Biblio

Most IoT malware is variants generated by editing and reusing parts of the functions based on publicly available source codes. In our previous study, we proposed a method to estimate the functions of a specimen using the Function Call Sequence Graph (FCSG), which is a directed graph of execution sequence of function calls. In the FCSG-based method, the subgraph corresponding to a malware functionality is manually created and called a signature-FSCG. The specimens with the signature-FSCG are expected to have the corresponding functionality. However, this method cannot detect the specimens with a slightly different subgraph from the signature-FSCG. This paper found that these specimens were supposed to have the same functionality for a signature-FSCG. These specimens need more flexible signature matching, and we propose a graph embedding technique to realize it.

Physical layer (PHY) security in decode-and-forward (DF) relay systems is discussed. Based on the types of wiretap links, the secrecy performance of three typical secure DF relay models is analyzed. Different from conventional works in this field, rigorous derivations of the secrecy channel capacity are provided from an information-theoretic perspective. Meanwhile, closed-form expressions are derived to characterize the secrecy outage probability (SOP). For the sake of unveiling more system insights, asymptotic analyses are performed on the SOP for a sufficiently large signal-to-noise ratio (SNR). The analytical results are validated by computer simulations and are in excellent agreement.

The advancement of modern multimedia and data-intensive classes of applications demands the development of hardware that delivers better performance. Due to the evolution of 5G, Edge-Computing, the Internet of Things, Software-Defined networks, etc., the data produced by the devices such as sensors are increasing. A software-Defined network is a powerful paradigm that is capable of automating networking and cloud computing. Software-Defined Network has controllers, devices, and applications which produce a huge amount of data. The processing of data inside the device as well as between the devices needs a better hardware architecture with more cores to ensure speedy performance. The System-on-Chip approach alone will not be capable to handle this dense core comprised of hardware. We have to blend Network-on-Chip along with System-on-Chip to increase the potential to include more cores capable to handle more threads. Artificial Intelligence, a key enabler in next-generation devices is capable of producing a better architecture design with optimized performance. In this paper, we are discussing and endeavouring how System-on-Chip, Network-on-Chip, Software-Defined Networks, and Artificial Intelligence can be physically, logically, and contextually incorporated to deliver improved computation and networking outcomes.

Remotely connected devices have been adopted in several industrial control systems (ICS) recently due to the advancement in the Industrial Internet of Things (IIoT). This led to new security vulnerabilities because of the expansion of the attack surface. Moreover, cybersecurity incidents in critical infrastructures are increasing. In the ICS, RS-485 cables are widely used in its network for serial communication between each component. However, almost 30 years ago, most of the industrial network protocols implemented over RS-485 such as Modbus were designed without security features. Therefore, anomaly detection is required in industrial control networks to secure communication in the systems. The goal of this paper is to study unsupervised anomaly detection in RS-485 traffic using autoencoders. Five threat scenarios in the physical layer of the industrial control network are proposed. The novelty of our method is that RS-485 traffic is collected indirectly by an analog-to-digital converter. In the experiments, multilayer perceptron (MLP), 1D convolutional, Long Short-Term Memory (LSTM) autoencoders are trained to detect anomalies. The results show that three autoencoders effectively detect anomalous traffic with F1-scores of 0.963, 0.949, and 0.928 respectively. Due to the indirect traffic collection, our method can be practically applied in the industrial control network.

Many cyber-related untoward incidents and multiple instances of a data breach of system are being reported. User identity and its usage for valid entry to system depend upon successful authentication. Researchers have explored many threats and vulnerabilities in a centralized system. It has initiated concept of a decentralized way to overcome them. In this work, we have explored application of Self-Sovereign Identity and Verifiable Credentials using decentralized identifiers over cloud.

The agricultural sector and other Micro, Small, and Medium Enterprises in India operate with more than 90% migrant workers searching for better employment opportunities far away from their native places. However, inherent challenges are far more for the migrant workers, most prominently their Identity. To the best of our knowledge, available literature lacks a comprehensive study on identity management components for user privacy and data protection mechanisms in identity management architecture. Self-Sovereign Identity is regarded as a new evolution in digital identity management systems. Blockchain technology and distributed ledgers bring us closer to realizing an ideal Self-Sovereign Identity system. This paper proposes a novel solution to address identity issues being faced by migrant workers. It also gives a holistic, coherent, and mutually beneficial Identity Management Solution for the migrant workforce in the Indian perspective towards e-Governance and Digital India.

