Biblio

Modern digital signature schemes can provide more guarantees than the standard notion of (strong) unforgeability, such as offering security even in the presence of maliciously generated keys, or requiring to know a message to produce a signature for it. The use of signature schemes that lack these properties has previously enabled attacks on real-world protocols. In this work we revisit several of these notions beyond unforgeability, establish relations among them, provide the first formal definition of non re-signability, and a transformation that can provide these properties for a given signature scheme in a provable and efficient way.Our results are not only relevant for established schemes: for example, the ongoing NIST PQC competition towards standardizing post-quantum signature schemes has six finalists in its third round. We perform an in-depth analysis of the candidates with respect to their security properties beyond unforgeability. We show that many of them do not yet offer these stronger guarantees, which implies that the security guarantees of these post-quantum schemes are not strictly stronger than, but instead incomparable to, classical signature schemes. We show how applying our transformation would efficiently solve this, paving the way for the standardized schemes to provide these additional guarantees and thereby making them harder to misuse.

The globalized supply chain in the semiconductor industry raises several security concerns such as IC overproduction, intellectual property piracy and design tampering. Logic locking has emerged as a Design-for-Trust countermeasure to address these issues. Original logic locking proposals provide a high degree of output corruption – i.e., errors on circuit outputs – unless it is unlocked with the correct key. This is a prerequisite for making a manufactured circuit unusable without the designer’s intervention. Since the introduction of SAT-based attacks – highly efficient attacks for retrieving the correct key from an oracle and the corresponding locked design – resulting design-based countermeasures have compromised output corruption for the benefit of better resilience against such attacks. Our proposed logic locking scheme, referred to as SKG-Lock, aims to thwart SAT-based attacks while maintaining significant output corruption. The proposed provable SAT-resilience scheme is based on the novel concept of decoy key-inputs. Compared with recent related works, SKG-Lock provides higher output corruption, while having high resistance to evaluated attacks.

Machine learning is implemented extensively in various applications. The machine learning algorithms teach computers to do what comes naturally to humans. The objective of this study is to do comparison on the predictive models in cyberbullying detection between the basic machine learning system and the proposed system with the involvement of feature selection technique, resampling and hyperparameter optimization by using two classifiers; Support Vector Classification Linear and Decision Tree. Corpus from ASKfm used to extract word n-grams features before implemented into eight different experiments setup. Evaluation on performance metric shows that Decision Tree gives the best performance when tested using feature selection without resampling and hyperparameter optimization involvement. This shows that the proposed system is better than the basic setting in machine learning.

Unforeseen situations on the shopfloor cause the assembly process to divert from its expected progress. To be able to overcome these deviations in a timely manner, assembly process monitoring and early deviation detection are necessary. However, legal regulations and union policies often limit the direct monitoring of human-intensive assembly processes. Grounded in an industry use case, this paper outlines a novel approach that, based on indirect privacy-respecting monitored data from the shopfloor, enables the near real-time detection of multiple types of process deviations. In doing so, this paper specifically addresses uncertainties stemming from indirect shopfloor observations and how to reason in their presence.

Deep learning (DL) models have been shown to be vulnerable to adversarial attacks. DL model security against adversarial attacks is critical to using DL-trained models in forward deployed systems, e.g. facial recognition, document characterization, or object detection. We provide results and lessons learned applying a moving target defense (MTD) strategy against iterative, gradient-based adversarial attacks. Our strategy involves (1) training a diverse ensemble of DL models, (2) applying randomized affine input transformations to inputs, and (3) randomizing output decisions. We report a primary lesson that this strategy is ineffective against a white-box adversary, which could completely circumvent output randomization using a deterministic surrogate. We reveal how our ensemble models lacked the diversity necessary for effective MTD. We also evaluate our MTD strategy against a black-box adversary employing an ensemble surrogate model. We conclude that an MTD strategy against black-box adversarial attacks crucially depends on lack of transferability between models.

