Biblio

In this paper, we propose an accumulated loss recovery algorithm on overlay multicast system using Fountain codes. Fountain code successfully decodes the packet loss, but it is weak in accumulated losses on multicast tree. The proposed algorithm overcomes an accumulated loss and significantly reduces delay on overlay multicast tree.
 

Due to centralized control and programmable capability of the SDN architecture, network administrators can easily manage and control the whole network through the centralized controller. According to the SDN architecture, the SDN controller is vulnerable to distributed denial of service (DDOS) attacks. Thus, a failure of SDN controller is a major leak for security concern. The objectives of paper is therefore to detect the DDOS attacks and classify the normal or attack traffic in SDN network using machine learning algorithms. In this proposed system, polynomial SVM is applied to compare to existing linear SVM by using scapy, which is packet generation tool and RYU SDN controller. According to the experimental result, polynomial SVM achieves 3% better accuracy and 34% lower false alarm rate compared to Linear SVM.

Sego is a hypervisor-based system that gives strong privacy and integrity guarantees to trusted applications, even when the guest operating system is compromised or hostile. Sego verifies operating system services, like the file system, instead of replacing them. By associating trusted metadata with user data across all system devices, Sego verifies system services more efficiently than previous systems, especially services that depend on data contents. We extensively evaluate Sego's performance on real workloads and implement a kernel fault injector to validate Sego's file system-agnostic crash consistency and recovery protocol.

Sego is a hypervisor-based system that gives strong privacy and integrity guarantees to trusted applications, even when the guest operating system is compromised or hostile. Sego verifies operating system services, like the file system, instead of replacing them. By associating trusted metadata with user data across all system devices, Sego verifies system services more efficiently than previous systems, especially services that depend on data contents. We extensively evaluate Sego's performance on real workloads and implement a kernel fault injector to validate Sego's file system-agnostic crash consistency and recovery protocol.

Causality inference, such as dynamic taint anslysis, has many applications (e.g., information leak detection). It determines whether an event e is causally dependent on a preceding event c during execution. We develop a new causality inference engine LDX. Given an execution, it spawns a slave execution, in which it mutates c and observes whether any change is induced at e. To preclude non-determinism, LDX couples the executions by sharing syscall outcomes. To handle path differences induced by the perturbation, we develop a novel on-the-fly execution alignment scheme that maintains a counter to reflect the progress of execution. The scheme relies on program analysis and compiler transformation. LDX can effectively detect information leak and security attacks with an average overhead of 6.08% while running the master and the slave concurrently on separate CPUs, much lower than existing systems that require instruction level monitoring. Furthermore, it has much better accuracy in causality inference.

A smart grid is a fully automated power electricity network, which operates, protects and controls all its physical environments of power electricity infrastructure being able to supply energy in an efficient and reliable way. As the importance of cyber-physical system (CPS) security is growing, various vulnerability analysis methodologies for general systems have been suggested, whereas there has been few practical research targeting the smart grid infrastructure. In this paper, we highlight the significance of security vulnerability analysis in the smart grid environment. Then we introduce various automated vulnerability analysis techniques from executable files. In our approach, we propose a novel binary-based vulnerability discovery method for AMI and EV charging system to automatically extract security-related features from the embedded software. Finally, we present the test result of vulnerability discovery applied for AMI and EV charging system in Korean smart grid environment.

Research on post-quantum cryptography (PQC) to improve the security against quantum computers has been actively conducted. In 2020, NIST announced the final PQC candidates whose design rationales rely on NP-hard or NP-complete problems. It is believed that cryptography based on NP-hard problem might be secure against attacks using quantum computers. N. Koblitz introduced the concept of public-key cryptography using a 3-regular graph with a perfect dominating set in the 1990s. The proposed cryptosystem is based on NP-complete problem to find a perfect dominating set in the given graph. Later, S. Yoon proposed a variant scheme using a perfect minus dominating function. However, their works have not received much attention since these schemes produce huge ciphertexts and are hard to implement efficiently. Also, the security parameters such as key size and plaintext-ciphertext size have not been proposed yet. We conduct security and performance analysis of their schemes and discuss the practical range of security parameters. As an application, the scheme with one-wayness property can be used as an encoding method in the white-box cryptography (WBC).

