Biblio

Security and monitoring systems are more and more demanding in terms of quality, reliability and flexibility especially those dedicated to video surveillance. The quality of the acquired video signal strongly affects the performance of the high level tasks such as visual tracking, face detection and recognition. The design of a video quality assessment metric dedicated to this particular application requires a preliminary study on the common distortions encountered in video surveillance. To this end, we present in this paper a dataset dedicated to video quality assessment in the context of video surveillance. This database consists of a set of common distortions at different levels of annoyance. The subjective tests are performed using a classical pair comparison protocol with some new configurations. The subjective results obtained through the psycho-visual tests are analyzed and compared to some objective video quality assessment metrics. The preliminary results are encouraging and open a new framework for building smart video surveillance based security systems.

The objective of the proposed research is to develop an IOT based security system with a two-point authentication. Human face recognition and fingerprint is a known method for access authentication. A combination of both technologies and integration of the system with IoT make will make the security system more efficient and reliable. Use of online platform google firebase is made for saving database and retrieving it in real-time. In this system access to the fingerprint (touch sensor) from mobile is proposed using an android app developed in android studio and authentication for the same is also proposed. On identification of both face and fingerprint together, access to door or locker is provided.

Internet of Things (IoT) has been growing exponentially in the commercial market in recent years. It is also a fact that people hold one or more computing devices at home. Many of them have been developed to operate through internet connectivity with cloud computing technologies that result in the demand for fast, robust, and secure services. In most cases, the lack of these services makes difficult the transfer of data to fulfill the devices' purposes. Under these conditions, an intermediate layer or middleware is needed to process, filter, and send data through a more efficient alternative. This paper presents the adaptive solution of a middleware architecture as an intermediate layer between smart devices and cloud computing to enhance the management of the heterogeneity of data provining from IoT devices. The proposed middleware provides easy configuration, adaptability, and bearability for different environments. Finally, this solution has been implemented in the healthcare domain, in which IoT solutions are deployed into Ambient Assisted Living (AAL) environments.

Machine to Machine (M2M) a sub area of Internet of Things (IoT) will link billions of devices or things distributed around the world using the Internet. These devices when connected exchange information obtained from the environment such as temperature or humidity from industrial or residential control process. Information Security (IS) and Trust are one of the fundamental points for users and the industry to accept the use of these devices with Confidentiality, Integrity, Availability and Authenticity. The key reason is that most of these devices use wireless media especially in residential and smart city environments. The overall goal of this work is to implement a Middleware Security to improve Safety and Security between the control network devices used in IoT/M2M and the Internet for residential or industrial environments. This implementation has been tested with different protocols as CoAP and MQTT, a microcomputer with free Real-Time Operating System (RTOS) implemented in a Raspberry Pi Gateway Access Point (RGAP), Network Address Translator (NAT), IPTable firewall and encryption is part of this implementation for secure data transmission

The rapid developments of mobile communication and wearable devices greatly improve our daily life, while the massive entities and emerging services also make Cyber-Physical System (CPS) much more complicated. The maintenance of CPS security tends to be more and more difficult. As a ”gamechanging” new active defense concept, Moving Target Defense (MTD) handle this tricky problem by periodically upsetting and recombining connections between users and servers in the protected system, which is so-called ”shuffle”. By this means, adversaries can hardly obtain enough time to compromise the potential victims, which is the indispensable condition to collect necessary information or conduct further malicious attacks. But every coin has two sides, MTD also introduce unbearable high energy consumption and resource occupation in the meantime, which hinders the large-scale application of MTD for quite a long time. In this paper, we propose a novel deep reinforcement learning-based MOTAG system called DQ-MOTAG. To our knowledge, this is the first work to provide self-adaptive shuffle period adjustment ability for MTD with reinforcement learning-based intelligent control mechanism. We also design an algorithm to generate optimal duration of next period to guide subsequent shuffle. Finally, we conduct a series of experiments to prove the availability and performance of DQ-MOTAG compared to exist methods. The result highlights our solution in terms of defense performance, error block rate and network source consumption.

The Internet of Things (IoT) is more and more present in fundamental aspects of our societies and personal life. Billions of objects now have access to the Internet. This networking capability allows for new beneficial services and applications. However, it is also the entry-point for a wide variety of cyber-attacks that target these devices. The security measures present in real IoT systems lag behind those of the standard Internet. Security is sometimes completely absent. Moving Target Defense (MTD) is a 10-year-old cyber-defense paradigm. It proposes to randomize components of a system. Reasonably, an attacker will have a higher cost attacking an MTD-version of a system compared with a static-version of it. Even if MTD has been successfully applied to standard systems, its deployment for IoT is still lacking. In this paper, we propose a generic MTD framework suitable for IoT systems: IANVS (pronounced Janus). Our framework has a modular design. Its components can be adapted according to the specific constraints and requirements of a particular IoT system. We use it to instantiate two concrete MTD strategies. One that targets the UDP port numbers (port-hopping), and another a CoAP resource URI. We implement our proposal on real hardware using Pycom LoPy4 nodes. We expose the nodes to a remote Denial-of-Service attack and evaluate the effectiveness of the IANVS-based port-hopping MTD proposal.