With the increasing complexity, modern system-onchip (SoC) designs are becoming more susceptible to security attacks and require comprehensive security assurance. However, establishing a comprehensive assurance for security often involves knowledge of relevant security assets. Since modern SoCs contain myriad confidential assets, the identification of security assets is not straightforward. The number and types of assets change due to numerous embedded hardware blocks within the SoC and their complex interactions. Some security assets are easily identifiable because of their distinct characteristics and unique definitions, while others remain in the blind-spot during design and verification and can be utilized as potential attack surfaces to violate confidentiality, integrity, and availability of the SoC. Therefore, it is essential to automatically identify security assets in an SoC at pre-silicon design stages to protect them and prevent potential attacks. In this paper, we propose an automated CAD framework called SAF to identify an SoC's security assets at the register transfer level (RTL) through comprehensive vulnerability analysis under different threat models. Moreover, we develop and incorporate metrics with SAF to quantitatively assess multiple vulnerabilities for the identified security assets. We demonstrate the effectiveness of SAF on MSP430 micro-controller and CEP SoC benchmarks. Our experimental results show that SAF can successfully and automatically identify an SoC's most vulnerable underlying security assets for protection.

This paper defines a set difference metric for comparing machine learning (ML) datasets and proposes the difference between datasets be a function of combinatorial coverage. We illustrate its utility for evaluating and predicting performance of ML models. Identifying and measuring differences between datasets is of significant value for ML problems, where the accuracy of the model is heavily dependent on the degree to which training data are sufficiently representative of data encountered in application. The method is illustrated for transfer learning without retraining, the problem of predicting performance of a model trained on one dataset and applied to another.

Tactile Internet (TI) applications such as industry automation, connected autonomous cars, augmented reality and remote surgery, are based on secure data transmissions at a very low end-to-end latency. In order to fulfill those requirements in real applications, it is necessary to implement traffic encryption when data flows at higher communication protocol layers. Nevertheless, the implementation of the aforementioned protocols is a computing intensive task, in which many arithmetic operations are involved, leading to considerable delay. Therefore, hardware acceleration may be a solution to reduce the overall computing time, while delivering enough throughput during the execution of the network security functions. In this paper, we implement hardware accelerators for cryptographic algorithms on heterogeneous multicore dedicated hardware, using state-of-the-art embedded libraries, cryptographic cores and hardware extensions. By comparing our implementation to software-only solutions in terms of latency and throughput using variable data sets, we find latency reductions in the computing time around 80% as well as performance improvements up to three orders of magnitude.

In light of the progress achieved by the technology sector in the areas of internet speed and cloud services development, and in addition to other advantages provided by the cloud such as reliability and easy access from anywhere and anytime, most data owners find an opportunity to take advantage of the cloud to store data. However, data owners find a challenge that was and is still facing them in the field of outsourcing, which is protecting sensitive data from leakage. Researchers found that partitioning data into partitions, based on data sensitivity, can be used to protect data from leakage and to increase performance by storing the partition, which contains sensitive data in an encrypted form. In this paper, we review the methods used in designing partitions and dividing data approaches. A hybrid data partitioning approach is proposed to improve these techniques. We consider the frequency attack types used to guess the sensitive data and the most important properties that must be available in order for the encryption to be strong against frequency attacks.

Cyber-defense systems are being developed to automatically ingest Cyber Threat Intelligence (CTI) that contains semi-structured data and/or text to populate knowledge graphs. A potential risk is that fake CTI can be generated and spread through Open-Source Intelligence (OSINT) communities or on the Web to effect a data poisoning attack on these systems. Adversaries can use fake CTI examples as training input to subvert cyber defense systems, forcing their models to learn incorrect inputs to serve the attackers' malicious needs. In this paper, we show how to automatically generate fake CTI text descriptions using transformers. Given an initial prompt sentence, a public language model like GPT-2 with fine-tuning can generate plausible CTI text that can mislead cyber-defense systems. We use the generated fake CTI text to perform a data poisoning attack on a Cybersecurity Knowledge Graph (CKG) and a cybersecurity corpus. The attack introduced adverse impacts such as returning incorrect reasoning outputs, representation poisoning, and corruption of other dependent AI-based cyber defense systems. We evaluate with traditional approaches and conduct a human evaluation study with cyber-security professionals and threat hunters. Based on the study, professional threat hunters were equally likely to consider our fake generated CTI and authentic CTI as true.