We show that the most common flavors of noisy leakage can be simulated in the information-theoretic setting using a single query of bounded leakage, up to a small statistical simulation error and a slight loss in the leakage parameter. The latter holds true in particular for one of the most used noisy-leakage models, where the noisiness is measured using the conditional average min-entropy (Naor and Segev, CRYPTO’09 and SICOMP’12). Our reductions between noisy and bounded leakage are achieved in two steps. First, we put forward a new leakage model (dubbed the dense leakage model) and prove that dense leakage can be simulated in the information-theoretic setting using a single query of bounded leakage, up to small statistical distance. Second, we show that the most common noisy-leakage models fall within the class of dense leakage, with good parameters. Third, we prove lower bounds on the amount of bounded leakage required for simulation with sub-constant error, showing that our reductions are nearly optimal. In particular, our results imply that useful general simulation of noisy leakage based on statistical distance and mutual information is impossible. We also provide a complete picture of the relationships between different noisy-leakage models. Our result finds applications to leakage-resilient cryptography, where we are often able to lift security in the presence of bounded leakage to security in the presence of noisy leakage, both in the information-theoretic and in the computational setting. Remarkably, this lifting procedure makes only black-box use of the underlying schemes. Additionally, we show how to use lower bounds in communication complexity to prove that bounded-collusion protocols (Kumar, Meka, and Sahai, FOCS’19) for certain functions do not only require long transcripts, but also necessarily need to reveal enough information about the inputs.

The fast-evolving Intelligent Transportation Systems (ITS) are crucial in the 21st century, promising answers to congestion and accidents that bother people worldwide. ITS applications such as Connected and Autonomous Vehicle (CAVs) update and broadcasts road incident event messages, and this requires significant data to be transmitted between vehicles for a decision to be made in real-time. However, broadcasting trusted incident messages such as accident alerts between vehicles pose a challenge for CAVs. Most of the existing-trust solutions are based on the vehicle's direct interaction base reputation and the psychological approaches to evaluate the trustworthiness of the received messages. This paper provides a scheme for improving trust in the received incident alert messages for real-time decision-making to detect malicious alerts between CAVs using direct and indirect interactions. This paper applies artificial intelligence and statistical data classification for decision-making on the received messages. The model is trained based on the US Department of Technology Safety Pilot Deployment Model (SPMD). An Autonomous Decision-making Trust Scheme (ADmTS) that incorporates a machine learning algorithm and a local trust manager for decision-making has been developed. The experiment showed that the trained model could make correct predictions such as 98% and 0.55% standard deviation accuracy in predicting false alerts on the 25% malicious data

Software vulnerabilities are closely monitored by the security community to timely address the security and privacy issues in software systems. Before a vulnerability is published by vulnerability management systems, it needs to be characterized to highlight its unique attributes, including affected software products and versions, to help security professionals prioritize their patches. Associating product names and versions with disclosed vulnerabilities may require a labor-intensive process that may delay their publication and fix, and thereby give attackers more time to exploit them. This work proposes a machine learning method to extract software product names and versions from unstructured CVE descriptions automatically. It uses Word2Vec and Char2Vec models to create context-aware features from CVE descriptions and uses these features to train a Named Entity Recognition (NER) model using bidirectional Long short-term memory (LSTM) networks. Based on the attributes of the product names and versions in previously published CVE descriptions, we created a set of Expert System (ES) rules to refine the predictions of the NER model and improve the performance of the developed method. Experiment results on real-life CVE examples indicate that using the trained NER model and the set of ES rules, software names and versions in unstructured CVE descriptions could be identified with F-Measure values above 0.95.

Modular exponentiation (ME) is a complex operation for several public-key cryptosystems (PKCs). Moreover, ME is expensive for resource-constrained devices in terms of computation time and energy consumption, especially when the exponent is large. ME is defined as the task of raising an integer x to power k and reducing the result modulo some integer n. Several methods to calculate ME have been proposed. In this paper, we present the efficient ME methods. We then implement the methods using different security levels of RSA keys on a Raspberry Pi. Finally, we give the fast ME method.

