Biblio

The main threats in complex networks for large-scale information systems using web browsers or service browsers are analyzed. The necessary security features for these types of systems are compared. The advantages of systems developed with service-browser technology are shown.

It is well-known, and often a topic of heated debates, that programs in some programming languages are more concise than in others. This is a relevant factor when comparing or aggregating volume-impacted metrics on source code written in a combination of programming languages. In this paper, we present a model for measuring the conciseness of programming languages in a consistent, objective and evidence-based way. We present the approach, explain how it is founded on information theoretical principles, present detailed analysis steps and show the quantitative results of applying this model to a large benchmark of diverse commercial software applications. We demonstrate that our metric for language conciseness is strongly correlated with both an alternative analytical approach, and with a large scale developer survey, and show how its results can be applied to improve software metrics for multi-language applications.

Aim and scope of the study From 2017 to 2020, we conducted a research through design to address a number of identified obstacles to adoption of wearable computing. One obstacle was a perceived failure to design wearables for emotional engagement [1] [2] [3]. To address this, we began the inspiration phase with a participatory design process with an open-ended brief, instead of the typical approach of starting with a design exemplar. In this way, we elicited concepts from the participants to discover what kinds of everyday wearables they desired [4], rather than their preferences for some particular device type like an activity monitor [5]. The obstacles interrelate, and the outcome of our investigations against the obstacle of poor emotional engagement, give cause to reflect on another of the obstacles: privacy. This paper will reflect on the privacy issues evoked by our experience.

Poultry farming has contributed immensely to global food security and the economy. Its produces are favourites and hugely subscribed, due to the uniqueness of their nutrients to all categories of people and the alternatives they provide to other high-cholesterol proteins. The increase in the world's population will continuously stretch for an increase in demands for poultry products. A smart way to ensure continuous production and increased yields in various farms is to adopt automated and remote management of poultries. This paper modelled and developed a collaborative system using the synergistic wireless sensor network technology and the internet of things. The system integrated resourcefully selected wireless sensors, mobile phone, other autonomous devices and the internet to remotely monitor and control environmental parameters and activities within the farm. Parameters such as temperature, humidity, water level, food valve level, ammonia gas, illumination are sensed, benchmarked against selected thresholds, and communicated wirelessly to the sink node and the internet cloud. The required control actions can also be initiated remotely by the administrator through messages or command signal. Also, the various parameters and actions can be read or documented in real-time over the web. The system was tested and evaluated to give an average of about 93.7% accuracy in parameters detection and 2s delay in real-time response. Therefore, a modelled system has been developed to provide robust and more intuitive solutions in poultry farming.

Trust is of paramount concern for tenants to deploy their security-sensitive services in the cloud. The integrity of virtual machines (VMs) in which these services are deployed needs to be ensured even in the presence of powerful adversaries with administrative access to the cloud. Traditional approaches for solving this challenge leverage trusted computing techniques, e.g., vTPM, or hardware CPU extensions, e.g., AMD SEV. But, they are vulnerable to powerful adversaries, or they provide only load time (not runtime) integrity measurements of VMs. We propose TRIGLAV, a protocol allowing tenants to establish and maintain trust in VM runtime integrity of software and its configuration. TRIGLAV is transparent to the VM configuration and setup. It performs an implicit attestation of VMs during a secure login and binds the VM integrity state with the secure connection. Our prototype's evaluation shows that TRIGLAV is practical and incurs low performance overhead (\textbackslashtextless 6%).

Vehicular Ad Hoc Networks (VANETs) have the potential to improve road safety and reduce traffic congestion by enhancing sharing of messages about road conditions. Communication in VANETs depends upon a Public Key Infrastructure (PKI) that checks for message confidentiality, integrity, and authentication. One challenge that the PKI infrastructure does not eliminate is the possibility of malicious vehicles mounting a Distributed Denial of Service (DDoS) attack. We present a scheme that combines statistical modeling and machine learning techniques to detect and prevent blackhole attacks in a VANET environment.Simulation results demonstrate that on average, our model produces an Area Under The Curve (ROC) and Receiver Operating Characteristics (AUC) score of 96.78% which is much higher than a no skill ROC AUC score and only 3.22% away from an ideal ROC AUC score. Considering all the performance metrics, we show that the Support Vector Machine (SVM) and Gradient Boosting classifier are more accurate and perform consistently better under various circumstances. Both have an accuracy of over 98%, F1-scores of over 95%, and ROC AUC scores of over 97%. Our scheme is robust and accurate as evidenced by its ability to identify and prevent blackhole attacks. Moreover, the scheme is scalable in that addition of vehicles to the network does not compromise its accuracy and robustness.