Anonymous Communication Networks (ACNs) are networks in which, beyond data confidentiality, also traffic flow confidentiality is provided. The most popular routing approach for ACNs also used in practice is Onion. Onion is based on multiple encryption wrapping combined with the proxy mechanism (relay nodes). However, it offers neither sender anonymity nor recipient anonymity in a global passive adversary model, simply because the adversary can observe (at the first relay node) the traffic coming from the sender, and (at the last relay node) the traffic delivered to the recipient. This may also cause a loss of relationship anonymity if timing attacks are performed. This paper presents Onion-Ring, a routing protocol that improves anonymity of Onion in the global adversary model, by achieving sender anonymity and recipient anonymity, and thus relationship anonymity.

Due to respectively limited training data, different entities addressing the same vision task based on certain sensitive images may not train a robust deep network. This paper introduces a new vision task where various entities share task-specific image data to enlarge each other's training data volume without visually disclosing sensitive contents (e.g. illegal images). Then, we present a new structure-based training regime to enable different entities learn task-specific and reconstruction-proof image representations for image data sharing. Specifically, each entity learns a private Deep Poisoning Module (DPM) and insert it to a pre-trained deep network, which is designed to perform the specific vision task. The DPM deliberately poisons convolutional image features to prevent image reconstructions, while ensuring that the altered image data is functionally equivalent to the non-poisoned data for the specific vision task. Given this equivalence, the poisoned features shared from one entity could be used by another entity for further model refinement. Experimental results on image classification prove the efficacy of the proposed method.

In emergency situations like recent Australian bushfires, it is crucial for civilians and firefighters to receive critical information such as escape routes and safe sheltering points with guarantees on information quality attributes. Mobile Ad-hoc Networks (MANETs) can provide communications in bushfire when fixed infrastructure is destroyed and not available. Current MANET solutions, however, are mostly tested under static bushfire scenario. In this work, we investigate the impact of a realistic dynamic bushfire in a dry eucalypt forest with a shrubby understory, on the performance of data delivery solutions in a MANET. Simulation results show a significant degradation in the performance of state-of-the-art MANET quality of information solution. Other than frequent source handovers and reduced user usability, packet arrival latency increases by more than double in the 1st quartile with a median drop of 74.5 % in the overall packet delivery ratio. It is therefore crucial for MANET solutions to be thoroughly evaluated under realistic dynamic bushfire scenarios.

A wireless technology Mobile Ad hoc Network (MANET) that connects a group of mobile devices such as phones, laptops, and tablets suffers from critical security problems, so the traditional defense mechanism Intrusion Detection System (IDS) techniques are not sufficient to safeguard and protect MANET from malicious actions performed by intruders. Due to the MANET dynamic decentralized structure, distributed architecture, and rapid growing of MANET over years, vulnerable MANET does not need to change its infrastructure rather than using intelligent and advance methods to secure them and prevent intrusions. This paper focuses essentially on machine learning methodologies and algorithms to solve the shortage of the first line defense IDS to overcome the security issues MANET experience. Threads such as black hole, routing loops, network partition, selfishness, sleep deprivation, and denial of service (DoS), may be easily classified and recognized using machine learning methodologies and algorithms. Also, machine learning methodologies and algorithms help find ways to reduce and solve mischievous and harmful attacks against intimidation and prying. The paper describes few machine learning algorithms in detail such as Neural Networks, Support vector machine (SVM) algorithm and K-nearest neighbors, and how these methodologies help MANET to resolve their security problems.

