferences of mobile users and base stations using physical layer system parameters, and then investigate the location privacy of the associated Gale-Shapley algorithm. We develop a differential privacy framework for the physical layer location privacy issues, and design decentralized differential private algorithms to guarantee privacy to a large number of users in the heterogeneous 5G network. Numerical experiments and case studies will be used to corroborate the results.
Keywords: 5G mobile communication; cellular radio; game theory; mobility management (mobile radio); next generation networks; 5G wireless networks; PHY-layer location privacy; access point selection algorithms; access point selection mechanism; application layer; associated Gale-Shapley algorithm; decentralized differential private algorithms; heterogeneous 5G network; heterogeneous devices; matching game model; mobile user; network layer; next-generation wireless networks; physical layer communications; small-cell base stations; Algorithm design and analysis; Bismuth; Physical layer; Privacy; Wireless networks (ID#: 16-10550)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346836&isnumber=7346791

M. I. Poulakis, S. Vassaki, and A. D. Panagopoulos, “Opportunistic Transmission Scheduling for Secure Wireless Links: An Optimal Stopping Approach,” Vehicular Technology Conference (VTC Spring), 2015 IEEE 81st, Glasgow, 2015, pp. 1-5. doi: 10.1109/VTCSpring.2015.7145979
Abstract: Secure communications constitute a major concern in wireless networks' design. Toward this direction, physical layer security can achieve confidential data transmission from an information-theoretic viewpoint. This paper focuses on investigating the secure transmission of information over Nakagami-m fading channels in the presence of an eavesdropper. Specifically, we propose a distributed scheduler that opportunistically exploits the time-varying fading channel characteristics with a view to maximizing the expected secrecy throughput of a wireless link. The proposed multi-threshold scheduling policy postpones the communication up to an acceptable deadline until the secure-optimal time instant is found, based on the optimal stopping theory. The performance of the proposed scheduler is evaluated through simulations for various link parameters, while its achieved secrecy gain is examined and compared with other heuristic schemes.
Keywords: Nakagami channels; information theory; radio links; telecommunication scheduling; telecommunication security; time-varying channels; Nakagami-m fading channels; confidential data transmission; distributed scheduler; eavesdropper; information-theoretic viewpoint; multithreshold scheduling policy; opportunistic transmission scheduling; optimal stopping approach; optimal stopping theory; physical layer security; secrecy throughput; secure communications; secure transmission; secure wireless links; time-varying fading channel characteristics; wireless networks; Communication system security; Fading; Physical layer; Security; Signal to noise ratio; Throughput; Wireless communication (ID#: 16-10551)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7145979&isnumber=7145573

Kyoung-Young Song, Ki-Soon Yu, and Daewoon Lim, “Secure Frame Format for Avoiding Replay Attack in Distributed Network Protocol (DNP3),” Information and Communication Technology Convergence (ICTC), 2015 International Conference on, Jeju, 2015, pp. 344-349. doi:10.1109/ICTC.2015.7354560
Abstract: Distributed Network Protocol (DNP3) is a set of communications protocols used between components in industrial control systems, especially power electric systems. Those systems should have integrity, low complexity, authentication and so on. Among them, the scheme using cyclic shift operation that can satisfy the integrity and complexity is addressed. Furthermore, another scheme using undetected burst error pattern is also proposed.
Keywords: computer network security; cryptographic protocols; data integrity; DNP3 communication protocol; authentication; cyclic shift operation; distributed network protocol; industrial control system; integrity; low complexity; power electric system; replay attack avoidance; secure frame format; undetected burst error pattern; Complexity theory; Cryptography; Decoding; Payloads; Physical layer; Protocols; SCADA systems (ID#: 16-10552)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7354560&isnumber=7354472

“Table of Contents,” Wireless Communications and Mobile Computing Conference (IWCMC), 2015 International, Dubrovnik, 2015, pp. 1-34. doi: 10.1109/IWCMC.2015.7288925
Abstract: The following topics are dealt with: LEO satellite networks; mobile ad hoc networks; delay tolerant networks; QoS; QoE; wireless networking management; physical layer security; mobile computing; information theory; routing mechanisms; WSN; coding; next generation networks; MIMO; OFDMA; M2M communication; LTE; 5G wireless networks; MAC protocols; and multimedia communications.
Keywords: 5G mobile communication; Long Term Evolution; MIMO communication; OFDM modulation; access protocols; delay tolerant networks; encoding; frequency division multiple access; information theory; mobile ad hoc networks; mobile computing; multimedia communication; next generation networks; quality of experience; quality of service; satellite communication; telecommunication network management; telecommunication network routing; telecommunication security; wireless sensor networks; 5G wireless network; LEO satellite network; LTE; Long Term Evolution; M2M communication; MAC protocol; MIMO; OFDMA; QoE; QoS; WSN; coding; delay tolerant network; information theory; medium access control protocol; mobile ad hoc network; mobile computing; multimedia communication; multiple-input multiple-output; next generation network; orthogonal frequency division multiple access; physical layer security; quality of experience; quality of service; routing mechanism; wireless networking management; wireless sensor network (ID#: 16-10553)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7288925&isnumber=7288920

A. Yener, “New Directions in Information Theoretic Security: Benefits of Bidirectional Signaling,” Information Theory Workshop (ITW), 2015 IEEE, Jerusalem, 2015, pp. 1-5. doi: 10.1109/ITW.2015.7133165
Abstract: The past decade has witnessed significant effort towards establishing reliable and information theoretically secure rates in communication networks, taking advantage of the properties of the communication medium. Such efforts include those in the wireless medium where simultaneous transmissions and the ensuing interference can prove advantageous from an information theoretic secrecy point of view. With the goal of obtaining a secrecy rate that scales with transmit power, structured signaling with simultaneous favorable signal alignment at the legitimate receiver(s) and unfavorable signal alignment at the eavesdropper(s) has proven particularly useful in multi-terminal Gaussian channels. Many challenges remain however in realizing the vision of absolute security provided by the wireless physical layer including handling more realistic models. In this paper, we provide a brief overview of the state of the art, the forward look and argue for an additional asset that could be utilized for secrecy, i.e., bidirectional signaling. Taking the bidirectional wiretap channel as an example, Gaussian signaling is demonstrated to be as good as structured signaling from the degrees of freedom point of view, while observed to be performing better with finite transmit power. Moreover, taking bidirectional signals explicitly into account for encoding performs even better and provides a way forward to synergistically combine physical layer based secrecy and encryption.
Keywords: Gaussian channels; cryptography; Gaussian signaling; bidirectional signaling; encryption; information theoretic security; multi-terminal Gaussian channels; secrecy; wireless physical layer; Interference; Jamming; Receivers; Security; Signal to noise ratio; Transmitters; Wireless communication (ID#: 16-10554)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7133165&isnumber=7133075

M. H. Taieb and J. Y. Chouinard, “Enhancing Secrecy of the Gaussian Wiretap Channel Using Rate Compatible LDPC Codes with Error Amplification,” Information Theory (CWIT), 2015 IEEE 14th Canadian Workshop on, St. John's, NL, 2015, pp. 41-45. doi:10.1109/CWIT.2015.7255148
Abstract: This paper proposes a physical layer coding scheme to secure communications over the Gaussian wiretap channel. This scheme is based on non-systematic Rate-Compatible Low-Density-Parity-Check (RC-LDPC) codes. The rate compatibility involves the presence of a feedback channel that allows transmission at the minimum rate required for legitimate successful decoding. Whenever the decoding is unsuccessful, a feedback request is sent back by the intended receiver, favoring the legitimate recipient over an unauthorized receiver (eavesdropper). The proposed coding scheme uses a finer granularity rate compatible code to increase the eavesdropper decoding failure rate. However, finer granularity also implies longer decoding delays. For this reason, a rate estimator based on the wiretap channel capacity is used. For this purpose, a set of packets is sent at once and then successive small packets are added subsequently as needed until successful decoding by the legitimate receiver is achieved. Since the secrecy level can be assessed through the bit error rate (BER) at the unintended receiver, an error amplifier is proposed to convert the loss of only few packets in the wiretap channel into much higher BERs for the eavesdroppers. Simulation results show the secrecy improvements obtained in terms of error amplification with the proposed coding scheme. Negative security gaps can also be achieved at the physical layer.
Keywords: Gaussian channels; channel capacity; channel coding; error statistics; parity check codes; telecommunication security; BER; Gaussian wiretap channel; RC-LDPC codes; bit error rate; eavesdropper decoding failure rate; enhancing secrecy; error amplification; feedback channel; granularity rate compatible code; nonsystematic rate compatible low density parity check codes; physical layer coding scheme; rate compatibility; rate estimator; secure communications; wiretap channel capacity; Bit error rate; Decoding; Encoding; Error probability; Parity check codes; Receivers; Security (ID#: 16-10555)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7255148&isnumber=7255133

K. Deguchi and M. Isaka, “Approximate Performance Bound for Coding in Secret Key Agreement from the Gaussian Channel,” Wireless Communications and Networking Conference (WCNC), 2015 IEEE, New Orleans, LA, 2015, pp. 458-463. doi: 10.1109/WCNC.2015.7127513
Abstract: We analyze a coding scheme used in secret key agreement based on noisy resource for physical layer security. We discuss approximate performance bound for a variant of asymmetric Slepian-Wolf coding system, or source coding with side information at the decoder. Numerical results indicate that the derived bound provides accurate prediction of error probability when noisy resource is the binary-input Gaussian channel.
Keywords: Gaussian processes; approximation theory; cryptographic protocols; approximate performance bound; asymmetric Slepian-Wolf coding system; binary-input Gaussian channel; decoder; noisy resource; physical layer security; secret key agreement; source coding; Approximation methods; Conferences; Decoding; Encoding; Error probability; Noise measurement; Upper bound (ID#: 16-10556)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7127513&isnumber=7127309

R. Santini, C. Foglietta, and S. Panzieri, “A Graph-Based Evidence Theory for Assessing Risk,” Information Fusion (Fusion), 2015 18th International Conference on, Washington, DC, 2015, pp. 1467-1474. doi: (not provided)
Abstract: The increasing exploitation of the internet leads to new uncertainties, due to interdependencies and links between cyber and physical layers. As an example, the integration between telecommunication and physical processes, that happens when the power grid is managed and controlled, yields to epistemic uncertainty. Managing this uncertainty is possible using specific frameworks, usually coming from fuzzy theory such as Evidence Theory. This approach is attractive due to its flexibility in managing uncertainty by means of simple rule-based systems with data coming from heterogeneous sources. In this paper, Evidence Theory is applied in order to evaluate risk. Therefore, the authors propose a frame of discernment with a specific property among the elements based on a graph representation. This relationship leads to a smaller power set (called Reduced Power Set) that can be used as the classical power set, when the most common combination rules, such as Dempster or Smets, are applied. The paper demonstrates how the use of the Reduced Power Set yields to more efficient algorithms for combining evidences and to application of Evidence Theory for assessing risk.
Keywords: Internet; fuzzy set theory; graph theory; knowledge based systems; risk management; security of data; cyber-physical layers; epistemic uncertainty management; fuzzy theory; graph representation; graph-based evidence theory; heterogeneous sources; power grid; reduced power set; risk assessment; risk evaluation; rule-based systems; Electronic mail; Power grids; Risk management; Security; Uncertainty (ID#: 16-10557)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266730&isnumber=7266535

Jin-Ning Tioh and Mani Mina, “Digital Defenders: Computer Security Literacy via Game-Based Learning,” Frontiers in Education Conference (FIE), 2015. 32614 2015. IEEE, El Paso, TX, 2015, pp. 1-5. doi:10.1109/FIE.2015.7344164
Abstract: Within the field of computer and information security, there has been a relatively recent surge of interest on a multitude of topics. However, this body of research typically focuses on the implementation or theory of security controls and mechanisms at the application, operating system, network, and physical layers. The user layer, long recognized as the weakest link in the security chain, has had little to no attention paid to it by comparison, especially from a sociotechnical perspective which is fairly new to engineering. With the introduction of new technologies putting modern society in an almost constant state of flux, familiarity with technology is no longer simply a luxury, but almost a necessity. To that end, we propose the development of an educational game to help instill vital engineering skills as well as practical and relevant computer security practices to users who might not necessarily have a technical background. This approach would take advantage of the relatively recent explosion in the popularity of video games and digital distribution platforms such as Steam to reach a wider potential audience base. In addition, we would assess the effectiveness of this approach utilizing the evaluation of training programs as proposed by Kirkpatrick.
Keywords: computer based training; computer games; security of data; video signal processing; Steam; computer security literacy; digital defenders; digital distribution platforms; educational game development; engineering skills; game-based learning; information security; operating system; physical layers; security controls theory; training programs evaluation; user layer; video games; Computer crime; Computers; Games; Operating systems; Training; computer security literacy; education; educational game; game-based learning (ID#: 16-10558)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7344164&isnumber=7344011

S. Salimi, E. A. Jorswieck, M. Skoglund, and P. Papadimitratos, “Key Agreement over an Interference Channel with Noiseless Feedback: Achievable Region & Distributed Allocation,” Communications and Network Security (CNS), 2015 IEEE Conference on, Florence, 2015, pp. 59-64. doi:10.1109/CNS.2015.7346811
Abstract: Secret key establishment leveraging the physical layer as a source of common randomness has been investigated in a range of settings. We investigate the problem of establishing, in an information-theoretic sense, a secret key between a user and a base-station (BS) (more generally, part of a wireless infrastructure), but for two such user-BS pairs attempting the key establishment simultaneously. The challenge in this novel setting lies in that a user can eavesdrop another BS-user communications. It is thus paramount to ensure the two keys are established with no leakage to the other user, in spite the interference across neighboring cells. We model the system with BS-user communication through an interference channel and user-BS communication through a public channel. We find the region including achievable secret key rates for the general case that the interference channel (IC) is discrete and memoryless. Our results are examined for a Gaussian IC. In this setup, we investigate the performance of different transmission schemes for power allocation. The chosen transmission scheme by each BS essentially affects the secret key rate of the other BS-user. Assuming base stations are trustworthy but that they seek to maximize the corresponding secret key rate, a game-theoretic setting arises to analyze the interaction between the base stations. We model our key agreement scenario in normal form for different power allocation schemes to understand performance without cooperation. Numerical simulations illustrate the inefficiency of the Nash equilibrium outcome and motivate further research on cooperative or coordinated schemes.
Keywords: Gaussian channels; channel allocation; game theory; private key cryptography; radiofrequency interference; wireless channels; BS-user communication; Gaussian IC; Nash equilibrium; Noiseless Feedback; base station; game theoretic; interference channel allocation; key agreement; power allocation; public channel; secret key establishment; Base stations; Downlink; Interference channels; Resource management; Security; Yttrium (ID#: 16-10559)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346811&isnumber=7346791

Taotao Ma, Jianming Yong, Hua Wang, and Yueai Zhao, “Causal Dependencies of Provenance Data in Healthcare Environment,” Computer Supported Cooperative Work in Design (CSCWD), 2015 IEEE 19th International Conference on, Calabria, 2015, pp. 643-648. doi:10.1109/CSCWD.2015.7231033
Abstract: Open Provenance Model (OPM) is a provenance model that can capture provenance data in terms of causal dependencies among the provenance data model components. Causal dependencies are relationships between an event (the cause) and a second event (the effect), where the second event is understood as a physical consequence of the first. Causal dependencies can represent a set of entities that are necessary and sufficient to explain the presence of another entity. A provenance model is able to describe the provenance of any data at an abstract layer, but does not explicitly capture causal dependencies that are a vital challenge since the lacks of the relations in OPM, especially in healthcare environment. In this paper, we analyse the causal dependencies between entities in a medical workflow system with OPM graphs.
Keywords: authorisation; causality; graph theory; health care; medical information systems; open systems; OPM graph; access control; causal dependency; health care environment; medical workflow system; open provenance model; provenance data; Artificial intelligence; Blood pressure; Kidney; Lifting equipment; Medical services; Registers; causal dependencies; provenance; security (ID#: 16-10560)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7231033&isnumber=7230917

Jiazi Zhang and Lalitha Sankar, “Implementation of Unobservable State-Preserving Topology Attacks,” North American Power Symposium (NAPS), 2015, Charlotte, NC, 2015, pp. 1-6. doi:10.1109/NAPS.2015.7335175
Abstract: This paper studies the vulnerability of AC state estimation (SE) with respect to a class of unobservable state-preserving topology attacks, in which the topology data are changed by attacker while the states remain unchanged. An algorithm based on breadth-first search (BFS) is developed to determine the subset of topology data and measurements required to launch successful unobservable state-preserving topology attacks. It is shown that the proposed algorithm can enable an attacker to obtain the localized topology and corresponding measurement data to mount an attack that bypasses bad data detector and successfully changes topology information of the system in the cyber layer.
Keywords: power system security; search problems; set theory; state estimation; topology; AC state estimation vulnerability; breadth-first search; cyber layer; localized topology; measurement data; topology data; topology data subset; topology information; unobservable state-preserving topology attacks; Computers; Irrigation; Lead; Cyber physical system security; breadth-first search; power system state and topology estimation; topology attack (ID#: 16-10561)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7335175&isnumber=7335079
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Pollution Attacks 2015

	Pollution Attacks 2015

Reliance on caching allows an adversary to perform attacks that are very effective and relatively easy to implement to disrupt cache location—cache pollution. Research on cache pollution attacks—where the adversary’s goal is to disrupt cache locality to increase link utilization and cache misses for honest consumers—is relevant to the Science of Security hard problems of resiliency, composability, and metrics. The work cited here was presented in 2015.

A. Esfahani, G. Mantas, J. Rodriguez, A. Nascimento, and J. C. Neves, “A Null Space-Based MAC Scheme Against Pollution Attacks to Random Linear Network Coding,” Communication Workshop (ICCW), 2015 IEEE International Conference on, London, 2015, pp. 1521-1526. doi:10.1109/ICCW.2015.7247395
Abstract: Network Coding has significantly shown the achievable throughput and robustness in wireless Networks. However, network coding-enabled networks are susceptible to pollution attacks where a small number of polluted messages will propagate due to recoding and corrupt bunches of legitimate messages. Several lightweight Homomorphic Message Authentication Code (HMAC) schemes have been proposed for protecting the transmitted data against pollution attacks; however, most of them are not appropriate for wireless networks or cannot resist tag pollution attacks. In this paper, we present a computationally efficient null space-based homomorphic MAC scheme, for network coding-enabled wireless networks. The proposed scheme makes use of two types of tags (i.e., MACs and D-MACs) to provide resistance against data pollution and tag pollution attacks. Furthermore, we demonstrate that due to its lightweight nature, our proposed scheme incurs a minimal complexity compared to other related schemes.
Keywords: access protocols; network coding; random codes; security of data; homomorphic message authentication code scheme; network coding-enabled wireless networks; null space-based MAC scheme; pollution attacks; random linear network coding; wireless networks; Conferences; Mathematical model; Network coding; Peer-to-peer computing; Pollution; Protocols; Wireless networks; data pollution attack; homomorphic message authentication code; security; tag pollution attack (ID#: 16-10349)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7247395&isnumber=7247062

Tao Shang, Fuhua Huang, Tianli Peng, and Jianwei Liu, “A Deep Detection Scheme Against Pollution Attacks in Wireless Inter-flow Network Coding,” Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on, Gwalior, 2015, pp. 102-106. doi:10.1109/CSNT.2015.239
Abstract: Wireless inter-flow network coding can improve the performance of multi-source unicast communication in multihop wireless networks. However, it encounters with serious security threat of pollution attack. In this paper, by combining signature and arbitration in wireless inter-flow network coding, we propose a deep detection scheme to locate malicious nodes after detecting pollution attacks. Firstly, we design a digital signature scheme which is uncorrelated with field size to detect pollution attacks and locate malicious nodes within one hop. Secondly, we design an arbitration scheme based on trusted node to solve the hard problem of locating malicious nodes beyond one hop, which results from the coding operation of inter-flow network coding. Analysis results indicate that the detection scheme is able to defend against all four types of pollution attacks thoroughly with better performance.
Keywords: digital signatures; network coding; pollution; radio networks; signal detection; arbitration scheme design; deep detection scheme; digital signature scheme design; malicious node location; multihop wireless network; multisource unicast communication performance improvement; pollution attacks; wireless interflow network coding; Communication system security; Decoding; Encoding; Network coding; Pollution; Wireless networks; inter-flow; detection (ID#: 16-10350)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7279889&isnumber=7279856

Zhiwei Xu, Bo Chen, Ninghan Wang, Yujun Zhang, and Zhongcheng Li, “ELDA: Towards Efficient and Lightweight Detection of Cache Pollution Attacks in NDN,” Local Computer Networks (LCN), 2015 IEEE 40th Conference on, Clearwater Beach, FL, 2015, pp. 82-90. doi:10.1109/LCN.2015.7366286
Abstract: As a promising architectural design for future Internet, named data networking (NDN) relies on in-network caching to efficiently deliver name-based content. However, the in-network caching is vulnerable to cache pollution attacks (CPA), which can reduce cache hits by violating cache locality and significantly degrade the overall performance of NDN. To defend against CPA attacks, the most effective way is to first detect the attacks and then throttle them. Since the CPA attack itself has already imposed a huge burden on victims, to avoid exhausting the remaining resources on the victims for detection purpose, we expect a lightweight detection solution. We thus propose ELDA, an Efficient and Lightweight Detection scheme against cache pollution Attacks, in which we design a Lightweight Flajolet-Martin (LFM) sketch to monitor the interest traffic. Our analysis and simulations demonstrate that, by consuming a few computation and memory resources, ELDA can effectively and efficiently detect CPA attacks.
Keywords: Internet; cache storage; computer network security; content management; telecommunication traffic; CPA attack detection; ELDA; LFM sketch; NDN; architectural design; cache hit reduction; cache locality; cache pollution attack detection; in-network caching; lightweight Flajolet-Martin sketch; memory resources; name-based content delivery; named data networking; traffic monitoring; Estimation; Indexes; Integrated circuits; Named Data Networking; cache pollution attack; network traffic monitoring (ID#: 16-10351)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7366286&isnumber=7366232

Wei Tong and Sheng Zhong, “Resource Allocation in Pollution Attack and Defense: A Game-Theoretic Perspective,” Communications (ICC), 2015 IEEE International Conference on, London, 2015, pp. 3057-3062. doi:10.1109/ICC.2015.7248793
Abstract: Pollution attacks can cause severe damages in network coding systems. Many approaches have been proposed to defend against pollution attacks. However, the current approaches implicitly assume that the defender has adequate resources to defend against pollution attacks. When the resources of the defender are limited, they provide no information for the defender to allocate the resources to get better defense performance. In this paper, we consider the case that the defender’s resources are limited and study how the defender allocates resources to defend against pollution attacks. We first propose a two-player strategic game to model the interactions between the defender and the attacker. Then, two algorithms are proposed to find the best response strategy for the defender. Finally, we conducted extensive simulations to evaluate the proposed algorithms. The results demonstrate that our algorithms can significantly improve the utility of the defender, with reasonable computation time.
Keywords: game theory; network coding; radiocommunication; resource allocation; telecommunication security; defender resources; network coding systems; pollution attack; two-player strategic game; Games; Pollution (ID#: 16-10352)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7248793&isnumber=7248285

I. Demirdogen, L. Li, and C. Chigan, “FEC Driven Network Coding Based Pollution Attack Defense in Cognitive Radio Networks,” Wireless Communications and Networking Conference Workshops (WCNCW), 2015 IEEE, New Orleans, LA, 2015, pp. 259-268. doi:10.1109/WCNCW.2015.7122564
Abstract: Relay featured cognitive radio network scenario is considered in the absence of direct link between secondary user (SU) and secondary base station (S-BS). Being a realistic deployment use case scenario, relay node can be subjected to pollution attacks. Forward error correction (FEC) driven network coding (NC) method is employed as a defense mechanism in this paper. By using the proposed methods, pollution attack is efficiently defended. Bit error rate (BER) measurements are used to quantify network reliability. Furthermore, in the absence of any attack, the proposed method can efficiently contribute to network performance by improving BER. Simulation results underline our mechanism is superior to existing FEC driven NC methods such as low density parity check (LDPC).
Keywords: cognitive radio; error statistics; forward error correction; network coding; parity check codes; relay networks (telecommunication); telecommunication network reliability; telecommunication security; BER; FEC driven network coding based pollution attack defense; LDPC; bit error rate measurements; forward error correction; low density parity check; network performance; network reliability quantification; relay featured cognitive radio network scenario; secondary base station; secondary user; Bit error rate; Conferences; Forward error correction; Network coding; Pollution; Relays; Reliability (ID#: 16-10353)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7122564&isnumber=7122513

Wentao Huang, Ting Wang, Xin Hu, Jiyong Jang, and T. Salonidis, “Rateless and Pollution-Attack-Resilient Network Coding,” Information Theory (ISIT), 2015 IEEE International Symposium on, Hong Kong, 2015, pp. 2623-2627. doi:10.1109/ISIT.2015.7282931
Abstract: Consider the problem of reliable multicast over a network in the presence of adversarial errors. In contrast to traditional network error correction codes designed for a given network capacity and a given number of errors, we study an arguably more realistic setting that prior knowledge on the network and adversary parameters is not available. For this setting we propose efficient and throughput-optimal error correction schemes, provided that the source and terminals share randomness that is secret form the adversary. We discuss an application of cryptographic pseudorandom generators to efficiently produce the secret randomness, provided that a short key is shared between the source and terminals. Finally we present a secure key distribution scheme for our network setting.
Keywords: cryptography; error correction; multicast communication; network coding; random number generation; telecommunication network reliability; telecommunication security; adversarial errors; cryptographic pseudorandom generators; pollution-attack-resilient network coding; rateless network coding; reliable multicast problem; secret randomness; secure key distribution scheme; short key sharing; throughput-optimal error correction schemes; Decoding; Encoding; Error correction codes; Generators; Network coding; Reliability; Transforms (ID#: 16-10354)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282931&isnumber=7282397

A. Esfahani, G. Mantas, V. Monteiro, K. Ramantasy, E. Datsikay, and J. Rodriguez, “Analysis of a Homomorphic MAC-Based Scheme Against Tag Pollution in RLNC-Enabled Wireless Networks,” Computer Aided Modelling and Design of Communication Links and Networks (CAMAD), 2015 IEEE 20th International Workshop on, Guildford, 2015, pp. 156-160. doi:10.1109/CAMAD.2015.7390500
Abstract: Network Coding-enabled wireless networks are vulnerable to data pollution attacks where adversary nodes inject into the network polluted (i.e. corrupted) packets that prevent the destination nodes from decoding correctly. Even a small proportion of pollution can quickly propagate into other packets via re-coding, occurred at the intermediate nodes, and lead to resource waste. Therefore, during the past few years, several solutions have been proposed to provide resistance against data pollution attacks. One of the most well-known solutions is Homomorphic Message Authentication Code (HMAC). However, HMAC is susceptible to a new type of pollution attacks, called tag pollution attacks, in which a malicious node randomly modifies MAC tags appended at the end of the transmitted packets. To address this issue, we have recently proposed an HMAC-based scheme making use of two types of MAC tags to provide resistance against both data pollution attacks and tag pollution attacks. In this paper, we steer our focus on improving the resistance of our proposed scheme against tag pollution attacks by decreasing the number of MACs. Finally, we analyze the impact of the total number of MACs on the bandwidth overhead of the proposed scheme.
Keywords: decoding; linear codes; message authentication; network coding; radio networks; random codes; telecommunication security; RLNC-enabled wireless network; data pollution attack; decoding; homomorphic MAC-based scheme; homomorphic message authentication code; network coding-enabled wireless network; random linear network coding; tag pollution attack; Bandwidth; Computational modeling; Computers; Conferences; Pollution; Resistance; Wireless networks; Network coding (ID#: 16-10355)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7390500&isnumber=7390465

Xinran Li, Fang-Wei Fu, Xiufeng Zhao, and Guangxia Wang, “Two Improved Homomorphic MAC Schemes in Network Coding,” Fuzzy Systems and Knowledge Discovery (FSKD), 2015 12th International Conference on, Zhangjiajie, 2015, pp. 2214-2219. doi:10.1109/FSKD.2015.7382296
Abstract: Network coding provides the advantage of maximizing the usage of network resources, but the natural properties of network coding also make the pollution attack more threatening. Much work on resisting pollution attacks is through homomorphic MACs. But majority have same security parameter 1/q. In this paper, we present two ways to construct homomorphic MAC which improve the performance of previous schemes. The security parameters of our MACs are 1/ql1 and 1/ql2, respectively. Besides the higher security, our MAC schemes have lower computational complexity.
Keywords: access protocols; computational complexity; network coding; homomorphic MAC schemes; network resources; Computational complexity; Electronics packaging; Encoding; Games; Network coding; Pollution; Security; Homomorphic MACs; attack game; pollution attacks (ID#: 16-10356)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7382296&isnumber=7381900

K. Gadkari, M. L. Weikum, D. Massey, and C. Papadopoulos, “Pragmatic Router FIB Caching,” IFIP Networking Conference (IFIP Networking), 2015, Toulouse, 2015, pp. 1-9. doi:10.1109/IFIPNetworking.2015.7145296
Abstract: Several recent studies have shown that router FIB caching offers excellent hit rates with cache sizes that are an order of magnitude smaller than the original forwarding table. However, hit rate alone is not sufficient - other performance metrics such as memory accesses, robustness to cache attacks, queuing delays from cache misses etc., should be considered before declaring FIB caching viable. In this paper, we tackle several pragmatic questions about FIB caching. We characterize cache performance in terms of memory accesses and delay due to cache misses. We study cache robustness to pollution attacks and show that an attacker must sustain packet rates higher than the link capacity to evict the most popular prefixes. We show that caching was robust, even during a recent flare of NTP attacks. We carry out a longitudinal study of cache hit rates over four years and show the hit rate is unchanged over that duration. We characterize cache misses to determine which services are impacted by FIB caching. We conclude that FIB caching is viable by several metrics, not just impressive hit rates.
Keywords: Internet; computer network security; telecommunication network routing; NTP attacks; cache attacks; cache hit rates; memory accesses; original forwarding table; packet rates; pollution attacks; pragmatic router FIB caching; queuing delays; Delays; Hardware; Memory management; Robustness; Routing; Standards (ID#: 16-10357)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7145296&isnumber=7145285

A. Fiandrotti, R. Gaeta, and M. Grangetto, “Pollution-Resilient Peer-to-Peer Video Streaming with Band Codes,” Multimedia and Expo (ICME), 2015 IEEE International Conference on, Turin, 2015, pp. 1-6. doi: 10.1109/ICME.2015.7177408
Abstract: Band Codes (BC) have been recently proposed as a solution for controlled-complexity random Network Coding (NC) in mobile applications, where energy consumption is a major concern. In this paper, we investigate the potential of BC in a peer-to-peer video streaming scenario where malicious and honest nodes coexists. Malicious nodes launch the so called pollution attack by randomly modifying the content of the coded packets they forward to downstream nodes, preventing honest nodes from correctly recovering the video stream. Whereas in much of the related literature this type of attack is addressed by identifying and isolating the malicious nodes, in this work we propose to address it by adaptively adjusting the coding scheme so to introduce resilience against pollution propagation. We experimentally show the impact of a pollution attack in a defenseless system and in a system where the coding parameters of BC are adaptively modulated following the discovery of polluted packets in the network. We observe that just by tuning the coding parameters, it is possible to reduce the impact of a pollution attack and restore the quality of the video communication.
Keywords: mobile radio; network coding; peer-to-peer computing; power consumption; telecommunication power management; video communication; video streaming; band codes; coded packets; coding parameters; controlled-complexity random network coding; downstream nodes; energy consumption; honest nodes; malicious nodes; mobile applications; polluted packets; pollution attack; pollution-resilient peer-to-peer video streaming; Bandwidth; Decoding; Encoding; Payloads; Peer-to-peer computing; Pollution; Streaming media; Network Coding; Peer-to-peer; Video streaming (ID#: 16-10358)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7177408&isnumber=7177375

W. Arthur, B. Mehne, R. Das, and T. Austin, “Getting in Control of Your Control Flow with Control-Data Isolation,” Code Generation and Optimization (CGO), 2015 IEEE/ACM International Symposium on, San Francisco, CA, 2015, pp. 79-90. doi: 10.1109/CGO.2015.7054189
Abstract: Computer security has become a central focus in the information age. Though enormous effort has been expended on ensuring secure computation, software exploitation remains a serious threat. The software attack surface provides many avenues for hijacking; however, most exploits ultimately rely on the successful execution of a control-flow attack. This pervasive diversion of control flow is made possible by the pollution of control flow structure with attacker-injected runtime data. Many control-flow attacks persist because the root of the problem remains: runtime data is allowed to enter the program counter. In this paper, we propose a novel approach: Control-Data Isolation. Our approach provides protection by going to the root of the problem and removing all of the operations that inject runtime data into program control. While previous work relies on CFG edge checking and labeling, these techniques remain vulnerable to attacks such as heap spray, read, or GOT attacks and in some cases suffer high overheads. Rather than addressing control-flow attacks by layering additional complexity, our work takes a subtractive approach; subtracting the primary cause of contemporary control-flow attacks. We demonstrate that control-data isolation can assure the integrity of the programmer’s CFG at runtime, while incurring average performance overheads of less than 7% for a wide range of benchmarks.
Keywords: computer crime; program control structures; CFG integrity; average performance overheads; computer security; contemporary control flow attacks; control-data isolation; hijacking; information age; program control; program counter; secure computation; software exploitation; software vulnerabilities; subtractive approach; Data models; Libraries; Process control; Radiation detectors; Runtime; Security; Software (ID#: 16-10359)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7054189&isnumber=7054173

M. R. Ahmed, M. Aseeri, M. S. Kaiser, N. Z. Zenia, and Z. I. Chowdhury, “A Novel Algorithm for Malicious Attack Detection in UWSN,” Electrical Engineering and Information Communication Technology (ICEEICT), 2015 International Conference on, Dhaka, 2015, pp. 1-6. doi:10.1109/ICEEICT.2015.7307516
Abstract: Information transmission in the marine scenario utilizing wireless communications is unique method that empowering the technology for the evolution of imminent marine-surveillance systems and sensory networks. Under-water wireless sensor network (UWSN) in one of the auspicious technology for marine observation. The applications of underwater sensing has several domain that range from oil industry to aquaculture. Some of the UWSN applications include device checking, monitoring and control of pollution in the water, underwater ecosystems monitoring, forecasting of natural disasters and disturbances, exploration and survey missions, as well as study of oceanic life. Nodes in UWSN are normally low cost, low power. Considering the characteristics and the nature of applications, security of UWSN is one of the critical issue and had drawn significant attention to the researchers. In order to have a functional UWSN to extract the authentic data safeguarding and protection mechanisms are crucial. Malicious node attacks has accomplished as one of the most challenging attacks to UWSN. Several research has been conducted to protect UWSN from malicious attacks but majority of the works depend on either training data set or a previously defined threshold. Without an established security infrastructure a UWSN required to detect the malicious attacks is a complication and challenge. In this paper, we used evidential evaluation utilizing Dempster-Shafer theory (DST) of combined multiple evidences to identify the malicious attacks in a UWSN. Moreover, it gives a numerical procedure for fusing together multiple pieces of facts from an untrustworthy and unreliable neighbor with a higher degree of conflict reliability.
Keywords: inference mechanisms; underwater acoustic communication; wireless sensor networks; DST; Dempster-Shafer theory; UWSN; conflict reliability; evidential evaluation; information transmission; malicious attack detection; underwater wireless sensor network; wireless communications; Authentication; Computer architecture; Cryptography; Reliability; Wireless communication; Wireless sensor networks; Yttrium; Dempster-Shafer Theory; Malicious attacks; Protection; Security; Underwater Wireless Sensor Network (UWSN) (ID#: 16-10360)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7307516&isnumber=7307334

E. G. AbdAllah, M. Zulkernine, and H. S. Hassanein, “Detection and Prevention of Malicious Requests in ICN Routing and Caching,” Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, Liverpool, 2015, pp. 1741-1748. doi:10.1109/CIT/IUCC/DASC/PICOM.2015.262
Abstract: Information Centric Networking (ICN) is a new communication paradigm for the upcoming Next Generation Internet (NGI). ICN is an open environment that depends on in-network caching and focuses on contents rather than infrastructures or end-points as in current Internet architectures. These ICN attributes make ICN architectures subject to different types of routing and caching attacks. An attacker sends malicious requests that can cause Distributed Denial of Service (DDoS), cache pollution, and privacy violation of ICN architectures. In this paper, we propose a solution that detects and prevents these malicious requests in ICN routing and caching. This solution allows ICN routers to differentiate between legitimate and attack behaviours in the detection phase based on threshold values. In the prevention phase, ICN routers are able to take actions against these attacks. Our experiments show that the proposed solution effectively mitigates routing and caching attacks in ICN.
Keywords: Internet; computer network security; next generation networks; telecommunication network routing; DDoS; ICN architectures; ICN caching; ICN routing; Internet architectures; NGI; attack behaviours; cache pollution; caching attacks; detection phase; distributed denial of service; information centric networking; in network caching; malicious requests detection; malicious requests prevention; next generation Internet; privacy violation; routing attacks; Computer architecture; Computer crime; Pollution; Privacy; Routing; Time factors; ICN routing and caching attacks; Information centric networking (ID#: 16-10361)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7363308&isnumber=7362962