The increase in online activity during the COVID 19 pandemic has generated a surge in network traffic capable of expanding the scope of DDoS attacks. Cyber criminals can now afford to launch massive DDoS attacks capable of degrading the performances of conventional machine learning based IDS models. Hence, there is an urgent need for an effective DDoS attack detective model with the capacity to handle large magnitude of DDoS attack traffic. This study proposes a deep learning based DDoS attack detection system using Long Short Term Memory (LSTM). The proposed model was evaluated on UNSW-NB15 and NSL-KDD intrusion datasets, whereby twenty-three (23) and twenty (20) attack features were extracted from UNSW-NB15 and NSL-KDD, respectively using Singular Value Decomposition (SVD). The results from the proposed model show significant improvement when compared with results from some conventional machine learning techniques such as Naïve Bayes (NB), Decision Tree (DT), and Support Vector Machine (SVM) with accuracies of 94.28% and 90.59% on both datasets, respectively. Furthermore, comparative analysis of LSTM with other deep learning results reported in literature justified the choice of LSTM among its deep learning peers in detecting DDoS attacks over a network.

Selecting the optimal set of countermeasures to secure a network is a challenging task, since it involves various considerations and trade-offs, such as prioritizing the risks to mitigate given the mitigation costs. Previously suggested approaches are based on limited and largely manual risk assessment procedures, provide recommendations for a specific event, or don't consider the organization's constraints (e.g., limited budget). In this paper, we present an improved attack graph-based risk assessment process and apply heuristic search to select an optimal countermeasure plan for a given network and budget. The risk assessment process represents the risk in the system in such a way that incorporates the quantitative risk factors and relevant countermeasures; this allows us to assess the risk in the system under different countermeasure plans during the search, without the need to regenerate the attack graph. We also provide a detailed description of countermeasure modeling and discuss how the countermeasures can be automatically matched to the security issues discovered in the network.

Machine learning methods are growing in relevance for biometrics and personal information processing in domains such as forensics, e-health, recruitment, and e-learning. In these domains, white-box (human-readable) explanations of systems built on machine learning methods can become crucial. Inductive Logic Programming (ILP) is a subfield of symbolic AI aimed to automatically learn declarative theories about the process of data. Learning from Interpretation Transition (LFIT) is an ILP technique that can learn a propositional logic theory equivalent to a given blackbox system (under certain conditions). The present work takes a first step to a general methodology to incorporate accurate declarative explanations to classic machine learning by checking the viability of LFIT in a specific AI application scenario: fair recruitment based on an automatic tool generated with machine learning methods for ranking Curricula Vitae that incorporates soft biometric information (gender and ethnicity). We show the expressiveness of LFIT for this specific problem and propose a scheme that can be applicable to other domains.

Semantic image annotation is a field of paramount importance in which deep learning excels. However, some application domains, like security or medicine, may need an explanation of this annotation. Explainable Artificial Intelligence is an answer to this need. In this work, an explanation is a sentence in natural language that is dedicated to human users to provide them clues about the process that leads to the decision: the labels assignment to image parts. We focus on semantic image annotation with fuzzy logic that has proven to be a useful framework that captures both image segmentation imprecision and the vagueness of human spatial knowledge and vocabulary. In this paper, we present an algorithm for textual explanation generation of the semantic annotation of image regions.

Digitalisation of domains such as medical and railway utilising cloud and networking technologies such as 5G and forthcoming 6G systems presents additional security challenges. The establishment of the identity, integrity and provenance of devices, services and other functional components removed a number of attack vectors and addresses a number of so called zero-trust security requirements. The addition of trusted hardware, such as TPM, and related remote attestation integrated with the networking and cloud infrastructure will be necessary requirement.