Magnetic shielding is an important part in atomic clock’s physical system. The demagnetization of the assembled magnetic shielding system plays an important role in improving atomic clock’s performance. In terms of the drawbacks in traditional attenuated alternating-current demagnetizing method, this paper proposes a novel method — automatically attenuated alternating-current demagnetizing method. Which is implemented by controlling the demagnetization current waveform thorough the signal source’s modulation, so that these parameters such as demagnetizing current frequency, amplitude, transformation mode and demagnetizing period are precisely adjustable. At the same time, this demagnetization proceeds automatically, operates easily, and works steadily. We have the pulsed optically pumped (POP) rubidium atomic clock’s magnetic shielding system for the demagnetization experiment, the magnetic field value reached 1nT/7cm. Experiments show that novel method can effectively realize the demagnetization of the magnetic shielding system, and well meets the atomic clock’s working requirements.

This work examines volatile memory modules as ephemeral key storage for security applications in the context of low temperatures. In particular, we note that such memories exhibit a rising level of data remanence as the temperature decreases, especially for temperatures below 280 Kelvin. Therefore, these memories cannot be used to protect the superconducting modules found in high-speed Magnetic Levitation (MagLev) trains, as such modules most often require extremely low temperatures in order to provide superconducting applications. Thus, a novel secure storage solution is required in this case, especially within the oncoming framework concept of the internet of railway things, which is partially based on the increasing utilisation of commercial off-the-shelf components and potential economies of scale, in order to achieve cost efficiency and, thus, widespread adoption. Nevertheless, we do note that volatile memory modules can be utilised as intrinsic temperature sensors, especially at low temperatures, as the data remanence they exhibit at low temperatures is highly dependent on the ambient temperature, and can, therefore, be used to distinguish between different temperature levels.

In-Network Computing is a promising field that can be explored to leverage programmable network devices to offload computing towards the edge of the network. This has created great interest in supporting a wide range of network functionality in the data plane. Considering a networked robotics domain, this brings new opportunities to tackle the communication latency challenges. However, this approach opens a room for hardware-level exploits, with the possibility to add a malicious code to the network device in a hidden fashion, compromising the entire communication in the robotic facilities. In this work, we expose vulnerabilities that are exploitable in the most widely used flexible framework for writing robot software, Robot Operating System (ROS). We focus on ROS protocol crossing a programmable SmartNIC as a use case for In-Network Hijacking and In-Network Replay attacks, that can be easily implemented using the P4 language, exposing security vulnerabilities for hackers to take control of the robots or simply breaking the entire system.

Context: The technical debt (TD) metaphor helps to conceptualize the pending issues and trade-offs made during software development. Knowing TD causes can support in defining preventive actions and having information about effects aids in the prioritization of TD payment. Goal: To investigate the impact of the experience level on how practitioners perceive the most likely causes that lead to TD and the effects of TD that have the highest impacts on software projects. Method: We approach this topic by surveying 227 practitioners. Results: While experienced software developers focus on human factors as TD causes and external quality attributes as TD effects, low experienced developers seem to concentrate on technical issues as causes and internal quality issues and increased project effort as effects. Missing any of these types of causes could lead a team to miss the identification of important TD, or miss opportunities to preempt TD. On the other hand, missing important effects could hamper effective planning or erode the effectiveness of decisions about prioritizing TD items. Conclusion: Having software development teams composed of practitioners with a homogeneous experience level can erode the team's ability to effectively manage TD.

Convergence of operation technology (OT) and information technology (IT) in industrial automation is currently being adopted as an accelerating trend. The Industrial Internet of Things (IIoT) consists of heterogeneous sensing, computing and actuation nodes that are meshed through a layer of communication protocols, and represents a key enabler for this convergence. Experimental test beds are required to validate complex system designs in terms of scalability, latency, real-time operation and security. We use the open source Coaty - distributed industrial systems framework to present a smart industry application integrating field devices and controllers over the OPCUA and MQTT protocols. The experimental evaluation, using both proprietary automation components and open software modules, serves as a reference tool for building robust systems and provides practical insights for interoperability.