Addressing vulnerability propagation has become a major issue in software ecosystems. Existing approaches hold the promise of detecting widespread vulnerabilities but cannot be applied to verify effectively whether propagated vulnerable code still poses threats. We present OCTOPOCS, which uses a reformed Proof-of-Concept (PoC), to verify whether a vulnerability is propagated. Using context-aware taint analysis, OCTOPOCS extracts crash primitives (the parts used in the shared code area between the original vulnerable software and propagated software) from the original PoC. OCTOPOCS then utilizes directed symbolic execution to generate guiding inputs that direct the execution of the propagated software from the entry point to the shared code area. Thereafter, OCTOPOCS creates a new PoC by combining crash primitives and guiding inputs. It finally verifies the propagated vulnerability using the created PoC. We evaluated OCTOPOCS with 15 real-world C and C++ vulnerable software pairs, with results showing that OCTOPOCS successfully verified 14 propagated vulnerabilities.

This paper explores the process of collective crisis problem-solving in the darkweb. We conducted a preliminary study on one of the Tor-based darkweb forums, during the shutdown of two marketplaces. Content analysis suggests that distrust permeated the forum during the marketplace shutdowns. We analyzed the debates concerned with suspicious claims and conspiracies. The results suggest that a black-market crisis potentially offers an opportunity for cyber-intelligence to disrupt the darkweb by engendering internal conflicts. At the same time, the study also shows that darkweb members were adept at reaching collective solutions by sharing new market information, more secure technologies, and alternative routes for economic activities.

Deep neural networks (DNNs) exhibit excellent performance in machine learning tasks such as image recognition, pattern recognition, speech recognition, and intrusion detection. However, the usage of adversarial examples, which are intentionally corrupted by noise, can lead to misclassification. As adversarial examples are serious threats to DNNs, both adversarial attacks and methods of defending against adversarial examples have been continuously studied. Zero-day adversarial examples are created with new test data and are unknown to the classifier; hence, they represent a more significant threat to DNNs. To the best of our knowledge, there are no analytical studies in the literature of zero-day adversarial examples with a focus on attack and defense methods through experiments using several scenarios. Therefore, in this study, zero-day adversarial examples are practically analyzed with an emphasis on attack and defense methods through experiments using various scenarios composed of a fixed target model and an adaptive target model. The Carlini method was used for a state-of-the-art attack, while an adversarial training method was used as a typical defense method. We used the MNIST dataset and analyzed success rates of zero-day adversarial examples, average distortions, and recognition of original samples through several scenarios of fixed and adaptive target models. Experimental results demonstrate that changing the parameters of the target model in real time leads to resistance to adversarial examples in both the fixed and adaptive target models.

Deep neural networks (DNNs) provide good performance for image recognition, speech recognition, and pattern recognition. However, a poisoning attack is a serious threat to DNN's security. The poisoning attack is a method to reduce the accuracy of DNN by adding malicious training data during DNN training process. In some situations such as a military, it may be necessary to drop only a chosen class of accuracy in the model. For example, if an attacker does not allow only nuclear facilities to be selectively recognized, it may be necessary to intentionally prevent UAV from correctly recognizing nuclear-related facilities. In this paper, we propose a selective poisoning attack that reduces the accuracy of only chosen class in the model. The proposed method reduces the accuracy of a chosen class in the model by training malicious training data corresponding to a chosen class, while maintaining the accuracy of the remaining classes. For experiment, we used tensorflow as a machine learning library and MNIST and CIFAR10 as datasets. Experimental results show that the proposed method can reduce the accuracy of the chosen class to 43.2% and 55.3% in MNIST and CIFAR10, while maintaining the accuracy of the remaining classes.

Certificate-based Public Key Infrastructure (PKI) schemes are used to authenticate the identity of distinct nodes on the Internet. Using certificates for the Internet of Things (IoT) can allow many privacy sensitive applications to be trusted over the larger Internet architecture. However, since IoT devices are typically resource limited, full sized PKI certificates are not suitable for use in the IoT domain. This work outlines our approach in compressing standards-compliant X.509 certificates so that their sizes are reduced and can be effectively used on IoT nodes. Our scheme combines the use of Concise Binary Object Representation (CBOR) and also a scheme that compresses all data that can be implicitly inferenced within the IoT sub-network. Our scheme shows a certificate compression rate of up to \textbackslashtextasciitilde30%, which allows effective energy reduction when using X.509-based certificates on IoT platforms.