Zero Trust security model permits to secure cloud native applications while encrypting all network communication, authenticating, and authorizing every request. The service mesh can enable Zero Trust using a side-car proxy without changes to the application code. To the best of our knowledge, no previous work has provided a performance analysis of Zero Trust in a multi-cloud environment. This paper proposes a multi-cloud framework and a testing workflow to analyse performance of the data plane under load and the impact on the control plane, when Zero Trust is enabled. The results of preliminary tests show that Istio has reduced latency variability in responding to sequential HTTP requests. Results also reveal that the overall CPU and memory usage can increase based on service mesh configuration and the cloud environment.

Perimeter models, which provide access control for protecting resources on networks, make authorization decisions using the source network of access requests as one of critical factors. However, such models are problematic because once a network is intruded, the attacker gains access to all of its resources. To overcome the above problem, a Zero Trust Network (ZTN) is proposed as a new security model in which access control is performed by authenticating users who request access and then authorizing such requests using various information about users and devices called contexts. To correctly make authorization decisions, this model must take a large amount of various contexts into account. However, in some cases, an access control mechanism cannot collect enough context to make decisions, e.g., when an organization that enforces access control joins the identity federation and uses systems operated by other organizations. This is because the contexts collected using the systems are stored in individual systems and no federation exists for sharing contexts. In this study, we propose the concept of a Zero Trust Federation (ZTF), which applies the concept of ZTN under the identity federation, and a method for sharing context among systems of organizations. Since context is sensitive to user privacy, we also propose a mechanism for sharing contexts under user control. We also verify context sharing by implementing a ZTF prototype.

This paper proposes an anonymity based mechanism for providing privacy in IoT environment. Proposed scheme allows IoT entities to anonymously interacting and authenticating with each other, or even proving that they have trustworthy relationship without disclosing their identities. Authentication is based on an anonymous certificates mechanism where interacting IoT entities could unlinkably prove possession of a valid certificate without revealing any incorporated identity-related information, thereby preserving their privacy and thwarting tracking and profiling attacks. Through a security analysis, we demonstrate the reliability of our solution.

Internet of things as a technology that connect internet and physical world has been implemented in many diverse fields and has been proven very useful and flexible. In every implementation of technology that involve internet, security must be a great concern, including the implementation of IoT technology. A lot of alternatives can be used to achieve security of IoT. Ming et al. has proposed novel signcryption scheme to secure IoT of monitoring health data. In this work, proposed signcryption scheme from Ming et al. has been successfully implemented using Raspberry Pi and ESP32 and has proven work in securing IoT data.

Federated learning (FL) is an emerging paradigm for facilitating multiple organizations' data collaboration without revealing their private data to each other. Recently, vertical FL, where the participating organizations hold the same set of samples but with disjoint features and only one organization owns the labels, has received increased attention. This paper presents several feature inference attack methods to investigate the potential privacy leakages in the model prediction stage of vertical FL. The attack methods consider the most stringent setting that the adversary controls only the trained vertical FL model and the model predictions, relying on no background information of the attack target's data distribution. We first propose two specific attacks on the logistic regression (LR) and decision tree (DT) models, according to individual prediction output. We further design a general attack method based on multiple prediction outputs accumulated by the adversary to handle complex models, such as neural networks (NN) and random forest (RF) models. Experimental evaluations demonstrate the effectiveness of the proposed attacks and highlight the need for designing private mechanisms to protect the prediction outputs in vertical FL.

Recently, cyber security in power systems has captured significant interest. This is because the world has seen a surge in cyber attacks on power systems. One of the prolific cyber attacks in modern power systems are False Data Injection Attacks (FDIA). In this paper, we analyzed the impact of FDIA on the operation cost of power systems. Also, we introduced a novel Advanced Persistent Threat (APT) based attack strategy that maximizes the operating costs when attacking specific nodes in the system. We model the attack strategy using an optimization problem and use metaheuristics algorithms to solve the optimization problem and execute the attack. We have found that our attacks can increase the power generation cost by up to 15.6%, 60.12%, and 74.02% on the IEEE 6-Bus systems, 30-Bus systems, and 118-Bus systems, respectively, as compared to normal operation.