Software defined networking (SDN) architecture frame- work eases the work of the network administrators by separating the data plane from the control plane. This provides a programmable interface for applications development related to security and management. The centralized logical controller provides more control over the total network, which has complete network visibility. These SDN advantages expose the network to vulnerabilities and the impact of the attacks is much severe when compared to traditional networks, where the network devices have protection from the attacks and limits the occurrence of attacks. In this paper, we proposed an entropy based algorithm in SDN to detect as well as stopping distributed denial of service (DDoS) attacks on the servers or clouds or hosts. Firstly, there explored various attacks that can be launched on SDN at different layers. Basically DDoS is one kind of denial of service attack in which an attacker uses multiple distributed sources for attacking a particular server. Every network in a system has an entropy and an increase in the randomness of probability causes entropy to decrease. In comparison with previous entropy based approaches this approach has higher performance in distinguishing legal and illegal traffics and blocking illegal traffic paths. Linux OS and Mininet Simulator along with POX controller are used to validate the proposed approach. By conducting pervasive simulation along with theoretical analysis this method can definitely detect and stop DDoS attacks automatically.

Modern Industrial Automation & Control Systems (IACS) are essential part of the critical infrastructures and services. They are used in health, power, water, and transportation systems, and the impact of cyberattacks on IACS could be severe, resulting, for example, in damage to the environment, public or employee safety or health. Thus, building IACS safe and secure against cyberattacks is extremely important. The attacker model is one of the key elements in risk assessment and other security related information system management tasks. The aim of the study is to specify the attacker's profile based on the analysis of network and system events. The paper presents an approach to the selection of attacker's profile attributes from raw network and system events of the Linux OS. To evaluate the approach the experiments were performed on data collected within the Global CPTC 2019 competition.

Attribute-based encryption (ABE) is an access control mechanism where a sender encrypts messages according to an attribute set for multiple receivers. With fine-grained access control, it has been widely applied to cloud storage and file sharing systems. In such a mechanism, it is a challenge to achieve the revocation efficiently on a specific user since different users may share common attributes. Thus, dynamic membership is a critical issue to discuss. On the other hand, most works on LSSS-based ABE do not address the situation about threshold on the access structure, and it lowers the diversity of access policies. This manuscript presents an efficient attribute-based encryption scheme with dynamic membership by using LSSS. The proposed scheme can implement threshold gates in the access structure. Furthermore, it is the first ABE supporting complete dynamic membership that achieves the CCA security in the standard model, i.e. without the assumption of random oracles.

Medical organizations find it challenging to adopt cloud-based Electronic Health Records (EHR) services due to the risk of data breaches and the resulting compromise of patient data. Existing authorization models follow a patient-centric approach for EHR management, where the responsibility of authorizing data access is handled at the patients’ end. This creates significant overhead for the patient, who must authorize every access of their health record. It is also not practical given that multiple personnel are typically involved in providing care and that the patient may not always be in a state to provide this authorization.

Trust is of paramount concern for tenants to deploy their security-sensitive services in the cloud. The integrity of virtual machines (VMs) in which these services are deployed needs to be ensured even in the presence of powerful adversaries with administrative access to the cloud. Traditional approaches for solving this challenge leverage trusted computing techniques, e.g., vTPM, or hardware CPU extensions, e.g., AMD SEV. But, they are vulnerable to powerful adversaries, or they provide only load time (not runtime) integrity measurements of VMs. We propose TRIGLAV, a protocol allowing tenants to establish and maintain trust in VM runtime integrity of software and its configuration. TRIGLAV is transparent to the VM configuration and setup. It performs an implicit attestation of VMs during a secure login and binds the VM integrity state with the secure connection. Our prototype's evaluation shows that TRIGLAV is practical and incurs low performance overhead (\textbackslashtextless 6%).

Performing an interaction using gaze and pinch has been certified as an efficient interactive method in Mixed Reality, for such techniques can provide users concise and natural experiences. However, executing a task with individual interactions gradually is inefficient in some application scenarios. In this paper, we propose the Hand-Pinch Menu, which core concept is to reduce unnecessary operations by combining several interactions. Users can continuously perform multiple interactions on a selected object concurrently without changing gestures by using this technique. The user study results show that our Gaze-Pinch Menu can improve operational efficiency effectively.