L. Jalali, Minh-Son Dao, R. Jain, and K. Zettsu, “Complex Asthma Risk Factor Recognition from Heterogeneous Data Streams,” Multimedia & Expo Workshops (ICMEW), 2015 IEEE International Conference on, Turin, 2015, pp. 1-6. doi: 10.1109/ICMEW.2015.7169780
Abstract: There are many studies regarding the relationships between environmental factors, particularly air pollution, and asthma exacerbation. Most of these studies ignore the potential confounding effects of a sequence of these factors with a specific time lag between them and asthma outbreaks. In this paper we present a new method for identifying consequential relations in the form of complex patterns between environmental factors and asthma attacks. Temporal structure and order relation between these data and their effect on asthma exacerbation comprise complex patterns called asthma risk factors. By extracting such patterns we create a risk prediction model that is important both for an asthmatic patient and public health. For experimental evaluations, we have collected pollution and meteorological data in Tokyo city and found 32 complex risk factor patterns that might result in asthma outbreaks. The experimental results show that extracted model has 71.15% precision.
Keywords: air pollution; data handling; diseases; environmental science computing; health care; lung; pattern recognition; risk analysis; Japan; Tokyo City; asthma attacks; asthma exacerbation; asthma outbreak; asthmatic patient; complex asthma risk factor recognition; complex risk factor pattern; data order relation; data temporal structure; environmental factors; heterogeneous data stream; meteorological data; pollution data; public health; risk prediction model; Air pollution; Automata; Correlation; Market research; Meteorology; Pattern recognition; asthma attacks; environmental factors; pattern recognition (ID#: 16-10362)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7169780&isnumber=7169738

Minh-Son Dao, K. Zettsu, S. Pongpaichet, L. Jalali, and R. Jain, “Exploring Spatio-Temporal-Theme Correlation Between Physical and Social Streaming Data for Event Detection and Pattern Interpretation From Heterogeneous Sensors,” Big Data (Big Data), 2015 IEEE International Conference on, Santa Clara, CA, 2015, pp. 2690-2699. doi: 10.1109/BigData.2015.7364069
Abstract: In this paper, we introduce a new method that explores spatio-temporal-theme correlations between physical and social streaming data for event detection and pattern interpretation from heterogeneous sensors. Particularly, we employ a basic two-phase framework in pattern recognition (i.e. feature extraction and detection) with the novel improvement that concerns the use of semantic information acquired from social sensors to automatically label the low-level features extracted from physical sensors. Moreover, by symbolizing the trend component of time-series data, the proposed method has an ability to interpret event’s patterns to help users get insights of how events happen. Differentiating from conventional supervised learning methods whose training data are labeled manually and in an off-line mode, the proposed method can collect labels for training data automatically and in an on-line mode. Moreover, after running for a certain time, a training stage can run parallel with the detecting stage when an event model is totally built. After that, the training stage continues learning to increase the accuracy of the event model by nonstop collecting new samples with labels from streaming data. The problem of environmental factors and particularly air pollution impacts on asthma exacerbation is considered for evaluating the proposed method. The experimental results show that the proposed method can probably detect the prevalence of asthma risks in a specific spatio-temporal context as well as help users understand how a change in the surrounding environment (e.g. weather condition and air pollution) can influence their health (e.g. asthma attack) by interpreting detected event’s patterns.
Keywords: data mining; feature extraction; air pollution; asthma exacerbation; environmental factors; event detection; heterogeneous sensors; low-level feature extraction; pattern interpretation; pattern recognition; physical sensors; physical streaming data; social streaming data; spatio-temporal context; spatio-temporal-theme correlation; time-series data; training stage; two-phase framework; Correlation; Data mining; Feature extraction; Market research; Semantics; Sensor phenomena and characterization; Data Mining; Event Detection; Health Care; Pattern Interpretation; Spatio-Temporal-Theme Correlation (ID#: 16-10363)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7364069&isnumber=7363706

A. Laszka, Y. Vorobeychik, and X. Koutsoukos, “Resilient Observation Selection in Adversarial Settings,” Decision and Control (CDC), 2015 IEEE 54th Annual Conference on, Osaka, Japan, 2015, pp. 7416-7421. doi:10.1109/CDC.2015.7403391
Abstract: Monitoring large areas using sensors is fundamental in a number of applications, including electric power grid, traffic networks, and sensor-based pollution control systems. However, the number of sensors that can be deployed is often limited by financial or technological constraints. This problem is further complicated by the presence of strategic adversaries, who may disable some of the deployed sensors in order to impair the operator’s ability to make predictions. Assuming that the operator employs a Gaussian-process-based regression model, we formulate the problem of attack-resilient sensor placement as the problem of selecting a subset from a set of possible observations, with the goal of minimizing the uncertainty of predictions. We show that both finding an optimal resilient subset and finding an optimal attack against a given subset are NP-hard problems. Since both the design and the attack problems are computationally complex, we propose efficient heuristic algorithms for solving them and present theoretical approximability results. Finally, we show that the proposed algorithms perform exceptionally well in practice using numerical results based on real-world datasets.
Keywords: Approximation algorithms; Computer crime; Gaussian processes; Random variables; Sensors; Uncertainty; Yttrium (ID#: 16-10364)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7403391&isnumber=7402066

Z. Hu, Y. Wang, X. Tian, X. Yang, D. Meng, and R. Fan, “False Data Injection Attacks Identification for Smart Grids,” Technological Advances in Electrical, Electronics and Computer Engineering (TAEECE), 2015 Third International Conference on, Beirut, 2015, pp. 139-143. doi:10.1109/TAEECE.2015.7113615
Abstract: False Data Injection Attacks (FDIA) in Smart Grid is considered to be the most threatening cyber-physics attack. According to the variety of measurement categories in power system, a new method for false data detection and identification is presented. The main emphasis of our research is that we have equivalent measurement transformation instead of traditional weighted least squares state estimation in the process of SE and identify false data by the residual researching method. In this paper, one FDIA attack case in IEEE 14 bus system is designed by exploiting the MATLAB to test the effectiveness of the algorithm. Using this method the false data can be effectively dealt with.
Keywords: IEEE standards power system security; security of data; smart power grids; FDIA; IEEE 14 bus system; SE; cyberphysical attack threatening; equivalent measurement transformation; false data injection attack identification; power system; residual researching method; smart grid; Current measurement; Pollution measurement; Power measurement; Power systems; State estimation; Transmission line measurements; Weight measurement;  false data detection and identification; false data injection attacks (ID#: 16-10365)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7113615&isnumber=7113589

K. F. Alotaibi, M. M. Hamidi, M. Talebi, Jinsheng Xu, and A. Homaifar, “Using Spy Node to Identify Cyber-Attack in Power Systems as a Novel Approach,” Electro/Information Technology (EIT), 2015 IEEE International Conference on, Dekalb, IL, 2015, pp. 581-586. doi:10.1109/EIT.2015.7293401
Abstract: Cyber-security of power systems is of vital importance in this decade and the attackers attempt to manipulate the data and inject malicious data in state variables to divert state of the system. Cyber-attack utilizes the information of the system to generate the attacking vector in order to elude the malicious data tests. The proposed novel approach intends to change the information of the system being exploited by the adversary through adding virtual buses to the network referred as spy nodes. These nodes, including extra measurements fed to the attacker, are able to change the perceived topology of the network on which the attacker depends. Candidate places of the spy nodes are determined by using spanning tree algorithm. Excluding the spy data and using the proposed criteria, malicious data is detected. Results were verified by simulating IEEE 9-bus standard system for several times. Furthermore the method detects the malicious data when the value of spy data changes.
Keywords: power system security; trees (mathematics); IEEE 9-bus standard system; cyber-attack identification; cyber-security; data manipulation; malicious data injection; perceived network topology; power systems; spanning tree algorithm; spy nodes; virtual buses; Pollution measurement; Power measurement; SCADA systems; State estimation; Substations; Transmission line measurements; Malicious data injection; SCADA; Spy node; cyber security; cyber-attack; state estimation (ID#: 16-10366)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7293401&isnumber=7293314

M. Varchola, M. Drutarovsky, M. Repka, and P. Zajac, “Side Channel Attack on Multiprecision Multiplier Used in Protected ECDSA Implementation,” 2015 International Conference on ReConFigurable Computing and FPGAs (ReConFig), Mexico City, 2015, pp. 1-6. doi: 10.1109/ReConFig.2015.7393359
Abstract: When considering Elliptic Curve Cryptography (ECC) implementations, countermeasures against side channel attacks are primarily focused on elliptic curve arithmetic. On the other hand, Elliptic Curve Digital Signature Algorithm (ECDSA) implementation also uses a modular multiplication of a private key d<;sub>A<;/sub>, and publicly known random parameter r. The side channel leakage of the multiplication rd<;sub>A<;/sub> can reveal the private key, especially in systems with narrow-width data-path used for multiprecision arithmetic. The proposed countermeasure is based on the different order of arithmetic operations, masking the critical multiplication by a random ephemeral key k<;sup>-1<;sup>. In this work, we demonstrate a special variant of collision attack against the protected ECDSA signature computation. The collision attack exploits the leakage from multiprecision integer multiplier, which is a building block of several published scalable FPGA-enabled ECC crypto-processors. Our concrete experimental results were obtained from hardware DISIPA platform based on Altera Cyclone III FPGA.
Keywords: field programmable gate arrays; private key cryptography; Altera Cyclone III FPGA; ECDSA signature computation; arithmetic operations; building block; collision attack; countermeasures; critical multiplication; elliptic curve arithmetic; elliptic curve cryptography; elliptic curve digital signature algorithm; hardware DISIPA platform; modular multiplication; multiprecision arithmetic; multiprecision integer multiplier; multiprecision multiplier; narrow-width data-path; private key; publicly known random parameter; random ephemeral key; scalable FPGA-enabled ECC crypto-processors; side channel attacks; side channel leakage; Digital signatures; Elliptic curve cryptography; Field programmable gate arrays; Pollution measurement; Power demand; Power measurement (ID#: 16-10367)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7393359&isnumber=7393279

Wang Jianqiao, Chen Cailian, and Guan Xinping, “An Overlapping Distributed State Estimation and Detection Method in Smart Grids,” Wireless Communications & Signal Processing (WCSP), 2015 International Conference on, Nanjing, 2015, pp. 1-5. doi:10.1109/WCSP.2015.7341180
Abstract: This paper proposes a novel distributed state estimation and detection algorithm in smart grids. By decomposing a whole power system into several overlapping interconnected areas, the centralized state estimation algorithm turns into a distributed state estimation algorithm. And by iteratively exchanging information with neighboring areas, the result of distributed state estimation can reach convergence and each subsystem can derive the states of the entire power system. When an attacker injects false data into measurements in any area, the neighboring honest areas can quickly detect this abnormality and decrease the mutual weights of their exchanging information between the suspicious area. When all the estimated state vectors converge, each control area can determine whether its neighboring area is intruded or not by using information from shared buses. The proposed approach not only proposes a distributed state estimation structure but also a detection method which has the capacity to detects false data injection (FDI) attacks. The performance of proposed algorithm is demonstrated on the IEEE 14-bus system.
Keywords: power system interconnection; power system state estimation; smart power grids; vectors; FDI attacks; IEEE 14-bus system; centralized state estimation algorithm; detection method; distributed state estimation; false data injection attacks; interconnected areas; smart grids; state vectors; Convergence; Pollution measurement; Power grids; State estimation; Transmission line measurements (ID#: 16-10368)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7341180&isnumber=7340966

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Ransomware

	Ransomware

“Ransomware” is the name given to malicious software that locks a computer until an extorted fee or ransom is paid for the key to unlock it. This ransom is usually paid in bitcoin. For the Science of Security community, there are implications for resiliency, composability, and metrics. The work cited here, much of it from the popular press, was recently published.

Tianda Yang, Yu Yang, Kai Qian, D. C. T. Lo, Ying Qian, and Lixin Tao, “Automated Detection and Analysis for Android Ransomware,” High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, New York, NY, 2015, pp. 1338-1343. doi: 10.1109/HPCC-CSS-ICESS.2015.39
Abstract: Along with the rapid growth of new science and technology, the functions of smartphones become more and more powerful. Nevertheless, everything has two aspects. Smartphones bring so much convenience for people and also bring the security risks at the same time. Malicious application has become a big threat to the mobile security. Thus, an efficiency security analysis and detection method is important and necessary. Due to attacking of malicious application, user could not use smartphone normally and personal information could be stolen. What is worse, attacking proliferation will impact the healthy growth of the mobile Internet industry. To limit the growing speed of malicious application, the first thing we need to know what malicious application is and how to deal with. Detecting and analyzing their behaviors helps us deeply understand the attacking principle such that we can take effective countermeasures against malicious application. This article describes the basic Android component and manifest, the reason that Android is prevalent and why attacking came in. This paper analyzed and penetrated malicious ransom ware which threats mobile security now with our developed automated analysis approach for such mobile malware detection.
Keywords: Android (operating system); invasive software; mobile computing; smart phones; Android component; automated Android ransomware analysis; automated Android ransomware detection; malicious application; mobile Internet industry; mobile malware detection; mobile security analysis; personal information; security detection method; smartphones; Androids; Computer crime; Humanoid robots; Malware; Mobile communication; Smart phones; Android application analysis; Automatic analysis; dynamic analysis; static analysis (ID#: 16-10584)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7336353&isnumber=7336120

M. M. Ahmadian, H. R. Shahriari and S. M. Ghaffarian, “Connection-Monitor & Connection-Breaker: A Novel Approach for Prevention and Detection of High Survivable Ransomwares,” Information Security and Cryptology (ISCISC), 2015 12th International Iranian Society of Cryptology Conference on, Rasht, 2015, pp. 79-84. doi: 10.1109/ISCISC.2015.7387902
Abstract: Ransomwares have become a growing threat in recent years, and this situation continues to worsen. It rose awareness on a particular class of malwares which extort a ransom in exchange for a captive asset. Most widespread ransomwares make an intensive use of data encryption. Basically, they encrypt various files on victim's hard drives, removable drives and mapped network shares before asking for a ransom to get the files decrypted. In this paper, at first we propose a comprehensive ransomware taxonomy. Then, based on this taxonomy and according to a principal feature which we discovered in high survivable ransomwares (HSR) in the key exchange protocol step, we present a novel approach for detecting high survivable ransomwares and preventing them from encrypting victim's data. Experimental evaluation demonstrates that our framework can detect variants of recent dangerous ransomwares.
Keywords: cryptographic protocols; invasive software; CM&CB; comprehensive ransomware taxonomy; connection-monitor & connection breaker; data encryption; high survivable ransomwares; key exchange protocol; malwares; ransomware detection; ransomware prevention; Decision support systems; cryptovirology; high survivable ransomwares; malware detection; malware prevention; ransomware (ID#: 16-10585)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7387902&isnumber=7387888

“News Briefs,” in Computer, vol. 47, no. 10, pp. 14-20, Oct. 2014. doi: 10.1109/MC.2014.293
Abstract: Topics include an intensification of the digital crime wave that began in late 2013; technology companies supporting an inexpensive wireless technology that could bring Internet access to poor and remote areas; Intel developing a small, energy-efficient chip that could enable ultrathin mobile devices; a new approach that lets huge robot swarms self-assemble into complex shapes; scientists using visible light for car-to-car communications; NATO preparing to approve a mutual cyberattack defense pact; systems that secretly track cell phone owners' movements becoming increasingly popular; NASA developing tumbling robotic cubes for exploring asteroids; ransomware being found on Android phones for the first time; researchers naming the most hackable cars; and a list of US colleges providing computer-science graduates with the greatest earning potential.
Keywords: AB Acquisition; Android phones; Apple; Brian Krebs; Broadwell; Charlie Miller; Chris Valasek; ColdBrother; Community Health Systems; Core M; Defentek; Facebook; Google; Harvard University; Home Depot; IEEE 802.22;Intel;International Mobile Subscriber Identity catchers; JPMorgan Chase; Jennifer Lawrence; Kate Upton; Microsoft; NASA; NATO; North Atlantic Council; North Atlantic Treaty Organization; PayScale; ScareMeNot; ScarePackage; SkyLock; StingRay; SuperValu; VLC; WhiteSpace Alliance; Wi-FAR; asteroids; car-to-car communications; cybercrime; fanless chip; hackable vehicles; iCloud; mobile processor; mutual cyberattack defense pact; privacy; ransomware; robot; security; self assemble; track cell phones; tumbling robotic cubes; visible light communications; wireless (ID#: 16-10586)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6926732&isnumber=6926651

“News Briefs,” in Computer, vol. 47, no. 12, pp. 16-20, Dec. 2014. doi: 10.1109/MC.2014.362
Abstract: Topics include malicious-advertising attacks inflicting ransomware on victims, an application that promises to predict Ebola outbreaks, the US rejecting more software-patent applications than in the past, China reportedly attacking Apple's iCloud, a game company forcing the shutdown of a gamebot maker, new Ethernet versions that are on the way, wearable technology that adheres to the user's skin, a system that lets babies isolated in incubators feel their mothers' heartbeats, a start-up developing smart gun technology for police, and scientists designing robotic penguin chicks to monitor real penguins.
Keywords: 2.5-gigabit Ethernet; 25-gigabit Ethernet; 400-gigabit Ethernet; 50gigabit Ethernet; Apple; Babybe; Biostamp; Blizzard Entertainment; CLS v. Alice; Camilo Andrés Anabalón Alamos; China; Crawlerbots; Cryptowall;Dr. Mohamad-Ali Trad;Ebola; Ethernet; Ethernet Alliance; FlashPack Exploit Kit; Hearthstone: Heroes of Warcraft; IEEE 802.3 Working Group; Kilpatrick Townsend &amp; Stockton; Lex Machina; MC10 Inc.; Proofpoint; Qihoo; Raphael P.M. Lang; US Patent and Trademark Office; US Supreme Court; USPTO; University of Strasbourg; University of Tokyo; VivaLink; Yardarm Technologies; digital tattoo; gamebots; games; iCloud; iOS 8; iPhone 6; malvertising; networking; penguins; ransomware; security; sensor technology; smart gun; software patents; wearable technology (ID#: 16-10587)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6992911&isnumber=6992910

C. U. Om Kumar, S. Kishore, and A. Geetha, “Debugging Using MD5 Process Firewall,” Contemporary Computing and Informatics (IC3I), 2014 International Conference on, Mysore, 2014, pp. 1279-1284. doi: 10.1109/IC3I.2014.7019657
Abstract: An Operating system (OS) is software that manages computer hardware and software resources by providing services to computer programs. One of the important user expectations of the operating system is to provide the practice of defending information from unauthorized access, disclosure, modification, inspection, recording or destruction. Operating system is always vulnerable to the attacks of malwares such as computer virus, worm, Trojan horse, backdoors, ransomware, spyware, adware, scareware and more. And so the anti-virus software were created for ensuring security against the prominent computer viruses by applying a dictionary based approach. The anti-virus programs are not always guaranteed to provide security against the new viruses proliferating every day. To clarify this issue and to secure the computer system, our proposed expert system concentrates on authorizing the processes as wanted and unwanted by the administrator for execution. The Expert system maintains a database which consists of hash code of the processes which are to be allowed. These hash codes are generated using MD5 message-digest algorithm which is a widely used cryptographic hash function. The administrator approves the wanted processes that are to be executed in the client in a Local Area Network by implementing Client-Server architecture and only the processes that match with the processes in the database table will be executed by which many malicious processes are restricted from infecting the operating system. The add-on advantage of this proposed Expert system is that it limits CPU usage and minimizes resource utilization. Thus data and information security is ensured by our system along with increased performance of the operating system.
Keywords: authorisation; client-server systems; cryptography; firewalls; invasive software; local area networks; operating systems (computers); program debugging; software architecture; MD5 message-digest algorithm; MD5 process firewall; client-server architecture; computer programs; cryptographic hash function; debugging; local area network; malwares; operating system; unauthorized access; user expectations; Computers; Databases; Dictionaries; Expert systems; Malware; Operating systems; Adware; CPU Usage and Resource Utilization; MD5; Process Table; Ransomware; Scareware; Spyware; Sticky Software; Trojan horse; Virus; back doors; worm (ID#: 16-10588)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7019657&isnumber=7019573

L. Garber, “News Briefs,” in Computer, vol. 46, no. 8, pp. 18-20, August 2013. doi: 10.1109/MC.2013.284
Abstract: Topics include a new Chinese supercomputer that ranks as the world's most powerful, research into using millimeter-wave frequencies to enable 5G wireless communications, security experts finding the first ransomware that affects mobile devices, Google beginning work on a project to provide broad Internet access via a network of high-altitude balloons, an innovative robotic jellyfish that could serve as an underwater spy, and the Oxford English Dictionary breaking with its own tradition and adding the word “tweet.”
Keywords: Educational institutions; Internet; Millimeter wave technology; Mobile communication; Robots; Smart phones; Supercomputers; 5G; Android Defender; China; Cyro; Google; Internet access; National University of Defense Technology; Oxford English Dictionary; Project Loon; Samsung; Tianhe-2;Titan; Virginia Polytechnic Institute and State University; Virginia Tech; balloons; malware; millimeter wave; mobile; ransomware; robotics; security; supercomputer; tweet; wireless (ID#: 16-10589)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6583194&isnumber=6583166

“News Briefs,” in Computer, vol. 47, no. 7, pp. 16-21, July 2014. doi: 10.1109/MC.2014.189
Abstract: Topics include governments disrupting two major cyberattack systems, eBay facing investigations into a huge data breach, practical applications emerging for the Internet of Things, the EU's top court supporting the “right to be forgotten,” police arresting malware suspects in an international cybercrime crackdown, a study showing that facial-recognition algorithms are improving rapidly, MIT using lasers and telescopes to bring high-speed communications to lunar satellite, IBM experimenting with “electronic blood“ to power and cool supercomputers, a researcher developing a new technique for baking robot components to make them self-assemble, and Google replacing Apple as the world's most valuable brand.
Keywords: Computer hacking; Computers; Cryptography; Europe; Google; Moon; Terrestrial atmosphere; Apple; Blackshades; BrandZ Top 100 Most Valuable Global Brands 2014; Bruno Michel; Cassidy Wolf; Cisco Systems; Computer Science and Artificial Intelligence Lab; Connected Car Dashboards; CryptoLocker; Daniela Rus; EU; Erik Demaine; Eurojust; European Court of Justice; European Union; Europol; Evgeniy Mikhailovich Bogachev; Ford Motor Co.; Gameover Zeus; Google; Google Spain; HydroPoint Data Systems; IBM; Internet of Things; IoT; LLCD; Lincoln Laboratory; Lunar Laser Communication Demonstration; MIT; Microsoft; Millward Brown; NASA's Lunar Atmosphere and Dust Environment Explorer; NIST; Operation Tovar; Pirelli; Real-Time Location System; Spanish Data Protection Agency; Splunk; Stanley Healthcare; Trojan; US Federal Bureau of Investigation; US Justice Department; US National Institute of Standards and Technology; WeatherTRAK; botnet; eBay; electronic blood; facial recognition; history of computing; malware; practical applications; privacy; ransomware; robotics; security; self-assembly; supercomputers; the European  Cybercrime Center (ID#: 16-10590)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6861917&isnumber=6861869

“Flying Robots Designed to Form Emergency Network,” in Computer, vol. 44, no. 5, pp. 14-16, May 2011. doi: 10.1109/MC.2011.146
Abstract: European academic researchers have developed a constellation of robust, lightweight flying robots using wireless communications that could be employed in mapping, remote sensing, ground searches, and other similar operations. The robots consist of a flying-wing airframe, with neither fuselage nor tail. They are propelled by a single electric motor running on a battery capable of 30 minutes. The aircraft have an 80-centimeter wingspan, weigh about 500 grams, and are built with inexpensive, lightweight yet strong polypropylene foam. Their airspeeds can range between 8 and 20 meters per second (between 18 and 45 miles per hour), and they can fly as high as several kilometers, although a swarm generally stays below 150 meters to avoid conflicts with general aviation.
Keywords: aerospace components; aerospace robotics; polymers; radiocommunication; electric motor; emergency network; flying-wing airframe; ground search operation; mapping operation; polypropylene foam; remote sensing operation; wingspan; wireless communications; SMAVNET; botnets; dual-core processors; flying robots; mobile computing Trojans; mobile malware; organic thin-film transistors (OTFTs); phishing; ransomware; spyware (ID#: 16-10591)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5767722&isnumber=5767713

L. D. Paulson, “News Briefs,” in Computer, vol. 38, no. 7, pp. 24-25, July 2005. doi: 10.1109/MC.2005.238
Abstract: Proponents are about to initiate a project designed to issue standard identification codes for viruses, worms, and Trojan horses. This plan is designed to end the confusion produced by the current practice of security companies each having their own name for a specific type of malware. The US Computer Emergency Readiness Team - which coordinates cyberattack responses as part of the US Department of Homeland Security - has finished testing its Common Malware Enumeration (CME) project and is making it available for adoption by security companies. The MITRE Corp., which conducts R&D programs for the federal government, runs the CME project for US-CERT with the help of antivirus companies. When a malware attack occurs, an industry researcher would submit a code sample and a description to CME officials. A CME panel of security-company representatives would discuss the malware and determine whether it is the same as or different from an existing threat. If different, the board would issue an identifier. MITRE would then publish information about the malware on the CME Web site.
Keywords: invasive software; Common Malware Enumeration project; MITRE Corp.; Trojan horses; US Computer Emergency Readiness Team; US Department of Homeland Security; antivirus company; computer viruses; cyberattack response; identification code; intrusion detection; security company; worms; Global Grid Forum; Globus Alliance; Web security; essay-grading software; grid computing; hackers; microprocessors; predictive model-building; ransomware; robotics; self-replicating robots; software; standards (ID#: 16-10592)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1463100&isnumber=31455

S. Grzonkowski, A. Mosquera, L. Aouad, and D. Morss, “Smartphone Security: An Overview of Emerging Threats,” in IEEE Consumer Electronics Magazine, vol. 3, no. 4, pp. 40-44, Oct. 2014. doi: 10.1109/MCE.2014.2340211
Abstract: The mobile threat landscape has undergone rapid growth as smartphones have increased in popularity. The first generation of mobile threats saw attackers relying on various scams delivered through SMS. As the technology progressed and Web browsers, e-mail clients, and custom applications became standard on smartphones, attackers started exploiting new possibilities beyond traditional e-mail spam and phishing attacks. The landscape continues to evolve with mobile bitcoin miners, botnets, and ransomware.
Keywords: computer crime; invasive software; online front-ends; smart phones; telecommunication security; unsolicited e-mail; SMS; Web browsers; attackers; botnets; custom applications; e-mail clients; e-mail spam; emerging threats; mobile bitcoin miners; mobile threat landscape; phishing attacks; ransomware; scams; smartphone security; Computer security; Malware; Mobile communication; Network security; Privacy; Smart phones; Software development (ID#: 16-10593)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6914660&isnumber=6914657

A. Bianchi, J. Corbetta, L. Invernizzi, Y. Fratantonio, C. Kruegel, and G. Vigna, “What the App is That? Deception and Countermeasures in the Android User Interface,” Security and Privacy (SP), 2015 IEEE Symposium on, San Jose, CA, 2015, pp. 931-948. doi: 10.1109/SP.2015.62
Abstract: Mobile applications are part of the everyday lives of billions of people, who often trust them with sensitive information. These users identify the currently focused app solely by its visual appearance, since the GUIs of the most popular mobile OSes do not show any trusted indication of the app origin. In this paper, we analyze in detail the many ways in which Android users can be confused into misidentifying an app, thus, for instance, being deceived into giving sensitive information to a malicious app. Our analysis of the Android platform APIs, assisted by an automated state-exploration tool, led us to identify and categorize a variety of attack vectors (some previously known, others novel, such as a non-escapable full screen overlay) that allow a malicious app to surreptitiously replace or mimic the GUI of other apps and mount phishing and click-jacking attacks. Limitations in the system GUI make these attacks significantly harder to notice than on a desktop machine, leaving users completely defenseless against them. To mitigate GUI attacks, we have developed a two-layer defense. To detect malicious apps at the market level, we developed a tool that uses static analysis to identify code that could launch GUI confusion attacks. We show how this tool detects apps that might launch GUI attacks, such as ransom ware programs. Since these attacks are meant to confuse humans, we have also designed and implemented an on-device defense that addresses the underlying issue of the lack of a security indicator in the Android GUI. We add such an indicator to the system navigation bar, this indicator securely informs users about the origin of the app with which they are interacting (e.g., The Pay Pal app is backed by “Pay Pal, Inc.”). We demonstrate the effectiveness of our attacks and the proposed on-device defense with a user study involving 308 human subjects, whose ability to detect the attacks increased significantly when using a system equipped with our defense.
Keywords: Android (operating system); graphical user interfaces; invasive software; program diagnostics; smart phones; Android platform API; Android user interface; GUI confusion attacks; app origin; attack vectors; automated state-exploration tool; click-jacking attacks; desktop machine; malicious app; mobile OS; mobile applications; on-device defense; phishing attacks; ransomware programs; security indicator; sensitive information; static analysis; system navigation bar; trusted indication; two-layer defense; visual appearance; Androids; Graphical user interfaces; Humanoid robots; Navigation; Security; Smart phones; mobile-security; static-analysis; usable-security (ID#: 16-10594)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7163069&isnumber=7163005

A. Sanatinia and G. Noubir, “OnionBots: Subverting Privacy Infrastructure for Cyber Attacks,” Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, Rio de Janeiro, 2015, pp. 69-80. doi: 10.1109/DSN.2015.40
Abstract: Over the last decade botnets survived by adopting a sequence of increasingly sophisticated strategies to evade detection and take overs, and to monetize their infrastructure. At the same time, the success of privacy infrastructures such as Tor opened the door to illegal activities, including botnets, ransomware, and a marketplace for drugs and contraband. We contend that the next waves of botnets will extensively attempt to subvert privacy infrastructure and cryptographic mechanisms. In this work we propose to preemptively investigate the design and mitigation of such botnets. We first, introduce OnionBots, what we believe will be the next generation of resilient, stealthy botnets. OnionBots use privacy infrastructures for cyber attacks by completely decoupling their operation from the infected host IP address and by carrying traffic that does not leak information about its source, destination, and nature. Such bots live symbiotically within the privacy infrastructures to evade detection, measurement, scale estimation, observation, and in general all IP-based current mitigation techniques. Furthermore, we show that with an adequate self-healing network maintenance scheme, that is simple to implement, OnionBots can achieve a low diameter and a low degree and be robust to partitioning under node deletions. We develop a mitigation technique, called SOAP, that neutralizes the nodes of the basic OnionBots. In light of the potential of such botnets, we believe that the research community should proactively develop detection and mitigation methods to thwart OnionBots, potentially making adjustments to privacy infrastructure.
Keywords: IP networks; computer network management; computer network security; data privacy; fault tolerant computing; telecommunication traffic; Cyber Attacks; IP-based mitigation techniques; OnionBots; SOAP; Tor; botnets; cryptographic mechanisms; destination information; host IP address; illegal activities; information nature; node deletions; privacy infrastructure subversion; resilient-stealthy botnets; self-healing network maintenance scheme; source information; Cryptography; Maintenance engineering; Peer-to-peer computing; Privacy; Relays; Servers; botnet; cyber security; privacy infrastructure; self-healing network (ID#: 16-10595)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266839&isnumber=7266818

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Secure File Sharing 2015

	Secure File Sharing 2015

Data leakage while file sharing continues to be a major problem for cybersecurity, especially with the advent of cloud storage. Secure file sharing is relevant to the Science of Security community hard topics of resilience, composability, metrics, and human behavior. The articles cited here were presented in 2015.

A. Afanasyev, Zhenkai Zhu, Yingdi Yu, Lijing Wang, and Lixia Zhang, “The Story of ChronoShare, or How NDN Brought Distributed Secure File Sharing Back,” Mobile Ad Hoc and Sensor Systems (MASS), 2015 IEEE 12th International Conference on, Dallas, TX, 2015, pp. 525-530. doi: 10.1109/MASS.2015.59
Abstract: Information sharing among a group of friends or colleagues in real life is usually a distributed process: we tell each other interesting or important news without any mandatory assistance or approval from a third party. Surprisingly, this is not what happens when sharing files among a group of friends over the Internet. While the goal of file sharing is to disseminate files among multiple parties, due to the constraints imposed by IP’s point-to-point communication model, most of today’s file sharing applications, such as Drop box, Google Drive, etc., resort to a centralized design paradigm: a user first uploads files to the server (cloud), and the server (cloud) re-distributes these files to other users, resulting in unnecessary tussles and inefficient data distribution paths. To bring the truly distributed file sharing back into the cyberspace, this paper presents Chrono Share, a distributed file sharing application built on top of the Named Data Networking (NDN) architecture. By walking through Chrono Share design details, we show how file sharing, as well as many other similar applications, can be effectively implemented over NDN in a truly distributed and secure manner.
Keywords: Internet; peer-to-peer computing; security of data; ChronoShare; NDN architecture; Named Data Networking architecture; distributed secure file sharing; Cryptography; Distributed databases; IP networks; Peer-to-peer computing; Servers; Synchronization; File Sharing; Named Data Networking (ID#: 16-10597)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7366987&isnumber=7366897

M. I. Yousuf and S. Kim, “Coping with Bad-Mouthing in Peer-to-Peer File Sharing Networks,” Peer-to-Peer Computing (P2P), 2015 IEEE International Conference on, Boston, MA, 2015, pp. 1-9. doi: 10.1109/P2P.2015.7328514
Abstract: In the recent years, the P2P file sharing systems have adopted rating systems in the hope to stop the propagation of bad files. In a rating system, users rate files after downloading and a file with positive feedback is considered a good file. However, a dishonest rater can undermine the rating system by giving positive rating to bad files and negative rating to good files. In this paper, we design two filters based on probabilistic models such that the good files with negative feedback are not completely kept out of the system. The first filter is based on the binomial distribution of the ratings of a file, and the second filter considers the confidence of the downloading peer and the difference of positive and negative ratings of a file to calculate the probability to take a risk to download the file or reject it. Our filters only need the ratings of a file and this makes them suitable for popular torrent sharing websites that rank the files using a binary rating system without any information about raters. In addition, we can implement them entirely on the client side without any modification to the content sharing sites.
Keywords: information filters; peer-to-peer computing; security of data; P2P file sharing systems; bad-mouthing; binary rating system; filters; peer-to-peer file sharing networks; torrent sharing Websites; Data models; Peer-to-peer computing; Predictive models; Probabilistic logic; Probability; Probability density function; Radiation detectors (ID#: 16-10598)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7328514&isnumber=7328510

A. Sarkar and N. Prakash, “File Sharing System Encapsulated with Customized Social Networking and Learning Management System,” Computing and Communication (IEMCON), 2015 International Conference and Workshop on, Vancouver, BC, 2015, pp. 1-7. doi: 10.1109/IEMCON.2015.7344450
Abstract: In the proposed system, we have developed an application which aids in file sharing coupled with security. The application is modeled in such a way that there exists a hierarchical classification of employees. A root is at the topmost position in the organization with levels below him. The application enables a user to create files and share them with other users depending upon his or her position in the hierarchy. This application encapsulates several security measures integrated with the flexibility of sharing files easily with a single or multiple users without the use of ‘email’. This application is simple, easy to use and secure. Security of files is implemented by the use of cryptography in various file modes. In this paper, we have created an application which aids in file sharing within an organization coupled with a security system.
Keywords: cryptography; electronic mail; learning management systems; peer-to-peer computing; personnel; social networking (online); cryptography; customized social networking; e-mail; file creation; file security; file sharing; file sharing system encapsulation; hierarchical employee classification; learning management system; security measure; Computer science; Computers; Cryptography; Electronic mail; Organizations; Peer-to-peer computing; File sharing; Hierarchical position; encryption; flexibility in sharing; replacement of email in organization; security of files by different modes (ID#: 16-10599)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7344450&isnumber=7344420

Atiq ur Rehman et al., “Web & Android Based File Sharing, Hardware Monitoring and Control,” Emerging Technologies (ICET), 2015 International Conference on, Peshawar, 2015, pp. 1-5. doi: 10.1109/ICET.2015.7389170
Abstract: Web based file sharing and storage has recently became a necessary part of everyday data on the Enterprise level is needed to be stored in such a way that it can be retrieved easily from anywhere. This is the main concept of cloud computing & storage. Cloud computing has revolutionized the software industry, as the storage capacity on the internet is virtually infinite and it is most suited for enterprises to store and backup their vast life for every individual. Not only on the individual level but also amounts of data. One of the special and amazing feature of cloud storage is data synchronization. This allows the data to be synchronized i.e. mirrored on different platforms automatically. Another important concept is of web based connectivity of objects embedded with Electronics, Software and Sensors known as Internet of Things (IoT). These two concepts are key in fourth generation industrial revolution (Industry 4.0). The main theme of this paper is to combine the cloud storage and IoT as single software for an Enterprise. We have targeted the three main needs of an enterprise i.e. Data management, Hardware monitoring & control and Security. Different modules are designed for this purpose. A website, a Desktop Application and an Android Application is designed for data synchronization. Hardware is also monitored and controlled through the website and Android Application. Live video streaming feature is also included in the Website for security and surveillance purposes.
Keywords: Android (operating system); DP industry; Internet of Things; Web sites; cloud computing; peer-to-peer computing; storage management; synchronisation; Android application; Android based file sharing; Industry 4.0; IoT; Web based connectivity; Web based file sharing; Web based file storage; Web site; World Wide Web; cloud computing; cloud storage; data management; data synchronization; desktop application; enterprise level; fourth generation industrial revolution; hardware control; hardware monitoring & control; live video streaming feature; software industry; storage capacity; surveillance purpose; Buildings; Cities and towns; Databases; Man machine systems; Monitoring; Servers (ID#: 16-10600)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7389170&isnumber=7389159