Research data sharing requires provision of adequate security. The requirements for data privacy are extremely demanding for medical data that is reused for research purposes. To address these requirements, the research institutions must implement adequate security measurements, and this demands large effort and costs to do it properly. The usage of adequate access controls and data encryption are key approaches to effectively protect research data confidentiality; however, the management of the encryption keys is challenging. There are novel mechanisms that can be explored for managing access to the encryption keys and encrypted files. These mechanisms guarantee that data are accessed by authorised users and that auditing is possible. In this paper we explore these mechanisms to implement a secure research medical data sharing system. In the proposed system, the research data are stored on a secure cloud system. The data are partitioned into subsets, each one encrypted with a unique key. After the authorisation process, researchers are given rights to use one or more of the keys and to selectively access and decrypt parts of the dataset. Our proposed solution offers automated fine-grain access control to research data, saving time and work usually made manually. Moreover, it maximises and fortifies users' trust in data sharing through secure clouds solutions. We present an initial evaluation and conclude with a discussion about the limitations, open research questions and future work around this challenging topic.

In this paper will be described a new security protocol for secret sharing and hiding, which use selected personal features. Such technique allows to create human-oriented personalized security protocols dedicated for particular users. Proposed method may be applied in dispersed computing systems, where secret data should be divided into particular number of parts.

With the continues growth of our technology, majority in our sectors are becoming smart and one of its great applications is in agriculture, which we call it as smart farming. The application of sensors, IoT, artificial intelligence, networking in the agricultural setting with the main purpose of increasing crop production and security level. With this advancement in farming, this provides a lot of privileges like remote monitoring, optimization of produce and too many to mention. In light of the thorough systematic analysis performed in this study, it was discovered that Edge-of-things is a potential computing scheme that could boost an artificial intelligence for intelligent remote farm security and intrusion detection pre-alarm system over other computing schemes. Again, the purpose of this study is not to replace existing cloud computing, but rather to highlight the potential of the Edge. The Edge architecture improves end-user experience by improving the time-related response of the system. response time of the system. One of the strengths of this system is to provide time-critical response service to make a decision with almost no delay, making it ideal for a farm security setting. Moreover, this study discussed the comparative analysis of Cloud, Fog and Edge in relation to farm security, the demand for a farm security system and the tools needed to materialize an Edge computing in a farm environment.

Differential privacy mechanisms have been proposed to guarantee the privacy of individuals in various types of statistical information. When constructing a probabilistic mechanism to satisfy differential privacy, it is necessary to consider the impact of an arbitrary record on its statistics, i.e., sensitivity, but there are situations where sensitivity is difficult to derive. In this paper, we first summarize the situations in which it is difficult to derive sensitivity in general, and then propose a definition equivalent to the conventional definition of differential privacy to deal with them. This definition considers neighboring datasets as in the conventional definition. Therefore, known differential privacy mechanisms can be applied. Next, as an example of the difficulty in deriving sensitivity, we focus on the t-test, a basic tool in statistical analysis, and show that a concrete differential privacy mechanism can be constructed in practice. Our proposed definition can be treated in the same way as the conventional differential privacy definition, and can be applied to cases where it is difficult to derive sensitivity.

This research investigates efficient architectures for the implementation of the CRYSTALS-Dilithium post-quantum digital signature scheme on reconfigurable hardware, in terms of speed, memory usage, power consumption and resource utilisation. Post quantum digital signature schemes involve a significant computational effort, making efficient hardware accelerators an important contributor to future adoption of schemes. This is work in progress, comprising the establishment of a comprehensive test environment for operational profiling, and the investigation of the use of novel architectures to achieve optimal performance.

Network attacks become more complicated with the improvement of technology. Traditional statistical methods may be insufficient in detecting constantly evolving network attack. For this reason, the usage of payload-based deep packet inspection methods is very significant in detecting attack flows before they damage the system. In the proposed method, features are extracted from the byte distributions in the payload and these features are provided to characterize the flows more deeply by using N-Gram analysis methods. The proposed procedure has been tested on IDS 2012 and 2017 datasets, which are widely used in the literature.