The maturity of intelligent transportation system, cloud computing and Internet of Things (IoT) technology has encouraged the rapid growth of vehicular ad-hoc networks (VANETs). Currently, vehicles are supposed to carry relatively more storage, on board computing facilities, increased sensing power and communication systems. In order to cope with real world demands such as low latency, low storage cost, mobility, etc., for the deployment of VANETs, numerous attempts have been taken to integrate fog-computing with VANETs. In the recent past, Ma et al. (IEEE Internet of Things, pp 2327-4662, 10. 1109/JIOT.2019.2902840) designed “An Efficient and Provably Secure Authenticated Key Agreement Protocol for Fog-Based Vehicular Ad-Hoc Networks”. Ma et al. claimed that their protocol offers secure communication in fog-based VANETs and is resilient against several security attacks. However, this comment demonstrates that their scheme is defenseless against vehicle-user impersonation attack and reveals secret keys of vehicle-user and fog-node. Moreover, it fails to offer vehicle-user anonymity and has inefficient login phase. This paper also gives some essential suggestions on strengthening resilience of the scheme, which are overlooked by Ma et al.

Large enterprises offer thousands of micro-services applications to support their daily business activities by using Application Programming Interfaces (APIs). These applications generate huge amounts of traffic via millions of API calls every day, which is difficult to analyze for detecting any potential abnormal behaviour and application outage. This phenomenon makes Machine Learning (ML) a natural choice to leverage and analyze the API traffic and obtain intelligent predictions. This paper proposes an ML-based technique to detect and classify API traffic based on specific features like bandwidth and number of requests per token. We employ a Support Vector Machine (SVM) as a binary classifier to classify the abnormal API traffic using its linear kernel. Due to the scarcity of the API dataset, we created a synthetic dataset inspired by the real-world API dataset. Then we used the Gaussian distribution outlier detection technique to create a training labeled dataset simulating real-world API logs data which we used to train the SVM classifier. Furthermore, to find a trade-off between accuracy and false positives, we aim at finding the optimal value of the error term (C) of the classifier. The proposed anomaly detection method can be used in a plug and play manner, and fits into the existing micro-service architecture with little adjustments in order to provide accurate results in a fast and reliable way. Our results demonstrate that the proposed method achieves an F1-score of 0.964 in detecting anomalies in API traffic with a 7.3% of false positives rate.

We study the problem of generation of cycles, chains and graphs of pairing-friendly elliptic curves using in succinct non-interactive arguments for knowledge protocols in blockchain. The task to build a “stick” for existing MNT753 cycle is reduced to the factorization problem for big numbers. Together with graphs of pairing friendly elliptic curves we consider auxiliary graphs of their orders (primes or irreducible polynomials) associated to vertices and embedding degrees to edges. Numerical experiments allow us to conjecture that (except of MNT case): 1) for any fixed embedding degrees there exist only finite number of such cycles and, hence, there are no families of such cycles; 2) chains of prime order are very rare; we suppose that there are no polynomial families of such chains. It is hard to find a family of pairing friendly elliptic curves with the base field order q(x) such that ζk ∈ Q[x]/(q(x)) for k \textbackslashtextgreater 6. From other hand our examples show that we can apply Brezing-Weng construction with k=6 and D=3 iteratively to obtain chains of length 3-4. We build 1) a family of 1-chains with embedding degrees 8 and 7, where all orders are given by cyclotomic polynomials; 2) a combination of MNT cycle and near-MNT curve.