M. R. Heckman, R. R. Schell, and E. E. Reed, “A Multi-Level Secure File Sharing Server and Its Application to a Multi-Level Secure Coud,” Military Communications Conference, MILCOM 2015 - 2015 IEEE, Tampa, FL, 2015, pp. 1224-1229. doi: 10.1109/MILCOM.2015.7357613
Abstract: Contemporary cloud environments are built on low-assurance components, so they cannot provide a high level of assurance about the isolation and protection of information. A “multi-level” secure cloud environment thus typically consists of multiple, isolated clouds, each of which handles data of only one security level. Not only are such environments duplicative and costly, data “sharing” must be implemented by massive, wasteful copying of data from low-level domains to high-level domains. The requirements for certifiable, scalable, multi-level cloud security are threefold: (1) To have trusted, high-assurance components available for use in creating a multi-level secure cloud environment; (2) To design a cloud architecture that efficiently uses the high-assurance components in a scalable way, and (3) To compose the secure components within the scalable architecture while still verifiably maintaining the system security properties. This paper introduces a trusted, high-assurance file server and architecture that satisfies all three requirements. The file server is built on mature technology that was previously certified and deployed across domains from TS/SCI to Unclassified and that supports high-performance, low-to-high and high-to-low file sharing with verifiable security.
Keywords: cloud computing; file servers; peer-to-peer computing; security of data; data sharing; multilevel secure cloud; multilevel secure file sharing server; Cloud computing; Computer architecture; Computer security; File servers; Kernel; Servers; GEMSOS; Multi-level security; Network file service; Security kernel (ID#: 16-10601)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7357613&isnumber=7357245

P. Rad, M. Muppidi, A. S. Jaimes, S. S. Agaian, and M. Jamshidi, “Secure Proxy Service Using p-Fibonacci Transformation of Cosine Coefficients on Cloud File Sharing Environment,” High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, New York, NY, 2015, pp. 1454-1459. doi:10.1109/HPCC-CSS-ICESS.2015.304
Abstract: In this paper, we sketch the idea of double image encryption service to provide the privacy and authentication on big-data image libraries on cloud computing environment. The encoding of the image is done using the P-Fibonacci transform of Discrete Cosine Coefficients “PFCC” algorithm. First, using Discrete Cosine Transfer (DCT), we transfer an image from the spatial domain to the frequency domain. Second, we utilize the Fibonacci P-code for image bit-plane decomposition and the 2D P-Fibonacci transform for image encryption. Furthermore detailed simulations have been carried out to test the encryption service on cloud file sharing environment such as OpenStack Object Storage and flicker.
Keywords: Big Data; cloud computing; cryptography; data privacy; discrete cosine transforms; image coding; libraries; peer-to-peer computing; 2D P-Fibonacci transform; Big-Data image libraries authentication; Big-Data image libraries privacy; DCT; Fibonacci P-code; cloud computing environment; cloud file sharing environment; discrete cosine coefficients PFCC algorithm; discrete cosine transfer; double image encryption service; frequency domain; image bit-plane decomposition; image encoding; p-Fibonacci transformation; secure proxy service; spatial domain; Discrete cosine transforms; Encryption; Image reconstruction; Cloud computing; Discrete Cosine Transform; Image encryption; OpenStack Object Storage; p-Fibonacci Transform (ID#: 16-10602)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7336373&isnumber=7336120

Yan Zhu, Feng Pu, Guohua Gan, Ruiqi Guo, and Shuqing Zhang, “Traitor Tracing and Revocation for Secure Decoders in File Syncing-and-Sharing Service,” Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual, Taichung, 2015, pp. 504-509. doi: 10.1109/COMPSAC.2015.62
Abstract: Today, many cloud storage services have been available to small-to-medium business and individuals by file syncing-and-sharing (FSS) service. To meet the security requirement of FSS, we present a new architecture based on secure Player/Reader box with RBAC-compatible cryptosystem, which supports to access the encrypted data in the cloud, as well as traitor tracing and revocation mechanisms for pirate box. We improve a cryptosystem, called Partially-ordered Hierarchical Encryption (PHE) to realize this architecture. In this system, two security mechanisms, traitor tracing and revocation, are provided to support efficient digital forensics. The result of performance evaluation shows that our scheme is more efficient than the existing schemes with traitor tracing and revocation.
Keywords: cloud computing; peer-to-peer computing; security of data; small-to-medium enterprises; RBAC-compatible cryptosystem; cloud storage services; digital forensics; file syncing-and-sharing service; partially-ordered hierarchical encryption; pirate box; revocation mechanisms; secure Player box; secure Reader box; secure decoders; security requirement; small-to-medium business; traitor revocation; traitor tracing; Access control; Computer architecture; Encryption; Frequency selective surfaces; Cloud Storage; Partial Order Key Hierarchy; Revocation; Security; Traitor Tracing (ID#: 16-10603)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7273659&isnumber=7273573

V. S. S. Nadendla, Y. S. Han, and P. K. Varshney, “Information-Dispersal Games for Security in Cognitive-Radio Networks,” Information Theory (ISIT), 2015 IEEE International Symposium on, Hong Kong, 2015, pp. 1600-1604. doi: 10.1109/ISIT.2015.7282726
Abstract: Rabin’s information dispersal algorithm (IDA) simultaneously addresses secrecy and fault-tolerance by encoding a data file and parsing it into unrecognizable data-packets before transmitting or storing them in a network. In this paper, we redesign Rabin’s IDA for cognitive-radio networks where the routing paths are available with uncertainty. In addition, we also assume the presence of an attacker in the network which attempts to simultaneously compromise the confidentiality and data-integrity of the source message. Due to the presence of two rational entities with conflicting motives, we model the problem as a zero-sum game between the source and the attacker and investigate the mixed-strategy Nash Equilibrium by decoupling the game into two linear programs which have a primal-dual relationship.
Keywords: cognitive radio; data integrity; fault tolerance; game theory; linear programming; message authentication; network coding; packet radio networks; source coding; telecommunication network reliability; telecommunication network routing; Rabin IDA; Rabin information dispersal algorithm; cognitive radio network security; data file encoding; data file parsing; data packet storage; data packet transmission; fault tolerance; information-dispersal game; linear program; mixed-strategy Nash equilibrium; primal-dual relationship; routing path; secrecy; source message confidentiality; source message data integrity; unrecognizable data packet; zero-sum game; Fault tolerance; Fault tolerant systems; Game theory; Games; Network topology; Random variables; Reed-Solomon codes; Byzantine Attacks; Cognitive-Radio Networks; File-Sharing Networks; Information Dispersal Games; Reed-Solomon Codes (ID#: 16-10604)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282726&isnumber=7282397

S. J. Shivankar and M. P. Tembhurkar, “Comparative Analysis on Security Techniques in VoIP Environment,” Electronics and Communication Systems (ICECS), 2015 2nd International Conference on, Coimbatore, 2015, pp. 1176-1180. doi: 10.1109/ECS.2015.7124770
Abstract: VoIP is technology for transmitting voice and data over IP for communication. It has various benefits such as, voice messaging, calling, video messaging as well as video conferencing with file sharing. VoIP is better than Public Switched Telephone Network (PSTN) and cellular network. We can see all the services in VoIP based application such as Skype, Google talk. Due to the file sharing and information transformation in VoIP, there are more chances to loss valuable data information. For that the security provisions must be there. To prevent from such problem there are various techniques designed. In this research paper we study that various techniques proposed for security in VoIP environment.
Keywords: Internet telephony; computer network security; peer-to-peer computing; VoIP environment security technique; data over IP transmission; file sharing; information transformation; voice transmission; Computer crime; Computer science; IP networks; Internet telephony; Protocols; Servers; Denial of service attack; Voice over Internet Protocol (VoIP); detection and prevention techniques; security (ID#: 16-10605)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7124770&isnumber=7124722

Kyunghee Oh and Dooho Choi, “A Distributed File System over Unreliable Network Storages,” Information and Communication Technology Convergence (ICTC), 2015 International Conference on, Jeju, 2015, pp. 653-657. doi: 10.1109/ICTC.2015.7354631
Abstract: Nowadays, an individual uses multiple ICT devices such as PCs, laptops, smart phones and others. And the content files are not dedicated to a specific device, but shared by the devices. One of the sharing services is the personal cloud computing. Users can backup, synchronize, share and manage their files with it. But most cloud systems have their own dedicated interfaces and it is not easy to use files in various applications. We propose a distributed file system which works with the legacy internet protocols. Applications on devices can share files with the general file i/o interface, and our system enhanced reliability of file storages in both aspects of failures of servers and security risks.
Keywords: client-server systems; cloud computing; computer network security; distributed databases; transport protocols; ICT devices; cloud systems; content files; distributed file system; file backup; file management; file sharing; file storage reliability enhancement; file synchronization; file systems; general file I/O interface; legacy Internet protocols; personal cloud computing; security risk failures; server failures; sharing services; unreliable network storages; Cloud computing; File systems; Peer-to-peer computing; Protocols; Servers; Synchronization; clustered file system; erasure code; personal cloud storage (ID#: 16-10606)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7354631&isnumber=7354472

S. Huda, A. Sudarsono, and T. Harsono, “Secure Data Exchange Using Authenticated Ciphertext-Policy Attributed-Based Encryption,” Electronics Symposium (IES), 2015 International, Surabaya, 2015, pp. 134-139. doi: 10.1109/ELECSYM.2015.7380829
Abstract: Easy sharing files in public network that is intended only for certain people often resulting in the leaking of sharing folders or files and able to be read also by others who are not authorized. Secure data is one of the most challenging issues in data sharing systems. Here, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a reliable asymmetric encryption mechanism which deals with secure data and used for data encryption. It is not necessary encrypted to one particular user, but recipient is only able to decrypt if and only if the attribute set of his private key match with the specified policy in the ciphertext. In this paper, we propose a secure data exchange using CP-ABE with authentication feature. The data is attribute-based encrypted to satisfy confidentiality feature and authenticated to satisfy data authentication simultaneously.
Keywords: electronic data interchange; private key cryptography; set theory; CP-ABE; asymmetric encryption mechanism; authentication feature; ciphertext-policy attribute-based encryption; confidentiality feature; data authentication; data encryption; data sharing systems; file sharing; private key attribute set; public network; secure data exchange; Access control; Ad hoc networks; Authentication; Encryption; Military aircraft; Authentication; CP-ABE; Data security; Data sharing (ID#: 16-10607)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7380829&isnumber=7380788

J. M. Reddy and C. Hota, “Heuristic-Based Real-Time P2P Traffic Identification,” Emerging Information Technology and Engineering Solutions (EITES), 2015 International Conference on, Pune, 2015, pp. 38-43. doi: 10.1109/EITES.2015.16
Abstract: Peer-to-Peer (P2P) networks have seen a rapid growth, spanning diverse applications like online anonymity (Tor), online payment (Bit coin), file sharing (Bit Torrent), etc. However, the success of these applications has raised concerns among ISPs and Network administrators. These types of traffic worsen the congestion of the network, and create security vulnerabilities. Hence, P2P traffic identification has been researched actively in recent times. Early P2P traffic identification approaches were based on port-based inspection. Presently, Deep Packet Inspection (DPI) is a prominent technique used to identify P2P traffic. But it relies on payload signatures which are not resilient against port masquerading, traffic encryption and NATing. In this paper, we propose a novel P2P traffic identification mechanism based on the host behaviour from the transport layer headers. A set of heuristics was identified by analysing the off-line datasets collected in our test bed. This approach is privacy preserving as it does not examine the payload content. The usefulness of these heuristics is shown on real-time traffic traces received from our campus backbone, where in the best case only 0.20% of flows were unknown.
Keywords: cryptography; data privacy; peer-to-peer computing; telecommunication security; telecommunication traffic; Bit coin; DPI; ISP; NATing; P2P network; P2P traffic identification mechanism; bit torrent; deep packet inspection; file sharing; heuristic-based real-time P2P traffic identification; network administrator; off-line dataset; online anonymity; online payment; payload signature; peer-to-peer network; port masquerading; port-based inspection; privacy preserving; real-time traffic; security vulnerability; traffic encryption; transport layer header; Accuracy; Internet; Payloads; Peer-to-peer computing; Ports (Computers); Protocols; Servers (ID#: 16-10608)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7083382&isnumber=7082065

A. Naghizadeh, S. Berenjian, B. Razeghi, S. Shahanggar, and N. R. Pour, “Preserving Receiver’s Anonymity for Circular Structured P2P Networks,” Consumer Communications and Networking Conference (CCNC), 2015 12th Annual IEEE, Las Vegas, NV, 2015, pp. 71-76. doi: 10.1109/CCNC.2015.7157949
Abstract: Some unique attributes of P2P networks such as cost efficiency and scalability, contributed for the widespread adaptation of these networks. Since P2P applications are mostly used in file-sharing, preserving anonymity of users has become a very important subject for researchers. As a result, a lot of methods are suggested for P2P networks to preserve anonymity of users. Most of these methods, by relying on established anonymous solutions on client/server applications, are presented for unstructured P2P networks. But structured overlays, by using Distributed Hash Tables (DHT) for their routing, do not resemble traditional paradigms. Therefore, current anonymous methods can not be implemented for them easily. In this paper, we introduce a novel methodology to provide receiver’s anonymity for circular P2P structures. With this method, we get help from inherited features of network infrastructure to establish a standard way for making tunnels. Our purpose is to introduce a flexible design which is able to manage different parts of the tunnels on current infrastructures. For this purpose, we implement our method on top of Chord to show how such design can be managed for real world applications. The results of applied method on a chord-like network shows that by managing critical features of our method, a trade-off can be made between stronger security and performance of the network.
Keywords: client-server systems; computer network security; peer-to-peer computing; telecommunication network routing; chord-like network; circular structured P2P networks; client-server applications; cost efficiency; file-sharing; receiver anonymity preservation; scalability; unstructured P2P networks; Conferences; Cryptography; Peer-to-peer computing; Receivers; Routing; Tunneling; Anonymity; Chord; P2P; Security (ID#: 16-10609)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7157949&isnumber=7157933

R. Mohan, V. Vaidehi, A. Krishna A, M. Mahalakshmi, and S. S. Chakkaravarthy, “Complex Event Processing Based Hybrid Intrusion Detection System,” Signal Processing, Communication and Networking (ICSCN), 2015 3rd International Conference on, Chennai, 2015, pp. 1-6. doi: 10.1109/ICSCN.2015.7219827
Abstract: Insider threats are evolving constantly and misuse the granted resource access for various malicious activities. These insider threats make use of internal network flaws as the loop holes and are the root cause for data exfiltration and infiltration (Data leakage). Organizations are devising and deploying new solutions for analyzing, monitoring and predicting these insider threats. However data leakage and network breach problems still exist and are increasing day by day. This is due to multiple root accounts, top priority privileges, shared root access, shared file system privileges etc. In this paper a new Hybrid Intrusion Detection System (IDS) is developed to overcome the above stated problem. The objective of this research is to develop a Complex Event Processing (CEP) based Hybrid IDS that integrates the output of the Host IDS and Network IDS into the CEP Module and produces a consolidated output with higher accuracy. The overall deployment protects the internal information system without any data leakage by Stateful Packet Inspection. Multivariate Correlation Analysis (MCA) is used to estimate and characterize the normal behavior of the network and send the values to the CEP Engine which alerts in case of any deviation from the normal pattern. The performance of the proposed Hybrid IDS is examined using test bed with normal and various attack scenarios.
Keywords: computer network security; peer-to-peer computing; CEP engine; CEP module; complex event processing; data exfiltration; data infiltration; data leakage problem; file system privilege sharing; file system sharing; host IDS; hybrid IDS; hybrid intrusion detection system; internal information system; internal network flaw; loop hole; multivariate correlation analysis; network IDS; network breach problem; root access sharing; stateful packet inspection; threat analysis; threat monitoring; threat prediction; Covariance matrices; Feature extraction; Linux; Random access memory; Servers; Standards; Testing; CEP; Hybrid IDS; IDS; Insider Threat; MCA; Multivariate Correlation Analysis (ID#: 16-10610)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7219827&isnumber=7219823

B. Tozer, T. Mazzuchi, and S. Sarkani, “Optimizing Attack Surface and Configuration Diversity Using Multi-Objective Reinforcement Learning,” 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA), Miami, FL, USA, 2015, pp. 144-149. doi: 10.1109/ICMLA.2015.144
Abstract: Minimizing the attack surface of a system and introducing diversity into a system are two effective ways to improve system security. However, determining how to include diversity in a system without increasing the attack surface more than necessary is a difficult problem, requiring knowledge about the system characteristics, operating environment, and available permutations that is generally not available prior to system deployment. We propose viewing a system’s components, interfaces, and communication channels as a set of states and actions that can be analyzed using a sequential decision making process, and using a multi-objective reinforcement learning algorithm to learn a set of policies that minimize a system’s attack surface and execute those policies to obtain configuration diversity while a system is operating. We describe a methodology for designing a system such that its components and behaviors can be translated into a multi-objective Markov Decision Process, demonstrate the use of multi-objective reinforcement learning to learn a set of optimal policies using three different multi-objective reinforcement learning algorithms in the context of an online file sharing application, and show that our multi-objective temporal difference afterstate algorithm outperforms the alternatives for the example problem.
Keywords: Algorithm design and analysis; Communication channels; Computer architecture; Learning (artificial intelligence); Markov processes; Security; Surface treatment; cybersecurity; moving target defense; multi-objective reinforcement learning}, (ID#: 16-10611)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7424300&isnumber=7424247

H. Seuschek and S. Rass, “Side-Channel Leakage Models for RISC Instruction Set Architectures from Empirical Data,” Digital System Design (DSD), 2015 Euromicro Conference on, Funchal, 2015, pp. 423-430. doi: 10.1109/DSD.2015.117
Abstract: Side-channel attacks are currently among the most serious threats for embedded systems. Popular countermeasures to mitigate the impact of such attacks are masking schemes, where secret intermediate values are split in two or more values by virtue of secret sharing. Processing the secret happens on separate execution paths, which are executed on the same central processing unit (CPU). In case of unwanted correlations between different registers inside the CPU the shared secret may leak out through a side-channel. This problem is particularly evident on low cost embedded systems, such as nodes for the Internet of Things (IoT), where cryptographic algorithms are often implemented in pure software on a reduced instruction set computer (RISC). On such an architecture, all data manipulation operations are carried out on the contents of the CPU’s register file. This means that all intermediate values of the cryptographic algorithm at some stage pass through the register file. Towards avoiding unwanted correlations and leakages thereof, special care has to be taken in the mapping of the registers to intermediate values of the algorithm. In this work, we describe an empirical study that reveals effects of unintended unmasking of masked intermediate values and thus leaking secret values. The observed phenomena are related to the leakage of masked hardware implementations caused by glitches in the combinatorial path of the circuit but the effects are abstracted to the level of the instruction set architecture on a RISC CPU. Furthermore, we discuss countermeasures to have the compiler thwart such leakages.
Keywords: cryptography; embedded systems; program compilers; reduced instruction set computing; RISC CPU; RISC instruction set architectures; central processing unit; compiler; cryptographic algorithm; data manipulation operations; embedded systems; masked hardware implementations; masking schemes; secret sharing; side-channel attacks; side-channel leakage models; Central Processing Unit; Computer architecture; Correlation; Cryptography; Hamming distance; Reduced instruction set computing; Registers (ID#: 16-10612)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7302305&isnumber=7302233

Deepika K. S. and R. Balakrishnan, “Secure Multiowner Data Sharing in the Cloud,” Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015 International Conference on, Coimbatore, 2015, pp. 1-6. doi: 10.1109/ICIIECS.2015.7192920
Abstract: Cloud computing provides a cheap and economical resolution for sharing cluster resource among cloud users sharing knowledge during a multi-owner manner whereas protective knowledge and identity privacy from an untrusted cloud continues to be a difficult issue, as a result of the frequent modification of the membership. This project proposes a secure knowledge sharing, for dynamic teams within the cloud. It implies that any user within the cluster will firmly share knowledge with others by the untrusted cloud. With efficiency, specifically, new granted users will directly decipher knowledge files uploaded before their participation while not contacting with knowledge house owners. User revocation will be simply achieved through a completely unique revocation list while not changing the keys of the remaining users. The scale and computation overhead of secret writing are constant and freelance with the quantity of revoked users. This projected theme satisfies the required security necessities and guarantees potency furthermore with real time implementation in Google app engine.
Keywords: cloud computing; data handling; Google app engine; cloud computing; data sharing; decipher; Companies; Engines; Gold; Indexes; Knowledge engineering; Cloud computing; Data sharing; Dynamic groups; Google App Engine; Security; Web Server (ID#: 16-10613)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7192920&isnumber=7192777

Yun Tian, Xiao Qin, and Yafei Jia, “Secure Replica Allocation in Cloud Storage Systems with Heterogeneous Vulnerabilities,” Networking, Architecture and Storage (NAS), 2015 IEEE International Conference on, Boston, MA, 2015, pp. 205-214. doi: 10.1109/NAS.2015.7255217
Abstract: Highly available cloud storage is often implemented with complex, multi-tiered distributed systems built on top of clusters of commodity servers and disk drives. Storage reliability, security and performance are among the top desired features when clients consider storing data on cloud storage. Although replication improves reliability and performance in cloud storage systems, data replication increases the risk of data storage in an insecure network environment. When a cloud storage scales up, storage nodes are very likely to become heterogeneous in nature. In this study, we propose a secure replica allocation scheme called SecRA to improve security, reliability, and performance of a cloud storage system where storage nodes have a wide variety of vulnerabilities. Our SecRA integrates the techniques of replication and fragmentation with secret sharing in a heterogeneous cloud system, where storage nodes are comprised of various server types in terms of vulnerability characteristics. SecRA allocates data replicas of fragments of a file to as many different types of nodes as possible. For the replicas of the same fragment, SecRA tries to allocate these replicas to the same type of nodes in the system. Data assurance is significantly improved, because the replicas of different fragments of a file are allocated to multiple types of storage nodes. To quantitatively evaluate the quality of security offered by SecRA, we develop a storage assurance model. Our analytically results show that replica allocations made by SecRA lead to enhanced security thanks to the consideration of heterogeneous vulnerabilities in cloud storage systems.
Keywords: cloud computing; disc drives; file servers; secure storage; security of data; storage management; SecRA; cloud storage systems; commodity server clusters; data assurance; data replication; data storage risk; disk drives; heterogeneous cloud system; heterogeneous vulnerabilities; multitiered distributed systems; network environment; secret sharing; secure replica allocation scheme; storage assurance model; storage nodes; storage performance; storage reliability; storage security; vulnerability characteristics; Cloud computing; Cryptography; Reliability; Resource management; Secure storage; Servers (ID#: 16-10614)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7255217&isnumber=7255186

K. Patel and L. Ragha, “Binary Image Steganography in Wavelet Domain,” Industrial Instrumentation and Control (ICIC), 2015 International Conference on, Pune, 2015, pp. 1635-1640. doi: 10.1109/IIC.2015.7151012
Abstract: In today’s era sharing of secret data over internet has increased widely. Along with increase in frequent information sharing on Internet threat of malicious access also pulls significant attraction. Cryptography and Steganography are solution to this problem. Steganography is a technique to make private or secret data invisible to the world in order to send it over the network securely. In this paper we proposed an algorithm which is in transform domain and simple in calculation. To increase the level of security we encrypt the data before embedding it into the carrier file. We perform discrete wavelet transform on cover image followed by fusion. At last we perform inverse wavelet transform to get stego image. We compare original cover image and stego image; the results we obtained are good as both the images are almost identical. This is proved by high PSNR (Peak Signal to Noise Ratio) values we have obtained.
Keywords: cryptography; discrete wavelet transforms; image coding; inverse transforms; steganography; binary image steganography; image fusion; inverse wavelet transform; peak signal to noise ratio values; stego image; wavelet transform domain; Arrays; Cryptography; Discrete wavelet transforms; PSNR; Wavelet domain; Discrete Wavelet Transform; Steganography; special domain; transform domain (ID#: 16-10615)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7151012&isnumber=7150576

A. Bergh, “Distributing the Disruption,” Military Communications and Information Systems (ICMCIS), 2015 International Conference on, Cracow, 2015, pp. 1-6. doi: 10.1109/ICMCIS.2015.7158688
Abstract: The rapid uptake of smart mobile devices such as smartphones and the use of apps has been the great communication disruptor in civilian life in since 2007. This change has enabled always on and easy to use access to vast amounts of data and information, ranging from mapping via social media through to constant news updates and streaming media. This disruption is also rapidly spreading from the civilian to the military sphere. However, military work in this field has often focused on hardware and networking issues. Little has been done in terms of providing tools for staff within the armed forces for sustainable collaboration through the sharing of information and knowledge in the app format. In other words, the communication disruption is disrupted through the lack of useable utilities by the rank and file. These are often the ones who are best positioned to know what type of information (and information sharing) can be useful in the field.
Keywords: media streaming; mobile computing; smart phones; app format; communication disruption; information sharing; knowledge sharing; smart mobile device; smartphone; social media; streaming media; sustainable collaboration; Collaboration; Information management; Media; Security; Servers; Smart phones; app; collaboration; disruption; mil-app market; mobile devices; network (ID#: 16-10616)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7158688&isnumber=7158667

A. Upadhyaya and M. Bansal, “Deployment of Secure Sharing: Authenticity and Authorization Using Cryptography in Cloud Environment,” Computer Engineering and Applications (ICACEA), 2015 International Conference on Advances in, Ghaziabad, 2015, pp. 852-855. doi: 10.1109/ICACEA.2015.7164823
Abstract: Cloud computing is a cost-effective, scalable and flexible model of providing network services to a range of users including individual and business over the Internet. It has brought the revolution in the era of traditional method of storing and sharing of resources. It provides a variety of benefits to its users such as effective and efficient use of dynamically allocated shared resources, economics of scale, availability of resources etc. On the other part, cloud computing presents level of security risks because essential services are often controlled and handled by third party which makes it difficult to maintain data security and privacy and support data and service availability. Since cloud is a collection of machines called servers and all users’ data stored on these machines, it emerges the security issues of confidentiality, integrity and availability. Authentication and authorization for data access on cloud is more than a necessity. Our work attempts to overcome these security challenges. The proposed methodology provides more control of owner on the data stored on cloud by restricting the access to specific user for specific file with limited privileges and for limited time period on the basis of secret key using symmetric as well as asymmetric mechanism. The integrity and confidentiality of data is ensured doubly by not only encrypting the secret key but also to the access permission and limited file information.
Keywords: authorisation; cloud computing; commerce; cryptography; economies of scale; information retrieval; Internet; authenticity; authorization; availability of resources; business; cloud computing; cloud environment; cryptography; data access; dynamically allocated shared resources; economics of scale; network services; secure sharing; Authorization; Cloud computing; Computational modeling; Computers; Cryptography; Servers; Asymmetric Cryptography; Cloud Computing; Economics of Scale; Scalability; Symmetric Cryptography (ID#: 16-10617)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7164823&isnumber=7164643

S. Patil, P. R. Deshmukh, T. Chavan, P. Sangwan, V. Shastri, and A. Sunthwal, “Reduced Share Size Audio Secret Sharing,” Pervasive Computing (ICPC), 2015 International Conference on, Pune, 2015, pp. 1-4. doi: 10.1109/PERVASIVE.2015.7087082
Abstract: Communication over the network generally consists of conveying the messages in the form of texts and images. In recent times communication through audio has been introduced and has changed the scenario of transmission and reception of messages, which makes it mandatory to provide proper security to the audio data. Audio Secret Sharing provides a means of transmitting the secret audio message over a network securely. This is done essentially by dividing the original secret message into a pre-defined number of shares. To formulate the original secret a specified number of shares have to be combined and anything less than the specification provided would render the message unattainable. This paper puts forth the Audio Secret Sharing scheme based on Matrix Projection. The proposed scheme lends security and reliability to the audio files and also the share size has been reduced to a great extent.
Keywords: audio systems; cryptography; audio data security; audio file reliability; matrix projection; reduced share size audio secret sharing scheme; Computers; Cryptography; Matrix converters; Polynomials; Reliability; Routing; Audio Secret Sharing; Information Security; Matrix Projection; Reliability; Secret Sharing (ID#: 16-10618)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7087082&isnumber=7086957

N. Nassar and L. C. Chen, “Seed-Based Authentication,” Collaboration Technologies and Systems (CTS), 2015 International Conference on, Atlanta, GA, 2015, pp. 345-350. doi: 10.1109/CTS.2015.7210447
Abstract: Although web user authentication via username/password is widely used, this approach has many drawbacks. For example, users have to memorize textual passwords and to change the passwords frequently. Most importantly many users save their passwords in plain text that can potentially be exploited later. In this paper we proposed a new method for web applications to enhance user authentication that is less dependent on end users’ memory. This new method incorporates Pseudo Random Numbers that are generated by a seed stemmed from a root file, such as an image file, managed by the user and shared with the authentication server. The Pseudo Random Numbers, generated upon user login, are then served as one-time passwords for server authentication. We described our design, implementation and experiments that tested the randomness of these one-time passwords in a real world scenario. We also discussed how the proposed scheme can withstand common attacks such as replay attacks, dictionary attacks, and the denial-of-service attacks.
Keywords: Internet; message authentication; Web user authentication; denial-of-service attacks; dictionary attacks; end user memory; image file; one-time passwords; pseudorandom numbers; replay attacks; root file; seed-based authentication; server authentication; textual passwords; user login; username; Authentication; Dictionaries; Force; Generators; Servers; Uniform resource locators; authentication; information security; one-time password; pseudo random numbers (ID#: 16-10619)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7210447&isnumber=7210375

K. Rohloff, “Privacy-Preserving Data Exfiltration Monitoring Using Homomorphic Encryption,” Cyber Security and Cloud Computing (CSCloud), 2015 IEEE 2nd International Conference on, New York, NY, 2015, pp. 48-53. doi: 10.1109/CSCloud.2015.96
Abstract: Monitoring and encryption are essential to secure today’s computer networks. Monitoring network traffic data can be especially useful to protect against data exfiltration by detecting signatures in file metadata to identify especially sensitive files that should not be publicly released. Encryption restricts the visibility of signatures, but this may be needed because some signatures used to protect against data exfiltration may themselves be sensitive, as knowledge of signatures could help adversaries circumvent monitoring. We present results on a prototype exfiltration guard to securely and privately monitor flows of encrypted information for encrypted signatures without requiring the decryption of the data flows or the signatures or the sharing of decryption keys. Our approach is based on using homomorphic encryption to enables secure computing on encrypted data. We show experimental results with a prototype proof-of-concept encrypted data guard running on a commodity computing hardware. These designs point to possible future advances driven by ongoing homomorphic encryption improvements to compute on encrypted data for more advanced and secure filtering and exfiltration protection schemes.
Keywords: computer network security; cryptography; data privacy; computer networks; encrypted signatures; exfiltration protection schemes; homomorphic encryption; privacy-preserving data exfiltration monitoring; Computer architecture; Encryption; Monitoring; Prototypes; Public key; Data Guard; Homomorphic Encryption; Security (ID#: 16-10620)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371458&isnumber=7371418

A. Praveena and C. Sasikala, “Multi Authority Attribute Based Encryption Against Data Integrity and Scalability Issues in Cloud Data Services,” Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015 International Conference on, Coimbatore, 2015, pp. 1-5. doi: 10.1109/ICIIECS.2015.7192940
Abstract: Identity Privacy of the outsourced data as of public auditing is modelled as privacy concern in the cloud data service through the public auditing. With cloud data services, it is common place for data to be not only stored in the cloud, but also shared across frequent users. Regrettably, the integrity of cloud data is focus to cynicism due to the prolongation of hardware/software failures and human errors. We propose a novel privacy-preserving mechanism that supports public auditing on shared data stored in the cloud. Yet, issues such as risks of privacy exposure, scalability in key management, supple access and efficient user revocation, have remained the foremost challenges and achieving fine-grained, cryptographically enforced data access control. In particular, we exploit multi authority attribute based encryption to compute verification of the data stored in the cloud to audit the correctness of shared data. Through imposing the multi authority-ABE technique our mechanism, the identity of the attribute on each block in shared data is kept private from public verifiers so, that they can efficiently verify the data integrity without retrieving the entire file. It can also perform multiple auditing tasks simultaneously.
Keywords: auditing; authorisation; cloud computing; data integrity; data privacy; public key cryptography; cloud data integrity; cloud data service; cynicism; data verification; fine-grained-cryptographically enforced data access control; hardware failure prolongation; human errors; identity privacy; key management scalability risk; multiauthority attribute-based encryption; multiauthority-ABE technique; outsourced data; privacy exposure risk; privacy-preserving mechanism; public auditing; scalability issues; shared data storage; software failure prolongation; user revocation; Algorithm design and analysis; Cloud computing; Conferences; Data privacy; Encryption; Anonymization; Cloud Auditing; Cloud Security; MA-ABE; Privacy Preserving (ID#: 16-10621)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7192940&isnumber=7192777

A. Binbusayyis and Ning Zhang, “Decentralized Attribute-Based Encryption Scheme with Scalable Revocation for Sharing Data in Public Cloud Servers,” Cloud Technologies and Applications (CloudTech), 2015 International Conference on, Marrakech, 2015, pp. 1-8. doi: 10.1109/CloudTech.2015.7336985
Abstract: With the rapid development of cloud computing, it is attractive for enterprise companies to outsource their data files for sharing in cloud servers, as cloud computing can offer desirable characteristics, such as on-demand self-service, broad network access, and rapid elasticity. However, by uploading data files onto cloud servers, data owners (i.e. the companies) will lose control over their own data. This makes it essential to use Attribute-based encryption (ABE) because it can help to protect the data confidentiality by uploading data files in encrypted form. In addition, it can help to facilitate granting access to data by allowing only authorized users to decrypt the encrypted data files based on a set of attributes. However, this ABE approach includes three key issues. The first one is the complexity of user secret key management for large-scale cloud environments. The second is the complexity of revoking the users access rights. The third is the computational complexity involved in assigning user rights, encrypting and accessing data files. This paper addresses these three issues by proposing a decentralized ciphertext-policy ABE scheme (CP-DABE) for a large-scale cooperative cloud environment. The scheme reduces the complexity of user secret key management by providing a secure attribute delegation services between a master authority and a number of multiple attribute authorities. The scheme also reduces the complexity of revocation process by using Proxy Re-encryption technique to revoke any users access right. In addition, by comparing with most relative work, the scheme reduces the computational requirements for assigning user rights, encrypting and accessing data files. The scheme can support any LSSS access structure. In this paper, the cryptographic construction of the CP-DABE scheme is presented, and its efficiency is analyzed and compared with most relative work. The security of the CP-DABE scheme is discussed and selectively proved against chosen-p- aintext attacks under the decisional Bilinear Diffie-Hellman Exponent assumption. Finally, ideas to extend the CP-DABE scheme are discussed.
Keywords: cloud computing; computational complexity; cryptography; data protection; CP-DABE scheme; attribute-based encryption scheme; chosen-plaintext attacks; data confidentiality protection; data file access; data files encryption; data sharing; decentralized ciphertext-policy ABE scheme; decisional bilinear Diffie-Hellman exponent assumption; large-scale cooperative cloud environment; master authority; multiple attribute authorities; proxy reencryption technique; public cloud servers; secure attribute delegation services; user rights assignment; user secret key management; users access rights revocation; Cloud computing; Companies; Encryption; Permission; Servers; Access Control; Attribute Based Encryption; Cloud Computing; Public Key Cryptography (ID#: 16-10622)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7336985&isnumber=7336956

V. S. Sinha, D. Saha, P. Dhoolia, R. Padhye, and S. Mani, “Detecting and Mitigating Secret-Key Leaks in Source Code Repositories,” Mining Software Repositories (MSR), 2015 IEEE/ACM 12th Working Conference on, Florence, 2015, pp. 396-400. doi: 10.1109/MSR.2015.48
Abstract: Several news articles in the past year highlighted incidents in which malicious users stole API keys embedded in files hosted on public source code repositories such as GitHub and Bit Bucket in order to drive their own work-loads for free. While some service providers such as Amazon have started taking steps to actively discover such developer carelessness by scouting public repositories and suspending leaked API keys, there is little support for tackling the problem from the code sharing platforms themselves. In this paper, we discuss practical solutions to detecting, preventing and fixing API key leaks. We first outline a handful of methods for detecting API keys embedded within source code, and evaluate their effectiveness using a sample set of projects from GitHub. Second, we enumerate the mechanisms which could be used by developers to prevent or fix key leaks in code repositories manually. Finally, we outline a possible solution that combines these techniques to provide tool support for protecting against key leaks in version control systems.
Keywords: application program interfaces; public key cryptography; source code (software); code repositories; fix key leaks; key leaks protection; secret-key leaks detection; secret-key leaks mitigation; source code repositories; version control systems; Control systems; Facebook; History; Java; Leak detection; Pattern matching; Software; api keys; git; mining software repositories; security (ID#: 16-10623)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7180102&isnumber=7180053

Han Yiliang, Jiang Di, and Yang Xiaoyuan, “The Revocable Attribute Based Encryption Scheme for Social Networks,” Security and Privacy in Social Networks and Big Data (SocialSec), 2015 International Symposium on, Hangzhou, 2015, pp. 44-51. doi: 10.1109/SocialSec2015.18
Abstract: Attribute based encryption is one of the candidates to secure online social network. Providing an efficient revocation mechanism in attribute based encryption scheme is very important. To achieve the hierarchical access control and improve update efficiency, the revocable attribute based encryption scheme with hierarchical revocation based on multilinear maps is proposed. The shared file is divided into three portions. The user with the specific attributes will access the corresponding portion. The analysis shows that it has the constant key size and has the indistinguishability under chosen plaintext attacks.
Keywords: authorisation; cryptography; social networking (online); hierarchical access control; hierarchical revocation; multilinear maps; online social network; plaintext attacks; revocable attribute based encryption scheme; revocation mechanism; update efficiency; Access control; Electronic mail; Encryption; Generators; Social network services; attribute based encryption
(ID#: 16-10624)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371899&isnumber=7371823