Lightweight virtualization represented by container technology provides a virtual environment for cloud services with more flexibility and efficiency due to the kernel-sharing property. However, the shared kernel also means that the system isolation mechanisms are incomplete. Attackers can scan the shared system configuration files to explore vulnerabilities for launching attacks. Previous works mainly eliminate the problem by fixing operating systems or using access control policies, but these methods require significant modifications and cannot meet the security needs of individual containers accurately. In this paper, we present ConfigRand, a moving target defense framework to prevent the information leakages due to the shared kernel in the container-based cloud. The ConfigRand deploys deceptive system configurations for each container, bounding the scan of attackers aimed at the shared kernel. In design of ConfigRand, we (1) propose a framework applying the moving target defense philosophy to periodically generate, distribute, and deploy the deceptive system configurations in the container-based cloud; (2) establish a model to formalize these configurations and quantify their heterogeneity; (3) present a configuration movement strategy to evaluate and optimize the variation of configurations. The results show that ConfigRand can effectively prevent the information leakages due to the shared kernel and apply to typical container applications with minimal system modification and performance degradation.

Moving Target Defense (MTD) has been emerged as a promising countermeasure to defend systems against cyberattacks asymmetrically while working well with legacy security and defense mechanisms. MTD provides proactive security services by dynamically altering attack surfaces and increasing attack cost or complexity to prevent further escalation of the attack. However, one of the non-trivial hurdles in deploying MTD techniques is how to handle potential performance degradation (e.g., interruptions of service availability) and maintain acceptable quality-of-service (QoS) in an MTD-enabled system. In this paper, we derive the service performance metrics (e.g., an extent of failed jobs) to measure how much performance degradation is introduced due to MTD operations, and propose QoS-aware service strategies (i.e., drop and wait) to manage ongoing jobs with the minimum performance degradation even under MTD operations running. We evaluate the service performance of software-defined networking (SDN)-based web services (i.e., Apache web servers). Our experimental results prove that the MTD-enabled system can minimize performance degradation by using the proposed job management strategies. The proposed strategies aim to optimize a specific service configuration (e.g., types of jobs and request rates) and effectively minimize the adverse impact of deploying MTD in the system with acceptable QoS while retaining the security effect of IP shuffling-based MTD.

The numerous attacks on ICS systems have made severe threats to critical infrastructure. Extensive studies have focussed on the risk assessment of discovering vulnerabilities. However, to identify Zero-day vulnerabilities is challenging because they are unknown to defenders. Here we sought to measure ICS system zero-day risk by building an enhanced attack graph for expected attack path exploiting zero-day vulnerability. In this study, we define the security metrics of Zero-day vulnerability for an ICS. Then we created a Zero-day attack graph to guide how to harden the system by measuring attack paths that exploiting zero-day vulnerabilities. Our studies identify the vulnerability assessment method on ICS systems considering Zero-day Vulnerability by zero-day attack graph. Together, our work is essential to ICS systems security. By assessing unknown vulnerability risk to close the imbalance between attackers and defenders.

With the emergence of smart grids as the primary means of distribution across wide areas, the importance of improving its resilience to faults and mishaps is increasing. The reliability of a distribution system depends upon its tolerance to attacks and the efficiency of restoration after an attack occurs. This paper proposes a unique approach to the restoration of smart grids under attack by impostors or due to natural calamities via optimal islanding of the grid with primary generators and distributed generators(DGs) into sub-grids minimizing the amount of load shed which needs to be incurred and at the same time minimizing the number of switching operations via graph theory. The minimum load which needs to be shed is computed in the first stage followed by selecting the nodes whose load needs to be shed to achieve such a configuration and then finally deriving the sequence of switching operations required to achieve the configuration. The proposed method is tested against standard IEEE 37-bus and a 1069-bus grid system and the minimum load shed along with the sequencing steps to optimal configuration and time to achieve such a configuration are presented which demonstrates the effectiveness of the method when compared to the existing methods in the field. Moreover, the proposed algorithm can be easily modified to incorporate any other constraints which might arise due to any operational configuration of the grid.