Dynamic Information Flow Tracking (DIFT), also called Dynamic Taint Analysis (DTA), is a technique for tracking the information as it flows through a program's execution. Specifically, some inputs or data get tainted and then these taint marks (tags) propagate usually at the instruction-level. While DIFT has been a fundamental concept in computer and network security for the past decade, it still faces open challenges that impede its widespread application in practice; one of them being the indirect flow propagation dilemma: should the tags involved in an indirect flow, e.g., in a control or address dependency, be propagated? Propagating all these tags, as is done for direct flows, leads to overtainting (all taintable objects become tainted), while not propagating them leads to undertainting (information flow becomes incomplete). In this paper, we analytically model that decisioning problem for indirect flows, by considering various tradeoffs including undertainting versus overtainting, importance of heterogeneous code semantics and context. Towards tackling this problem, we design MITOS, a distributed-optimization algorithm, that: decides about the propagation of indirect flows by properly weighting all these tradeoffs, is of low-complexity, is scalable, is able to flexibly adapt to different application scenarios and security needs of large distributed systems. Additionally, MITOS is applicable to most DIFT systems that consider an arbitrary number of tag types, and introduces the key properties of fairness and tag-balancing to the DIFT field. To demonstrate MITOS's applicability in practice, we implement and evaluate MITOS on top of an open-source DIFT, and we shed light on the open problem. We also perform a case-study scenario with a real in-memory only attack and show that MITOS improves simultaneously (i) system's spatiotemporal overhead (up to 40%), and (ii) system's fingerprint on suspected bytes (up to 167%) compared to traditional DIFT, even though these metrics usually conflict.

Quantum cryptography doesn't depend on computational capabilities of intruders; it uses inviolability of quantum physics postulates (postulate of measurement, no-cloning theorem, uncertainty principle). Some quantum key distribution protocols have absolute (theoretical and informational) stability, but quantum secure direct communication (deterministic) protocols have only asymptotic stability. For a whole class of methods to ensure Q-trit deterministic quantum cryptography protocols stability, reliable trit generation method is required. In this paper, authors have developed a high-speed and secure pseudorandom number (PRN) generation method. This method includes the following steps: initialization of the internal state vector and direct PRN generation. Based on this method TriGen v.2.0 pseudo-random number generator (PRNG) was developed and studied in practice. Therefore, analysing the results of study it can be concluded following: 1) Proposed Q-trit PRNG is better then standard C ++ PRNG and can be used on practice for critical applications; 2) NIST STS technique cannot be used to evaluate the quality (statistical stability) of the Q-trit PRNG and formed trit sequences; 3) TritSTS 2020 technique is suitable for evaluating Q-trit PRNG and trit sequences quality. A future research study can be related to developing a fully-functional version of TritSTS technique and software tool.

We present results from a vibrating mesh nebulizer for which the mesh is a micro-machined silicon membrane perforated with up to a thousand micron-sized, pyramidal holes. Finite element modelling is used to better understand the measured results of the nebulizer when tested in the dry state as well as when loaded with a liquid. In particular, we found that the frequency response of the system is well represented by the superposition of the frequency response of its two main subcomponents: the piezo driving unit and the silicon membrane. As such, the system is found to have resonance peaks for which the complete assembly flexes in addition to peaks that correspond to the flexural resonance modes of the silicon membrane on its own. Similarly, finite element modelling was used to understand differences observed between the frequency response measured on the nebulizer in the dry condition compared to its wet or liquid loaded operation. It was found that coupling between the structural and the acoustic domains shifts the resonance peaks significantly to the left of the frequency plot. In fact, it was found that at the operating frequency of the nebulizer, the system resonates in a (0,3) when the membrane is loaded with a liquid compared with a (0,2) resonance mode when it is operating in the dry state.

The Internet of Things (IoT) has been one of the biggest revelations of the last decade. These cyber-physical systems seamlessly integrate and improve the activities in our daily lives. Hence, creating a wide application for it in several domains, such as smart buildings and cities. However, the integration of IoT also comes with privacy challenges. The privacy challenges result from the ability of these devices to pervasively collect personal data about individuals through sensors in ways that could be unknown to them. A number of research efforts have evaluated privacy policy awareness and enforcement as key components for addressing these privacy challenges. This paper provides a framework for understanding contextualized privacy policy within the IoT domain. This will enable IoT privacy researchers to better understand IoT privacy policies and their modeling.

This paper proposes a proximity-aware extensions to the current Bitcoin protocol, named Master Node Based Clustering (MNBC). The ultimate purpose of the proposed protocol is to evaluate the security and performance of grouping nodes based on physical proximity. In MNBC protocol, physical internet connectivity increases as well as the number of hops between nodes decreases through assigning nodes to be responsible for propagating based on physical internet proximity.