A. Kumara M. A. and C. D. Jaidhar, “Hypervisor and Virtual Machine Dependent Intrusion Detection and Prevention System for Virtualized Cloud Environment,” Telematics and Future Generation Networks (TAFGEN), 2015 1st International Conference on, Kuala Lumpur, 2015, pp. 28-33. doi: 10.1109/TAFGEN.2015.7289570
Abstract: Cloud Computing enabled by virtualization technology exhibits revolutionary change in IT Infrastructure. Hypervisor is a pillar of virtualization and it allows sharing of resources to virtual machines. Vulnerabilities present in virtual machine leveraged by an attacker to launch the advanced persistent attacks such as stealthy rootkit, Trojan, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack etc. Virtual Machines are prime target for malignant cloud user or an attacker to launch attacks as they are easily available for rent from Cloud Service Provider (CSP). Attacks on virtual machine can disrupt the normal operation of cloud infrastructure. In order to secure the virtual environment, defence mechanism is highly imperative at each virtual machine to identify the attacks occurring at virtual machine in timely manner. This work proposes In-and-Out-of-the-Box Virtual Machine and Hypervisor based Intrusion Detection and Prevention System for virtualized environment to ensure robust state of the virtual machine by detecting followed by eradicating rootkits as well as other attacks. We conducted experiments using popular open source Host based Intrusion Detection System (HIDS) called Open Source SECurity Event Correlator (OSSEC). Both Linux and windows based rootkits, DoS attack, Files integrity verification test are conducted and they are successfully detected by OSSEC.
Keywords: Linux; cloud computing; computer network security; formal verification; virtual machines; CSP; DDoS attack; HIDS; IT Infrastructure; OSSEC; Windows based rootkits; cloud computing; cloud infrastructure; cloud service provider; defence mechanism; distributed denial of service attack; files integrity verification test; hypervisor; intrusion prevention system; open source host based intrusion detection system; open source security event correlator; persistent attacks; resource sharing; stealthy rootkit; trojan; virtual machines; virtualization technology; virtualized cloud environment; Computer crime; Databases; Intrusion detection; Kernel; Virtual machine monitors; Virtual machining; Cloud Computing; DoS Attack; Hypervisor; Intrusion Detection and Prevention System; Rootkit; Virtual Machine; Virtualization (ID#: 16-10625)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7289570&isnumber=7289553

M. Mattetti, A. Shulman-Peleg, Y. Allouche, A. Corradi, S. Dolev, and L. Foschini, “Securing the Infrastructure and the Workloads of Linux Containers,” Communications and Network Security (CNS), 2015 IEEE Conference on, Florence, 2015,
pp. 559-567. doi: 10.1109/CNS.2015.7346869
Abstract: One of the central building blocks of cloud platforms are linux containers which simplify the deployment and management of applications for scalability. However, they introduce new risks by allowing attacks on shared resources such as the file system, network and kernel. Existing security hardening mechanisms protect specific applications and are not designed to protect entire environments as those inside the containers. To address these, we present a LiCShield framework for securing of linux containers and their workloads via automatic construction of rules describing the expected activities of containers spawned from a given image. Specifically, given an image of interest LiCShield traces its execution and generates profiles of kernel security modules restricting the containers’ capabilities. We distinguish between the operations on the linux host and the ones inside the container to provide the following protection mechanisms: (1) Increased host protection, by restricting the operations done by containers and container management daemon only to those observed in a testing environment; (2) Narrow container operations, by tightening the internal dynamic and noisy environments, without paying the high performance overhead of their on-line monitoring. Our experimental results show that this approach is efficient to prevent known attacks, while having almost no overhead on the production environment. We present our methodology and its technological insights and provide recommendations regarding its efficient deployment with intrusion detection tools to achieve both optimized performance and increased protection. The code of the LiCShield framework as well as the presented experimental results are freely available for use at https://github.com/LinuxContainerSecurity/LiCShield.git. 
Keywords: Linux; cloud computing; resource allocation; security of data; LiCShield framework; Linux container workloads; automatic rule construction; cloud platforms; container capabilities; container management daemon; host protection; infrastructure security; intrusion detection tools; kernel security modules; narrow container operations; on-line monitoring; production environment; protection mechanisms; resource sharing; security hardening mechanism protection; Conferences; Containers; Intrusion detection; Kernel; Servers (ID#: 16-10626)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346869&isnumber=7346791

T. Markina, M. Koveshnikov, and D. Bazylev, “Abstract Models for System Virtualization,” Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT), 2015 7th International Congress on, Brno, 2015, pp. 210-215. doi: 10.1109/ICUMT.2015.7382429
Abstract: The paper is dedicated to issues of system objects securing (system files and user system or application configuration files) against unauthorized access including denial of service attacks. The method and developed abstract system virtualization models, which are used to research attack scenarios for different virtualization modes, are presented. Effectiveness for system tools virtualization technology is evaluated. Proposed technology is based on redirection of access requests to system objects shared among access subjects. Whole and partial system virtualization modes are modeled. The difference between them is the following: in the whole virtualization mode all copies of the access system objects are created whereon subjects’ requests are redirected including corresponding application objects; in the partial virtualization mode corresponding copies are created only for a part of the system, for example, only system objects for applications. Alternative solutions effectiveness is valued relating to different attack scenarios. Practical significance of the suggested security method is demonstrated.
Keywords: authorisation; computer network security; virtualisation; abstract model; access request redirection; denial of service attack; partial virtualization mode; system object security issue; system virtualization; unauthorized access; Access control; Computer crime; Information security; Operating systems; Virtual machining; Virtualization; abstract model; attack scenario; denial of service; informational security; security; system object; system tool virtualization (ID#: 16-10627)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7382429&isnumber=7382391

J. Yang, C. Fu, N. Shen, Z. Liu, C. Jia, and J. Li, “General Multi-Key Searchable Encryption,” Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, Gwangiu, 2015, pp. 89-95. doi: 10.1109/WAINA.2015.18
Abstract: We analysis outsourced server with multi-users and classify the data sharing into two main types. We focus on the data sharing between users in Searchable Encryption and the corresponding security goal. Then we present a general scheme for Searchable Encryption in which the cipher text can be generated from parameter by authorized users. With the concept of homomorphism and one-way function, we construct a general model to illustrate and fulfill the goals involved. We also promote such a model to a general Multi-Key Searchable Encryption which enables only a single submission for the retrievals in the documents encrypted by different keys. We also give two concrete examples to illustrate the feasibility and security in such a general model.
Keywords: cryptography; file servers; information retrieval; outsourcing; security of data; authorized users; ciphertext; data sharing classification; document encryption; multikey searchable encryption; one-way function; outsourced server analysis; Access control; Concrete; Data models; Encryption; Servers; Homomorphism; Multi-key; Searchable Encryption (ID#: 16-10628)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096153&isnumber=7096097

D. Tomović, I. Ognjanović and R. Šendelj, “Security Challenges of Integration of Hash Functions into Cloud Systems,” Embedded Computing (MECO), 2015 4th Mediterranean Conference on, Budva, 2015, pp. 110-114.
doi: 10.1109/MECO.2015.7181879
Abstract: Cloud Computing is a new paradigm for the IT industry. IT services such as infrastructures, platforms and applications are provided remotely, over the Internet, and all resources are virtualized. Challenges about confidentiality, integrity, authenticity, and non-repudiation are still opened representing the main concerns that reduces the growth of cloud computing. Hash based mechanisms are thus mainly used for message authentication and this paper analyses imposed security issues over clouds. To this end, recently developed semantically enhanced Cyber Security Model (CSM) is extended representing a promising solution capable to address all issues of heterogeneity, shared parties and different interests over clouds.
Keywords: cloud computing; file organisation; security of data; CSM; IT industry; IT services; Internet; cloud systems; hash based mechanisms; hash functions integration; security challenges; semantically enhanced cyber security model; shared parties; Cloud computing; Computational modeling; Computer security; Cryptography; Law; Resistance; hash functions; security (ID#: 16-10629)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7181879&isnumber=7181853

S. D. Taru and V. B. Maral, “Object Oriented Accountability Approach in Cloud for Data Sharing with Patchy Image Encryption,” Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, Kochi, 2015, pp. 1688-1693. doi: 10.1109/ICACCI.2015.7275856
Abstract: Cloud computing presents a new approach for delivery model and consumption of different IT services based on internet. Highly scalable and virtualized resources are provided as a service on demand basis. Cloud computing provides flexibility for deploying applications at lower cost while increasing business agility. The main feature of using cloud services is that user’s data are more often processed at remote machines which are unknown to user. As user do not own these remote machine used for speed up data processing or operate them in cloud, users can lose control of own confidential data. Despite of all of advantages of cloud this remains a challenge and acts as a barrier to the large scale adoption of cloud. To address above problem in this paper we present object oriented approach that performs automated logging mechanism to ensure any access to user’s data will trigger authentication with use of decentralized information accountability framework called as CIA (Cloud Information Accountability) [1]. We use the JAR (JAVA Archive File) programmable capabilities to create dynamic travelling object containing user’s data. To strengthen the distributed data security we use the chaos image encryption technique specific to image files. Chaos is patchy image encryption technique based on pixel shuffling. Randomness of the chaos is made utilized to scramble the position of the pixel of image.
Keywords: Java; chaos; cloud computing; cryptography; image coding; message authentication; object-oriented programming; CIA; JAR; JAVA archive file; automated logging mechanism; chaos image encryption technique; cloud information accountability; data sharing; distributed data security; object oriented accountability approach; pixel shuffling; user authentication; Authentication; Chaos; Ciphers; Cloud computing; Encryption; Accountability; Chaos encryption; Cloud computing; Data sharing; Logging mechanism (ID#: 16-10630)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7275856&isnumber=7275573
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Self-healing Networks 2015

	Self-healing Networks 2015

Self-healing networks are an important goal for cyber physical systems.  Resiliency and composability are essential elements. The research cited here was presented in 2015.

F. Chernogorov, I. Repo, V. Räisänen, T. Nihtilä, and J. Kurjenniemi, “Cognitive Self-Healing System For Future Mobile Networks,” Wireless Communications and Mobile Computing Conference (IWCMC), 2015 International, Dubrovnik, 2015, pp. 628-633. doi:10.1109/IWCMC.2015.7289156
Abstract: This paper introduces a framework and implementation of a cognitive self-healing system for fault detection and compensation in future mobile networks. Performance monitoring for failure identification is based on anomaly analysis, which is a combination of the nearest neighbor anomaly scoring and statistical profiling. Case-based reasoning algorithm is used for cognitive self-healing of the detected faulty cells. Validation environment is Long Term Evolution (LTE) mobile system simulated with Network Simulator 3 (ns-3) [1, 2]. Results demonstrate that cognitive approach is efficient for compensation of cell outages and is capable to improve network coverage. Anomaly analysis can be used for identification of network failures, and automation of performance management. Introduction of data mining and cognition to the future mobile networks, e.g. 5th Generation (5G), is especially important as it allows to meet the strict requirements for robustness and enhanced performance.
Keywords: Long Term Evolution; fault tolerant computing; statistical analysis; Long Term Evolution mobile system; case-based reasoning algorithm; cognitive self-healing system; data mining; failure identification; fault detection; future mobile networks; nearest neighbor anomaly scoring; performance management; statistical profiling; Cognition; Gain; Mobile communication; Mobile computing; Monitoring; Testing; 5G networks; Self-healing; anomaly detection; cell outage; cognition; compensation (ID#: 16-10675)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7289156&isnumber=7288920

Y. Jie, A. Alsharoa, A. Kamal, and M. Alnuem, “Self-Healing Solution to Heterogeneous Networks Using CoMP,” 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, CA, 2015, pp. 1-6. doi:10.1109/GLOCOM.2015.7417265
Abstract: Self-healing mechanism is one of the three functionalities for self-organizing networks, and it has three major components to be studied by the academic society: fault detection, fault diagnosis and cell outage compensation. In this paper, we study the cell outage compensation function of the self-healing mechanism. In a heterogeneous network environment with densely deployed Femto Base Stations (FBSs), we form a resource allocation problem for FBSs and Femto User Equipments (FUEs) operations using Coordinated Multi-Point (CoMP) transmission and reception with joint processing technique. Since the formulated problem is considered as NP hard problem, we propose a heuristic operation scheme to solve the problem. Simulation results show that our proposed operation scheme can improve FUE throughput by up to 30% compared to other solutions, and it can also prevent the system total rate loss from having the same speed of radio resource loss when failures happen.
Keywords: compensation; computational complexity; fault diagnosis; femtocellular radio; resource allocation; telecommunication network reliability; CoMP; FBSs; FUEs; NP hard problem; cell outage compensation function; coordinated multipoint reception; coordinated multipoint transmission; fault detection; femto base stations; femto user equipment operation; heterogeneous networks; heuristic operation scheme; joint processing technique; radio resource loss; resource allocation problem; self-healing solution; self-organizing networks; system total rate loss; Heterogeneous networks; Interference; Mobile communication; Resource management; Strips; Throughput (ID#: 16-10676)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7417265&isnumber=7416057

S. El-Hennawey, “C23. Self-Healing Autonomic Networking for Voice Quality in VoIP and Wireless Networks,” Radio Science Conference (NRSC), 2015 32nd National, 6th of October City, Egypt,  2015, pp. 297-304. doi:10.1109/NRSC.2015.7117842
Abstract: This paper provides a novel approach for automatically enhancing voice quality with reference to user's Quality of Experience (QoE). It is based on in-service quality assessment in Voice over the Internet Protocol (VoIP). The proposed scheme includes three phases: (1) automatic user quality assessment with diagnostic features, (2) fault localization in case of user quality experience degradation, and (3) dispatch control for quality recovery. In the first phase, QoS is measured using the Speech Quality Monitor (SQM) that provides the estimated overall quality mean opinion score (MOS) as well as identifying the main impairment that causes the degradation leading MOS to be below certain level. Based on the root cause of the degradation, the network fault is located in the second phase through the global network Quality of Service (QoS) monitoring. Finally in the third phase, control is dispatched through the QoS control, maintaining quality. Wireless networks are also considered. This way, the voice is kept at high quality.
Keywords: Internet telephony; quality of experience; quality of service; speech processing; MOS; QoE; QoS control; SQM; VoIP; automatic user quality assessment; diagnostic features; dispatch control; fault localization; in-service quality assessment; mean opinion score; network fault; quality recovery; self-healing autonomic networking; speech quality monitor; user quality experience degradation; voice over the Internet protocol; voice quality; wireless networks; Lead; Monitoring; Noise; Quality of service; Autonomic Networking; QoS; Voice Quality (ID#: 16-10677)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7117842&isnumber=7117794

C. Zhang, L. Qu, X. Wang, and J. Xiong, “An Efficient Self-Healing Group Key Management with Lower Storage for Wireless Sensor Network,” Computer Science and Mechanical Automation (CSMA), 2015 International Conference on, Hangzhou, 2015, pp. 124-128. doi:10.1109/CSMA.2015.31
Abstract: For the problems of energy constrained and the channel insecurity in group communication of WSN, we propose a self-healing group key management protocol based on polynomial and some algorithm. This protocol can recover the lost group key without transmitting message once more. The method can improve the security of the channel, while consuming less energy. The performance analysis of this protocol shows that we can achieve forward secrecy and backward secrecy and communication security with lower energy consumption, which can expand the range of applications of wireless sensor networks while improving life.
Keywords: public key cryptography; wireless sensor networks; WSN; backward secrecy; channel insecurity; channel security; communication security; forward secrecy; group communication; self-healing group key management protocol; Automation; Cryptography; Energy consumption; Protocols; Wireless sensor networks; Yttrium; lower storage; security; self-healing; wireless sensor network (ID#: 16-10678)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371635&isnumber=7371543

C. Thompson, “Self Healing Network (Centralized Restoration Gateway),” Power & Energy Society General Meeting, 2015 IEEE, Denver, CO, 2015, pp. 1-22. doi:10.1109/PESGM.2015.7286650
Abstract: A collection of slides from the author's conference presentation was given. The topics discussed were manual fault isolation and restoration and automatic fault location isolation and service restoration.
Keywords: fault location; automatic fault location isolation; centralized restoration gateway; manual fault isolation; manual fault restoration; self healing network; service restoration; Fault location; Gas insulation; Load flow; Logic gates; Manuals; Switches; Telemetry (ID#: 16-10679)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7286650&isnumber=7285590

L. Deng, J. Fei, C. Ban, C. Cai, and X. Zhang, “The Simulation of Self-Healing Restoration Control for Smart Distribution Network,” Software Engineering and Service Science (ICSESS), 2015 6th IEEE International Conference on, Beijing, 2015, pp. 482-485. doi:10.1109/ICSESS.2015.7339102
Abstract: In this paper, a novel self-healing restoration control method after distribution network faulting is applied to minimize the active power loss. Back-Forward sweep method based on layered node is selected to calculate power flow according to the radial distribution network model. Moreover, in order to avoid closed-loop structure scheme, a new solution which can reduce the dimension of mathematical optimization calculation is offered during network reconstruction process. If the total number of open switches in the system is equal to the number of tie-switches, and at the same time the system has no island, then the network must be the structure without closed-loop. Furthermore, the island judgement is made conveniently by flow calculation program with no need for a special program. The design is implemented to an IEEE16 nodes system by matlab. Simulation result shows that the solutions of reconstruction decrease from 65536 groups to 13 groups. Accordingly, the correctness and validity of the proposed method can be verified, which is simple and easy to be programmed. It is suited to the real-time control for smart distribution network.
Keywords: minimisation; power distribution control; power system restoration; IEEE 16 nodes system; active power loss minimization; back-forward sweep method; closed-loop structure scheme; distribution network faulting; mathematical optimization calculation; network reconstruction process; power flow; radial distribution network model; self-healing restoration control; smart distribution network; Flow calculation; Optimal power loss; Reconstruction; Restoration; Self-healing control; Smart distribution network (ID#: 16-10680)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7339102&isnumber=7338993

R. R. Paul, P. V. Roy, and V. Vlassov, “Interaction between Network Partitioning and Churn in a Self-Healing Structured Overlay Network,” Parallel and Distributed Systems (ICPADS), 2015 IEEE 21st International Conference on, Melbourne, VIC, 2015, pp. 232-241. doi:10.1109/ICPADS.2015.37
Abstract: We investigate the interaction between Network Partitioning and Churn (node turnover) in Structured Overlay Networks. This work is relevant both to systems with peaks of high stress (e.g., partitions, churn) or continuous high stress. It prepares the way for new application venues in mobile and ad hoc networks, which have high node mobility and intermittent connectivity, and undergo frequent changes in network topology. We evaluate existing overlay maintenance strategies, namely Correction-on-Change, Correction-on-Use, Periodic Stabilization, and Ring Merge. We define the reversibility property of a system as its ability to repair itself to provide its original functionality when the external stress is withdrawn. We propose a new strategy, Knowledge Base, to improve conditions for reversibility in the case of combined network partitioning and churn. By means of simulations, we demonstrate reversibility for overlay networks with high levels of partition and churn and we make general conclusions about the ability of the maintenance strategies to achieve reversibility. We propose a model, namely Stranger Model, to generalize the impact of simultaneous network partitioning and churn. We show that this interaction causes partitions to eventually become strangers to each other, which makes full reversibility impossible when this happens. Using this model, we can predict when irreversibility arrives, which we verify via simulation. However, high levels of one only, network partitioning or churn, do not hinder reversibility. In future work we will extend these results to real systems and experiment with applications that take advantage of reversibility.
Keywords: knowledge based systems; overlay networks; ad hoc networks; churn; correction-on-change overlay maintenance strategy; correction-on-use overlay maintenance strategy; knowledge base strategy; mobile networks; network partitioning; node turnover; periodic stabilization overlay maintenance strategy; ring merge overlay maintenance strategy; self-healing structured overlay network; stranger model; Complex systems; Maintenance engineering; Overlay networks; Peer-to-peer computing; Predictive models; Routing; Stress; Network Partition and Churn; Partition Tolerance; Ring Overlay Merge; Structured Overlay Networks (ID#: 16-10681)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7384300&isnumber=7384203

W. Liu, T. Kang, W. Cheng, and F. Zhao, “The Modeling of Self-Healing Control System for Distribution Network Based on UML,” 2015 5th International Conference on Electric Utility Deregulation and Restructuring and Power Technologies (DRPT), Changsha, China, 2015, pp. 1435-1439. doi:10.1109/DRPT.2015.7432458
Abstract: Self-healing for smart distribution network which is based on Distribution Automation(DA) and Advanced Distribution Automation (ADA), is one of the key characters and core functions for smart distribution network to deal with the inside and outside threatens of the network as well as to increase system operation security and efficiency. In this paper, we focus on the modeling of self-healing control system for distribution network based on UML. Firstly, the background, application scenarios and requirements for self-healing control system of smart distribution network were analyzed. Then, the static and dynamic models of the control system were built based on UML. Three types of self-healing control are realized through four self-healing stages in three scenarios. Finally, based on the modeling results, the system architecture and key applications for the self-healing control system were implemented. The results in this paper are useful for investigation on the conceptions and key technologies, increasing the normalization and reusability of self-healing control system as well as guidance for real self-healing applications.
Keywords: Control systems; Decision support systems; Power industry; Security; Systems architecture; Systems operation; Unified modeling language; UML; advanced distribution automation; fault self-healing; self-healing control system; smart distribution network (ID#: 16-10682)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7432458&isnumber=7432193

A. Sanatinia and G. Noubir, “OnionBots: Subverting Privacy Infrastructure for Cyber Attacks,” Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, Rio de Janeiro, 2015, pp. 69-80. doi:10.1109/DSN.2015.40
Abstract: Over the last decade botnets survived by adopting a sequence of increasingly sophisticated strategies to evade detection and take overs, and to monetize their infrastructure. At the same time, the success of privacy infrastructures such as Tor opened the door to illegal activities, including botnets, ransomware, and a marketplace for drugs and contraband. We contend that the next waves of botnets will extensively attempt to subvert privacy infrastructure and cryptographic mechanisms. In this work we propose to preemptively investigate the design and mitigation of such botnets. We first, introduce OnionBots, what we believe will be the next generation of resilient, stealthy botnets. OnionBots use privacy infrastructures for cyber attacks by completely decoupling their operation from the infected host IP address and by carrying traffic that does not leak information about its source, destination, and nature. Such bots live symbiotically within the privacy infrastructures to evade detection, measurement, scale estimation, observation, and in general all IP-based current mitigation techniques. Furthermore, we show that with an adequate self-healing network maintenance scheme, that is simple to implement, OnionBots can achieve a low diameter and a low degree and be robust to partitioning under node deletions. We develop a mitigation technique, called SOAP, that neutralizes the nodes of the basic OnionBots. In light of the potential of such botnets, we believe that the research community should proactively develop detection and mitigation methods to thwart OnionBots, potentially making adjustments to privacy infrastructure.
Keywords: IP networks; computer network management; computer network security; data privacy; fault tolerant computing; telecommunication traffic; Cyber Attacks; IP-based mitigation techniques; OnionBots; SOAP; Tor; botnets; cryptographic mechanisms; destination information; host IP address; illegal activities; information nature; node deletions; privacy infrastructure subversion; resilient-stealthy botnets; self-healing network maintenance scheme; source information; Cryptography; Maintenance engineering; Peer-to-peer computing; Privacy; Relays; Servers; botnet; cyber security; privacy infrastructure; self-healing network (ID#: 16-10683)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266839&isnumber=7266818

V. Kini, C. Patil, S. Bahadkar, S. Panandikar, A. Sreedharan, and A. Kshirsagar, “Low Power Wireless Health Monitoring System,” Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, Kochi, 2015, pp. 980-986. doi:10.1109/ICACCI.2015.7275738
Abstract: Low Power Wireless Health Monitoring System (LoWHMS) is a sensor network which aims to monitor vital signs of a patient remotely. It provides real time feedback to medical personnel in order to alert them when life-threatening changes occur. The network is a self-healing network so that it can get reconfigured when the network links are broken. Ultra-Low power microcontrollers are used to reduce the power consumption drastically. The LoWHMS is a low cost solution which focuses on keeping doctors frequently updated about the health status of a patient and his vital signs. It also aims at eliminating physical delays arising due to lack of facilities in a particular hospital.
Keywords: biomedical telemetry; microcontrollers; patient monitoring; power consumption; wireless sensor networks; LoWHMS; health status; life-threatening changes; low-power wireless health monitoring system; medical personnel; power consumption; real-time feedback; self-healing network; sensor network; ultralow power microcontrollers; vital sign monitoring; Active filters; Heart rate; Monitoring; Passive filters; Servers; Wireless communication; Wireless sensor networks; network; real time feedback; self-healing; ultra-low power; wireless (ID#: 16-10684)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7275738&isnumber=7275573

L. Flores-Martos, A. Gomez-Andrades, R. Barco, and I. Serrano, “Unsupervised System for Diagnosis in LTE Networks Using Bayesian Networks,” Vehicular Technology Conference (VTC Spring), 2015 IEEE 81st, Glasgow, 2015, pp. 1-5. doi:10.1109/VTCSpring.2015.7146146
Abstract: Nowadays, the size and complexity of mobile networks are growing ceaselessly. Therefore, the management of mobile networks is a significant, expensive and demanding task to perform. In order to simplify this task, Self-Organizing Networks (SON) appear as a unified solution to autonomously manage a mobile network. One of the fundamental functions of SON is self-healing. Within self- healing, the objective of fault diagnosis or root cause analysis is the identification of problem causes in faulty cells. With that aim, in this paper, an unsupervised diagnosis system for LTE (Long Term Evolution) based on Bayesian networks is presented. In particular, the system is divided in two separate steps. First of all, the discretization of the input data is done. Then, the system provides an identification of the cell status. Depending on the discretization method, the performance of the system is different, so, in this paper, different methods have been evaluated. Results have proven the high success rate achieved with the proposed system, particularly when the Expectation-Maximization (EM) algorithm is used for the discretization.
Keywords: Long Term Evolution; belief networks; expectation-maximisation algorithm; fault diagnosis; unsupervised learning; Bayesian networks; LTE networks; discretization method; expectation-maximization algorithm; long term evolution; unsupervised diagnosis system; Bayes methods; Clustering algorithms; Interference; Mobile communication; Probability density function (ID#: 16-10685)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7146146&isnumber=7145573

S. M. Sheikh, R. Wolhuter, and G. J. van Rooyen, “A Comparative Analysis of MANET Routing Protocols for Low Cost Rural Telemetry Wireless Mesh Networks,” Emerging Trends in Networks and Computer Communications (ETNCC), 2015 International Conference on, Windhoek, 2015, pp. 32-37. doi:10.1109/ETNCC.2015.7184804
Abstract: In rural areas in Africa, the topographical conditions vary, including hilly areas or flat open areas with bushes, trees and vegetation. In some cases, road and infrastructure conditions are exceedingly poor, making it challenging and costly to provide necessary maintenance and support to communication networks. When a node goes offline the remaining nodes must be able to re-establish links with each other and maintain connectivity. The routing protocol must discover an alternative shortest path route and use this path to deliver the data. The maintenance time can be slow and it might take days to attend to the faulty node in a rural area. Due to this, the network must be able to operate for long periods with the faulty node(s) and provide the best possible Quality of Service (QoS). In the past few years, Wireless Mesh Networks (WMNs) have attracted an increase in research and use due to their attractive characteristics, which include low deployment cost, a low cost option to extend network coverage and ease of maintenance due to their self healing properties. In WMNs, with an increase in scalability, the throughput of the network tends to decrease. In this paper, we carried out a performance analysis for failing node scenarios for rural telemetry networks using three protocols, namely OLSR (a proactive protocol), DSR (a reactive protocol) and HWMP (a hybrid protocol). The performance analysis of these protocols was carried out using three backhaul network topology scenarios. The simulation results were obtained using OMNET++ and the INETMANET framework. Performance metrics used for the analysis and study were packet loss and end-to-end latency as these are major factors considered for providing guaranteed Quality of Service (QoS).
Keywords: mobile ad hoc networks; quality of service; routing protocols; telecommunication network topology; telemetry; wireless mesh networks; Africa; DSR; HWMP; INETMANET framework; OLSR; OMNET++; QoS; communication networks; hybrid protocol; network topology; proactive protocol; reactive protocol;  rural telemetry; Packet loss; Peer-to-peer computing; Routing; Routing protocols; MANET; Wireless Mesh Networks
(ID#: 16-10686)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7184804&isnumber=7184793

M. Selim, A. Kamal, K. Elsayed, H. Abd-El-Atty and M. Alnuem, “A Novel Approach for Back-Haul Self Healing in 4G/5G HetNets,” Communications (ICC), 2015 IEEE International Conference on, London, 2015, pp. 3927-3932. doi:10.1109/ICC.2015.7248937
Abstract: 4G/5G Heterogeneous Networks (HetNets), which are expected to have a very dense multi-layer network structure, have emerged as a solution to satisfy the increasing demand for high data rates. These networks, similar to other networks, are subject to failures of communication components, which may occur due to many reasons. Self-Healing (SH) is the ability of the network to continue its normal operation in the presence of failures. The contribution of this paper is to introduce a novel SH approach for all network base-stations (BSs) back-hauling in a HetNet. New SH radios are proposed with enabled Cognitive Radio (CR) capabilities for utilizing the spectrum. A Software Defined Wireless Network Controller (SDWNC) is used to handle all control information between all network elements (except user equipment). This novel pre-planned reactive SH approach ensures network reliability under multiple failures. A simulation study is conducted to assess the performance of our approach through the evaluation of the Degree of Recovery (DoR) under single and multiple failures. Our approach can achieve a DoR of at least 10% using only 1 SHR and an enhanced DoR can be achieved using a greater number of SHRs.
Keywords: 4G mobile communication; 5G mobile communication; cognitive radio; software radio; telecommunication network reliability; 4G HetNets; 4G heterogeneous network reliability; 5G HetNet; 5G heterogeneous network reliability; BS back-hauling; CR; DoR; SDWNC; back-haul self healing; base station back-hauling; cognitive radio; degree of recovery; dense multilayer network structure; multiple failure; reactive SH approach; software defined wireless network controller; spectrum utilization; Computer architecture; Femtocells; Macrocell networks; Microprocessors; Radio frequency; Wireless communication; 4G; 5G; Heterogeneous Networks (HetNets); Self Organizing Network (SON); Self-Healing (SH) (ID#: 16-10687)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7248937&isnumber=7248285

A. Zoha, A. Saeed, A. Imran, M. A. Imran, and A. Abu-Dayya, “Data-Driven Analytics for Automated Cell Outage Detection in Self-Organizing Networks,” Design of Reliable Communication Networks (DRCN), 2015 11th International Conference on the, Kansas City, MO, 2015, pp. 203-210. doi:10.1109/DRCN.2015.7149014
Abstract: In this paper, we address the challenge of autonomous cell outage detection (COD) in Self-Organizing Networks (SON). COD is a pre-requisite to trigger fully automated self-healing recovery actions following cell outages or network failures. A special case of cell outage, referred to as Sleeping Cell (SC) remains particularly challenging to detect in state-of-the-art SON, since it triggers no alarms for Operation and Maintenance (O&M) entity. Consequently, no SON compensation function can be launched unless site visits or drive tests are performed, or complaints are received by affected customers. To address this issue, we present and evaluates a COD framework, which is based on minimization of drive test (MDT) reports, a functionality recently specified in third generation partnership project (3GPP) Release 10, for LTE Networks. Our proposed framework aims to detect cell outages in an autonomous fashion by first pre-processing the MDT measurements using multidimensional scaling method and further employing it together with machine learning algorithms to detect and localize anomalous network behaviour. We validate and demonstrate the effectiveness of our proposed solution using the data obtained from simulating the network under various operational settings.
Keywords: Long Term Evolution; learning (artificial intelligence); self-organising feature maps; telecommunication computing; 3GPP; COD; LTE networks; SON; automated cell outage detection; data-driven analytics; machine learning algorithm; minimization of drive test; operation and maintenance entity; self-organizing networks; third generation partnership project; Computer architecture; Data models; Databases; Mathematical model; Microprocessors; Phase measurement; Support vector machines; Anomaly Detection; Cell Outages; LTE; Low-Dimensional Embedding; MDT; Self-Organizing Networks; Sleeping Cell (ID#: 16-10688)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7149014&isnumber=7148972

T. A. Nguyen, M. Aiello, T. Yonezawa, and K. Tei, “A Self-Healing Framework for Online Sensor Data,” Autonomic Computing (ICAC), 2015 IEEE International Conference on, Grenoble, 2015, pp. 295-300. doi:10.1109/ICAC.2015.61
Abstract: In pervasive computing environments, wireless sensor networks (WSNs) play an important role, collecting reliable and accurate context information so that applications are able to provide services to users on demand. In such environments, sensors should be self-adaptive by taking correct decisions based on sensed data in real-time. However, sensor data is often faulty. Faults are not so exceptional and in most deployments tend to occur frequently. Therefore, the capability of self-healing is important to ensure higher levels of reliability and availability. We design a framework which provides self-healing capabilities, enabling a flexible choice of components for detection, classification, and correction of faults at runtime. Within our framework, a variety of fault detection and classification algorithms can be applied, depending on the characteristics of the sensor data types as well as the topology of the sensor networks. A set of mechanisms for each and every step of the self-healing framework, covering detection, classification, and correction of faults are proposed. To validate the applicability, we illustrate a case study where our solution is implemented as an adaptation engine and integrated seamlessly into the ClouT system. The engine processes data coming from physical sensors deployed in Santander, Spain, providing corrected sensor data to other smart city applications developed in the ClouT project.
Keywords: computer network reliability; fault diagnosis; ubiquitous computing; wireless sensor networks; ClouT system; Santander; Spain; WSNs; fault classification algorithm; fault correction; fault detection; online sensor data; pervasive computing environments; self-healing framework; Cities and towns; Data models; Data processing; Fault detection; Knowledge based systems; Monitoring; Wireless sensor networks; Fault tolerance for WSNs; Online sensor data; Seal-healing framework; Smart environments; Wireless sensor network (ID#: 16-10689)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266983&isnumber=7266915

D. Tchuani Tchakonte, E. Simeu, and M. Tchuente, “Adaptive Healing Procedure for Lifetime Improvement in Wireless Sensor Networks,” On-Line Testing Symposium (IOLTS), 2015 IEEE 21st International, Halkidiki, 2015, pp. 59-64. doi:10.1109/IOLTS.2015.7229833
Abstract: Most of Wireless Sensor Networks are deployed to monitor a set of targets over a specified area. The lifetime of such a network is defined as the time duration from the network deployment till the time when one target is no longer covered. Thus, this lifetime is limited by the energy resource of sensor nodes. In order to maximize the lifetime of the network, only a subset of nodes capable of covering all targets are activated at a time while the others are put in sleep mode to save their energy. When an active sensor fails, a recovery procedure should be executed to keep all targets covered. In this paper we propose a new self-healing method for network reconfiguration in case of failure of an active node. Simulation results show that this method increases the network dependability by reducing the network unavailability time up to 90 % compared to the dynamic maintenance for networks with more than 200 sensor nodes of sensing range equals to 10, uniformly deployed over a 50 × 50 square to cover 50 targets also uniformly deployed over the same area.
Keywords: telecommunication network reliability; wireless sensor networks; active node failure; adaptive healing procedure; energy resource; lifetime improvement; network dependability; network deployment; network lifetime maximization; network reconfiguration; network unavailability time reduction; self-healing method; sensing range; sensor nodes; time duration; Adaptive systems; Decision support systems; Testing; Wireless Sensor Networks; adaptive healing; complexity; lifetime; target coverage (ID#: 16-10690)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7229833&isnumber=7229816

S. Dey, S. Sampalli, and Q. Ye, “A Context-Adaptive Security Framework for Mobile Cloud Computing,” 2015 11th International Conference on Mobile Ad-hoc and Sensor Networks (MSN), Shenzhen, 2015, pp. 89-95. doi:10.1109/MSN.2015.28
Abstract: Mobile cloud computing is an emerging area in the cloud computing paradigm, comprising several modes of communication that are governed by varying security standards. WBAN (Wireless Body Area Networks), RFID (Radio Frequency IDentification) and VANET (Vehicular Ad-hoc NETworks) are three example applications that could be based on mobile cloud computing. Considering the fact that the security mechanisms in different applications are highly heterogeneous while the cloud server is common to these applications, we devised a context-adaptive security framework that could be deployed at the cloud premises to provide an additional security layer to mobile cloud computing systems. Furthermore, the framework provides varied techniques to improve the quality of service and reliability of mobile cloud computing. Technically, this multicomponent context-adaptive framework accepts the traffic in different communication modes, prevents attacks by randomly choosing pre-defined algorithms, learns from previous attacks using cognitive model, and rearranges the cloud service model as a self-healing system.
Keywords: cloud computing; cognitive radio; computer network reliability; computer network security; mobile computing; network servers; quality of service; RFID; VANET; WBAN; cloud server; cognitive model; context-adaptive security framework; mobile cloud computing reliability improvement; quality of service improvement; radio frequency identification; self-healing system; vehicular ad-hoc network; wireless body area network; Body area networks; Cloud computing; Computer architecture; Mobile communication; Security; Servers; Wireless communication; Mobile Cloud Computing; attacks; framework; security standards; self-healing
(ID#: 16-10691)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7420929&isnumber=7420907