Machine learning (ML) models are increasingly being used in the development of Malware Detection Systems. Existing research in this area primarily focuses on developing new architectures and feature representation techniques to improve the accuracy of the model. However, recent studies have shown that existing state-of-the art techniques are vulnerable to adversarial machine learning (AML) attacks. Among those, data poisoning attacks have been identified as a top concern for ML practitioners. A recent study on clean-label poisoning attacks in which an adversary intentionally crafts training samples in order for the model to learn a backdoor watermark was shown to degrade the performance of state-of-the-art classifiers. Defenses against such poisoning attacks have been largely under-explored. We investigate a recently proposed clean-label poisoning attack and leverage an ensemble-based Nested Training technique to remove most of the poisoned samples from a poisoned training dataset. Our technique leverages the relatively large sensitivity of poisoned samples to feature noise that disproportionately affects the accuracy of a backdoored model. In particular, we show that for two state-of-the art architectures trained on the EMBER dataset affected by the clean-label attack, the Nested Training approach improves the accuracy of backdoor malware samples from 3.42% to 93.2%. We also show that samples produced by the clean-label attack often successfully evade malware classification even when the classifier is not poisoned during training. However, even in such scenarios, our Nested Training technique can mitigate the effect of such clean-label-based evasion attacks by recovering the model's accuracy of malware detection from 3.57% to 93.2%.

Cyber threats can cause severe damage to computing infrastructure and systems as well as data breaches that make sensitive data vulnerable to attackers and adversaries. It is therefore imperative to discover those threats and stop them before bad actors penetrating into the information systems.Threats hunting algorithms based on machine learning have shown great advantage over classical methods. Reinforcement learning models are getting more accurate for identifying not only signature-based but also behavior-based threats. Quantum mechanics brings a new dimension in improving classification speed with exponential advantage. The accuracy of the AI/ML algorithms could be affected by many factors, from algorithm, data, to prejudicial, or even intentional. As a result, AI/ML applications need to be non-biased and trustworthy.In this research, we developed a machine learning-based cyber threat detection and assessment tool. It uses two-stage (both unsupervised and supervised learning) analyzing method on 822,226 log data recorded from a web server on AWS cloud. The results show the algorithm has the ability to identify the threats with high confidence.

Networked cyber-physical systems must balance the utility of communication for monitoring and control with the risks of revealing private information. Many of these networks, such as wireless communication, are vulnerable to eavesdrop-ping by illegitimate recipients. Obfuscation can hide information from eaves-droppers by ensuring their observations are ambiguous or misleading. At the same time, coordination with recipients can enable them to interpret obfuscated data. In this way, we propose an obfuscation framework for dynamic systems that ensures privacy against eavesdroppers while maintaining utility for legitimate recipients. We consider eavesdroppers unaware of obfuscation by requiring that their observations are consistent with the original system, as well as eaves-droppers aware of the goals of obfuscation by assuming they learn of the specific obfuscation implementation used. We present a method for bounded synthesis of solutions based upon distributed reactive synthesis and the synthesis of publicly-known obfuscators.

The modern networking world is being exposed to many risks more frequently every day. Most of systems strongly rely on remaining anonymous throughout the whole endpoint exploitation process. Covert channels represent risk since they ex-ploit legitimate communications and network protocols to evade typical filtering. This firewall avoidance sees covert channels frequently used for malicious communication of intruders with systems they compromised, and thus a real threat to network security. While there are commercial tools to safeguard computer networks, novel applications such as automotive connectivity and V2X present new challenges. This paper focuses on the analysis of the recent ways of using covert channels and detecting them, but also on the state-of-the-art possibilities of protection against them. We investigate observing the timing covert channels behavior simulated via injected ICMP traffic into standard network communications. Most importantly, we concentrate on enhancing firewall with detection and prevention of such attack built-in features. The main contribution of the paper is design for detection timing covert channel threats utilizing detection methods based on statistical analysis. These detection methods are combined and implemented in one program as a simple host-based intrusion detection system (HIDS). As a result, the proposed design can analyze and detect timing covert channels, with the addition of taking preventive measures to block any future attempts to breach the security of an end device.