As large-scale linear equation systems are pervasive in many scientific fields, great efforts have been done over the last decade in realizing efficient techniques to solve such systems, possibly relying on High Performance Computing (HPC) infrastructures to boost the performance. In this framework, the ever-growing scale of supercomputers inevitably increases the frequency of faults, making it a crucial issue of HPC application development.A previous study [1] investigated the possibility to enhance the Inhibition Method (IMe) -a linear systems solver for dense unstructured matrices-with fault tolerance to single hard errors, i.e. failures causing one computing processor to stop.This article extends [1] by proposing an efficient technique to obtain fault tolerance to multiple hard errors, which may occur concurrently on different processors belonging to the same or different machines. An improved parallel implementation is also proposed, which is particularly suitable for HPC environments and moves towards the direction of a complete decentralization. The theoretical analysis suggests that the technique (which does not require check pointing, nor rollback) is able to provide fault tolerance to multiple faults at the price of a small overhead and a limited number of additional processors to store the checksums. Experimental results on a HPC architecture validate the theoretical study, showing promising performance improvements w.r.t. a popular fault-tolerant solving technique.

Convergence of critical infrastructure and data, including government and enterprise, to the dynamic Internet of Things (IoT) environment and future digital ecosystems exhibit significant challenges for privacy and identity in these interconnected domains. There are an increasing variety of devices and technologies being introduced, rendering existing security tools inadequate to deal with the dynamic scale and varying actors. The IoT is increasingly data driven with user sovereignty being essential - and actors in varying scenarios including user/customer, device, manufacturer, third party processor, etc. Therefore, flexible frameworks and diverse security requirements for such sensitive environments are needed to secure identities and authenticate IoT devices and their data, protecting privacy and integrity. In this paper we present a review of the principles, techniques and algorithms that can be adapted from other distributed computing paradigms. Said review will be used in application to the development of a collaborative decision-making framework for heterogeneous entities in a distributed domain, whilst simultaneously highlighting privacy preserving issues in the IoT. In addition, we present our trust-based privacy preserving schema using Dempster-Shafer theory of evidence. While still in its infancy, this application could help maintain a level of privacy and nonrepudiation in collaborative environments such as the IoT.

With the location-based services (LBS) booming, the volume of spatial data inevitably explodes. In order to reduce local storage and computational overhead, users tend to outsource data and initiate queries to the cloud. However, sensitive data or queries may be compromised if cloud server has access to raw data and plaintext token. To cope with this problem, searchable encryption for geometric range is applied. Geometric range search has wide applications in many scenarios, especially the circular range search. In this paper, a practical and secure circular range search scheme (PSCS) is proposed to support searching for spatial data in a circular range. With our scheme, a semi-honest cloud server will return data for a given circular range correctly without uncovering index privacy or query privacy. We propose a polynomial split algorithm which can decompose the inner product calculation neatly. Then, we define the security of our PSCS formally and prove that it is secure under same-closeness-pattern chosen-plaintext attacks (CLS-CPA) in theory. In addition, we demonstrate the efficiency and accuracy through analysis and experiments compared with existing schemes.

Dynamic Random Access Memory (DRAM) is widely used for data storage and, when a computer system is in operation, the DRAM can contain sensitive information such as passwords and cryptographic keys. Therefore, the DRAM is a prime target for hardware-based cryptanalytic attacks. These attacks can be performed in the supply chain to capture default key mechanisms enabling a later cyber attack or predisposition the system to remote effects. Two prominent attack classes against memory are the Cold Boot attack which recovers the data from the DRAM even after a supposed power-down and Rowhammer attack which violates memory integrity by influencing the stored bits to flip. In this paper, we propose an on-chip technique that obfuscates the memory addresses and data and provides a fast detect-response to defend against these hardware-based security attacks on DRAM. We advance the prior hardware security research by making two contributions. First, the key material is detected and erased before the Cold Boot attacker can extract the memory data. Second, our solution is on-chip and does not require nor depend on additional hardware or software which are open to additional supply chain attack vectors. We analyze the efficacy of our scheme through circuit simulation and compare the results to the previous mitigation approaches based on DRAM write operations. Our simulation and analysis results show that purging key information used for address and data randomization can be achieved much faster and with lower power than with typical DRAM write techniques used for sanitizing memory content. We demonstrate through circuit simulation of the key register design a technique that clears key information within 2.4ns which is faster by more than two orders magnitude compared to typical DRAM write operations for 180nm technology, and with a power consumption of 0.15 picoWatts.