N. F. Avila, V. W. Soo, W. Y. Yu, and C. C. Chu, “Capacity-Based Service Restoration using Multi-Agent Technology and Ensemble Learning,” Intelligent System Application to Power Systems (ISAP), 2015 18th International Conference on, Porto, 2015, pp. 1-6. doi:10.1109/ISAP.2015.7325546
Abstract: Reliable and efficient distributed algorithms for power restoration are essential for self-healing electrical smart grids. Therefore, this paper presents a Multi-Agent System (MAS) for automatic restoration in power distribution networks. Moreover, as electrical demand fluctuates on the hourly and daily basis, an ensemble learning algorithm has been adopted for short-term forecasting of electrical energy demand. The prediction methodology is incorporated into the restoration algorithm in order to obtain a capacity-based restoration solution. Experiments carried out in two electrical networks demonstrate the importance and accuracy of the demand prediction algorithm and the feasibility of the MAS for system reconfiguration in decentralized power utilities.
Keywords: distribution networks; learning (artificial intelligence); load forecasting; multi-agent systems; power engineering computing; power system restoration; smart power grids; MAS; capacity-based service restoration; decentralized power utility; electrical energy demand short-term forecasting; ensemble learning algorithm; multiagent technology; power distribution network; power restoration; prediction methodology; self-healing electrical smart grid; Forecasting; Generators; Mathematical model; Monitoring; Prediction algorithms; Reactive power; Regression tree analysis; Automatic Power Restoration; Distributed Artificial Intelligence; Ensemble Learning; Short-Term Demand Forecasting (ID#: 16-10692)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7325546&isnumber=7325510

G. Papadopoulos, “Challenges in the Design and Implementation of Wireless Sensor Networks: A Holistic Approach-Development and Planning Tools, Middleware, Power Efficiency, Interoperability,” Embedded Computing (MECO), 2015 4th Mediterranean Conference on, Budva, 2015, pp. 1-3. doi:10.1109/MECO.2015.7181857
Abstract: Wireless Sensor Networks (WSNs) constitute a networking area with promising impact in the environment, health, security, industrial applications and more. Each of these presents different requirements, regarding system performance and QoS, and involves a variety of mechanisms such as routing and MAC protocols, algorithms, scheduling policies, security, OS, all of which are residing over the HW, the sensors, actuators and the Radio Tx/Rx. Furthermore, they encompass special characteristics, such as constrained energy, CPU and memory resources, multi-hop communication, leading to a few steps higher the required special knowledge. Although the status of WSNs is nearing the stage of maturity and wide-spread use, the issue of their sustainability hinges upon the implementation of some features of paramount importance: Low power consumption to achieve long operational life-time for battery-powered unattended WSN nodes, joint optimization of connectivity and energy efficiency leading to best-effort utilization of constrained radios and minimum energy cost, self-calibration and self-healing to recover from failures and errors to which WSNs are prone, efficient data aggregation lessening the traffic load in constrained WSNs, programmable and reconfigurable stations allowing for long life-cycle development, system security enabling protection of data and system operation, short development time making more efficient the time-to-market process and simple installation and maintenance procedures for wider acceptance. Despite the considerable research and important advances in WSNs, large scale application of the technology is still hindered by technical, complexity and cost impediments. Ongoing R&D is addressing these shortcomings by focusing on energy harvesting, middleware, network intelligence, standardization, network reliability, adaptability and scalability. However, for efficient WSN development, deployment, testing, and maintenance, a holistic unified approach is n- cessary which will address the above WSN challenges by developing an integrated platform for smart environments with built-in user friendliness, practicality and efficiency. This platform will enable the user to evaluate his design by identifying critical features and application requirements, to verify by adopting design indicators and to ensure ease of development and long life cycle by incorporating flexibility, expandability and reusability. These design requirements can be accomplished to a significant extent via an integration tool that provides a multiple level framework of functionality composition and adaptation for a complex WSN environment consisting of heterogeneous platform technologies, establishing a software infrastructure which couples the different views and engineering disciplines involved in the development of such a complex system, by means of the accurate definition of all necessary rules and the design of the `glue-logic' which will guarantee the correctness of composition of the various building blocks. Furthermore, to attain an enhanced efficiency, the design/development tool must facilitate consistency control as well as evaluate the selections made by the user and, based on specific criteria, provide feedback on errors concerning consistency and compatibility as well as warnings on potentially less optimal user selections. Finally, the WSN planning tool will provide answers to fundamental issues such as the number of nodes needed to meet overall system objectives, the deployment of these nodes to optimize network performance and the adjustment of network topology and sensor node placement in case of changes in data sources and network malfunctioning.
Keywords: computer network reliability; computer network security; data protection; energy conservation; energy harvesting; middleware; open systems; optimisation; quality of service; sensor placement; telecommunication network planning; telecommunication network topology; telecommunication power management; telecommunication traffic; time to market; wireless sensor networks; QoS; WSN reliability; constrained radio best-effort utilization; data aggregation; data security enabling protection; design-development tool; energy efficiency;  failure recovery; heterogeneous platform technology; holistic unified approach; interoperability; network intelligence; network topology adjustment; power consumption; power efficiency; sensor node placement; time-to-market process; traffic load; wireless sensor network planning tools; Electrical engineering; Embedded computing; Europe; Security; Wireless sensor networks (ID#: 16-10693)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7181857&isnumber=7181853

G. Tuna, E. Kaya, K. Gülez, G. Kiokes, and V. Ç Güngör, “Performance Evaluations of Next Generation Networks for Smart Grid Applications,” Smart Grid Congress and Fair (ICSG), 2015 3rd International Istanbul, Istanbul, 2015, pp. 1-5. doi:10.1109/SGCF.2015.7354926
Abstract: Smart Grid (SG) can be described as the concept of modernizing the traditional electrical grid. Through the addition of SG technologies traditional electrical grids become more flexible, robust and interactive, and are able to provide real time feedback by employing innovative services and products together with communication, control, intelligent monitoring, and self-healing technologies. For being fully functional, utility operators deploy various SG applications to handle the key requirements including delivery optimization, demand optimization and asset optimization needs. The SG applications can be categorized into two main classes: grid-focused applications and customer-focused applications. Although these applications differ in terms of security, Quality of Service (QoS) and reliability, their common requirement is a communication infrastructure. In this paper, we focus on the use of Next Generation Networks (NGNs) for SG applications. We also present a detailed analysis of a NGN-based communication infrastructure for SG applications in terms of global network statistics and node-level statistics.
Keywords: next generation networks; quality of service; smart power grids; NGN-based communication; QoS; asset optimization; delivery optimization; demand optimization; electrical grid; global network statistics; intelligent monitoring; next generation networks; node-level statistics; quality of service; self-healing technology; smart grid; Delays; IP networks; Next generation networking; Power industry; Quality of service; Reliability; Security; Next Generation Networks; Performance Evaluations; Smart Grid; Smart Grid Applications (ID#: 16-10694)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7354926&isnumber=7354913

I. N. Md Isa, M. D. Baba, R. Ab Rahman, and A. L. Yusof, “Self-Organizing Network Based Handover Mechanism for LTE Networks,” Computer, Communications, and Control Technology (I4CT), 2015 International Conference on, Kuching, 2015,
pp. 11-15. doi:10.1109/I4CT.2015.7219527
Abstract: Self-Organizing Network (SON) mechanism comprises of three components of self-configuration, self-optimization and self-healing which can contribute to optimize the performance of the next generation broadband network such as the Long Term Evolution (LTE) networks. The aim of this study is to propose a self-organizing handover procedure based on the Self-Organizing Network (SON) concept for LTE network. The simulation scenario and analysis on the performance of the proposed SON-based handover was conducted using the QualNet software. The two main handover parameters that have been modified are the Hysteresis (Hys) and Time-To-Trigger (TTT). The outcome of the simulation shows the network performance is better after optimizing the Hys and TTT setting of the handover parameters. In particular the LTE network shows remarkable improvement in the network throughput and smaller network delay. This study will be beneficial to future research works as the trend in the communication technologies are always changing rapidly and the self-manage mechanism will become essential for the network operators.
Keywords: Long Term Evolution; mobility management (mobile radio); next generation networks; Hys handover parameter; LTE network throughput; QualNet software; SON-based handover mechanism; TTT handover parameter; hysteresis handover parameter; next generation broadband network; self-configuration component; self-healing component; self-optimization component; self-organizing network; time-to-trigger handover parameter; Base stations; Delays; Handover; Optimization; Self-organizing networks; Throughput; LTE; Self-Organized Network; handover; hysteresis; time to trigger
(ID#: 16-10695)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7219527&isnumber=7219513

L. A. Felber, P. F. Ribeiro, B. D. Bonatto, A. C. Z. de Souza, and J. A. S. Neto, “Low Cost Self-Healing Applied to Distribution Grid Supplying Brazilian Municipalities,” Innovative Smart Grid Technologies Latin America (ISGT LATAM), 2015 IEEE PES, Montevideo, 2015, pp. 292-297. doi:10.1109/ISGT-LA.2015.7381170
Abstract: Companies distributing electricity in the world have sought to enhance the operation of their networks in order to minimize the impact of supply disruptions. Nowadays, with the rise of the Smart Grid concept, the insertion of sophisticated features in the distribution of electric energy has become a reality. This article aims to describe the current situation of the implementation of smart grids by distribution companies in Brazil and the challenges especially regarding the economic viability of this technology for practical deployment. For this sake, this paper proposes the development of a low cost methodology that provides improvements in supplying power to municipalities of a Brazilian electricity company (CEMIG D), building the smart grid through the application of the concept of self-healing.
Keywords: power distribution economics; power distribution reliability; smart power grids; Brazilian electricity company; Brazilian municipalities; CEMIG D; distribution companies; distribution grid; electric energy; low cost self-healing; smart grid; supply disruptions; Automation; Companies; Ground penetrating radar; Power system reliability; Reliability; Smart grids; Voltage control; Smart Grids; automation; distribution system; power quality; reliability; self-healing (ID#: 16-10696)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381170&isnumber=7381114

S. Diaz and D. Mendez, “DACA - Disjoint Path and Clustering Algorithm for Self-healing WSN,” Communications and Computing (COLCOM), 2015 IEEE Colombian Conference on, Popayan, 2015, pp. 1-5. doi:10.1109/ColComCon.2015.7152076
Abstract: Due to their intrinsic characteristics, Wireless Sensor Networks (WSN) are prone to failure, mainly because of their energy limitations. Considering this, the use of self-healing mechanisms becomes necessary in order to create a more fault-tolerant and robust WSN. With this problem at hand, we have proposed and developed DACA, a Disjoint path And Clustering Algorithm that increases the network lifetime through network topology control and self-healing mechanisms. By using the Collection Tree Protocol (CTP) algorithm, we first create a tree using all the initials nodes of the network, having this tree as our initial communication backbone. After this, we build a set of spatial clusters using K-means and reconstruct the tree using only the Cluster Heads (CH), therefore reducing the number of active nodes in the network. With this new subset of nodes forming a tree, we apply the N-to-1 algorithm to create disjoint paths, making the network more robust to communication failures. The experiments show that DACA considerably extends the lifetime of the network by having a set of backup nodes to support the communication network when an active node dies, while still maintaining a good coverage of the area of interest.
Keywords: routing protocols; telecommunication network topology; trees (mathematics); wireless sensor networks; DACA; N-to-1 algorithm; active nodes; backup nodes; cluster heads; collection tree protocol algorithm; communication backbone; communication failures; communication network; disjoint path and clustering algorithm; disjoint paths; energy limitations; fault-tolerant WSN; network lifetime; network topology control; self-healing WSN; self-healing mechanisms; spatial clusters; Clustering algorithms; Measurement; Optimization; Robustness; Routing; Topology; Wireless sensor networks; Clustering; Disjoint Paths; Multi-Objective Optimization; Tree routing (ID#: 16-10697)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7152076&isnumber=7152073

M. De Felice, I. V. Calcagni, F. Pesci, F. Cuomo, and A. Baiocchi, “Self-Healing Infotainment and Safety Application for VANET Dissemination,” Communication Workshop (ICCW), 2015 IEEE International Conference on, London, 2015, pp. 2495-2500. doi:10.1109/ICCW.2015.7247551
Abstract: Vehicular Ad-hoc NETworks (VANETs) are rapidly increasing their popularity and ductility, being an essential element for smart cities and smart driving. Layer three standards have already been approved, but they do not pursue optimality in terms of high throughput. This paper aims to identify a new algorithm to put on top of the standard routing layer, namely Self hEaling Infotainment and safetY Application (SEIYA), in order to create a vehicular distributed backbone, able to stay up as long as possible (thus reducing the election phase overhead). The main objective is to enable high speed data routes for several kinds of safety and infotainment applications of a stable vehicular cloud: traffic monitoring, emergency signals, augmented reality information are just few examples. Our approach is validated through simulations on real maps with realistic vehicle flows and high throughput demands.
Keywords: cloud computing; road safety; road traffic; telecommunication network routing; vehicular ad hoc networks; SEIYA; VANET dissemination; augmented reality information; election phase overhead reduction; emergency signals; high speed data routes; high throughput demands; realistic vehicle flows; self healing infotainment-and-safety application; smart cities; smart driving; stable vehicular cloud; standard routing layer; traffic monitoring; vehicular distributed backbone; Delays; Nominations and elections; Protocols; Safety; Standards; Throughput; Vehicles; Geonetworking extension; VANET; vehicular backbone; vehicular cloud (ID#: 16-10698)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7247551&isnumber=7247062

A. S. Elsafrawey, E. S. Hassan, and M. I. Dessouky, “C21. Analytical Analysis of a Cluster Controlled Mobility Scheme for Data Security and Reliability in UWSNs,” Radio Science Conference (NRSC), 2015 32nd National, 6th of October City, Egypt, 2015, pp. 277-285. doi:10.1109/NRSC.2015.7117840
Abstract: This paper investigates the security and data reliability in Unattended Wireless Sensor Networks (UWSNs). We deduce an analytical model for Self-Healing scheme based on Cluster Controlled Mobility (SH-CCM) for UWSNs. The SH-CCM is based on mobility inside a cluster of sick sensor beside the hybrid cooperation from both reactive and proactive peers to enhance self-healing probability. The analytical analysis of SH-CCM will ensure that both mobility and hybrid cooperation from both reactive and proactive peers within the cluster of sick sensor will enhance the Cooperation, Self-Healing, data security and reliability. Therefore, the proposed SH-CCM scheme will help the sick sensor to self-heal and restore its backward secrecy faster and better than the schemes without controlled mobility. A set of Analytical results are carried out to demonstrate the effectiveness of the proposed SH-CCM scheme in the presence of an Adversary (ADV). The obtained results ensure that the proposed scheme has a better performance; it archives a probability of BSe to be compromised of 0.04 while CHSHRD [1] is 0.065.
Keywords: mobility management (mobile radio); probability; security of data; telecommunication network reliability; wireless sensor networks; SH-CCM scheme; UWSN; analytical analysis; cluster controlled mobility scheme; data reliability; data security; hybrid cooperation; proactive peers; reactive peers; self-healing probability; sick sensor cluster; unattended wireless sensor networks; Reliability; Mobile Adversary; Self-Healing; Sensor Cooperation; Sensor Mobility; Unattended Wireless Sensor Network
(ID#: 16-10699)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7117840&isnumber=7117794

S. Ben Rejeb, S. Tabbane, and N. Nasser, “An Adaptive Auto-Tuning Scheme Based Mobility in 4G and Beyond Networks,” Electrical and Information Technologies (ICEIT), 2015 International Conference on, Marrakech, 2015, pp. 329-334. doi:10.1109/EITech.2015.7162986
Abstract: Self-Organizing Network, or SON, is a new technology that aims to minimize human efforts spent in management and operating processes. In technical term; this solution was proposed to reduce the operational expenditure for service providers in future wireless systems since it offers the possibility of automatic and remote managing of mobile networks especially in LTE-Advanced and beyond, coming within the 11th Release of 3GPP. SON includes a set of functions divided into three types: self-configuration, self-optimization and self-healing functions. Some of these functions have already been standardized but others still under researches, since they present some problems such as auto-tuning mobility parameters, which is the main topic that will be discussed throughout this work. Thus, we will try in this paper to find solutions to achieve traffic balancing and enhance the network capacity by developing a novel auto-tuning strategy based on mobility. This strategy will present the impact of LTE-A and mobility auto-tuning on the system performances, defined as the user throughput average and congestion indicators of the network. At the end simulation results demonstrate that the gain capacity when using the auto-tuning concept is further greater than without it.
Keywords: 3G mobile communication; 4G mobile communication; Long Term Evolution; mobility management (mobile radio); tuning; 3GPP; 4G networks; LTE- Advanced; SON; adaptive auto-tuning scheme; auto-tuning mobility; automatic managing; network mobility; remote managing; self-organizing network; Downlink; Handover; Interference; Load management; Mobile communication; Throughput; Auto-tuning; Handover; LTE-A; Load balancing; QoS (ID#: 16-10700)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7162986&isnumber=7162923

I. N. M. Isa, M. Dani Baba, A. L. Yusof, and R. A. Rahman, “Handover Parameter Optimization for Self-Organizing LTE Networks,” Computer Applications & Industrial Electronics (ISCAIE), 2015 IEEE Symposium on, Langkawi, 2015, pp. 1-6. doi:10.1109/ISCAIE.2015.7298317
Abstract: Self-Organizing Network (SON) mechanism comprises of three components of self-configuration, self-optimization and self-healing which can contribute to optimize the performance of the next generation broadband network such as the Long Term Evolution (LTE) networks. The aim of this study is to propose a self-organizing handover procedure based on the Self-Organizing Network (SON) concept for LTE network. The simulation of the proposed SON-based handover mechanism was conducted using the QualNet software. The two main handover parameters that have been modified are the Hysteresis (Hys) and Time-To-Trigger (TTT). The outcome of the simulation shows the network performance is better after optimizing the Hys and TTT of the handover parameters. The LTE network performance shows remarkable improvement in terms of network throughput, delay and jitter.
Keywords: Long Term Evolution; broadband networks; mobility management (mobile radio); next generation networks; LTE self-organizing network mechanism; QualNet software; SON Long Term Evolution network; handover parameter optimization; hysteresis optimization; next generation broadband network; time-to-trigger optimization; Base stations; Delays; Handover; Jitter; Optimization; Throughput; Hysteresis; LTE; Self-Organized Network; Time-To-Trigger (ID#: 16-10701)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7298317&isnumber=7298288

O. Iacoboaiea, B. Sayrac, S. Ben Jemaa, and P. Bianchi, “SON Conflict Diagnosis In Heterogeneous Networks,” Personal, Indoor, and Mobile Radio Communications (PIMRC), 2015 IEEE 26th Annual International Symposium on, Hong Kong, 2015,
pp. 1459-1463. doi:10.1109/PIMRC.2015.7343528
Abstract: In trying to meet the demands of traffic hungry users, mobile network operators are faced with increased CAPital EXpenditures (CAPEX) and OPerational EXpenditures (OPEX). The Self Organizing Network (SON) functions have been introduced by 3GPP as a means to cut down these costs. There are mainly 3 categories of such functions: self-configuration, self-optimization and self-healing. In this paper we focus on the second which represents the SON functions performing a runtime optimization of the network. We center our attention on LTE heterogeneous networks. Having several SON functions in a network may lead to conflicts and potentially to bad network Key Performance Indicators (KPIs). Thus a troubleshooting mechanism has to be envisaged. Such a mechanism typically contains 3 steps: fault detection, cause diagnosis and solution deployment. In this paper we tackle the first two and we study the feasibility of using the Naive Bayes Classifier (NBC) in order to build a framework for SON Conflict Diagnosis (SONCD). We provide numeric results proving the feasibility of the framework.
Keywords: 3G mobile communication; Long Term Evolution; telecommunication network reliability; 3GPP; CAPEX; KPI; LTE heterogeneous networks; OPEX; SON conflict diagnosis; SONCD; cause diagnosis; fault detection; increased capital expenditures; key performance indicators; mobile network operators; naive Bayes classifier; operational expenditures; runtime optimization; self-configuration category; self-healing category; self-optimization category; self-organizing network function; solution deployment; traffic-hungry users; Heterogeneous networks; Indexes; Land mobile radio; Mobile computing; Optimization; Wireless networks; Bayesian networks; CRE; LTE; MRO; SON; SON Conflict Diagnosis; eICIC (ID#: 16-10702)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7343528&isnumber=7343254

M. Choobineh and S. Mohagheghi, “Emergency Electric Service Restoration in the Aftermath of a Natural Disaster,” Global Humanitarian Technology Conference (GHTC), 2015 IEEE, Seattle, WA, 2015, pp. 183-190. doi:10.1109/GHTC.2015.7343971
Abstract: The colossal amount of energy released by natural disaster events can devastate the critical infrastructure of affected cities and rural regions. Possible damages to the electric power grid can lead to large-scale interruption in electric service, which could greatly impede post-disaster relief efforts. To make communities resilient against natural hazards, the power grid must have post-disaster self-healing capability, allowing it to restore power to as many sections of the network as possible within a reasonably short timeframe. Traditionally, electric service restoration is performed by first identifying alternative substations and possible routes, followed by network reconfiguration, so that the outage area can be re-energized via these substations. However, this approach may not be possible in the aftermath of a natural disaster. This is because many parts of the network may already have become non-operational due to direct or indirect damages incurred by the event. Here, service restoration can be achieved through a decentralized approach where one or more Microgrids are formed in order to supply the loads locally. A Microgrid dispatch solution is proposed in this paper for emergency electric service restoration in the aftermath of a natural disaster event. A nonlinear mixed-integer optimization problem is formulated that finds the optimal dispatch of the energy resources within the Microgrid subject to capacity and fuel availability constraints. To demonstrate the applicability of the solution, a case study is provided using the IEEE 123-bus test distribution system.
Keywords: disasters; integer programming; load dispatching; nonlinear programming; power system restoration; IEEE 123-bus test distribution system; alternative substations; electric power grid; emergency electric service restoration; energy resources optimal dispatch; fuel availability constraints; microgrid; natural disaster; network reconfiguration; nonlinear mixed-integer optimization problem; post-disaster self-healing capability; Batteries; Density estimation robust algorithm; Fuels; Indexes; Microgrids; Distributed energy resource; Microgrid; demand response; (ID#: 16-10703)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7343971&isnumber=7343935

D. Q. Oliveira, A. C. Zambroni de Souza, A. B. Almeida, and I. Lima, “An Artificial Immune Approach for Service Restoration in Smart Distribution Systems,” Innovative Smart Grid Technologies Latin America (ISGT LATAM), 2015 IEEE PES, Montevideo, 2015, pp. 1-6. doi:10.1109/ISGT-LA.2015.7381120
Abstract: The power system reconfiguration is a challenging task. As smart grids concepts develop, different approaches try to take advantage of the grid intelligent features and infrastructure to evolve a fast and robust self-healing scheme. At the distribution level, the self-healing schemes are responsible for performing automatic corrective and self-restorative actions. This task includes managing the service restoration by locating and isolating the fault, and reconfiguring the network topology to decrease the harm. This paper presents a self-healing scheme using Artificial Immune System as an optimization tool to solve the service restoration problem in power systems considering faults within the internal switch breakers. To make this approach suitable for bigger systems, the Prim Algorithm is used due to its capacity to generate minimum spanning trees from a graph. The proposed scheme is tested on benchmark systems to investigate the capacity of proposing feasible solutions for faulted systems.
Keywords: distribution networks; optimisation; power system faults; power system restoration; smart power grids; trees (mathematics); Prim Algorithm; artificial immune approach; artificial immune system; automatic corrective actions; benchmark systems; distribution level; faulted systems; grid intelligent features; internal switch breakers; network topology; optimization tool; power system reconfiguration; self-healing scheme; self-healing schemes; self-restorative actions; service restoration; service restoration problem; smart distribution systems; smart grids; spanning trees; Cloning; Fault location; Immune system; Smart grids; Sociology; Switches; Topology; Evolutionary Algorithms; Service restoration; self-healing (ID#: 16-10704)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381120&isnumber=7381114

C. He, Y. Liu, G. E. Arrobo, T. P. Ketterl, and R. D. Gitlin, “In Vivo Wireless Communications and Networking,” Information Theory and Applications Workshop (ITA), 2015, San Diego, CA, 2015, pp. 163-172. doi:10.1109/ITA.2015.7308982
Abstract: In vivo wireless communications and networking of biomedical devices has the potential of being a critical component in advancing health care delivery. Such systems offer the promise of improving the effectiveness of sophisticated cyber-physical biomedical systems. This paper provides an overview of our research on characterizing the in vivo wireless channel and contrasting this channel with the familiar cellular and WLAN channels. Characterization of the in vivo channel is still in its infancy, but the importance of obtaining accurate channel models is essential to the design of efficient communication systems and network protocols to support advanced biomedical applications. We describe our initial research on signal processing matched to the in vivo channel including MIMO in vivo and Cooperative Network Coding [CNC] systems. MIMO in vivo 2×2 systems demonstrate substantial performance improvement relative to SISO arrangements that significantly depends on antenna location. MIMO makes it possible to achieve the target data rate of 100 Mbps, with maximum SAR [Specific Absorption Rate] levels met. Furthermore, it is found that, to satisfy the maximum allowed SAR, a larger bandwidth may, but not necessarily, increase the system capacity. Also, we discuss the ability of Cooperative Network Coding [CNC] to increase the reliability (especially for real-time applications), provide transparent self-healing, and enhance the expected number of correctly received and decoded packets at the WBAN destination, while transmitting at low power. Because of the real-time nature of many of these medical applications and the fact that many sensors can only transmit, error detection and retransmission (i.e., ARQ) is not a preferred option. CNC requires about 3.5 dB less energy per bit than extant WBAN systems that do not use cooperation or network coding.
Keywords: MIMO communication; biomedical equipment; body area networks; cellular radio; channel coding; computer network reliability; cooperative communication; decoding; health care; medical computing; network coding; wireless LAN; wireless channels; MIMO in vivo wireless communication; WBAN destination; WLAN channel reliability; advanced biomedical applications; biomedical device; cellular channel; cooperative network coding system; health care delivery; in vivo wireless channel; in vivo wireless networking protocol; multiple-input multiple-output communication; packet decoding; sophisticated cyber-physical biomedical system effectiveness improvement; Biomedical optical imaging; Dispersion; Optical receivers; Protocols; Real-time systems; Wireless LAN; In vivo wireless communications; MIMO in vivo capacity; WBAN; in vivo channel; network coding (ID#: 16-10705)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7308982&isnumber=7308952

Y. Jia, Z. Xu, L. L. Lai, and K. P. Wong, “A Novel Network Partitioning Approach in Smart Grid Environment,” Systems, Man, and Cybernetics (SMC), 2015 IEEE International Conference on, Kowloon, 2015, pp. 641-646. doi:10.1109/SMC.2015.122
Abstract: Smart grid development highlights the “self-healing” capability as it enables a power system to efficiently and automatically react to disturbances and guide the system to the best possible state. Effectively partitioning the power network (PN) into suitable areas or zones to accommodate subsequent control actions is useful. In this paper, a novel partitioning approach that combines Laplacian spectrum of a PN and self organizing map (SOM) algorithm is proposed. This approach aims to optimize the partitioning solution so as to minimize the real power imbalance and simultaneously maintain a satisfactory voltage profile. Case study is carried out on New England 39-bus system, which demonstrates the effectiveness of the proposed approach.
Keywords: Laplace transforms; self-organising feature maps; smart power grids; Laplacian spectrum; New England 39-bus system; PN algorithm; network partitioning approach; real power imbalance; satisfactory voltage profile; self organizing map algorithm; smart grid environment; Clustering algorithms; Laplace equations; Partitioning algorithms; Reactive power; Smart grids; Transmission line matrix methods; Laplacian spectrum; graph partitioning; self healing; self-organizing map; smart grid (ID#: 16-10706)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7379254&isnumber=7379111

V. Monteiro, S. Mumtaz, J. Rodriguez, and I. Ashraf, “Self-Organized Energy Efficient Scheduling in LTE-A,” Vehicular Technology Conference (VTC Spring), 2015 IEEE 81st, Glasgow, 2015, pp. 1-5. doi:10.1109/VTCSpring.2015.7146078
Abstract: Traditional packet scheduling is mainly designed for increasing spectral efficiency (SE) but not for the energy efficiency (EE). Self-organized network (SON) has prospective for self- configuring, self-optimizing self-healing and minimizes the energy consumption in the network. We consider self-optimizing and self-healing property of SON and investigate a novel energy efficient scheduling algorithm for LTEA. We first compare the state the of art scheduling in view of energy efficiency, then explain the tradeoff between EE and SE. System level simulation (SLS) analysis shows that the investigated SON approach achieves notable energy gain over traditional scheduling algorithm.
Keywords: Long Term Evolution; telecommunication power management; telecommunication scheduling; LTE-A; energy consumption; energy efficiency; self-organized energy efficient scheduling; self-organized network; system level simulation analysis; Algorithm design and analysis; Energy efficiency; Quality of service; Resource management; Scheduling; Scheduling algorithms; Throughput (ID#: 16-10707)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7146078&isnumber=7145573

S. Terryn, G. Mathijssen, J. Brancart, G. Van Assche, B. Vanderborght, and D. Lefeber, “Investigation of Self-Healing Compliant Actuators for Robotics,” Robotics and Automation (ICRA), 2015 IEEE International Conference on, Seattle, WA, 2015,
pp. 258-263. doi:10.1109/ICRA.2015.7139009
Abstract: Last 15 years, a wide range of self-healing (SH) materials has been developed and recently these materials are increasingly used in applications in multiple fields, like the automotive industry and aerospace. However, so far this material technology is not yet explored in robotics. The introduction of these materials in robotics will potentially reduce the over-dimensioning of current robotic systems, leading to lighter systems and eventually to more efficient designs. Compliant elements used in next generation soft robots, can be constructed from available SH-materials, making them able to autonomously heal cuts and perforations caused by sharp objects in unstructured environments. In addition, the use of SH-materials will have a beneficial impact on the life span of robotic components, reducing the required maintenance drastically. This paper presents the innovative concept of implementing a SH-mechanism in compliant actuators, using dynamic covalent polymer network systems based on the reversible Diels-Alder (DA) reaction. For two entirely different compliant actuators, a series elastic actuator (SEA) and a soft pneumatic actuator (SPA), an analysis is presented on the integration of the DA-polymers in the actuator designs. For both actuator types, a prototype was designed, developed and validated.
Keywords: pneumatic actuators; robots; DA-polymer; SEA; SH material; SH-mechanism; SPA; aerospace industry; automotive industry; dynamic covalent polymer network system; next generation soft robot; reversible DA reaction; reversible Diels-Alder reaction; self-healing compliant actuator; series elastic actuator; soft pneumatic actuator; Actuators; Force; Fuses; Polymers; Prototypes; Robots (ID#: 16-10708)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7139009&isnumber=7138973

H. Nasiraee, J. Bagherzadeh, and M. Nasiraee, “A New Self-Healing Group Key Distribution Scheme,” Information Security and Cryptology (ISCISC), 2015 12th International Iranian Society of Cryptology Conference on, Rasht, 2015, pp. 85-90. doi:10.1109/ISCISC.2015.7387903
Abstract: Self-healing group key distribution is a recent attended research topic in the literature. Common approaches for self-healing schemes use redundancy into broadcast message which would allow user nodes to recover previous session keys, lost due to communication errors. The redundant information lead to communication overhead, but this paper aims to address this concept, by one-way functions, without redundancy. We apply our idea in identity-based cryptography and pairing operations. Our proposal can enable a node in lossy network to recover its lost session keys efficiently along with providing acceptable forward/backward secrecy and collusion resistance.
Keywords: cryptography; fault tolerant computing; collusion resistance; communication overhead; forward-backward secrecy; identity-based cryptography; lossy network; one-way functions; pairing operations; self-healing group key distribution scheme; Encryption; Proposals; Public key; Redundancy; Resistance; Security; cryptographic protocols; group key distribution; self-healing (ID#: 16-10709)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7387903&isnumber=7387888

C. H. Ng, T. Logenthiran, and W. L. Woo, “Intelligent Distributed Smart Grid Network — Reconfiguration,” Smart Grid Technologies - Asia (ISGT ASIA), 2015 IEEE Innovative, Bangkok, 2015, pp. 1-6. doi:10.1109/ISGT-Asia.2015.7387125
Abstract: Smart grid, modernization of electrical power system that is recognized globally as a vision to achieve a self-automated electrical network that is flexible, accessible, reliable and economical. With the integration of distributed and renewable generation into the transmission network, power system restoration faces new challenges. As the demand for power increases, the ability to perform restoration after any blackouts is vital. Smart grid aims to perform automated action in restoring power back to the transmission network. This feature of the system is also known as self-healing. Self-healing aims to perform self-adjustments during the normal operation state and performs self-restoration to the power system by identifying and reacting to interruption with minimal human intervention. The objective of self-healing is to supply electricity to users with no disturbances, making the system highly dependable and efficient. This paper presents an approach to perform power restoration on a mesh transmission network. In this approach, a knowledge based-environment was first created from performing case studies on a mesh network, a set of rules were developed after the environment and a search technique are than used in responding to the contingency observed and obtaining a restoration solution.
Keywords: distributed power generation; power system restoration; smart power grids; transmission networks; distributed generation; electrical power system; intelligent distributed smart grid network reconfiguration; knowledge based-environment; mesh transmission network; renewable generation; self-automated electrical network; self-healing system; Bismuth; Generators; Mesh networks; Power transmission lines; Smart grids; Switches; Power system network; Reconfiguration; Rule-based system; Self-healing; Smart grid; restoration (ID#: 16-10710)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7387125&isnumber=7386954

T. U. Sane, S. L. Shue, and J. M. Conrad, “Implementation of Dynamic Source Routing Using 802.15.4 on XBee Series 1 Modules,” SoutheastCon 2015, Fort Lauderdale, FL, 2015, pp. 1-8. doi:10.1109/SECON.2015.7132965
Abstract: An implementation of Dynamic Source Routing on 802.15.4 using XBee Series 1 modules is presented. This implementation demonstrates the use of Dynamic Source Routing to determine the route from initiator (source) node to target (destination) node and used it to deliver message packets within an intra-network of wireless motes. The wireless motes compromise of Atmega 328P based microcontroller board (Red Board) interfaced with XBee Series 1. The algorithm itself searches for the desired route based on first come first serve basis and uses it to forward the message packet to the target node. Due to the dynamic nature of the protocol, the network has self-healing ability. The software library developed in the course of this implementation provides the user an interface to implement customized multi-hopping on XBee Series1 due to absence of any underlying operating system.
Keywords: Zigbee; microcontrollers; telecommunication network routing; 802.15.4; Atmega 328P based microcontroller board; XBee series 1 modules; dynamic source routing; operating system; software library; wireless motes; Hardware; Microcontrollers; Routing; Routing protocols; Software; Wireless communication; Wireless sensor networks; Dynamic Source Routing (DSR); SubMinature version A (SMA); XBee Series 1 (XBee S1) (ID#: 16-10711)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7132965&isnumber=7132866

E. Pashajavid, F. Shahnia, and A. Ghosh, “Overloading Conditions Management in Remote Networks by Coupling Neighboring Microgrids,” Power Engineering Conference (UPEC), 2015 50th International Universities, Stoke on Trent, 2015,
pp. 1-6. doi:10.1109/UPEC.2015.7339874
Abstract: Remote area microgrids (MG) can experience overloading or power deficiency throughout their dynamic operations due to load and generation uncertainties. Under such conditions, load-shedding is traditionally considered as the first successful mechanism to prevent system instability. To minimize load-shedding, islanded neighboring MGs can be connected to each other in remote areas to provide a self-healing capability. For this, extra generation capacity needs to be available in the distributed energy resources (DER) of one of the MGs to supply the extra demand in the other MG. In this way, the total load in the system of interconnected MGs will be shared by all the DERs within those MGs. This process falls within the network tertiary controller functions. Therefore, the tertiary controller should have a self-healing algorithm that needs to be carefully designed to initiate the command for interconnection of the MGs. The self-healing strategy needs to consider the required criteria to prevent system instability. The MGs will then be interconnected through an interconnecting static switch (ISS). This strategy also needs to decide when two interconnected MGs should be isolated. This paper focuses on the self-healing strategy, its criteria and features. The efficacy of the developed strategy in interconnecting and isolating the neighboring MGs is validated through PSCAD/EMTDC simulations.
Keywords: distributed power generation; load shedding; power system interconnection; power system stability; DER; ISS; MG interconnection; PSCAD-EMTDC simulation; distributed energy resource; interconnecting static switch; load shedding; network tertiary controller function; overloading conditions management; power deficiency; remote area microgrids; self-healing strategy; system instability prevention; Couplings; Density estimation robust algorithm; Microgrids; Power conversion; Switches; Coupled microgrids (CMGs); Interconnecting static switch (ISS); Remote microgrids; Self-healing (ID#: 16-10712)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7339874&isnumber=7339753