Due to the proliferation of reprogrammable hardware, core designs built from modules drawn from a variety of sources execute with direct access to critical system resources. Expressing guarantees that such modules satisfy, in particular the dynamic conditions under which they release information about their unbounded streams of inputs, and automatically proving that they satisfy such guarantees, is an open and critical problem.,,To address these challenges, we propose a domain-specific language, named STREAMS, for expressing information-flow policies with declassification over unbounded input streams. We also introduce a novel algorithm, named SIMAREL, that given a core design C and STREAMS policy P, automatically proves or falsifies that C satisfies P. The key technical insight behind the design of SIMAREL is a novel algorithm for efficiently synthesizing relational invariants over pairs of circuit executions.,,We expressed expected behavior of cores designed independently for research and production as STREAMS policies and used SIMAREL to check if each core satisfies its policy. SIMAREL proved that half of the cores satisfied expected behavior, but found unexpected information leaks in six open-source designs: an Ethernet controller, a flash memory controller, an SD-card storage manager, a robotics controller, a digital-signal processing (DSP) module, and a debugging interface.

Atom is an anonymous messaging system that protects against traffic-analysis attacks. Unlike many prior systems, each Atom server touches only a small fraction of the total messages routed through the network. As a result, the system's capacity scales near-linearly with the number of servers. At the same time, each Atom user benefits from "best possible" anonymity: a user is anonymous among all honest users of the system, even against an active adversary who monitors the entire network, a portion of the system's servers, and any number of malicious users. The architectural ideas behind Atom have been known in theory, but putting them into practice requires new techniques for (1) avoiding heavy general-purpose multi-party computation protocols, (2) defeating active attacks by malicious servers at minimal performance cost, and (3) handling server failure and churn. Atom is most suitable for sending a large number of short messages, as in a microblogging application or a high-security communication bootstrapping ("dialing") for private messaging systems. We show that, on a heterogeneous network of 1,024 servers, Atom can transit a million Tweet-length messages in 28 minutes. This is over 23x faster than prior systems with similar privacy guarantees.

We are witnessing a huge growth of cyber-physical systems, which are autonomous, mobile, endowed with sensing, controlled by software, and often wirelessly connected and Internet-enabled. They include factory automation systems, robotic assistants, self-driving cars, and wearable and implantable devices. Since they are increasingly often used in safety- or business-critical contexts, to mention invasive treatment or biometric authentication, there is an urgent need for modelling and verification technologies to support the design process, and hence improve the reliability and reduce production costs. This paper gives an overview of quantitative verification and synthesis techniques developed for cyber-physical systems, summarising recent achievements and future challenges in this important field.

This paper studies the modeling of cyber-physical dependencies observed within power grids and the effects of these intra-dependencies, on power grid resilience, which is evaluated quantitatively. A fundamental contribution of this paper is the description of the critically important role played by cyber-physical buffers as key components to limit the negative effect of intra-dependencies on power grids resilience. Although resilience issues in the electric power provision service could be limited thanks to the use of local energy storage devices as the realization of service buffers, minimal to no autonomy in data connectivity buffers make cyber vulnerabilities specially critical in terms of resilience. This paper also explains how these models can be used for improved power grids resilience planning considering internal cyber-physical interactions.

Bitcoin is the most famous cryptocurrency currently operating with a total marketcap of almost 7 billion USD. This innovation stands strong on the feature of pseudo anonymity and strives on its innovative de-centralized architecture based on the Blockchain. The Blockchain is a distributed ledger that keeps a public record of all the transactions processed on the bitcoin protocol network in full transparency without revealing the identity of the sender and the receiver. Over the course of 2016, cryptocurrencies have shown some instances of abuse by criminals in their activities due to its interesting nature. Darknet marketplaces are increasing the volume of their businesses in illicit and illegal trades but also cryptocurrencies have been used in cases of extortion, ransom and as part of sophisticated malware modus operandi. We tackle these challenges by developing an analytical capability that allows us to map relationships on the blockchain and filter crime instances in order to investigate the abuse in law enforcement local environment. We propose a practical bitcoin analytical process and an analyzing system that stands alone and manages all data on the blockchain in real-time with tracing and visualizing techniques rendering transactions decipherable and useful for law enforcement investigation and training. Our system adopts combination of analyzing methods that provides statistics of address, graphical transaction relation, discovery of paths and clustering of already known addresses. We evaluated our system in the three criminal cases includes marketplace, ransomware and DDoS extortion. These are practical training in law enforcement, then we determined whether our system could help investigation process and training.

Biometric methods are the most effective and accurate authentication methods. However, a significant drawback of such methods is the storage of authentication information in clear text. The article is devoted to solving this problem by means of symmetric encryption method and the method of dividing the memory space. The method of symmetric encryption ensures confidentiality during storage and transmission of biometric characteristics, the method of dividing the memory space provides an increase of information security level during processing of biometric characteristics.