Artificial Intelligence also often referred to as machine learning is being labelled to as the future has been into light since more than a decade. Artificial Intelligence designated by the acronym AI has a vast scope of development and the developers have been working on with it constantly. AI is being associated with the existing objects in the world as well as with the ones that are about to arrive to improve them and make them more reliable. AI as it states in its name is intelligence, intelligence shown by the machines to work similar to humans and work on achieving the goals they are being provided with. Another application of AI could be to provide defenses against the present cyber threats, vehicle overrides etc. Also, AI might be intelligence but, in the end, it's still a bunch of codes, hence it is prone to be corrupted or misused by the world. To prevent the misuse of the technologies, it is necessary to deploy them with a sustainable defensive system as well. Obviously, there is going to be a default defense system but it is prone to be corrupted by the hackers or malfunctioning of the intelligence in certain scenarios which can result disastrous especially in case of Robotics. A proposal referred to as the “Guard Masking” has been offered in the following paper, to provide an alternative for securing Artificial Intelligence.

Attribute-based encryption received widespread attention as soon as it was proposed. However, due to its specific characteristics, some restrictions on attribute set are not flexible enough in actual operation. In addition, since access authorities are determined according to users' attributes, users sharing the same attributes are difficult to be distinguished. Once a malicious user makes illicit gains by their decryption authorities, it is difficult to track down specific user. This paper follows practical demands to propose a more flexible key-policy attribute-based encryption scheme with black-box traceability. The scheme has a constant size of public parameters which can be utilized to construct attribute-related parameters flexibly, and the method of traitor tracing in broadcast encryption is introduced to achieve effective malicious user tracing. In addition, the security and feasibility can be proved by the security proofs and performance evaluation in this paper.

We address energy-efficient placement of data and analytics components of composite analytics services on a wireless network to minimize execution-time energy consumption (computation and communication) subject to compute, storage and network resource constraints. We introduce an expressive analytics service hypergraph model for representing k-ary composability relationships (k ≥ 2) between various analytics and data components and leverage binary quadratic programming (BQP) to minimize the total energy consumption of a given placement of the analytics hypergraph nodes on the network subject to resource availability constraints. Then, after defining a potential energy functional Φ(·) to model the affinities of analytics components and network resources using analogs of attractive and repulsive forces in physics, we propose a decentralized Metropolis Monte Carlo (MMC) sampling method which seeks to minimize Φ by moving analytics and data on the network. Although Φ is non-convex, using a potential game formulation, we identify conditions under which the algorithm provably converges to a local minimum energy equilibrium placement configuration. Trace-based simulations of the placement of a deep-neural-network analytics service on a realistic wireless network show that for smaller problem instances our MMC algorithm yields placements with total energy within a small factor of BQP and more balanced workload distributions; for larger problems, it yields low-energy configurations while the BQP approach fails.

One of the main security issues in telecare medecine information systems is the remote user authentication and key agreement between healthcare professionals and patient's medical sensors. Many of the proposed approaches are based on multiple factors (password, token and possibly biometrics). Two-factor authentication protocols do not resist to many possible attacks. As for three-factor authentication schemes, they usually come with high resource consumption. Since medical sensors have limited storage and computational capabilities, ensuring a minimal resources consumption becomes a major concern in this context. In this paper, we propose a secure and lightweight three-factor authentication and key generation scheme for securing communications between healtcare professional and patient's medical sensors. Thanks to formal verification, we prove that this scheme is robust enough against known possible attacks. A comparison with the most relevant related work's schemes shows that our protocol ensures an optimised resource consumption level.

{Mobile devices are promising to apply two-factor authentication in order to improve system security and enhance user privacy-preserving. Existing solutions usually have certain limits of requiring some form of user effort, which might seriously affect user experience and delay authentication time. In this paper, we propose PPGPass, a novel mobile two-factor authentication system, which leverages Photoplethysmography (PPG) sensors in wrist-worn wearables to extract individual characteristics of PPG signals. In order to realize both nonintrusive and secure, we design a two-stage algorithm to separate clean heartbeat signals from PPG signals contaminated by motion artifacts, which allows verifying users without intentionally staying still during the process of authentication. In addition, to deal with non-cancelable issues when biometrics are compromised, we design a repeatable and non-invertible method to generate cancelable feature templates as alternative credentials, which enables to defense against man-in-the-middle attacks and replay attacks. To the best of our knowledge, PPGPass is the first nonintrusive and secure mobile two-factor authentication based on PPG sensors in wearables. We build a prototype of PPGPass and conduct the system with comprehensive experiments involving multiple participants. PPGPass can achieve an average F1 score of 95.3%, which confirms its high effectiveness, security, and usability}.