R. Aboli, M. Ramezani, and H. Falaghi, “Voltage Control of Distribution Networks Using Fuzzy Approach and Capacitors Offline Planning,” Electrical Power Distribution Networks Conference (EPDC), 2015 20th Conference on, Zahedan, 2015,
pp. 150-155. doi:10.1109/EPDC.2015.7330488
Abstract: This paper proposes a new approach to real time control of the bus voltages in the distribution systems. This approach consists of two control parts; includes offline and online control. In the offline part, switchable capacitors are scheduled based on day-ahead load forecasting. This step is solved using an efficient coding PSO algorithm. The under load tap changer (ULTC) is not a control variable in the offline scheduling and is only operated to improve voltage based on fuzzy approach. Once the switchable capacitors are scheduled, they are fixed on their hourly position in the real time operation. Then the ULTC is controlled based on the fuzzy system in the real time operation of the network. Easy implementation of the offline scheduling due to elimination of the ULTC as a control variable, removal of switching operation constraint and removal approximately of the voltage constraint is the main advantage of the proposed method. In addition, self-healing and possibility control of the bus voltages in different conditions such as unpredictable load changes and contingencies are other benefits. The 69 bus IEEE test system has been used to analyze and validation of the proposed approach.
Keywords: IEEE standards; busbars; capacitor switching; fuzzy control; load forecasting; particle swarm optimisation; power distribution control; power distribution planning; voltage control; ULTC; bus IEEE test system; capacitor offline planning; coding PSO algorithm; day-ahead load forecasting; distribution network voltage control; fuzzy approach; offline control; online control; switchable capacitor scheduling; switching operation constraint removal; under load tap changer; Capacitors; Sociology; Software; Statistics; Switches; Voltage control; Voltage measurement; PSO algorithm; capacitor; distribution system; fuzzy system; real time control (ID#: 16-10713)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7330488&isnumber=7330463

E. Pashajavid, F. Shahnia, and A. Ghosh, “A Decentralized Strategy to Remedy the Power Deficiency in Remote Area Microgrids,” Power Engineering Conference (UPEC), 2015 50th International Universities, Stoke on Trent, 2015, pp. 1-6. doi:10.1109/UPEC.2015.7339865
Abstract: Power deficiency management is an important factor in the operation of remote microgrids (MG). Load-shedding is traditionally considered as the main mechanism to manage the network under power deficiency conditions. To minimize load-shedding, islanded neighboring MGs can be connected to each other in remote areas to provide a self-healing capability. For this, extra generation capacity needs to be available in the distributed energy resources (DER) of one of the MGs to supply the extra demand in the other MG. In this way, the total load in the system of interconnected MGs will be shared by all the DERs within those MGs. This paper presents a strategy which aims to interconnect two neighboring microgrids in remote areas to minimize the necessity of load-shedding. This strategy also needs to decide when two interconnected MGs should be isolated. This paper focuses on the self-healing strategy, its criteria and features. The presented algorithm in this paper does not need any data communication system for its operation. The performance of the developed technique is validated by PSCAD/EMTDC simulations.
Keywords: decentralised control; distributed power generation; load shedding; power generation control; power system interconnection; renewable energy sources; DER; MG interconnection; PSCAD-EMTDC simulation; decentralized strategy; distributed energy resource; load shedding; power deficiency management; remote area microgrid; self-healing strategy; Density estimation robust algorithm; Frequency control; Microgrids; Phase transformers; Power conversion; Switches; Distributed energy resources (DER); Frequency; Interconnected microgrids; Self-healing (ID#: 16-10714)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7339865&isnumber=7339753

A. Ortega, A. A. Shinoda, C. M. Schweitzer, F. Granelli, A. V. Ortega, and F. Bonvecchio, “Proposal DNP3 Protocol Simulation on NS-2 in IEEE 802.11g Wireless Network Ad Hoc over TCP/IP in Smart Grid Applications,” Innovative Smart Grid Technologies Latin America (ISGT LATAM), 2015 IEEE PES, Montevideo, 2015, pp. 635-640. doi:10.1109/ISGT-LA.2015.7381229
Abstract: The smart grid is a highly complex system of electric power system involving a large number of devices embedded in information and communication technology for fault detection and control. To validate the functionality, reliability and security of a smart grid is required communication protocol. This paper proposes an evaluation of the DNP3 performance across an 802.11g wireless network ad hoc, encapsulated in TCP/IP using the NS-2. The objective is to investigate the feasibility of using DNP3 through an ad hoc network, such as monitoring and teleprotection, measuring the delay required to complete a transaction messages in a self-healing system.
Keywords: fault diagnosis; power system reliability; power system security; smart power grids; transport protocols; wireless LAN; DNP3 protocol; IEEE 802.11g wireless network ad hoc; NS-2 simulation; TCP/IP protocol; complex system; electric power system; fault control; fault detection; information and communication technology; smart grid reliability; smart grid security; Protocols; Smart grids; Substations; Switches; Switching circuits; TCPIP; DNP3; NS-2; Protocol; Smart Grid; TCP/IP; self-healing (ID#: 16-10715)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381229&isnumber=7381114

A. G. d. M. Rossetto et al., “A New Unreliable Failure Detector for Self-Healing in Ubiquitous Environments,” Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, Gwangiu, 2015, pp. 316-323. doi:10.1109/AINA.2015.201
Abstract: Due to the nature of ubiquitous systems, nodes (e.g., Sensors) are frequently prone to failures. Such systems must, therefore, present self-healing capabilities in order to detect failures and make the necessary adjustments to prevent their impact on applications. In such a context, this work proposes a new and flexible unreliable failure detector, denoted as the Impact failure detector (FD), for self-healing system in ubiquitous environments. The output of the Impact FD concerns the confidence in the system as a whole. By expressing the relevance of each node by an impact factor value as well as a margin of acceptable failures of the system, the Impact FD enables the user to tune the failure detection configuration in accordance with the requirements of the application: in some scenarios, the failure of low impact or redundant nodes does not jeopardize the confidence in the system, while the crash of a high impact factor one may seriously affect it. Either a softer or stricter monitoring is thus possible. The performance evaluation results using real Planet Lab traces confirm the degree of flexible applicability of our failure detector and, that due to the margin of failure, the number of false responses may be reduced when it is compared with traditional unreliable failure detectors.
Keywords: fault diagnosis; fault tolerant computing; telecommunication network reliability; ubiquitous computing; Planet Lab traces; failure detection configuration; false responses; impact FD; impact factor value; impact failure detector; self-healing capabilities; ubiquitous environments; ubiquitous systems; unreliable failure detector; Accuracy; Computer crashes; Detectors; Heart beat; Monitoring; Sensor phenomena and characterization; failure detector; impact factor; self-healing; trust level (ID#: 16-10716)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7097986&isnumber=7097928

K. Hashimoto et al., “iKaaS Data Modeling: A Data Model for Community Services and Environment Monitoring in Smart City,” Autonomic Computing (ICAC), 2015 IEEE International Conference on, Grenoble, 2015, pp. 301-306. doi:10.1109/ICAC.2015.64
Abstract: Intelligent Knowledge as a Service (iKaaS) is an ambitious project aiming at integrating sensor management using Internet of Things (IoT) and cloud services by employing sensor data. The platform design covers self-healing functions based on self-awareness as well as basic functions such as inter-cloud, security/privacy management, and devices and data management. From the viewpoint of application development, ontology sharing is the most important to integrate services. This paper, the first step towards ontology sharing, defines the iKaaS data model as one that integrates data models used in all applications in the project. The data defined in the iKaaS data model is converted into RDF format and stored in the RDF database. The reasoning mechanism in semantic web allows the semantic integration of data and applications. The iKaaS project is developing a prototype community service, town management and healthcare, in Tagonishi's Smart City. Presenting the iKaaS data model for these said services, this paper emphasizes the necessity of higher contextual awareness to achieve the goal of a better-fitted personalization for the individual.
Keywords: Internet of Things; cloud computing; inference mechanisms; ontologies (artificial intelligence); relational databases; semantic Web; smart cities; town and country planning; IoT; RDF database; RDF format; application development; cloud services; community services; environment monitoring; health care; iKaaS data modeling; intelligent knowledge-as-a-service; ontology sharing; reasoning mechanism; resource description function; Semantic Web; sensor management; smart city; town management; Cities and towns; Context; Data models; Geospatial analysis; Smart cities; Three-dimensional displays; City GML; Community Service; Context-Awareness; Data Model; Sensor Network; Smart City (ID#: 16-10717)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266984&isnumber=7266915

J. D. Nieto, D. Remon, A. M. Cantarellas, C. Koch-Ciobotaru, and P. Rodriguez, “Overview of Intelligent Substation Automation in Distribution Systems,” Industrial Electronics (ISIE), 2015 IEEE 24th International Symposium on, Buzios, 2015, pp. 922-927. doi:10.1109/ISIE.2015.7281594
Abstract: New trends in electricity production, that involve generating power locally at the distribution voltage level by using renewable energy sources, are changing the paradigm of the distribution network, giving it an active role with the integration of Distributed Generators (DG), which leads to the concept of active distribution networks. A key element that connects the distribution system to the rest of the power system is the medium to low voltage transformer substation, which requires further research and development in order to develop active distribution networks. This document presents an overview about the components and functions that an intelligent substation automation system may have.
Keywords: distribution networks; substation automation; transformer substations; distributed generators; distribution network; distribution systems; electricity production; intelligent substation automation; renewable energy sources; transformer substation; Artificial intelligence; Energy storage; Reliability; Smart grids; Substation automation; Voltage control; IEC 61850; Smart Grid; intelligent substation; renewable energy resources; self-healing (ID#: 16-10718)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7281594&isnumber=7281431

R. Jia, S. Abdelwahed, and A. Erradi, “Towards Proactive Fault Management of Enterprise Systems,” Cloud and Autonomic Computing (ICCAC), 2015 International Conference on, Boston, MA, 2015, pp. 21-32. doi:10.1109/ICCAC.2015.18
Abstract: This paper introduces a model-based approach for autonomic fault management of computing systems. The proposed approach can recover a system from common faults while minimizing the impact on the system's quality of service and reducing potential revenue loss. When faults occur, the approach identifies fault types and accordingly compute the optimal recovery action with minimum impact on performance and operating cost using a predictive control algorithm. The paper introduces the formal settings of the model-based fault management approach and the underlying predictive control algorithm. The fault management approach has been verified on a testbed with respect to simulated faults including memory leak and network congestion. Simulation results show that our approach enabled effective automatic recovery from these faults with minimum impacts of system performance.
Keywords: quality of service; software fault tolerance; QoS; autonomic fault management; enterprise system; model-based fault management; predictive control algorithm; Computational modeling; Fault tolerance; Fault tolerant systems; Hardware; Predictive models; Servers; Software; Autonomic Computing; Fault Tolerance; Model-based Control; Self-healing (ID#: 16-10719)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7312138&isnumber=7312127

S. Chernov, D. Petrov, and T. Ristaniemi, “Location Accuracy Impact on Cell Outage Detection in LTE-A Networks,” Wireless Communications and Mobile Computing Conference (IWCMC), 2015 International, Dubrovnik, 2015, pp. 1162-1167. doi:10.1109/IWCMC.2015.7289247
Abstract: Automated and timely detection of malfunctioning cells in Long-Term Evolution (LTE) networks is of high importance. Sleeping cell is a particular type of cell degradation hardly detectable by traditional network monitoring systems. Recent introduction of Minimization of Drive Test (MDT) functionality enables to collect user-level statistics from regular user devices without expensive and time-consuming drive-test and measurement campaigns. In this study data mining techniques are used to process MDT measurements to detect efficiently a sleeping cell. The developed earlier data mining framework is briefly overviewed in the paper. Special attention is devoted to post-processing stage as one of the key elements of the detection scheme. In practice, location information of collected measurements might contain considerable errors. This factor impacts the precision of malfunctioning cell detection. Therefore several post-processing algorithms are proposed, where location accuracy is taken into account. The performance of the algorithms is compared based on the results of thorough system-level LTE network simulations. Combined post-processing method shows the best reliability against location errors in terms of Root Mean Squared Error (RMSE) and percent gain.
Keywords: Long Term Evolution; data mining; telecommunication computing; telecommunication network reliability; LTE-A networks; Long Term Evolution networks; cell outage detection; data mining techniques; location accuracy impact; malfunctioning cell detection; minimization of drive test; sleeping cell detection; Accuracy; Algorithm design and analysis; Data mining; Handover; Histograms; Training; LTE; SON; Self-healing; anomaly detection; cell outage (ID#: 16-10720)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7289247&isnumber=7288920

R. Ghosh and J. Bera, “A Novel Approach for Detection and Avoidance of Black Hole Nodes in Wireless Data Transmission,” Next Generation Computing Technologies (NGCT), 2015 1st International Conference on, Dehradun, 2015,
pp. 344-349. doi:10.1109/NGCT.2015.7375138
Abstract: A novel approach has been introduced in this paper to detect and avoid black hole nodes during formation of reliable path for wireless data transmission. A valid acknowledgement is transmitted to the data packet sending node and its predecessor connected node. A trusted routing table created with valid acknowledgement receiver node. Secure data transmission is dependent upon the trusted routing table. Black hole nodes are required to be discarded from the data transmission. The information about the black hole node is broadcasted to the other nodes of the network to eliminate the uses of false route declaration.
Keywords: mobile ad hoc networks; radio receivers; telecommunication network reliability; telecommunication network routing; telecommunication security; trusted computing; MANET; black hole node avoidance; black hole node detection; data packet sending node; false route declaration; mobile ad-hoc network; predecessor connected node; reliable path formation; secure data transmission; trusted routing table; wireless data transmission; Communication system security; Data communication; Mobile ad hoc networks; Peer-to-peer computing; Routing; Wireless communication; Ad Hoc Networks; Black Hole; Mobility; Routing; Self-healing; Trusted routing table (ID#: 16-10721)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7375138&isnumber=7375067

T. Huusari, Y. S. Choi, P. Liikkanen, D. Korpi, S. Talwar, and M. Valkama, “Wideband Self-Adaptive RF Cancellation Circuit for Full-Duplex Radio: Operating Principle and Measurements,” Vehicular Technology Conference (VTC Spring), 2015 IEEE 81st, Glasgow, 2015, pp. 1-7. doi:10.1109/VTCSpring.2015.7146163
Abstract: This paper presents a novel RF circuit architecture for self-interference cancellation in inband full-duplex radio transceivers. The developed canceller is able to provide wideband cancellation with waveform bandwidths in the order of 100 MHz or beyond and contains also self-adaptive or self-healing features enabling automatic tracking of time-varying self-interference channel characteristics. In addition to architecture and operating principle descriptions, we also provide actual RF measurements at 2.4 GHz ISM band demonstrating the achievable cancellation levels with different bandwidths and when operating in different antenna configurations and under low-cost highly nonlinear power amplifier. In a very challenging example with a 100 MHz waveform bandwidth, around 41 dB total cancellation is obtained while the corresponding cancellation figure is close to 60 dB with the more conventional 20 MHz carrier bandwidth. Also, efficient tracking in time-varying reflection scenarios is demonstrated.
Keywords: interference suppression; network synthesis; power amplifiers; radio transceivers; radiofrequency interference; ISM band; RF circuit architecture; antenna; frequency 100 MHz; frequency 2.4 GHz; inband full-duplex radio transceivers; nonlinear power amplifier; self-interference cancellation; time-varying self-interference channel; wideband cancellation; wideband self-adaptive RF cancellation circuit; Antenna measurements; Antennas; Bandwidth; Delays; Radio frequency; Receivers; Transmission line measurements (ID#: 16-10722)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7146163&isnumber=7145573

Zhe Liu, Jianjun Ju, Weidong Chen, Xiangyu Fu and Hesheng Wang, “A Gradient-Based Self-Healing Algorithm for Mobile Robot Formation,” Intelligent Robots and Systems (IROS), 2015 IEEE/RSJ International Conference on, Hamburg, 2015,
pp. 3395-3400. doi:10.1109/IROS.2015.7353850
Abstract: In this paper, we investigate the self-healing problem of mobile robot formation after some robots have been damaged, and present a gradient-based algorithm which enables mobile robots to restore the topology of the formation through local interactions among neighboring robots. Firstly, in order to optimize the repair path in a distributed manner, a gradient generation and diffusion mechanism is proposed to generate a specific gradient distribution in the formation. Then, utilizing several predefined path selection rules, a path selection algorithm is presented to guarantee the optimality of the selected repair path. Furthermore, several optimization indices are presented to quantitatively characterize the performance of self-healing algorithms. Finally, the effectiveness of the proposed algorithm is validated by numerical simulations and the simulation results show that the proposed algorithm can restore the topology of the formation with the fewer repair robots and lower energy consumptions.
Keywords: mobile robots; numerical analysis; diffusion mechanism; gradient distribution; gradient generation; gradient-based algorithm; gradient-based self-healing algorithm; mobile robot formation; numerical simulations; optimization indices; path selection algorithm; predefined path selection rules; repair robots; self-healing algorithms; self-healing problem; Heuristic algorithms; Maintenance engineering; Mobile robots; Network topology; Robot kinematics; Topology (ID#: 16-10723)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7353850&isnumber=7353104

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

Virtual Machines 2015

	Virtual Machines 2015

Arguably, virtual machines are more secure than actual machines. This idea is based on the notion that an attacker cannot jump the gap between the virtual and the actual. The growth of interest in cloud computing suggests it is time for a fresh look at the vulnerabilities in virtual machines. In the articles presented below, security concerns are addressed in some interesting ways. For the Science of Security community, virtualization is related to composability, resiliency, cyber physical systems, and cryptography. The articles cited here were presented in 2015.

S. Jin, J. Ahn, J. Seol, S. Cha, J. Huh, and S. Maeng, “H-SVM: Hardware-Assisted Secure Virtual Machines Under a Vulnerable Hypervisor,” in IEEE Transactions on Computers, vol.  64, no. 10, pp. 2833-2846, Oct. 1 2015. doi:10.1109/TC.2015.2389792
Abstract: With increasing demands on cloud computing, protecting guest virtual machines (VMs) from malicious attackers has become critical to provide secure services. The current cloud security model with software-based virtualization relies on the invulnerability of the software hypervisor and its trustworthy administrator with the root permission. However, compromising the hypervisor with remote attacks or root permission grants the attackers with a full access capability to the memory and context of a guest VM. This paper proposes a HW-based approach to protect guest VMs even under an untrusted hypervisor. With the proposed mechanism, memory isolation is provided by the secure hardware, which is much less vulnerable than the software hypervisor. The proposed mechanism extends the current hardware support for memory virtualization based on nested paging with a small extra hardware cost. The hypervisor can still flexibly allocate physical memory pages to virtual machines for efficient resource management. In addition to the system design for secure virtualization, this paper presents a prototype implementation using system management mode. Although the current system management mode is not intended for security functions and thus limits the performance and complete protection, the prototype implementation proves the feasibility of the proposed design.
Keywords: authorisation; cloud computing; invasive software; paged storage; virtual machines; virtualisation; H-SVM; HW-based approach; cloud computing; cloud security model; guest VM protection; hardware-assisted secure virtual machines; malicious attackers; memory isolation; memory virtualization; nested paging; physical memory page allocation; resource management; root permission; secure services; secure virtualization; software hypervisor; software hypervisor invulnerability; software-based virtualization; system design; system management mode; trustworthy administrator; untrusted hypervisor; virtual machine protection; vulnerable hypervisor; Context; Hardware; Memory management; Registers; Virtual machine monitors; Virtual machining; Virtualization; Cloud Computing; Cloud computing; Security; Virtualization; security; virtualization (ID#: 16-10459)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7005439&isnumber=7240148

R. C. Chiang, S. Rajasekaran, N. Zhang, and H. H. Huang, “Swiper: Exploiting Virtual Machine Vulnerability in Third-Party Clouds with Competition for I/O Resources,” in IEEE Transactions on Parallel and Distributed Systems, vol. 26, no. 6,
pp. 1732-1742, June 1 2015. doi:10.1109/TPDS.2014.2325564
Abstract: The emerging paradigm of cloud computing, e.g., Amazon Elastic Compute Cloud (EC2), promises a highly flexible yet robust environment for large-scale applications. Ideally, while multiple virtual machines (VM) share the same physical resources (e.g., CPUs, caches, DRAM, and I/O devices), each application should be allocated to an independently managed VM and isolated from one another. Unfortunately, the absence of physical isolation inevitably opens doors to a number of security threats. In this paper, we demonstrate in EC2 a new type of security vulnerability caused by competition between virtual I/O workloads-i.e., by leveraging the competition for shared resources, an adversary could intentionally slow down the execution of a targeted application in a VM that shares the same hardware. In particular, we focus on I/O resources such as hard-drive throughput and/or network bandwidth-which are critical for data-intensive applications. We design and implement Swiper, a framework which uses a carefully designed workload to incur significant delays on the targeted application and VM with minimum cost (i.e., resource consumption). We conduct a comprehensive set of experiments in EC2, which clearly demonstrates that Swiper is capable of significantly slowing down various server applications while consuming a small amount of resources.
Keywords: cloud computing; security of data; virtual machines; Amazon elastic compute cloud; EC2; Swiper; VM; hard-drive throughput; network bandwidth; security threats; security vulnerability; third-party clouds; virtual I/O workloads; virtual machine vulnerability; Cloud computing; Delays; IP networks; Security; Synchronization; Throughput; Virtualization; Cloud computing; scheduling; virtualization (ID#: 16-10460)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6824231&isnumber=7106033

P. Gaj, M. Skrzewski, J. Stój, and J. Flak, “Virtualization as a Way to Distribute PC-Based Functionalities,” in IEEE Transactions on Industrial Informatics, vol. 11, no. 3, pp. 763-770, June 2015. doi:10.1109/TII.2014.2360499
Abstract: Virtualization theory is well known and successfully used in the computer domain. Personal computer (PC) workstations, as well as their virtual counterparts, are popular for general purposes. PC stations are also popular in networked control systems (NCSs). They are used as system components to deliver user interfaces and to run many important services of the data processing, communication, and database type. In this paper, the usage of virtual PC machines (VMs) is considered in the context of interoperability with NCS. This specific application area requests answers whether virtualization is applicable and secure, and what are the expectations from the temporal characteristics of running services.
Keywords: control engineering computing; microcomputers; networked control systems; open systems; user interfaces; virtual machines; NCS; PC stations; data processing; distribute PC-based functionalities; interoperability; networked control system; personal computer; system components; user interface; virtual PC machine; virtual counterparts; virtualization; Hardware; Informatics; Security; Software; Virtual machine monitors; Virtual machining; Virtualization; Efficiency; OPC; Xen; efficiency; hypervisor; industrial communication; industrial distributed systems; networked control systems (NCSs); security; temporal characteristics; virtual machine; virtual machine (VM) (ID#: 16-10461)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6911999&isnumber=7116638

A. Prakash, E. Venkataramani, H. Yin, and Z. Lin, “On the Trustworthiness of Memory Analysis—An Empirical Study from the Perspective of Binary Execution,” in IEEE Transactions on Dependable and Secure Computing, vol. 12, no. 5, pp. 557-570, Sept.-Oct. 1 2015. doi:10.1109/TDSC.2014.2366464
Abstract: Memory analysis serves as a foundation for many security applications such as memory forensics, virtual machine introspection and malware investigation. However, malware, or more specifically a kernel rootkit, can often tamper with kernel memory data, putting the trustworthiness of memory analysis under question. With the rapid deployment of cloud computing and increase of cyber attacks, there is a pressing need to systematically study and understand the problem of memory analysis. In particular, without ground truth, the quality of the memory analysis tools widely used for analyzing closed-source operating systems (like Windows) has not been thoroughly studied. Moreover, while it is widely accepted that value manipulation attacks pose a threat to memory analysis, its severity has not been explored and well understood. To answer these questions, we have devised a number of novel analysis techniques including (1) binary level ground-truth collection, and (2) value equivalence set directed field mutation. Our experimental results demonstrate not only that the existing tools are inaccurate even under a non-malicious context, but also that value manipulation attacks are practical and severe. Finally, we show that exploiting information redundancy can be a viable direction to mitigate value manipulation attacks, but checking information equivalence alone is not an ultimate solution.
Keywords: invasive software; storage management; trusted computing; binary execution perspective; binary level ground-truth collection; closed-source operating systems; cloud computing; cyber attacks; malware investigation; memory analysis; memory forensics; security applications; trustworthiness; value equivalence set directed field mutation; value manipulation attacks; virtual machine introspection; Context; Data structures; Kernel; Robustness; security; Semantics; Virtual machining; DKOM; Invasive Software; Kernel Rootkit; Memory Forensics; Memory forensics; Operating Systems Security; Virtual Machine Introspection; kernel rootkit; operating systems security  (ID#: 16-10462)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6942280&isnumber=7240136

B. Jain, M. B. Baig, Dongli Zhang, D. E. Porter, and R. Sion, “Introspections on the Semantic Gap,” in IEEE Security & Privacy, vol. 13, no. 2, pp. 48-55, Mar.-Apr. 2015. doi:10.1109/MSP.2015.35
Abstract: An essential goal of virtual machine introspection is security policy enforcement in the presence of an untrustworthy OS. One obstacle to this goal is the difficulty in accurately extracting semantic meaning from the hypervisor’s hardware-level view of a guest OS.
Keywords: security of data; virtual machines; OS; security policy enforcement; virtual machine introspection; Computer security; Data structures; Kernel; Monitoring; Semantics; Trust management; Virtual machine monitors; Virtual machines; VM introspection; VMI; security; semantic gap; trust (ID#: 16-10463)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7085955&isnumber=7085640

R. Tyagi, T. Paul, B. S. Manoj, and B. Thanudas, “Packet Inspection for Unauthorized OS Detection in Enterprises,” in IEEE Security & Privacy, vol. 13, no. 4, pp. 60-65, July-Aug. 2015. doi:10.1109/MSP.2015.86
Abstract: Many recent malware implementations employ virtual machines to carry out their malicious activities. These are hard to detect because their states can’t be accessed by antivirus software running in the native OS. An approach for OS fingerprinting using TCP SYN packets in an enterprise environment can detect the presence of unauthorized OSs.
Keywords: computer network security; invasive software; operating systems (computers); transport protocols; virtual machines; OS fingerprinting; TCP SYN packet inspection; antivirus software; enterprises; malicious activity; malware; unauthorized OS detection; virtual machine; Databases; Fingerprint recognition; IP networks; Linux; Malware; Virtual machining; OS; enterprise; fingerprinting; header; network; security; traffic packet (ID#: 16-10464)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7180275&isnumber=7180218

C. Anderson, “Docker [Software engineering],” in IEEE Software, vol. 32, no. 3, pp. 102-c3, May-June 2015. doi:10.1109/MS.2015.62
Abstract: In episode 217 of Software Engineering Radio, host Charles Anderson talks with James Turnbull, a software developer and security specialist who’s vice president of services at Docker. Lightweight Docker containers are rapidly becoming a tool for deploying microservice-based architectures.
Keywords: Interviews; Software development; Software engineering; Virtual machining; Docker; Docker containers; James Turnbull; SE Radio; Software Engineering Radio; microservices (ID#: 16-10465)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7093032&isnumber=7093013

Xuexiu Chen, Chi Chen, Yuan Tao, and Jiankun Hu, “A Cloud Security Assessment System Based on Classifying and Grading,” in IEEE Cloud Computing, vol. 2, no. 2, pp. 58-67, Mar.-Apr. 2015. doi:10.1109/MCC.2015.34
Abstract: Cloud security has become a key limitation on the development of cloud computing. To ensure the stability and reliability of cloud service, cloud security should be assessed regularly using a practical indicator system. Because cloud computing employs virtualization technology and a new delivery mode, the security assessment indicator system for traditional information systems is unsuitable for the cloud. This article proposes a complete cloud security assessment indicator system based on classifying and grading. It uses the comprehensive assessment method combining forward and feedback assessment to assess the security of an actual cloud, and verifies the rationality and practicability of the cloud security assessment indicator system.
Keywords: cloud computing; information systems; security of data; software reliability; virtualisation; cloud security assessment indicator system; cloud security assessment system; cloud service reliability; cloud service stability; delivery mode; feedback assessment; virtualization technology; Access control; Cloud computing; Communication networks; Information systems; Virtual machining; classifying and grading; cloud; cloud security; security assessment (ID#: 16-10466)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7116415&isnumber=7116413

Chia-Wei Wang, Michael Cheng Yi Cho, Chi-Wei Wang, and Shiuhpyng Winston Shieh, “Combating Software Piracy in Public Clouds,” in Computer, vol. 48, no. 10, pp. 88-91, Oct. 2015. doi:10.1109/MC.2015.317
Abstract: CodeMist is an innovative security framework that leverages both passive and active approaches to prevent piracy of cloud-based rental software.
Keywords: cloud computing; computer crime; CodeMist; cloud-based rental software; innovative security framework; public clouds; software piracy; Cloud computing; Computer crime; Runtime; Video recording; Virtual machine monitors; CodeMist; cloud; rental software; security; software piracy (ID#: 16-10467)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7310962&isnumber=7310948

Huan Ke, Peng Li, Song Guo, and Ivan Stojmenovic, “Aggregation on the Fly: Reducing Traffic for Big Data in the Cloud,” in IEEE Network, vol. 29, no. 5, pp. 17-23, September-October 2015. doi:10.1109/MNET.2015.7293300
Abstract: As a leading framework for processing and analyzing big data, MapReduce is leveraged by many enterprises to parallelize their data processing on distributed computing systems. Unfortunately, the all-to-all data forwarding from map tasks to reduce tasks in the traditional MapReduce framework would generate a large amount of network traffic. The fact that the intermediate data generated by map tasks can be combined with significant traffic reduction in many applications motivates us to propose a data aggregation scheme for MapReduce jobs in cloud. Specifically, we design an aggregation architecture under the existing MapReduce framework with the objective of minimizing the data traffic during the shuffle phase, in which aggregators can reside anywhere in the cloud. Some experimental results also show that our proposal outperforms existing work by reducing the network traffic significantly.
Keywords: Big Data; cloud computing; data analysis; parallel processing; Big Data analysis; MapReduce; data aggregation scheme; data traffic minimization; distributed computing system; Bandwidth; Big data; Cloud computing; Distributed processing; Network security; Telecommunication traffic; Virtual machining (ID#: 16-10468)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7293300&isnumber=7293293

D. Tao, Z. Lin, and C. Lu, “Cloud Platform Based Automated Security Testing System for Mobile Internet,” in Tsinghua Science and Technology, vol. 20, no. 6, pp. 537-544, December 2015. doi:10.1109/TST.2015.7349926
Abstract: With respect to security, the use of various terminals in the mobile Internet environment is problematic. Traditional terminal testing methods cannot simulate actual testing environments; thus, the test results do not accurately reflect the security of terminals. To address this problem, we designed and developed a cloud platform based automated testing system for the mobile Internet. In this system, virtualization and automation technology are utilized to integrate mobile terminals into the cloud platform as a resource, to achieve a novel cloud service called Testing as a Service (TaaS). The system consists of three functional modules: web front-end module, testing environment module, and automated testing module. We adopted the permeable automated testing tool Metasploit to perform security testing. In our test experiments, we selected 100 apps with diverse vulnerability levels, ranging from secure to vulnerable, to perform a series of functional tests. The experimental results show that this system can correctly test both the number of vulnerable apps and their corresponding vulnerability levels. As such, the designed system can flexibly configure various testing environments for different testing cases or projects, and thereby perform security testing automatically.
Keywords: Cloud computing; Mobile communication; Security; Testing; Virtual machining; Virtualization; automated security testing; cloud platform; virtualization; Metasploit (ID#: 16-10469)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7349926&isnumber=7349923

K. Salah, M. Hammoud, and S. Zeadally, “Teaching Cybersecurity Using the Cloud,” in IEEE Transactions on Learning Technologies, vol. 8, no. 4, pp. 383-392, Oct.-Dec. 1 2015. doi:10.1109/TLT.2015.2424692
Abstract: Cloud computing platforms can be highly attractive to conduct course assignments and empower students with valuable and indispensable hands-on experience. In particular, the cloud can offer teaching staff and students (whether local or remote) on-demand, elastic, dedicated, isolated, (virtually) unlimited, and easily configurable virtual machines. As such, employing cloud-based laboratories can have clear advantages over using classical ones, which impose major hindrances against fulfilling pedagogical objectives and do not scale well when the number of students and distant university campuses grows up. We show how the cloud paradigm can be leveraged to teach a cybersecurity course. Specifically, we share our experience when using cloud computing to teach a senior course on cybersecurity across two campuses via a virtual classroom equipped with live audio and video. Furthermore, based on this teaching experience, we propose guidelines that can be applied to teach similar computer science and engineering courses. We demonstrate how cloud-based laboratory exercises can greatly help students in acquiring crucial cybersecurity skills as well as cloud computing ones, which are in high demand nowadays. The cloud we used for this course was the Amazon Web Services (AWS) public cloud. However, our presented use cases and approaches are equally applicable to other available cloud platforms such as Rackspace and Google Compute Engine, among others.
Keywords: Web services; cloud computing; computer science education; educational courses; security of data; teaching; virtual machines; AWS public cloud; Amazon Web Services public cloud; Google Compute Engine; Rackspace; cloud computing platforms; cloud-based laboratories; computer engineering courses; computer science courses; cybersecurity; teaching; virtual classroom; virtual machines; Cloud computing; Computer crime; Computer security; Education; Network security; Amazon AWS; Cloud Computing; Computer Security; Cybersecurity; Education; Network Security; computer security; education; network security (ID#: 16-10470)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7089256&isnumber=7355489

W. Chen, L. Xu, G. Li, and Y. Xiang, “A Lightweight Virtualization Solution for Android Devices,” in IEEE Transactions on Computers, vol. 64, no. 10, pp. 2741-2751, Oct. 1 2015. doi:10.1109/TC.2015.2389791
Abstract: Mobile virtualization has emerged fairly recently and is considered a valuable way to mitigate security risks on Android devices. However, major challenges in mobile virtualization include runtime, hardware, resource overhead, and compatibility. In this paper, we propose a lightweight Android virtualization solution named Condroid, which is based on container technology. Condroid utilizes resource isolation based on namespaces feature and resource control based on cgroups feature. By leveraging them, Condroid can host multiple independent Android virtual machines on a single kernel to support multiple Android containers. Furthermore, our implementation presents both a system service sharing mechanism to reduce memory utilization and a filesystem sharing mechanism to reduce storage usage. The evaluation results on Google Nexus 5 demonstrate that Condroid is feasible in terms of runtime, hardware resource overhead, and compatibility. Therefore, we find that Condroid has a higher performance than other virtualization solutions.
Keywords: Android (operating system); mobile computing; security of data; smart phones; virtual machines; virtualisation; Android devices; Android virtual machines; Condroid; Google Nexus 5; compatibility; container technology; filesystem sharing mechanism; hardware resource overhead; lightweight Android virtualization solution; memory utilization; mobile virtualization; namespace feature; resource isolation; security risks; system service sharing mechanism; Androids; Containers; Humanoid robots; Kernel; Linux; Smart phones; Virtualization; Android; Container; Security; android; security; virtualization (ID#: 16-10471)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7005503&isnumber=7240148

L. M. Vaquero, A. Celorio, F. Cuadrado, and R. Cuevas, “Deploying Large-Scale Datasets On-Demand in the Cloud: Treats and Tricks on Data Distribution,” in IEEE Transactions on Cloud Computing, vol. 3, no. 2, pp. 132-144, April-June 1 2015. doi:10.1109/TCC.2014.2360376
Abstract: Public clouds have democratised the access to analytics for virtually any institution in the world. Virtual machines (VMs) can be provisioned on demand to crunch data after uploading into the VMs. While this task is trivial for a few tens of VMs, it becomes increasingly complex and time consuming when the scale grows to hundreds or thousands of VMs crunching tens or hundreds of TB. Moreover, the elapsed time comes at a price: the cost of provisioning VMs in the cloud and keeping them waiting to load the data. In this paper we present a big data provisioning service that incorporates hierarchical and peer-to-peer data distribution techniques to speed-up data loading into the VMs used for data processing. The system dynamically mutates the sources of the data for the VMs to speed-up data loading. We tested this solution with 1000 VMs and 100 TB of data, reducing time by at least 30 percent over current state of the art techniques. This dynamic topology mechanism is tightly coupled with classic declarative machine configuration techniques (the system takes a single high-level declarative configuration file and configures both software and data loading). Together, these two techniques simplify the deployment of big data in the cloud for end users who may not be experts in infrastructure management.
Keywords: Big Data; cloud computing; peer-to-peer computing; virtual machines; VM; big data provisioning service; classic declarative machine configuration techniques; data loading; data processing; dynamic topology mechanism; high-level declarative configuration file; infrastructure management; large-scale datasets on-demand; peer-to-peer data distribution techniques; public clouds; Big data; Cloud computing; Distributed databases; Loading; Relays; Servers; BitTorrent; Large-scale data transfer; big data; big data distribution; flash crowd; p2p everyday; p2p overlay; provisioning (ID#: 16-10472)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6910293&isnumber=7118805