This paper proposes a simple topological characterization of a large class of fair adversarial models via affine tasks: sub-complexes of the second iteration of the standard chromatic subdivision. We show that the task computability of a model in the class is precisely captured by iterations of the corresponding affine task. Fair adversaries include, but are not restricted to, the models of wait-freedom, t-resilience, and k-concurrency. Our results generalize and improve all previously derived topological characterizations of the ability of a model to solve distributed tasks.

The paper deals with the design and principles of functioning of code-based schemes for formation and verification of electronic digital signature. Comparative studies of the effectiveness of the known CFS scheme and the proposed scheme have been carried out, as well as their possibilities, disadvantages and prospects for use in the post-quantum period.

This paper focuses on research of a provably secure code-based pseudorandom sequence generators whose cryptanalysis problem equals to syndrome decoding (belonging to the NP-complex class). It was found that generated sequences of such well-known Fischer-Stern code-based generator don’t have a maximum period, the actual period is much lower than expected. In our work, we have created a new generator scheme. It retains all advantages of the Fisher-Stern algorithm and provides pseudorandom sequences which are formed with maximum period. Also comparative analysis of proposed generator and popular generators was conducted.

Cloud computing is one of the emerging computing technology where costs are directly proportional to usage and demand. The advantages of this technology are the reasons of security and privacy problems. The data belongs to the users are stored in some cloud servers which is not under their own control. So the cloud services are required to authenticate the user. In general, most of the cloud authentication algorithms do not provide anonymity of the users. The cloud provider can track the users easily. The privacy and authenticity are two critical issues of cloud security. In this paper, we propose a secure anonymous authentication method for cloud services using identity based group signature which allows the cloud users to prove that they have privilege to access the data without revealing their identities.

Attacks against websites are increasing rapidly with the expansion of web services. An increasing number of diversified web services make it difficult to prevent such attacks due to many known vulnerabilities in websites. To overcome this problem, it is necessary to collect the most recent attacks using decoy web honeypots and to implement countermeasures against malicious threats. Web honeypots collect not only malicious accesses by attackers but also benign accesses such as those by web search crawlers. Thus, it is essential to develop a means of automatically identifying malicious accesses from mixed collected data including both malicious and benign accesses. Specifically, detecting vulnerability scanning, which is a preliminary process, is important for preventing attacks. In this study, we focused on classification of accesses for web crawling and vulnerability scanning since these accesses are too similar to be identified. We propose a feature vector including features of collective accesses, e.g., intervals of request arrivals and the dispersion of source port numbers, obtained with multiple honeypots deployed in different networks for classification. Through evaluation using data collected from 37 honeypots in a real network, we show that features of collective accesses are advantageous for vulnerability scanning and crawler classification.

The existing radial topology makes the power system less reliable since any part in the system failure will disrupt electrical power delivery in the network. The increasing security concerns, electrical energy theft, and present advancement in Information and Communication Technologies are some factors that led to modernization of power system. In a smart grid, a network of smart sensors offers numerous opportunities that may include monitoring of power, consumer-side energy management, synchronization of dispersed power storage, and integrating sources of renewable energy. Smart sensor networks are low cost and are ease to deploy hence they are favorable contestants for deployment smart power grids at a larger scale. These networks will result in a colossal volume of dissimilar range of data that require an efficient processing and analyzing process in order to realize an efficient smart grid. The existing technology can be used to collect data but dealing with the collected information proficiently as well as mining valuable material out of it remains challenging. The paper investigates communication technologies that maybe deployed in a smart grid. In this paper simulations results for the Additive White Gaussian Noise (AWGN) channel are illustrated. We propose a model and a communication network domain riding on the power system domain. The model was interrogated by simulation in MATLAB.

The ecosystem of the Internet of Things (IoT) continues growing now and covers more and more fields. One of these areas is the Industrial Internet of Things (IIoT) which integrates sensors and actuators, business applications, open web applications, multimedia security systems, positioning, and tracking systems. Each of these components creates its own data stream and has its own parameters of the probability distribution when transmitting information packets. One such distribution, specific to the TrumpfTruPrint 1000 IIoT system, is the beta distribution. We described issues of the processing of such a data flow by an agent model of the \$5\textbackslashtextbackslashtimes5\$ NoC switch fabric. The concepts of modern telecommunication networks 5G/6G imply the processing of “small” data in the place of their origin, not excluding the centralized processing of big data. This process, which involves the transmission, distribution, and processing of data, involves a large number of devices: routers, multiprocessor systems, multi-core systems, etc. We assumed that the data stream is processed by a device with the network structure, such as NoC, and goes to its built-in router. We carried out a study how the average queues of the \$5\textbackslashtextbackslashtimes5\$ router change with changes in the parameters of a data stream that has a beta distribution.