Autonomous Underwater Vehicles (AUVs) have several fundamental civilian and military applications, and Denial of Service (DoS) attacks against their communications are a serious threat. In this work, we analyze such an attack using game theory in an asymmetric scenario, in which the node under attack does not know the position of the jammer that blocks its signals. The jammer has a dual objective, namely, disrupting communications and forcing the legitimate transmitter to spend more energy protecting its own transmissions. Our model shows that, if both nodes act rationally, the transmitter is able to quickly reduce its disadvantage, estimating the location of the jammer and responding optimally to the attack.

Security is one of the key aspects of underwater acoustic networks, due to the critical importance of the scenarios in which these networks can be employed. For example, attacks performed to military underwater networks or to assets deployed for tsunami prevention can lead to disastrous consequences. Nevertheless, countermeasures to possible network attacks have not been widely investigated so far. One way to identify possible attackers is by using reputation, where a node gains trust each time it exhibits a good behavior, and loses trust each time it behaves in a suspicious way. The first step for analyzing if a node is behaving in a good way is to inspect the network traffic, by detecting all conversations. This paper proposes both centralized and decentralized algorithms for performing this operation, either from the network or from the node perspective. While the former can be applied only in post processing, the latter can also be used in real time by each node, and so can be used for creating the trust value. To evaluate the algorithms, we used real experimental data acquired during the EDA RACUN project (Robust Underwater Communication in Underwater Networks).

The location information of a node is one of the essential attributes used in most underwater communication routing algorithms to identify a candidate forwarding node by any of the sources. The exact location information of a node exchanged with its neighbours' in plain text and the absence of node authentication results in some of the attacks such as Sybil attack, Blackhole attack, and Wormhole attack. Moreover, the severe consequence of these attacks is Denial of Service (DoS), poor network performance, reduced network lifetime, etc. This paper proposes an anti-Spoof (a-Spoof) algorithm for mitigating localization and neighbour spoofing attacks in UASN. a-Spoof uses three pre-shared symmetric keys to share the location. Additionally, location integrity provided through the hash function. Further, the performance of a-Spoof demonstrated through its implementation in UnetStack with reference to end-to-end packet delay and the number of hops.

Cloud computing provides an open architecture and resource sharing computing platform with pay-per-use model. It is now a popular computing platform and most of the new internet based computing services are on this innovation supported environment. We consider it as innovation supported because developers are more focused here on the service design, rather on arranging the infrastructure, network, management of the resources, etc. These all things are available in cloud computing on hired basis. Now, a big question arises here is the security of data or privacy of data because the service provider is already using the infrastructure, network, storage, processors, and other more resources from the third party. So, the security or privacy of the portable user's data is the main motivation for writing this research paper. In this paper, we are proposing an innovative perturbation algorithm MAP() to secure the portable user's data on the cloud server.

Intelligent environments work collaboratively, bringing more comfort to human beings. The intelligence of these environments comes from technological advances in sensors and communication. IoT is the model developed that allows a wide and intelligent communication between devices. Hardware reduction of IoT devices results in vulnerabilities. Thus, there are numerous concerns regarding the security of user information, since mobile devices are easily trackable over the Internet. Care must be taken regarding the information in user profiles. Mobile devices are protected by a permission-based mechanism, which limits third-party applications from accessing sensitive device resources. In this context, this work aims to present a proposal for materialization of application for the evolution of user profiles in intelligent environments. Having as parameters the parameters presented in the proposed taxonomy. The proposed solution is the development of two applications, one for Android devices, responsible for allowing or blocking some features of the device. And another in Cloud, responsible for imposing the parameters and privacy criteria, formalizing the profile control module (PRIPRO - PRIvacy PROfiles).

There is very significant role of Virtualization in cloud computing. The physical hardware in the cloud computing reside with the host machine and the virtualization software runs on it. The virtualization allows virtual machines to exist. The host machine shares its physical components such as memory, storage, and processor ultimately to handle the needs of the virtual machines. If an attacker effectively compromises one VM, it could outbreak others on the same host on the network over long periods of time. This is an gradually more popular method for cross-virtual-machine attacks, since traffic between VMs cannot be examined by standard IDS/IPS software programs. As we know that the cloud environment is distributed in nature and hence more susceptible to various types of intrusion attacks which include installing malicious software and generating backdoors. In a cloud environment, where organizations have hosted important and critical data, the security of underlying technologies becomes critical. To alleviate the hazard to cloud environments, Intrusion Detection Systems (IDS) are a cover of defense. In this paper, we are proposing an innovative model for Intrusion Detection System for securing Host machines in cloud infrastructure. This proposed IDS has two important features: (1) signature based and (2) prompt alert system.