Z. Wu, Z. Xu, and H. Wang, “Whispers in the Hyper-Space: High-Bandwidth and Reliable Covert Channel Attacks Inside the Cloud,” in IEEE/ACM Transactions on Networking, vol. 23, no. 2, pp. 603-614, April 2015. doi:10.1109/TNET.2014.2304439
Abstract: Privacy and information security in general are major concerns that impede enterprise adaptation of shared or public cloud computing. Specifically, the concern of virtual machine (VM) physical co-residency stems from the threat that hostile tenants can leverage various forms of side channels (such as cache covert channels) to exfiltrate sensitive information of victims on the same physical system. However, on virtualized x86 systems, covert channel attacks have not yet proven to be practical, and thus the threat is widely considered a “potential risk.” In this paper, we present a novel covert channel attack that is capable of high-bandwidth and reliable data transmission in the cloud. We first study the application of existing cache channel techniques in a virtualized environment and uncover their major insufficiency and difficulties. We then overcome these obstacles by: (1) redesigning a pure timing-based data transmission scheme, and (2) exploiting the memory bus as a high-bandwidth covert channel medium. We further design and implement a robust communication protocol and demonstrate realistic covert channel attacks on various virtualized x86 systems. Our experimental results show that covert channels do pose serious threats to information security in the cloud. Finally, we discuss our insights on covert channel mitigation in virtualized environments.
Keywords: cloud computing; computer network security; cryptographic protocols; virtual machines; virtualisation; VM physical co-residency stems; cache channel techniques; cache covert channels; overt channel mitigation; data privacy; high-bandwidth covert channel medium; high-bandwidth reliable data transmission; high-bandwidth-reliable covert channel attacks; hostile tenants; hyper-space; information security; memory bus; physical system; public cloud computing; robust communication protocol; sensitive information exfiltration; shared cloud computing; side channel leveraging; threat tenants; timing-based data transmission scheme; virtual machine physical co-residency stems; virtualized environment; virtualized environments; virtualized systems; Bandwidth; Data communication; processor scheduling; Receivers; Security; Uncertainty; Virtualization; Cloud; covert channel; network security (ID#: 16-10473)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6744676&isnumber=7086110

Xinhua Dong, Ruixuan Li, Heng He, Wanwan Zhou, Zhengyuan Xue, and Hao Wu, “Secure Sensitive Data Sharing on a Big Data Platform,” in Tsinghua Science and Technology, vol. 20, no. 1, pp. 72-80, Feb. 2015. doi:10.1109/TST.2015.7040516
Abstract: Users store vast amounts of sensitive data on a big data platform. Sharing sensitive data will help enterprises reduce the cost of providing users with personalized services and provide value-added data services. However, secure data sharing is problematic. This paper proposes a framework for secure sensitive data sharing on a big data platform, including secure data delivery, storage, usage, and destruction on a semi-trusted big data sharing platform. We present a proxy re-encryption algorithm based on heterogeneous ciphertext transformation and a user process protection method based on a virtual machine monitor, which provides support for the realization of system functions. The framework protects the security of users’ sensitive data effectively and shares these data safely. At the same time, data owners retain complete control of their own data in a sound environment for modern Internet information security.
Keywords: Big Data; Internet; cryptography; trusted computing; virtual machines; data owners; heterogeneous ciphertext transformation; modern Internet information security; personalized services; proxy reencryption algorithm; secure data delivery; secure sensitive data sharing; semitrusted big data sharing platform; system functions; user process protection method; value-added data services; virtual machine monitor; Access control; Big data; Cloud computing; Encryption; Secure storage; big data; private space; proxy re-encryption; secure sharing; sensitive data (ID#: 16-10474)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7040516&isnumber=7040506

Ruozhou Yu, Guoliang Xue, Vishnu Teja Kilari, and Xiang Zhang, “Network Function Virtualization in the Multi-Tenant Cloud,” in IEEE Network, vol. 29, no. 3, pp. 42-47, May-June 2015. doi:10.1109/MNET.2015.7113224
Abstract: With more and more tenants launching their applications on the cloud, various requirements have been posed regarding the cloud’s performance, security, and management. In the face of tenant demands, the cloud provider deploys different hardware middleboxes, carrying out different network functions, and enhancing the cloud’s capability in serving tenant requirements. While middleboxes are crucial to the cloud, concerns have been raised regarding their costs, manageability, and performance overhead. To tackle these problems, researchers have proposed an alternative to hardware middleboxes: network function virtualization. Software applications are deployed in place of hardware middleboxes, offering equivalent functionalities while greatly improving flexibility, manageability, and cost-efficiency. In this paper we discuss opportunities and challenges that network function virtualization brings to the multi-tenant cloud. We also propose a cloud architecture that exploits virtual network functions. Our contributions can serve as an enlightener for future efforts in this area.
Keywords: cloud computing; computer network security; virtual machines; virtualisation; Software applications; cloud architecture; cloud capability enhancement; cloud management; cloud performance; cloud provider; cloud security; cost-efficiency improvement; flexibility improvement; hardware middleboxes; manageability improvement; multitenant cloud; network function virtualization; performance overhead; tenant requirements; Cloud computing; Computer architecture; Middleboxes; Network architecture; Network topology; Telecommunication network topology; Virtualization (ID#: 16-10475)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7113224&isnumber=7113214

N. G. Tsoutsos and M. Maniatakos, “The HEROIC Framework: Encrypted Computation Without Shared Keys,” in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 34, no. 6, pp. 875-888, June 2015. doi:10.1109/TCAD.2015.2419619
Abstract: Outsourcing computation to the cloud has recently become a very attractive option for enterprises and consumers, due to mostly reduced cost and extensive scalability. At the same time, however, concerns about the privacy of the data entrusted to cloud providers keeps rising. To address these concerns and thwart potential attackers, cloud providers today resort to numerous security controls as well as data encryption. Since the actual computation is still unencrypted inside cloud microprocessor chips, it is only a matter of time until new attacks and side channels are devised to leak sensitive information. To address the challenge of securing general-purpose computation inside microprocessor chips, we propose a novel computer architecture, and present a complete framework for general-purpose encrypted computation without shared keys, enabling secure data processing. This new architecture, called homomophically encrypted one instruction computation, contrary to the previous work in the area does not require a secret key installed inside the microprocessor chip. Instead, it leverages the powerful properties of homomorphic encryption combined with the simplicity of one instruction set computing. The proposed framework introduces: (1) a RTL implementation for reconfigurable hardware and (2) a ready-to-deploy virtual machine, which can be readily ported to existing server processor architectures.
Keywords: computer architecture; cryptography; data privacy; microprocessor chips; outsourcing; HEROIC framework; RTL; cloud microprocessor chips; cloud providers; data encryption; general-purpose computation; general-purpose encrypted computation; homomorphic encryption; homomorphically encrypted one instruction computation architecture; instruction set computing; outsourcing computation; secure data processing; security controls; server processor architectures; side channels; virtual machine; Computers; Encryption; Memory management; Microprocessor chips; Cloud computing; Encrypted processor; Paillier; cloud computing; encrypted processor; one instruction set computer; one instruction set computer (OISC); virtualization (ID#: 16-10476)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7079493&isnumber=7110649

A. Moeini and H. Moeini, “Real-World and Rapid Face Recognition Toward Pose and Expression Variations via Feature Library Matrix,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 5, pp. 969-984, May 2015. doi:10.1109/TIFS.2015.2393553
Abstract: In this paper, a novel method for face recognition under pose and expression variations is proposed from only a single image in the gallery. A 3D probabilistic facial expression recognition generic elastic model is proposed to reconstruct a 3D model from real-world human face using only a single 2D frontal image with/without facial expressions. Then, a feature library matrix (FLM) is generated for each subject in the gallery from all face poses by rotating the 3D reconstructed models and extracting features in the rotated face pose. Therefore, each FLM is subsequently rendered for each subject in the gallery based on triplet angles of face poses. In addition, before matching the FLM, an initial estimate of triplet angles is obtained from the face pose in probe images using an automatic head pose estimation approach. Then, an array of the FLM is selected for each subject based on the estimated triplet angles. Finally, the selected arrays from FLMs are compared with extracted features from the probe image by iterative scoring classification using the support vector machine. Convincing results are acquired to handle pose and expression changes on the Bosphorus, Face Recognition Technology (FERET), Carnegie Mellon University-Pose, Illumination, and Expression (CMU-PIE), and Labeled Faces in the Wild (LFW) face databases compared with several state-of-the-art methods in pose-invariant face recognition. The proposed method not only demonstrates an excellent performance by obtaining high accuracy on all four databases but also outperforms other approaches realistically.
Keywords: face recognition; feature extraction; image classification; image reconstruction; matrix algebra; support vector machines; 3D model reconstruction; 3D probabilistic facial expression recognition generic elastic model; CMU-PIE; FERET; FLM; LFW; expression variations; face databases; face recognition technology; feature extraction; feature library matrix; iterative scoring classification; labeled faces in the wild; pose variations; pose-invariant face recognition; rapid face recognition; real-world human face; rotated face pose; single 2D frontal image; support vector machine; Face; Face recognition; Feature extraction; Hidden Markov models; Image reconstruction; Solid modeling; Three-dimensional displays; 3D face reconstruction; Pose-invariant face recognition;  probabilistic facial expression recognition (ID#: 16-10477)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7012060&isnumber=7073680

A. Czajka, “Pupil Dynamics for Iris Liveness Detection,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 4, pp. 726-735, April 2015. doi:10.1109/TIFS.2015.2398815
Abstract: The primary objective of this paper is to propose a complete methodology for eye liveness detection based on pupil dynamics. This method may serve as a component of presentation attack detection in iris recognition systems, making them more secure. Due to a lack of public databases that would support this paper, we have built our own iris capture device to register pupil size changes under visible light stimuli, and registered 204 observations for 26 subjects (52 different irides), each containing 750 iris images taken every 40 ms. Each measurement registers the spontaneous pupil oscillations and its reaction after a sudden increase of the intensity of visible light. The Kohn and Clynes pupil dynamics model is used to describe these changes; hence we convert each observation into a feature space defined by model parameters. To answer the question whether the eye is alive (that is, if it reacts to light changes as a human eye) or the presentation is suspicious (that is, if it reacts oddly or no reaction is observed), we use linear and nonlinear support vector machines to classify natural reaction and spontaneous oscillations, simultaneously investigating the goodness of fit to reject bad modeling. Our experiments show that this approach can achieve a perfect performance for the data we have collected. All normal reactions are correctly differentiated from spontaneous oscillations. We investigated the shortest observation time required to model the pupil reaction, and found that time periods not exceeding 3 s are adequate to offer a perfect performance.
Keywords: computer crime; feature extraction; image classification; iris recognition; support vector machines; eye liveness detection; feature space; iris capture device; iris images; iris liveness detection; iris recognition systems; model parameters; natural reaction classification; nonlinear support vector machines; presentation attack detection; pupil dynamics; pupil oscillations; pupil size changes; spontaneous oscillations; visible light intensity; visible light stimuli; Cameras; Databases; Iris recognition; Lenses; Motion pictures; Oscillators; Liveness detection; biometrics; Iris recognition; (ID#: 16-10478)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7029052&isnumber=7059276

M. Fairhurst, M. Erbilek, and M. Da Costa-Abreu, “Selective Review and Analysis of Aging Effects in Biometric System Implementation,” in IEEE Transactions on Human-Machine Systems, vol. 45, no. 3, pp. 294-303, June 2015. doi:10.1109/THMS.2014.2376874
Abstract: As biometric systems are deployed in increasingly diverse applications, it becomes correspondingly important to understand the impact which human aging has on system performance. Aging directly affects those physiological and behavioral traits which are characterized in biometric measurements, and a practical biometric system must be designed to account for age-induced changes. However, age can also have very positive implications, for example as a source of further identification information. This paper reviews research to understand how age factors impinge on biometric systems and uses this to synthesize a system infrastructure to unify implementation principles. We present new results to show how multiagent structures can provide an effective framework for this purpose, enhancing performance in both identification and predictive scenarios.
Keywords: biometrics (access control); human factors; multi-agent systems; ge factors; age-induced changes; behavioral traits; biometric measurements; biometric system implementation; identification scenarios; multiagent structures; physiological traits; predictive scenarios; system infrastructure; Aging; Bioinformatics; Face; Iris recognition; Sociology; Statistics; Aging effects; biometrics; fingerprint; handwritten signature; intelligent agent; security; usability (ID#: 16-10479)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6990529&isnumber=7106592

D. Wen, H. Han, and A. K. Jain, “Face Spoof Detection with Image Distortion Analysis,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 4, pp. 746-761, April 2015. doi:10.1109/TIFS.2015.2400395
Abstract: Automatic face recognition is now widely used in applications ranging from deduplication of identity to authentication of mobile payment. This popularity of face recognition has raised concerns about face spoof attacks (also known as biometric sensor presentation attacks), where a photo or video of an authorized person’s face could be used to gain access to facilities or services. While a number of face spoof detection techniques have been proposed, their generalization ability has not been adequately addressed. We propose an efficient and rather robust face spoof detection algorithm based on image distortion analysis (IDA). Four different features (specular reflection, blurriness, chromatic moment, and color diversity) are extracted to form the IDA feature vector. An ensemble classifier, consisting of multiple SVM classifiers trained for different face spoof attacks (e.g., printed photo and replayed video), is used to distinguish between genuine (live) and spoof faces. The proposed approach is extended to multiframe face spoof detection in videos using a voting-based scheme. We also collect a face spoof database, MSU mobile face spoofing database (MSU MFSD), using two mobile devices (Google Nexus 5 and MacBook Air) with three types of spoof attacks (printed photo, replayed video with iPhone 5S, and replayed video with iPad Air). Experimental results on two public-domain face spoof databases (Idiap REPLAY-ATTACK and CASIA FASD), and the MSU MFSD database show that the proposed approach outperforms the state-of-the-art methods in spoof detection. Our results also highlight the difficulty in separating genuine and spoof faces, especially in cross-database and cross-device scenarios.
Keywords: face recognition; mobile computing; pattern classification; support vector machines; ideo signal processing; visual databases; Google Nexus 5; IDA feature vector; MSU MFSD; MSU MFSD database; MSU mobile face spoofing database; MacBook Air; automatic face recognition; cross-database scenarios; cross-device scenarios; ensemble classifier; face spoof attacks; identity deduplication; image distortion analysis; mobile devices; mobile payment authentication; multiframe face spoof detection; multiple SVM classifiers; public-domain face spoof databases; spoof attacks; videos; voting-based scheme; Cameras; Databases; Face; Face recognition; Feature extraction; image color analysis; Testing; cross-database; cross-device; spoof detection (ID#: 16-10480)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7031384&isnumber=7059276

Jia Li, Ling-Yu Duan, Xiaowu Chen, Tiejun Huang, and Yonghong Tian, “Finding the Secret of Image Saliency in the Frequency Domain,” in IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 37, no. 12, pp. 2428-2440, Dec. 1 2015. doi:10.1109/TPAMI.2015.2424870
Abstract: There are two sides to every story of visual saliency modeling in the frequency domain. On the one hand, image saliency can be effectively estimated by applying simple operations to the frequency spectrum. On the other hand, it is still unclear which part of the frequency spectrum contributes the most to popping-out targets and suppressing distractors. Toward this end, this paper tentatively explores the secret of image saliency in the frequency domain. From the results obtained in several qualitative and quantitative experiments, we find that the secret of visual saliency may mainly hide in the phases of intermediate frequencies. To explain this finding, we reinterpret the concept of discrete Fourier transform from the perspective of template-based contrast computation and thus develop several principles for designing the saliency detector in the frequency domain. Following these principles, we propose a novel approach to design the saliency detector under the assistance of prior knowledge obtained through both unsupervised and supervised learning processes. Experimental results on a public image benchmark show that the learned saliency detector outperforms 18 state-of-the-art approaches in predicting human fixations.
Keywords: discrete Fourier transforms; frequency-domain analysis; image processing; object detection; security of data; unsupervised learning; discrete Fourier transform; distractor suppression; frequency domain; frequency spectrum; image saliency; saliency detector; supervised learning process; template-based contrast computation; unsupervised learning process; visual saliency modeling; Artificial intelligence; Computational modeling; Discrete Fourier transforms; Discrete cosine transforms; Fourier transforms; Frequency-domain analysis; Prediction models; Fourier transform; Image saliency; experimental study; fixation prediction; learning-based; spectral analysis (ID#: 16-10481)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7089301&isnumber=7308134

A. W. K. Kong, “A Statistical Analysis of IrisCode and Its Security Implications,” in IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 37, no. 3, pp. 513-528, March 1 2015. doi:10.1109/TPAMI.2014.2343959
Abstract: IrisCode has been used to gather iris data for 430 million people. Because of the huge impact of IrisCode, it is vital that it is completely understood. This paper first studies the relationship between bit probabilities and a mean of iris images (The mean of iris images is defined as the average of independent iris images.) and then uses the Chi-square statistic, the correlation coefficient and a resampling algorithm to detect statistical dependence between bits. The results show that the statistical dependence forms a graph with a sparse and structural adjacency matrix. A comparison of this graph with a graph whose edges are defined by the inner product of the Gabor filters that produce IrisCodes shows that partial statistical dependence is induced by the filters and propagates through the graph. Using this statistical information, the security risk associated with two patented template protection schemes that have been deployed in commercial systems for producing application-specific IrisCodes is analyzed. To retain high identification speed, they use the same key to lock all IrisCodes in a database. The belief has been that if the key is not compromised, the IrisCodes are secure. This study shows that even without the key, application-specific IrisCodes can be unlocked and that the key can be obtained through the statistical dependence detected.
Keywords: Databases; Gabor filters; Iris; Iris recognition; Probability; Security; Vectors; Biometrics; Daugman algorithm; iris recognition; statistical dependence; template protection (ID#: 16-10482)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6867381&isnumber=7029731

W. Kim, S. Suh, and J. J. Han, “Face Liveness Detection from a Single Image via Diffusion Speed Model,” in IEEE Transactions on Image Processing, vol. 24, no. 8, pp. 2456-2465, Aug. 2015. doi:10.1109/TIP.2015.2422574
Abstract: Spoofing using photographs or videos is one of the most common methods of attacking face recognition and verification systems. In this paper, we propose a real-time and nonintrusive method based on the diffusion speed of a single image to address this problem. In particular, inspired by the observation that the difference in surface properties between a live face and a fake one is efficiently revealed in the diffusion speed, we exploit antispoofing features by utilizing the total variation flow scheme. More specifically, we propose defining the local patterns of the diffusion speed, the so-called local speed patterns, as our features, which are input into the linear SVM classifier to determine whether the given face is fake or not. One important advantage of the proposed method is that, in contrast to previous approaches, it accurately identifies diverse malicious attacks regardless of the medium of the image, e.g., paper or screen. Moreover, the proposed method does not require any specific user action. Experimental results on various data sets show that the proposed method is effective for face liveness detection as compared with previous approaches proposed in studies in the literature.
Keywords: face recognition; support vector machines; diffusion speed model; face liveness detection; face verification systems; linear SVM classifier; malicious attacks; Face; Feature extraction; Lighting; Security; Smart phones; TV; Videos; Spoofing; diffusion speed; local speed pattern; total variation flow (ID#: 16-10483)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7084662&isnumber=7086144

I. Chingovska and A. R. dos Anjos, “On the Use of Client Identity Information for Face Antispoofing,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 4, pp. 787-796, April 2015. doi:10.1109/TIFS.2015.2400392
Abstract: With biometrics playing the role of a password which cannot be replaced if stolen, the necessity of establishing counter-measures to biometric spoofing attacks has been recognized. Regardless of the biometric mode, the typical approach of antispoofing systems is to classify the biometric evidence based on features discriminating between real accesses and spoofing attacks. For the first time, to the best of our knowledge, this paper studies the amount of client-specific information within these features and how it affects the performance of antispoofing systems. We make use of this information to build two client-specific antispoofing solutions, one relying on a generative and another one on a discriminative paradigm. The proposed methods, tested on a set of state-of-the-art antispoofing features for the face mode, outperform the client-independent approaches with up to 50% relative improvement and exhibit better generalization capabilities on unseen types of spoofing attacks.
Keywords: authorisation; face recognition; antispoofing system; biometric spoofing attack; client identity information; face antispoofing; Biological system modeling; Computational modeling; Face; Feature extraction; Special issues and sections; Support vector machines; Training; Biometric Verification; Counter-Measures; Counter-Spoofing; Liveness Detection; Replay; Spoofing Attack; Spoofing attack; biometric verification; counter-measures; counter-spoofing; liveness detection; replay (ID#: 16-10484)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7031941&isnumber=7059276

S. Tirunagari, N. Poh, D. Windridge, A. Iorliam, N. Suki, and A. T. S. Ho, “Detection of Face Spoofing Using Visual Dynamics,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 4, pp. 762-777, April 2015. doi:10.1109/TIFS.2015.2406533
Abstract: Rendering a face recognition system robust is vital in order to safeguard it against spoof attacks carried out using printed pictures of a victim (also known as print attack) or a replayed video of the person (replay attack). A key property in distinguishing a live, valid access from printed media or replayed videos is by exploiting the information dynamics of the video content, such as blinking eyes, moving lips, and facial dynamics. We advance the state of the art in facial antispoofing by applying a recently developed algorithm called dynamic mode decomposition (DMD) as a general purpose, entirely data-driven approach to capture the above liveness cues. We propose a classification pipeline consisting of DMD, local binary patterns (LBPs), and support vector machines (SVMs) with a histogram intersection kernel. A unique property of DMD is its ability to conveniently represent the temporal information of the entire video as a single image with the same dimensions as those images contained in the video. The pipeline of DMD + LBP + SVM proves to be efficient, convenient to use, and effective. In fact only the spatial configuration for LBP needs to be tuned. The effectiveness of the methodology was demonstrated using three publicly available databases: (1) print-attack; (2) replay-attack; and (3) CASIA-FASD, attaining comparable results with the state of the art, following the respective published experimental protocols.
Keywords: face recognition; image classification; support vector machines; video signal processing; CASIA-FASD database; DMD; LBP; SVM; classification pipeline; data-driven approach; dynamic mode decomposition; eye blinking; face recognition system; face spoofing detection; facial antispoofing; facial dynamics; histogram intersection kernel; image dimensions; information dynamics; lip motion; liveness cue capture; local binary patterns; print attack; printed media; printed pictures; publicly available database; rendering; replay attack; replayed video; spatial configuration; spoof attacks; support vector machines; temporal information; video content; visual dynamics; Biometrics (access control); Databases; Face; Face recognition; Feature extraction; Optical imaging; Principal component analysis; CASIA-FASD; print-attack; replay-attack; spoofing (ID#: 16-10485)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7047832&isnumber=7059276

R. Raghavendra and C. Busch, “Robust Scheme for Iris Presentation Attack Detection Using Multiscale Binarized Statistical Image Features,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 4, pp. 703-715, April 2015. doi:10.1109/TIFS.2015.2400393
Abstract: Vulnerability of iris recognition systems remains a challenge due to diverse presentation attacks that fail to assure the reliability when adopting these systems in real-life scenarios. In this paper, we present an in-depth analysis of presentation attacks on iris recognition systems especially focusing on the photo print attacks and the electronic display (or screen) attack. To this extent, we introduce a new relatively large scale visible spectrum iris artefact database comprised of 3300 iris normal and artefact samples that are captured by simulating five different attacks on iris recognition system. We also propose a novel presentation attack detection (PAD) scheme based on multiscale binarized statistical image features and linear support vector machines. Extensive experiments are carried out on four different publicly available iris artefact databases that have revealed the outstanding performance of the proposed PAD scheme when benchmarked with various well-established state-of-the-art schemes.
Keywords: iris recognition; security of data; support vector machines; visual databases; PAD scheme; diverse presentation attacks; electronic display attack; iris artefact databases; iris presentation attack detection; iris recognition systems; linear support vector machines; multiscale binarized statistical image features; photo print attacks; presentation attack detection scheme; robust scheme; visible spectrum iris artefact database; Databases; Feature extraction; Hardware; Image segmentation; Iris recognition; Support vector machines; Tablet computers; Anti-spoofing; Biometrics; Iris Recognition; Presentation Attacks; anti-spoofing; presentation attacks (ID#: 16-10486)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7031897&isnumber=7059276
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

White Box Cryptography

	White Box Cryptography

Open devices, such as PCs, tablets, and smartphones, are extremely vulnerable to attacks since the attacker has complete control over the execution platform and the software implementation itself in the form of a white-box attack. The goal of white-box cryptography is to create a successful cryptographic algorithm so that assets remain secure even while under white-box attacks. For the Science of Security community, the subject is relevant to composability, resilience, and metrics. The work cited here has been presented over a period of years.

W. Michiels, “Opportunities in White-Box Cryptography,” in IEEE Security & Privacy, vol. 8, no. 1, pp. 64-67, Jan.-Feb. 2010. doi:10.1109/MSP.2010.44 Abstract: White-box cryptography is the discipline of implementing a cryptographic algorithm in software such that an adversary will have difficulty extracting the cryptographic key. This approach assumes that the adversary has full access to and full control over the implementation’s execution. White-box implementations can provide good protection when combined with other security measures.
Keywords: cryptography; advanced encryption standard; cryptographic algorithm; data encryption standard; white-box cryptography; Cryptography; Protection; Security; Software algorithms; black-box cryptography; crypto corner; gray-box cryptography; security & privacy (ID#: 16-10845)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5403155&isnumber=5403138

Jong-Yeon Park, Ji-Sun Choi, and Okyeon Yi, “Methods for Practical Whitebox Cryptography,” Information and Communication Technology Convergence (ICTC), 2010 International Conference on, Jeju, 2010, pp. 474-479. doi:10.1109/ICTC.2010.5674789
Abstract: White box cryptography is the new technique against attacks on white box attack environments. In white box attack model, the attacker is even stronger than in black box attack model, and the attacker can monitor all intermediate values. Therefore, safety algorithms are needed against all operation steps being exposure. Chow introduced secure white box cryptography with AES DES implementations against white box attack model. However, slower performance by operating too many look up tables is a problem of practical use of white box cryptography. Also key updating on dynamic situations of white box cryptography is much harder than key updating of black box cryptography. Thus, this paper suggests using a specific mode of operation to improve speed of white box implementations, and show concrete examples of enhancement of performance. Also, it suggests a technique of key updating with dynamic and static tables in practically.
Keywords: cryptography; AES DES implementations; black box attack model; dynamic key updates; look up tables; white box attack model; white box cryptography; Decoding; Encoding; Encryption; Generators; Servers; AES; DES; MEDUSA; PCBC mode (ID#: 16-10846)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5674789&isnumber=5674255

Z. Cherif, F. Flament, J. L. Danger, S. Bhasin, S. Guilley, and H. Chabanne, “Evaluation of White-Box and Grey-Box Noekeon Implementations in FPGA,” Reconfigurable Computing and FPGAs (ReConFig), 2010 International Conference on, Quintana Roo, 2010, pp. 310-315. doi:10.1109/ReConFig.2010.36
Abstract: White-box implementations of cryptographic algorithms aim to denying the key readout even if the source code embedding the key is disclosed. They are based on sets of large tables perfectly known by the user but including unknown encoding functions. While former white-box implementations have been proposed in software, hardware white-box implementations are also possible. Their main drawback is the complexity of their architectures, which often requires large tables. In this paper we show that it is possible to implement white-box cryptography in an FPGA by taking advantages of LUTs. We also propose a grey-box approach, where intermediate random variables are unknown to the attacker. We show that such approach allows to reduce the complexity by using fewer tables. The resistance against side channel attacks has been evaluated for different implementations. Our results show the interest of the proposed methods for a better compromise complexity/security.
Keywords: cryptography; field programmable gate arrays; random number generation; source coding; FPGA; LUTs; cryptographic algorithm; encoding function; grey-box Noekeon implementation; intermediate random variable; source code; white-box Noekeon implementation; white-box cryptography; FPGA implementations; MIM; Mutual Information Metric; Noekeon; SCA; Side Channel Analysis; TRNG; grey-box cryptography; random number generator (ID#: 16-10847)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5695324&isnumber=5695271

J. Bringer, H. Chabanne, and J. L. Danger, “Protecting the NOEKEON Cipher Against SCARE Attacks in FPGAs by Using Dynamic Implementations,” Reconfigurable Computing and FPGAs, 2009. ReConFig ’09. International Conference on, Quintana Roo, 2009, pp. 183-188. doi:10.1109/ReConFig.2009.19
Abstract: Protecting an implementation against side channel analysis for reverse engineering (SCARE) attacks is a great challenge and we address this challenge by presenting a first proof of concept. White-box cryptography has been developed to protect programs against an adversary who has full access to their software implementation. It has also been suggested as a countermeasure against side channel attacks and we examine here these techniques in the wider perspective of SCARE. We consider that the adversary has only access to the cryptographic device through its side channels and his goal is to recover the specifications of the algorithm. In this work, we focus on FPGA (field-programmable gate array) technologies and examine how to thwart SCARE attacks by implementing a block cipher following white-box techniques. The proposed principle is based on changing dynamically the implementations. It is illustrated by an example on the Noekeon cipher and feasibility in different FPGAs is studied.
Keywords: cryptography; field programmable gate arrays; FPGA; NOEKEON cipher; SCARE attacks; block cipher; dynamic implementations; field-programmable gate array; side channel analysis-for-reverse engineering attacks; software implementation; white-box cryptography; Cryptography; Field programmable gate arrays; GSM; Hardware; Protection; Resists; Reverse engineering; Software algorithms; Table lookup (ID#: 16-10848)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5382049&isnumber=5381991

R. Luo, X. Lai, and R. You, “A New Attempt of White-Box AES Implementation,” Security, Pattern Analysis, and Cybernetics (SPAC), 2014 International Conference on, Wuhan, 2014, pp. 423-429. doi:10.1109/SPAC.2014.6982727
Abstract: In this paper, we propose an improved table-based white-box implementation of AES which is able to resist different types of attack, including the BGE attack and De Mulder et al.’s cryptanalysis, to protect information under “white-box attack context”. The notion of white-box attack context, introduced by Chow et al., describes a general setting in which cryptographic algorithms are executed in untrusted environments. In this setting, adversaries have attained complete access to the implementations of cryptographic algorithms as well as the dynamic execution environments. The key strategy applied to our design is to compose different operations of the AES round function and convert the composition into encoded lookup tables. The new scheme exploits larger key-dependent tables, each of which contains two bytes of the round keys. We then analyze the security against different types of attack and measure two security metrics: the “white-box diversity” and “ambiguity”. The new scheme can withstand the BGE attack due to the utilization of larger mixing bijections and tabulated “ShiftRows” it can also resist the cryptanalysis of De Mulder et al. since the bindings between “nTMC” and “TSR” are irreducible and the non-linear encodings are introduced to all tables.
Keywords: cryptography; table lookup; AES round function; BGE attack; De Mulder cryptanalysis; ShiftRows; TSR; cryptographic algorithms; dynamic execution environments; encoded lookup tables; key-dependent tables; nTMC; nonlinear encodings; table-based white-box implementation; white-box AES implementation; white-box ambiguity; white-box attack context; white-box diversity; Context; Encoding; Encryption; Resists; Vectors; AES; software privacy; white-box cryptography; white-box implementation (ID#: 16-10849)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6982727&isnumber=6982642

S. Gueron, “White Box AES Using Intel’s New AES Instructions,” Information Technology: New Generations (ITNG), 2013 Tenth International Conference on, Las Vegas, NV, 2013, pp. 417-421. doi:10.1109/ITNG.2013.64
Abstract: White box cryptography deals with content protection scenarios where software decrypts some contents, using a secret key (embedded in the code in some obfuscated way), while the adversary has access to the code and its execution. Obviously, performance is slowed down by the obfuscation overheads. This paper demonstrates a method for using Intel’s New AES Instructions to write decryption code without directly using the cipher key or any of the round keys in a register (or in memory). Such implementation can enjoy some of the performance benefits that the AES instructions offer. We show an example where it is more than 2.5 times faster than a lookup table based alternative.
Keywords: cryptography; instruction sets; Intel New AES Instructions; cipher key; code access; content decryption; content protection; decryption code writing; lookup table; memory; obfuscation overhead; register; round keys; secret key; white box AES; white box cryptography; Ciphers; Encryption; Schedules; Software; Standards; AES;  (ID#: 16-10850)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6614343&isnumber=6614271

J. Y. Park, J. N. Kim, J. D. Lim, and D. G. Han, “A Whitebox Cryptography Application for Mobile Device Security Against Whitebox Attacks — How to Apply WBC on Mobile Device,” IT Convergence and Security (ICITCS), 2014 International Conference on, Beijing, 2014, pp. 1-5. doi:10.1109/ICITCS.2014.7021725
Abstract: Since white box cryptography was proposed, many meaningful research has been studying on many fields. In fact, many companies provide services with WBC (White Box Cryptography) solutions. However, most of them are used in only services related to DRM, there is no basic approach that is attached to system or platform itself. This paper explains WBC research trends and some important problems, shows how to efficiently use WBC with mobile environment.
Keywords: cryptography; mobile computing; DRM; WBC; mobile device security; whitebox cryptography application; Cryptography; Encoding; Hardware; Mobile communication; Mobile handsets; Software (ID#: 16-10851)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7021725&isnumber=7021698

A. Dima, J. Wack, and S. Wakid, “Raising the Bar on Software Security Testing,” in IT Professional, vol. 1, no. 3, pp. 27-32, May/Jun 1999. doi:10.1109/6294.774950
Abstract: Industry and government are promoting open security testing. The authors consider how one free tool can help find malicious code in Java apps. They discuss white-box testing, cryptography and firewall testing.
Keywords: Java; program testing; security of data; software tools; cryptography; firewall testing; government; industry; malicious code; open security testing; software security testing; software tool; white-box testing; Automatic testing; Costs; Decision making; ISO standards; Information security; NIST; National security; Protection; Software testing; System testing (ID#: 16-10852)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=774950&isnumber=16824

Y. X. Gu, B. Wyseur, B. Preneel, J.-D. Aussel, and R. Sailer, “Point/Counterpoint,” in IEEE Software, vol. 28, no. 2, pp. 56-59, March-April 2011. doi:10.1109/MS.2011.39
Abstract: The article is discussing new challenges faced by modern security systems because the traditional perimeter defenses against man-in-the-middle attacks are inadequate in protection against the man-at-the-end white-box attacks favored by many attackers.
Keywords: industrial property; security of data; man at the end white box attack; man in the middle attack; perimeter defence; security system; software based protection; Cryptography; Hardware; Operating systems; Protocols; Software protection; co-design; hardware; point/counterpoint; security; software (ID#: 16-10853)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5720711&isnumber=5720699

T. Nakasone, Y. Li, K. Ohta, and K. Sakiyama, “Exploration of the CC-EMA Attack Towards Efficient Evaluation of EM Information Leakage,” Electromagnetic Compatibility (EMC EUROPE), 2013 International Symposium on, Brugge, 2013, pp. 411-414. doi: (not provided)
Abstract: This paper discusses the efficiency of the CC-EMA (Clockwise Collision based ElectroMagnetic Analysis) attack on hardware implementation of 128-bit AES (Advanced Encryption Standard) block cipher. The analysis efficiency of CC-EMA was first discussed on a white-box setting, i.e., using a known-key AES (Advanced Encryption Standard) hardware [10]. Then, more realistic attack scenario was applied for CC-EMA, where the secret key of AES hardware was unknown, i.e., black-box analysis, and the attack efficiency in the key recovery was briefly discussed in [11]. In this paper, we revisit the previous work for CC-EMA and explore the attack efficiency of CC-EMA furthermore in order to evaluate the information leakage from proximal EM measurements of IC (Integrated Circuit) devices. In order to evaluate the attack efficiency under various attack environments, we construct a simulation environment, where the intensity of EM radiation is parameterised assuming that it follows a normal distribution. As a result, we show that CC-EMA attack delivers equal or superior performance in the key recovery compared to the CEMA (Correlation EMA) attack and the key can be recovered by CC-EMA with less than 1100 EM measurements, in such case that the EM intensity for CC could be measured distinctly.
Keywords: cryptography; integrated circuits; normal distribution; 128-bit AES block cipher; CC-EMA attack; EM radiation intensity; IC devices; advanced encryption standard; attack efficiency; black-box analysis; clockwise collision based electromagnetic analysis attack; information leakage evaluation; integrated circuit devices; normal distribution; proximal EM measurements; Clocks; Cryptography; Electromagnetic compatibility; Hardware; High definition video; Integrated circuit modeling; Registers (ID#: 16-10854)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6653338&isnumber=6653179

Y. Xiao and X. Lai, “A Secure Implementation of White-Box AES,” Computer Science and its Applications, 2009. CSA ’09. 2nd International Conference on, Jeju, Korea (South), 2009, pp. 410-415. doi:10.1109/CSA.2009.5404239
Abstract: ShiftRows has no effect on Chow’s scheme, the obfuscations of the key can be divided into smaller ones and removed with the help of specific characters of the MixColumns operation in AES. In this paper, we present a secure implementation of White-Box AES, the main difference lies in ShiftRows operation. It is now embedded in matrices product, the output encodings has the same size as the output of MixColumns operation (32bits). Thus the obfuscation of the key cannot be divided into smaller ones or removed by using Billet's attack technique. Thus, our scheme can resist Billet’s attack. It is more secure than Chow's.
Keywords: Billets; Cryptography; Encoding; Information analysis; Manipulator dynamics; Protection; Resists; Security; Software algorithms; Table lookup (ID#: 16-10855)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5404239&isnumber=5404169

J. Bringer, H. Chabanne, and K. Simoens, “Blackbox Security of Biometrics (Invited Paper),” Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), 2010 Sixth International Conference on, Darmstadt, 2010, pp. 337-340. doi:10.1109/IIHMSP.2010.89
Abstract: We analyze the security of biometric template protection methods that involve trusted hardware. The methods are defined in the black box security model, i.e., we consider components that perform operations on the biometric data they contain and only the input-output behaviour of these components is analyzed. The functionality that is implemented by these black boxes is assumed to be known, but as opposed to the white-box model no intermediate values can be observed. We illustrate our approach and demonstrate that additional countermeasures may be needed to protect the stored biometric data.
Keywords: biometrics (access control); security of data; biometric data protection; biometric template protection methods; black box security model; white-box model; Authentication; Bioinformatics; Biological system modeling; Biometrics; Cryptography; Databases; Biometric template protection; Blackbox security model; Trusted hardware (ID#: 16-10856)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5635764&isnumber=5635543