With the rapid innovation of cloud computing technologies, which has enhanced the application of the Internet of Things (IoT), smart health (s-health) is expected to enhance the quality of the healthcare system. However, s-health records (SHRs) outsourcing, storage, and sharing via a cloud server must be protected and users attribute privacy issues from the public domain. Ciphertext policy attribute-based encryption (CP-ABE) is the cryptographic primitive which is promising to provide fine-grained access control in the cloud environment. However, the direct application of traditional CP-ABE has brought a lot of security issues like attributes' privacy violations and vulnerability in the future by potential powerful attackers like side-channel and cold-bot attacks. To solve these problems, a lot of CP-ABE schemes have been proposed but none of them concurrently support partially policy-hidden and leakage resilience. Hence, we propose a new Smart Health Records Sharing Scheme that will be based on Partially Policy-Hidden CP-ABE with Leakage Resilience which is resilient to bound leakage from each of many secret keys per user, as well as many master keys, and ensure attribute privacy. Our scheme hides attribute values of users in both secret key and ciphertext which contain sensitive information in the cloud environment and are fully secure in the standard model under the static assumptions.

The pre-magnetization of inertial confinement fusion capsules is a promising avenue for reaching hotspot ignition, as the magnetic field reduces electron thermal conduction losses during hotspot formation. However, in order to reach high yields, efficient burn-up of the cold fuel is vital. Suppression of heat flows out of the hotspot due to magnetization can restrict the propagation of burn and has been observed to reduce yields in previous studies [1] . This work investigates the potential suppression of burn in a magnetized plasma utilizing the radiation-MHD code ‘Chimera’ in a planar geometry.. This code includes extended-MHD effects, such as the Nernst term, and a Monte-Carlo model for magnetized alpha particle transport and heating. We observe 3 distinct regimes of magnetized burn in 1D as initial magnetization is increased: thermal conduction driven; alpha driven; and suppressed burn. Field transport due to extended-MHD is also observed to be important, enhancing magnetization near the burn front. In higher dimensions, burn front instabilities have the potential to degrade burn even more severely. Magneto-thermal type instabilities (previously observed in laser-heated plasmas [2] ) are of particular interest in this problem.

Resilience of urban infrastructure to sudden, system-wide, potentially catastrophic events is a critical need across domains. The growing connectivity of infrastructure, including its cyber-physical components which can be controlled in real time, offers an attractive path towards rapid adaptation to adverse events and adjustment of system objectives. However, existing work in the field often offers disjoint approaches that respond to particular scenarios. On the other hand, abstract work on control of complex systems focuses on attempting to adapt to the changes in the system dynamics or environment, but without understanding that the system may simply not be able to perform its original task after an adverse event. To address this challenge, this programmatic paper proposes a vision for a new paradigm of infrastructure resilience. Such a framework treats infrastructure across domains through a unified theory of controlled dynamical systems, but remains cognizant of the lack of knowledge about the system following a widespread adverse event and aims to identify the system's fundamental limits. As a result, it will enable the infrastructure operator to assess and assure system performance following an adverse event, even if the exact nature of the event is not yet known. Building off ongoing work on assured resilience of control systems, in this paper we identify promising early results, challenges that motivate the development of resilience theory for infrastructure system, and possible paths forward for the proposed effort.

Actuator malfunctions may have disastrous con-sequences for systems not designed to mitigate them. We focus on the loss of control authority over actuators, where some actuators are uncontrolled but remain fully capable. To counter-act the undesirable outputs of these malfunctioning actuators, we use real-time measurements and redundant actuators. In this setting, a system that can still reach its target is deemed resilient. To quantify the resilience of a system, we compare the shortest time for the undamaged system to reach the target with the worst-case shortest time for the malfunctioning system to reach the same target, i.e., when the malfunction makes that time the longest. Contrary to prior work on driftless linear systems, the absence of analytical expression for time-optimal controls of general linear systems prevents an exact calculation of quantitative resilience. Instead, relying on Lyapunov theory we derive analytical bounds on the nominal and malfunctioning reach times in order to bound quantitative resilience. We illustrate our work on a temperature control system.

The paper aims to discover vulnerabilities by application of supervisory control theory and to design a defensive supervisor against vulnerability attacks. Supervisory control restricts the system behavior to satisfy the control specifications. The existence condition of the supervisor, sometimes results in undesirable plant behavior, which can be regarded as a vulnerability of the control specifications. We aim to design a more robust supervisor against this vulnerability.