J. J. A. Fournier and P. Loubet-Moundi, “Memory Address Scrambling Revealed Using Fault Attacks,” Fault Diagnosis and Tolerance in Cryptography (FDTC), 2010 Workshop on, Santa Barbara, CA, 2010, pp. 30-36. doi:10.1109/FDTC.2010.13
Abstract: Today’s trend in the smart card industry is to move from ROM+EEPROM chips to Flash-only products. Recent publications have illustrated the vulnerability of Floating Gate memories to UV and heat radiation. In this paper, we explain how, by using low cost means, such a vulnerability can be used to modify specific data within an EEPROM memory even in the presence of a given type of counter-measure. Using simple means, we devise a fault injection tool that consistently causes predictable modifications of the targeted memories’ contents by flipping ‘1’s to ‘0’s. By mastering the location of those modifications, we illustrate how we can reverse-engineer a simple address scrambling mechanism in a white box analysis of a given EEPROM. Such an approach can be used to test the security of Floating Gate memories used in security devices like smart cards. We also explain how to prevent such attacks and we propose some counter-measures that can be either implemented on the hardware level by chip designers or on the software level in the Operating System interacting with those memories.
Keywords: fault simulation; flash memories; logic testing; security of data; smart cards; EEPROM memory; ROM+EEPROM chips; UV radiation; chip designers; fault attacks; fault injection tool; flash-only products; floating gate memories; hardware level; heat radiation; memory address scrambling; operating system; security devices; smart card industry; software level; white box analysis; Arrays; Circuit faults; EPROM; Nonvolatile memory; Passivation; Security; Smart cards; EEPROM; Fault Injections; Flash; Floating Gate memories; address scrambling; reverse-engineering (ID#: 16-10857)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5577365&isnumber=5575595

N. D. Goots, N. A. Moklovyan, P. A. Moldovyanu, and D. H. Summerville, “Fast DDP-Based Ciphers: From Hardware to Software,” Circuits and Systems, 2003 IEEE 46th Midwest Symposium on, 2003, vol., 2, pp. 770-773. doi:10.1109/MWSCAS.2003.1562400
Abstract: Data-dependent (DD) permutations (DDP) that are very suitable to cheap hardware implementation have been introduced as a cryptographic primitive for the design of fast firmware and software encryption systems. DDP can be performed with so called controlled permutation boxes (CPB) which are fast white implemented in cheap hardware. The latter defines the efficiency of the embedding of CPB in microcontrollers and microprocessors when adding a new fast instruction that allows one to perform DDP. Software and firmware encryption algorithms combining DDP with fast arithmetic operations are described.
Keywords: cryptography; digital arithmetic; firmware; microcontrollers; controlled permutation boxes; data-dependent permutations; fast DDP-based ciphers; fast arithmetic operations; fast instruction; firmware encryption system; hardware implementation; microcontrollers; microprocessors; software encryption systems; Arithmetic; Cryptography; Hardware; Microcontrollers; Microprocessors; Microprogramming; Security; Software algorithms; Software systems; Topology (ID#: 16-10858)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1562400&isnumber=33167

J. Zhou, Z. Cao, X. Dong, and X. Lin, “TR-MABE: White-Box Traceable and Revocable Multi-Authority Attribute-Based Encryption and Its Applications to Multi-Level Privacy-Preserving E-Healthcare Cloud Computing Systems,” Computer Communications (INFOCOM), 2015 IEEE Conference on, Kowloon, 2015, pp. 2398-2406. doi:10.1109/INFOCOM.2015.7218628
Abstract: Cloud-assisted e-healthcare systems significantly facilitate the patients to outsource their personal health information (PHI) for medical treatment of high quality and efficiency. Unfortunately, a series of unaddressed security and privacy issues dramatically impede its practicability and popularity. In e-healthcare systems, it is expected that only the primary physicians responsible for the patients treatment can not only access the PHI content but verify the real identity of the patient. Secondary physicians participating in medical consultation and/or research tasks, however, are only permitted to view or use the content of the protected PHI, while unauthorized entities cannot obtain anything. Existing work mainly focuses on patients conditional identity privacy by exploiting group signatures, which are very computationally costly. In this paper, we propose a white-box traceable and revocable multi-authority attribute-based encryption named TR-MABE to efficiently achieve multilevel privacy preservation without introducing additional special signatures. It can efficiently prevent secondary physicians from knowing the patients identity. Also, it can efficiently track the physicians who leak secret keys used to protect patients identity and PHI. Finally, formal security proof and extensive simulations demonstrate the effectiveness and practicability of our proposed TR-MABE in e-healthcare cloud computing systems.
Keywords: cloud computing; cryptography; data privacy; digital signatures; health care; medical information systems; PHI; TR-MABE encryption; cloud-assisted e-healthcare systems; e-healthcare cloud computing systems; electronic health care; formal security proof; group signatures; medical consultation; medical research; medical treatment; multilevel privacy-preserving e-healthcare; patient identity; patient treatment; patients conditional identity privacy; personal health information; privacy issue; security issue; white-box traceable revocable multiauthority attribute-based encryption; Access control; Cloud computing; Encryption; Medical services; Privacy; Cloud computing system; attribute-based encryption; multi-authority; traceability and revocability (ID#: 16-10859)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218628&isnumber=7218353

Y. Shi and J. Lin, “A Security Framework for Agent-Based Non-Fixed Services Composition,” Information Technology and Applications (IFITA’ 10), 2010 International Forum on, Kunming, 2010, vol. 3, pp. 10-14. doi:10.1109/IFITA.2010.160
Abstract: Mobile agents play a key role in many researches on non-fixed services composition, but threats from potentially malicious hosts become a great obstacle of services composition based on mobile agent technology because an agent on a malicious host is in a white-box attack context. A security framework based on bilinear pairings on elliptic curves using a special digital signature technique and a multi-recipient encryption scheme is proposed. The framework provides following security features: First, verifiability, strong unforgeability and strong identifiability of digital signatures of composition member. Second, prevention of misuse of digital signatures of composition controller. Third, confidentiality of parameters and result of services composition with high efficiency. All these security features relies on the difficulty of solving discrete logarithm problems and gap Diffie-Hellman problems, which are computational infeasible to solve at present.
Keywords: digital signatures; mobile agents; problem solving; public key cryptography; agent based nonfixed services composition security framework; bilinear pairing; digital signature technique; discrete logarithm problem solving; elliptic curve; mobile agent technology; multirecipient encryption scheme; white box attack context; Computer architecture; Context; Encryption; Mobile agents; Web services; composition; mobile agent; security; services (ID#: 16-10860)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5634732&isnumber=5634634

Z. Liu, Z. Cao, and D. S. Wong, “White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures,” in IEEE Transactions on Information Forensics and Security, vol. 8, no. 1, pp. 76-88, Jan. 2013. doi:10.1109/TIFS.2012.2223683
Abstract: In a ciphertext-policy attribute-based encryption (CP-ABE) system, decryption keys are defined over attributes shared by multiple users. Given a decryption key, it may not be always possible to trace to the original key owner. As a decryption privilege could be possessed by multiple users who own the same set of attributes, malicious users might be tempted to leak their decryption privileges to some third parties, for financial gain as an example, without the risk of being caught. This problem severely limits the applications of CP-ABE. Several traceable CP-ABE (T-CP-ABE) systems have been proposed to address this problem, but the expressiveness of policies in those systems is limited where only and gate with wildcard is currently supported. In this paper we propose a new T-CP-ABE system that supports policies expressed in any monotone access structures. Also, the proposed system is as efficient and secure as one of the best (non-traceable) CP-ABE systems currently available, that is, this work adds traceability to an existing expressive, efficient, and secure CP-ABE scheme without weakening its security or setting any particular trade-off on its performance.
Keywords: cryptography; decryption key; decryption privilege; monotone access structure; traceable ciphertext-policy attribute-based encryption system; white-box traceable ciphertext-policy; Access control; Buildings; Encryption; Logic gates; Receivers; Attribute-based encryption; ciphertext-policy; traceability (ID#: 16-10861)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6327660&isnumber=6392970

G. Khachatryan, M. Hovsepyan, and A. Jivanyan, “Efficient Secure Pattern Search Algorithm,” Computer Science and Information Technologies (CSIT), 2015, Yerevan, 2015, pp. 90-94. doi:10.1109/CSITechnol.2015.7358257
Abstract: In this paper we describe an efficient protocol for oblivious evaluation of a binary alphabet Deterministic Finite Automata (DFA) between the DFA owner (client) and the input text owner (server). The protocol requires only a single round of client-server communication. The number of server-side computations is linear to the text length and does not depend on the size of the DFA, and the number of client-side computations is linear to the multiplication of the number of the DFA states and text length, and it does not depend on the internal structure of the DFA. Our protocol uses white-box based 1-out-of-2 oblivious transfer protocol as a construction block. As a result, we have no public-key operations in our algorithm. Also, we have developed a test program which implements the protocol and this paper includes the results of benchmarks done for different input data. These results demonstrate the efficiency of the construction and confirm the low computational overhead of server side operations.
Keywords: client-server systems; finite automata; public key cryptography; search problems; text analysis; transport protocols; DFA owner; DFA states; binary alphabet deterministic finite automata; client-server communication; client-side computations; computational overhead; construction block; public-key operations; secure pattern search algorithm; server side operations; server-side computations; text owner; white-box based 1-out-of-2 oblivious transfer protocol; Algorithm design and analysis; Benchmark testing; Electronic mail; Encryption; Protocols; Servers; Cryptography; oblivious transfer; secure function evaluation; white-box (ID#: 16-10862)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7358257&isnumber=7358212

J. Ning, X. Dong, Z. Cao, L. Wei, and X. Lin, “White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 6, pp. 1274-1288, June 2015. doi:10.1109/TIFS.2015.2405905
Abstract: Ciphertext-policy attribute-based encryption (CP-ABE) enables fine-grained access control to the encrypted data for commercial applications. There has been significant progress in CP-ABE over the recent years because of two properties called traceability and large universe, greatly enriching the commercial applications of CP-ABE. Traceability is the ability of ABE to trace the malicious users or traitors who intentionally leak the partial or modified decryption keys for profits. Nevertheless, due to the nature of CP-ABE, it is difficult to identify the original key owner from an exposed key since the decryption privilege is shared by multiple users who have the same attributes. On the other hand, the property of large universe in ABE enlarges the practical applications by supporting flexible number of attributes. Several systems have been proposed to obtain either of the above properties. However, none of them achieve the two properties simultaneously in practice, which limits the commercial applications of CP-ABE to a certain extent. In this paper, we propose two practical large universe CP-ABE systems supporting white-box traceability. Compared with existing systems, both the two proposed systems have two advantages: (1) the number of attributes is not polynomially bounded and (2) malicious users who leak their decryption keys could be traced. Moreover, another remarkable advantage of the second proposed system is that the storage overhead for traitor tracing is constant, which are suitable for commercial applications.
Keywords: authorisation; cryptography; invasive software; ciphertext policy attribute-based encryption; commercial applications; decryption privilege; fine grained access control; flexible attributes; malicious user tracing; modified decryption key; traitor tracing; universe CP-ABE systems; white box traceability; Educational institutions; Encryption; Games; Polynomials; TV; Attribute-Based Encryption; Attribute-based encryption; Ciphertext-Policy; White-box Traceability; ciphertext-policy; large universe; white-box traceability (ID#: 16-10863)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7046417&isnumber=7084215

J. Cui and Q. Wen, “Analysis on Operating Mechanism of SecurityKISS,” Computational Intelligence and Security (CIS), 2012 Eighth International Conference on, Guangzhou, 2012, pp. 666-669. doi:10.1109/CIS.2012.153
Abstract: Security KISS is a popular virtual private network tool used to protect privacy, ensure anonymity and bypass Internet restrictions. In this paper, we use Black-box analysis method and White-box analysis method to analyze the communication behavior and the encryption algorithm of the software. We get the workflow and the internal structures of the software in detail. In addition, we analyze the security of the software, and point out the defects existed. Finally, experimental results verify the accuracy and reliability of our analysis. This shows that the method we proposed to analyze network software is very efficient.
Keywords: computer network security; cryptography; data privacy; virtual private networks; SecurityKISS; black-box analysis; encryption algorithm; privacy protection; software security; virtual private network tool; white-box analysis; Computers; Encryption; IP networks; Servers; Software; Virtual private networks; Security KISS; encryption communication; reverse analysis (ID#: 16-10864)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6405923&isnumber=6405841

P. T. Devanbu and S. G. Stubblebine, “Cryptographic Verification of Test Coverage Claims,” in IEEE Transactions on Software Engineering, vol. 26, no. 2, pp. 178-192, Feb 2000. doi:10.1109/32.841116
Abstract: The market for software components is growing, driven on the “demand side” by the need for rapid deployment of highly functional products and, on the “supply side”, by distributed object standards. As components and component vendors proliferate, there is naturally a growing concern about quality and the effectiveness of testing processes. White-box testing, particularly the use of coverage criteria, Is a widely used method for measuring the “thoroughness” of testing efforts. High levels of test coverage are used as indicators of good quality control procedures. Software vendors who can demonstrate high levels of test coverage have a credible claim to high quality. However, verifying such claims involves knowledge of the source code, test cases, build procedures, etc. In applications where reliability and quality are critical, it would be desirable to verify test coverage claims without forcing vendors to give up valuable technical secrets. In this paper, we explore cryptographic techniques that can be used to verify such claims. Our techniques have certain limitations, which we discuss in this paper. However, vendors who have done the hard work of developing high levels of test coverage can use these techniques (for a modest additional cost) to provide credible evidence of high coverage, while simultaneously reducing disclosure of intellectual property.
Keywords: cryptography; formal verification; industrial property; program testing; quality control; safety-critical software; software quality; cryptographic verification; distributed object standards; intellectual property; quality control procedures; reliability; software components; software vendors; test coverage claims; white-box testing; Application software; Costs; Cryptography; Intellectual property; Particle measurements; Quality control; Software quality; Software safety; Software standards; Software testing (ID#: 16-10865)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=841116&isnumber=18187

G. Khachatrian and M. Kyureghyan, “A New Public Key Encryption System Based on Permutation Polynomials,” Cloud Engineering (IC2E), 2014 IEEE International Conference on, Boston, MA, 2014, pp. 540-543. doi:10.1109/IC2E.2014.52
Abstract: In this paper a new public key encryption and digital signature system based on permutation polynomials is developed. The permutation polynomial P(x) is replaced by P(xi) mod g(x) where g(x) is a secret primitive polynomial, i is the secret number such that (i, 2n-1) =1 and P(xi) = Pi(x) is declared to be a public polynomial for encryption. A public key encryption of given m(x) is the evaluation of polynomial Pi(x) at point m(x) where the result of evaluation is calculated via so called White box reduction, which does not reveal the underlying secret polynomial g(x). It is shown that for the new system to achieve a comparable security with conventional public key systems based on either Discrete logarithm or Integer factorization problems, substantially less processing length n is required resulting in a significant acceleration of public key operations.
Keywords: computational complexity; number theory; public key cryptography; White box reduction; digital signature system; discrete logarithm; integer factorization problems; permutation polynomials; public key encryption system; public key operations; public key systems; public polynomial; secret number; secret primitive polynomial; Digital signatures; Encryption; Polynomials; Public key; digital signature; permutation polynomials; public-key encryption; white box reduction (ID#: 16-10866)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6903525&isnumber=6903436

H. E. Link and W. D. Neumann, “Clarifying Obfuscation: Improving the Security of White-Box DES,” Information Technology: Coding and Computing (ITCC 2005) International Conference on, 2005, vol. 1., pp. 679-684.  doi:10.1109/ITCC.2005.100
Abstract: To ensure the security of software executing on malicious hosts, as in digital rights management (DRM) applications, it is desirable to encrypt or decrypt content using white-box-encoded cryptographic algorithms in the manner of Chow et al. (2002). Such encoded algorithms must run on an adversary’s machine without revealing the private key information used, despite the adversary’s ability to observe and manipulate the running algorithm. We have implemented obfuscated (white-box) DES and triple-DES algorithms along the lines of Chow et al., with alterations that improve the security of the key. Our system is secure against two previously published attacks on Chow et al.’s system, and our own adaptation of a statistical bucketing attack on their system.
Keywords: cryptography; industrial property; decryption; encryption; obfuscation; software security; statistical bucketing attack; triple-DES algorithms; white-box DES; white-box-encoded cryptographic algorithms; Application software; Content management; Cryptography; Encoding; Information security; Jacobian matrices; Laboratories; National security; Performance analysis; Protection (ID#: 16-10867)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1428542&isnumber=30835

A. Ahmad, M. Farooq, and M. Amin, “SBoxScope: A Meta S-Box Strength Evaluation Framework for Heterogeneous Confusion Boxes,” 2016 49th Hawaii International Conference on System Sciences (HICSS), Koloa, HI, USA, 2016,
pp. 5545-5553. doi:10.1109/HICSS.2016.685
Abstract: In cipher algorithms -- both block or streaming -- the most important non-linear component is a confusion box (commonly termed as s Substitution box or an S-box). The designers of cipher algorithms create an S-box on the basis of a unique formal model, as a result, its parameters -- including its size -- are different. Consequently, it becomes a daunting task for a cryptanalyst to conduct a comparative study to analyze, in a scientific yet unbiased manner, the cryptographic strength of these heterogeneous S-boxes. The major contribution of this paper is SBoxScope -- a meta S-Box strength evaluation framework -- that enables designers and analysts to evaluate cryptographic strength of heterogeneous S-boxes. The framework consists of two layers: (1) White Box Layer analyzes the contents of an S-box and calculates 8 relevant parameters (5 core and 3 auxiliary) and then normalizes them to draw conclusions about the strength of an S-box, (2) Black Box Layer assumes that no knowledge is available about the contents of an S-box, rather, it gives a predefined input bit stream to each S-box and then applies NIST tests to measure 10 parameters. Finally, the two layer are augmented that empowers an analyst to make a decision about the strength of an S-box after analyzing 18 different parameters. In this paper, we have evaluated 9 S-boxes of five well known cipher algorithms: AES, MARS, Skipjack, Serpent and Twofish.
Keywords: Algorithm design and analysis; Ciphers; Computer architecture; Correlation; Mars; NIST; Cipher Algorithms; Cryptographic Strength; Cryptography (ID#: 16-10868)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7427873&isnumber=7427173

I. Azhar, N. Ahmed, A. G. Abbasi, A. Kiani, and A. Shibli, “Keeping Secret Keys Secret in Open Systems,” Open Source Systems and Technologies (ICOSST), 2014 International Conference on, Lahore, 2014, pp. 100-104. doi:10.1109/ICOSST.2014.7029328
Abstract: Security of cryptographic keys stored on an untrusted host is a challenging task. Casual storage of keys could lead to an unauthorized access using physical means. If an adversary can access the binary code, the key material can be easily extracted using well-known key-finding techniques. This paper proposes a new technique for securing keys within software. In our proposed technique, we transform keys (randomly generated bit-strings) to a set of randomized functions, which are then compiled and obfuscated together to form a secure application. When the keys are required at the run-time, an inverse transform is computed by the application dynamically to yield the original bit-strings. We demonstrate that our technique resists attacks by many entropy based key finding algorithms that scan the host’s RAM at run-time.
Keywords: computer network security; cryptography; inverse transforms; open systems; RAM; binary code; cryptographic key security; entropy-based key finding algorithm; inverse transform; key material; key-finding technique; randomized functions; randomly-generated bit-strings; secret keys; Availability; Cryptography; Heuristic algorithms; Lead; Open systems; Software; Key Hiding; Open System Security; White-Box Model (ID#: 16-10869)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7029328&isnumber=7029304

S. V. Ghiţă, V. V. Patriciu, and I. Bica, “A New DRM Architecture Based on Mobile Code and White-Box Encryption,” Communications (COMM), 2012 9th International Conference on, Bucharest, 2012, pp. 303-306. doi:10.1109/ICComm.2012.6262567
Abstract: This paper represents an attempt to introduce a new Digital Rights Management (DRM) architecture for the distribution and protection of the digital contents. Based on the analysis of current DRM systems and cutting edge state of the art technologies, we propose an innovative design to cope with the existing limitations and weaknesses of a DRM ecosystem. We support the idea of introducing mobile code technologies together with white-box encryption techniques to the next generation of DRM systems. This paper presents our evaluation of current DRM solutions and recent technical breakthroughs. We also introduce a new architectural design. The paper justifies the new architecture and carries out a security analysis for the solution proposed.
Keywords: cryptography; digital rights management; DRM architecture; DRM ecosystem; architectural design; digital content distribution; digital content protection; digital rights management architecture; innovative design; mobile code technologies; security analysis; white-box encryption techniques; Authentication; Encryption; Licenses; Mobile agents; Mobile communication; DRM; mobile code; white-box encryption (ID#: 16-10870)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6262567&isnumber=6262524

Y. Shi and Z. He, “A Lightweight White-Box Symmetric Encryption Algorithm Against Node Capture for WSNs,” Wireless Communications and Networking Conference (WCNC), 2014 IEEE, Istanbul, 2014, pp. 3058-3063. doi:10.1109/WCNC.2014.6952994
Abstract: Wireless Sensor Networks (WSNs) are often deployed in hostile environments and an adversary can potentially capture sensor nodes. This is a typical white-box attack context, i.e., the adversary may have total visibility of the implementation of the build-in cryptosystem and full control over its execution platform - the sensor nodes. Existing encryption algorithms for white-box attack contexts require large memory footprint and hence are not applicable for wireless sensor networks scenarios. As a countermeasure against the threat in this context, a lightweight secure implementation of the symmetric encryption algorithm SMS4 is proposed. The basic idea of our solution is to merge several steps of the round function of SMS4 into table lookups, blended by randomly generated mixing bijections. Its security and efficiency are analyzed. Evaluation shows our solution satisfies the requirement of sensor nodes in terms of limited memory size and low computational costs.
Keywords: cryptography; wireless sensor networks; SMS4 symmetric encryption algorithm; WSN; lightweight white-box symmetric encryption algorithm; memory footprint; node capture; sensor nodes; Algorithm design and analysis; Ciphers; Encryption; Software algorithms; Wireless sensor networks; Node capture; Sensor networks; Symmetric encryption algorithm; White-box attack context (ID#: 16-10871)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6952994&isnumber=6951847
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

iOS Encryption

	iOS Encryption

The proliferation and increased capability of “smartphones” have also increased security issues for users. For the Science of Security community, these small computing platforms have the same hard problems to solve as main frames, data centers, or desktops. The research cited here looked at encryption issues specific to Apple’s iOS operating system. The work was presented over a period of several years.

P. Teufl, T. Zefferer, C. Stromberger, and C. Hechenblaikner, “iOS Encryption Systems: Deploying iOS Devices in Security-Critical Environments,” Security and Cryptography (SECRYPT), 2013 International Conference on, Reykjavik, Iceland, 2013, pp. 1-13. doi: (not provided)
Abstract: The high usability of smartphones and tablets is embraced by consumers as well as the private and public sector. However, especially in the non-consumer area the factor security plays a decisive role for the platform selection process. All of the current companies within the mobile device sector added a wide range of security features to the initially consumer-oriented devices (Apple, Google, Microsoft), or have dealt with security as a core feature from the beginning (RIM, now Blackerry). One of the key security features for protecting data on the device or in device backups are the encryption systems, which are deployed in most current devices. However, even under the assumption that the systems are implemented correctly, there is a wide range of parameters, specific use cases, and weaknesses that need to be considered by the security officer. As the first part in a series of papers, this work analyzes the deployment of the iOS platform and its encryption systems within a security-critical context from a security officer’s perspective. Thereby, the different sub-systems, the influence of the developer, the applied configuration, and the susceptibility to various attacks are analyzed in detail. Based on these results we present a workflow that supports the security officer in analyzing the security of an iOS device and the installed applications within a security-critical context. This workflow is supported by various tools that were either developed by ourselves or are available from other sources.
Keywords: Context; Encryption; Malware; Mobile handsets; Bring-Your-Own-Device; Encryption; Mobile Device Management; Mobile Devices; Risk Analysis; Security Analysis; Smartphone Security; iOS (ID#: 16-10834)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7223165&isnumber=7223120

I. B. Cioc, M. Jurian, I. Lita, and R. M. Teodorescu, “A Method for Increasing Security in Electronic Communication Services Based on Text Messages Communication,” Electronics, Computers and Artificial Intelligence (ECAI), 2015 7th International Conference on, Bucharest, 2015, pp. AE-23-AE-26. doi:10.1109/ECAI.2015.7301181
Abstract: This paper presents a method used for increasing the security of sending text messages using public text communication services like email and SMS. It uses text encryption before sending the message through email or mobile phone (SMS), so, even the message is received and viewed by another unauthorized person, it cannot be understood. The application was implemented in LabVIEW and can be used for sending encrypted text email between two or more users, using public email services. For encryption, the proposed application uses text encryption methods like symmetrical and asymmetrical encryption, using private encryption key or private and public encryption key. For sending encrypted SMS using this application, the text message must be previously encrypted, and then the encrypted message will be copied to the text window of the application for sending SMS running on the mobile phone. A similar application can be also developed for mobile phones with operating systems like android, iOS, windows mobile, etc. This application can be used also with any text message service, like Yahoo Messenger, Facebook messenger, etc.
Keywords: operating systems (computers); private key cryptography; public key cryptography; smart phones; social networking (online); text analysis; LabVIEW; SMS; Yahoo Messenger; android; asymmetrical encryption; electronic communication services security;email; facebook messenger; iOS; mobile phones; operating systems; private encryption key; public encryption key; public text communication services; symmetrical encryption; text encryption methods; text messages; text window; windows mobile; Electronic mail; Encryption; Servers; Smart phones; text encription/decription; text message communication (ID#: 16-10835)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301181&isnumber=7301133

P. Teufl, A. Fitzek, D. Hein, A. Marsalek, A. Oprisnik, and T. Zefferer, “Android Encryption Systems,” Privacy and Security in Mobile Systems (PRISMS), 2014 International Conference on, Aalborg, 2014, pp. 1-8. doi:10.1109/PRISMS.2014.6970599
Abstract: The high usability of smartphones and tablets is embraced by consumers as well as the corporate and public sector. However, especially in the non-consumer area the factor security plays a decisive role for the platform-selection process. All of the current companies within the mobile device sector added a wide range of security features to the initially consumer-oriented devices (Apple, Google, Microsoft), or have dealt with security as a core feature from the beginning (RIM, now Blackerry). One of the key security features for protecting data on the device or in device backups are encryption systems, which are available in the majority of current devices. However, even under the assumption that the systems are implemented correctly, there is a wide range of parameters, specific use cases, and weaknesses that need to be considered when deploying mobile devices in security-critical environments. As the second part in a series of papers (the first part was on iOS), this work analyzes the deployment of the Android platform and the usage of its encryption systems within a security-critical context. For this purpose, Android’s different encryption systems are assessed and their susceptibility to different attacks is analyzed in detail. Based on these results a workflow is presented, which supports deployment of the Android platform and usage of its encryption systems within security-critical application scenarios.
Keywords: Android (operating system); cryptography; data protection; smart phones; Android encryption systems; Android platform deployment analysis; Apple; Blackberry; Google; Microsoft; RIM; attack susceptibility; consumer-oriented devices; data protection; device backups; iOS; mobile device sector; mobile devices; nonconsumer area; platform-selection process; security features; security-critical application scenarios; security-critical context; security-critical environments; smart phones; tablets; Androids; Encryption; Humanoid robots; Smart phones (ID#: 16-10836)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6970599&isnumber=6970591

M. S. Ahmad, N. E. Musa, R. Nadarajah, R. Hassan, and N. E. Othman, “Comparison Between Android and iOS Operating System in Terms of Security,” Information Technology in Asia (CITA), 2013 8th International Conference on, Kota Samarahan, 2013, pp. 1-4. doi:10.1109/CITA.2013.6637558
Abstract: This paper compares between android and iPhone Operating System (iOS) mobile operating systems (MOS) that available in the market which is more specific on the security issue. These issues are reportedly the concern of not only the mobile customers but also the software developers. In achieving security requirements, the MOS developers need to know how to achieve the criteria. The security requirements for MOS are Application Sandboxing, Memory Randomization, Encryption, Data Storage Format and Built-in Antivirus. Application sandboxing enforces permissions, privileges, directories, entitlements and kernel access for a mobile app. Memory randomization ensures that the memory regions of mobile application as well as system shared libraries are all randomized at device and application start-up. Encryption is performed on disk or filer/folder level and also at the interprocess communication level. It is difficult to speak in favor or against the android or the iOS operating system in terms of better security. The way of using the device plays a major role in determining the security level. In terms of storage, all data are stored in Data Storage Format. Data can be stored at internal storage or external storage. To protect the MOS from virus attacks, antivirus need to be installed for increasing security areas.
Keywords: cryptography; mobile computing; operating systems (computers); storage management; Android operating system; application sandboxing; built-in antivirus; data storage format; encryption; filer-folder level; iOS operating system; iPhone operating system; interprocess communication level; memory randomization; mobile application; mobile operating systems; security issue; security requirements; Androids; Encryption; Humanoid robots; Mobile communication; Operating systems; Smart phones; Android; MOS; iOS (ID#: 16-10837)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6637558&isnumber=6637544

Z.-Y. Cheah, Y. S. Lee, T.-Y. The, and J. J. Chin, “Simulation of a Pairing-Based Identity-Based Identification Scheme in IOS,” 2015 IEEE International Conference on Signal and Image Processing Applications (ICSIPA), Kuala Lumpur, 2015, pp. 298-303. doi:10.1109/ICSIPA.2015.7412208
Abstract: Pairing-based cryptography have begun to draw attention ever since the work of Boneh and Franklin in 2001 proposing the first identity-based encryption scheme using bilinear pairings. In 2010, Tan et al. developed a pairing library that has running times that is as competitive as Pairing-Based Crypto (PBC) library. However, since Tan et al’s pairing library was written in Java, it was not known to work for other platforms such as iOS. In this work, we adapt Tan et al’s Java library for iOS through the implementation of a pairing-based identity-based identification (IBI) scheme.
Keywords: Java; cryptography; iOS (operating system); IBI scheme; IOS; Java library; PBC library; bilinear pairings; identity-based encryption scheme; pairing-based crypto library; pairing-based cryptography; pairing-based identity-based identification scheme; Encryption; Identity-based encryption; Java; Libraries; Servers (ID#: 16-10838)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7412208&isnumber=7412141

A. Shortall and M. A. Hannan Bin Azhar, “Forensic Acquisitions of WhatsApp Data on Popular Mobile Platforms,” 2015 Sixth International Conference on Emerging Security Technologies (EST), Braunschweig, Germany, 2015, pp. 13-17. doi:10.1109/EST.2015.16
Abstract: Encryption techniques used by popular messaging services such as Skype, Viber and WhatsApp make traces of illegal activities by criminal groups almost undetectable. This paper reports challenges involved to examine data of the WhatsApp application on popular mobile platforms (iOS, Android and Windows Phone) using latest forensic software such as EnCase, UFED and Oxygen Forensic Suite. The operating systems used were Windows phone 8.1, Android 5.0.1 (Lollipop) and iOS 8.3. Results show that due to strong security features built into the Windows 8.1 system forensic examiners may not be able to access data with standard forensic suite and they must decide whether to perform a live forensic acquisition. This paper provides forensics examiners with practical techniques for recovering evidences of WhatsApp data from Windows 8.1 mobile operating systems that would otherwise be inaccessible.
Keywords: Data mining; Forensics; Mobile communication; Operating systems; Oxygen; Smart phones; Android; Forensic tools; Live data forensics; Mobile forensics; WhatsApp forensics; Windows Phone; iOS (ID#: 16-10839)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7429264&isnumber=7429252

K. Naito, K. Mori, H. Kobayashi, K. Kamienoo, H. Suzuki, and A. Watanabe, “End-to-End IP Mobility Platform in Application Layer for iOS and Android OS,” Consumer Communications and Networking Conference (CCNC), 2014 IEEE 11th, Las Vegas, NV, 2014, pp. 92-97. doi:10.1109/CCNC.2014.6866554
Abstract: Smartphones are a new type of mobile devices that users can install additional mobile software easily. In the almost all smartphone applications, client-server model is used because end-to-end communication is prevented by NAT routers. Recently, some smartphone applications provide real time services such as voice and video communication, online games etc. In these applications, end-to-end communication is suitable to reduce transmission delay and achieve efficient network usage. Also, IP mobility and security are important matters. However, the conventional IP mobility mechanisms are not suitable for these applications because most mechanisms are assumed to be installed in OS kernel. We have developed a novel IP mobility mechanism called NTMobile (Network Traversal with Mobility). NTMobile supports end-to-end IP mobility in IPv4 and IPv6 networks, however, it is assumed to be installed in Linux kernel as with other technologies. In this paper, we propose a new type of end-to-end mobility platform that provides end-to-end communication, mobility, and also secure data exchange functions in the application layer for smartphone applications. In the platform, we use NTMobile, which is ported as the application program. Then, we extend NTMobile to be suitable for smartphone devices and to provide secure data exchange. Client applications can achieve secure end-to-end communication and secure data exchange by sharing an encryption key between clients. Users also enjoy IP mobility which is the main function of NTMobile in each application. Finally, we confirmed that the developed module can work on Android system and iOS system.
Keywords: Android (operating system); IP networks; client-server systems; cryptography; electronic data interchange; iOS (operating system); real-time systems; smart phones; Android OS; IPv4 networks; IPv6 networks; Linux kernel; NAT routers; NTMobile; OS kernel; application layer; client-server model; encryption key; end-to-end IP mobility platform; end-to-end communication; iOS system; network traversal with mobility; network usage; real time services; secure data exchange; smartphones; transmission delay; Authentication; Encryption; Manganese; Relays; Servers (ID#: 16-10840)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6866554&isnumber=6866537

I. Mohamed and D. Patel, “Android vs iOS Security: A Comparative Study,” Information Technology – New Generations (ITNG), 2015 12th International Conference on, Las Vegas, NV, 2015, pp. 725-730. doi:10.1109/ITNG.2015.123
Abstract: The massive adoption of mobile devices by individuals as well as by organizations has brought forth many security concerns. Their significant abilities have resulted in their permeating use while correspondingly increasing their attractiveness as targets for cybercriminals. Consequently, mobile device vendors have increasingly focused on security in their design efforts. However, present security features might still be insufficient to protect users’ assets. In this paper, factors that influence security within the two leading mobile platforms, Android and iOS, are presented and examined to promote discussion while studying them under one umbrella. We consider various factors that influence security on both platforms, such as application provenance, application permissions, application isolation, and encryption mechanisms.
Keywords: Android (operating system); cryptography; iOS (operating system); mobile computing; mobile handsets; organisational aspects; Android security; application isolation; application permissions; application provenance; cybercriminals; design efforts; encryption mechanisms; iOS security; mobile device vendors; organizations; security features; Androids; Encryption; Google; Humanoid robots; Mobile communication; Mobile handsets; Android; Application store; Mobile Platform; Security; iOS (ID#: 16-10841)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7113562&isnumber=7113432

L. Gomez-Miralles and J. Arnedo-Moreno, “Lockup: A Software Tool to Harden iOS by Disabling Default Lockdown Services,” 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Krakow, 2015, pp. 718-723. doi:10.1109/3PGCIC.2015.57
Abstract: Smartphones and mobile devices nowadays accompany each of us in our pockets, holding vast amounts of personal data. The iOS platform has gained popularity in the last years, in particular in enterprise deployments, due to its supposed higher level of security. Recent research has pinpointed a number of mechanisms that are being abused today in order to compromise the security of iOS devices. In this paper, we present Lockup, a proof of concept tool that applies various mitigation measures in order to protect iOS devices against those attacks.
Keywords: iOS (operating system); mobile computing;s ecurity of data; smart phones; software tools; iOS device security; iOS platform; lockdown service; lockup; mobile device; smartphone; software tool; Computers; Data mining; Encryption; Mobile communication; Software tools; Universal Serial Bus; Apple; Hardening; Privacy; Security; iOS; iPad; iPhone (ID#: 16-10842)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7424656&isnumber=7424499

S. Adibi, “Comparative Mobile Platforms Security Solutions,” Electrical and Computer Engineering (CCECE), 2014 IEEE 27th Canadian Conference on, Toronto, ON, 2014, pp. 1-6. doi:10.1109/CCECE.2014.6900963
Abstract: Mobile platform security solution has become especially important for mobile computing paradigms, due to the fact that increasing amounts of private and sensitive information are being stored on the smartphones’ on-device memory or MicroSD/SD cards. This paper aims to consider a comparative approach to the security aspects of the current smartphone systems, including: iOS, Android, BlackBerry (QNX), and Windows Phone.
Keywords: mobile computing; security of data; Android; BlackBerry; QNX; Windows Phone; comparative mobile platforms; iOS; mobile computing paradigm; mobile platform security solution; private information; sensitive information; smart phone; Androids; Encryption; Kernel; Mobile communication; Smart phones (ID#: 16-10843)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6900963&isnumber=6900900

Y.-D. Lin, J. Voas, A. Pescapè, and P. Mueller, “Communications and Privacy Under Surveillance,” in Computer, vol. 49, no. 3, pp. 10-13, Mar. 2016. doi:10.1109/MC.2016.65
Abstract: Legislation has not kept up with the many innovation leapfrogs that characterize computing technology. The recent legal tangle between the US Federal Bureau of Investigation and Apple about installing back doors in iOS for surveillance brings concerns about sensing, surveillance, privacy, security, secrecy, communication, and trust to the forefront of users’ minds.
Keywords: Internet; cryptography; encryption; privacy; security; surveillance (ID#: 16-10844)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7433344&isnumber=7433333
 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.