Biblio

We re-use a polarization-multiplexed I/Q modulator to acquire the quantum randomness of its seed laser light for the purpose of quantum random number generation. We obtain 9×104 256-bit AES keys/second after randomness extraction. Time-interleaved random number generation is demonstrated for PM-QPSK transmission.

This paper investigates the use of Software-Defined Networking (SDN) in the detection and mitigation of malware threat, focusing on the example of ExPetr ransomware. Extensive static and dynamic analysis of ExPetr is performed in a purpose-built SDN testbed. The results acquired from this analysis are then used to design and implement an SDN-based solution to detect the malware and prevent it from spreading to other machines inside a local network. Our solution consists of three security mechanisms that have been implemented as components/modules of the Python-based POX controller. These mechanisms include: port blocking, SMB payload inspection, and HTTP payload inspection. When malicious activity is detected, the controller communicates with the SDN switches via the OpenFlow protocol and installs appropriate entries in their flow tables. In particular, the controller blocks machines which are considered infected, by monitoring and reacting in real time to the network traffic they produce. Our experimental results demonstrate that the proposed designs are effective against self-propagating malware in local networks. The implemented system can respond to malicious activities quickly and in real time. Furthermore, by tuning certain thresholds of the detection mechanisms it is possible to trade-off the detection time with the false positive rate.

Technologies such as cloud computing and big data management, have lately made significant progress creating an urgent need for specific databases that can safely store extensive data along with high availability. Specifically, a growing number of companies have adopted various types of non-relational databases, commonly referred to as NoSQL databases. These databases provide a robust mechanism for the storage and retrieval of large amounts of data without using a predefined schema. NoSQL platforms are superior to RDBMS, especially in cases when we are dealing with big data and parallel processing, and in particular, when there is no need to use relational modeling. Sensitive data is stored daily in NoSQL Databases, making the privacy problem more serious while raising essential security issues. In our paper, security and privacy issues when dealing with NoSQL databases are introduced and in following, security mechanisms and privacy solutions are thoroughly examined.

Encryption has become an important need for each and every data transmission. Large amount of delicate data is transferred regularly through different computer networks such as e-banking, email applications and file exchange. Cryptanalysis is study of analyzing the hidden information in the system. The process of cryptanalysis could be done by various features such as power, sound, electromagnetic radiation etc. Lightweight cryptography plays an important role in the IoT devices. It includes various appliances, vehicles, smart sensors and RFID-tags (RFID). PRESENT is one such algorithm, designed for resource constrained devices. This requires less memory and consumes less power. The project propounds a model in which the cryptographic keys are analyzed by the trace of power.

Expressing Keystroke Dynamics (KD) in form of sound opens new avenues to apply sound analysis techniques on KD. However this mapping is not straight-forward as varied feature space, differences in magnitudes of features and human interpretability of the music bring in complexities. We present a musical interface to KD by mapping keystroke features to music features. Music elements like melody, harmony, rhythm, pitch and tempo are varied with respect to the magnitude of their corresponding keystroke features. A pitch embedding technique makes the music discernible among users. Using the data from 30 users, who typed fixed strings multiple times on a desktop, shows that these auditory signals are distinguishable between users by both standard classifiers (SVM, Random Forests and Naive Bayes) and humans alike.

While the Internet of Things (IoT) applications and devices expanded rapidly, security and privacy of the IoT devices emerged as a major problem. Current studies reveal that there are significant weaknesses detected in several types of IoT devices moreover in several situations there are no security mechanisms to protect these devices. The IoT devices' users utilize the internet for the purpose of control and connect their machines. IoT application utilization has risen exponentially over time and our sensitive data is captured by IoT devices continuously, unknowingly or knowingly. The motivation behind this paper was the vulnerabilities that exist at the IP cameras. In this study, we undertake a more extensive investigation of IP cameras' vulnerabilities and demonstrate their effect on users' security and privacy through the use of the Kali Linux penetration testing platform and its tools. For this purpose, the paper performs a hands-on test on an IP camera with the name (“Intelligent Onvif YY HD”) to analyzes the security elements of this device. The results of this paper show that IP cameras have several security lacks and weaknesses which these flaws have multiple security impacts on users.

In modern internet-scale computing, interaction between a large number of parties that are not known a-priori is predominant, with each party functioning both as a provider and consumer of services and information. In such an environment, traditional access control mechanisms face considerable limitations, since granting appropriate authorizations to each distinct party is infeasible both due to the high number of grantees and the dynamic nature of interactions. Trust management has emerged as a solution to this issue, offering aids towards the automated verification of actions against security policies. In this paper, we present a trust- and risk-based approach to security, which considers status, behavior and associated risk aspects in the trust computation process, while additionally it captures user-to-user trust relationships which are propagated to the device level, through user-to-device ownership links.

Internet of Things (IoT) has become the buzzword for the development of Smart City and its applications. In this context, development of supporting software forms the core part of the IoT infrastructure. A Middleware sits in between the IoT devices and interacts between them to exchange data among the components of the automated architecture. The Middleware services include hand shaking, data transfer and security among its core set of functionalities. It also includes cross-cutting functional services such as authentication, logging and caching. A software that can run these Middleware services requires a careful choice of a good software modelling technique. Aspect-Oriented Programming (AOP) is a software development methodology that can be used to independently encapsulate the core and cross-cutting functionalities of the Middleware services of the IoT infrastructure. In this paper, an attempt has been made using a simulation environment to independently model the two orthogonal functionalities of the Middleware with the focus to improve its modularity. Further, a quantitative measurement of the core design property of cohesion has been done to infer on the improvement in the reusability of the modules encapsulated in the Middleware of IoT. Based on the measurement, it was found that the modularity and reusability of functionalities in the Middleware software has improved in the AspectJ version compared to its equivalent Java version.

Anomaly detection (AD) is very important across several real-world problems in the heavy industries and Internet-of-Things (IoT) domains. Traditional methods so far have categorized anomaly detection into (a) unsupervised, (b) semi-supervised and (c) supervised techniques. A relatively unexplored direction is the development of context aware anomaly detection systems which can build on top of any of these three techniques by using side information. Context can be captured from a different modality such as semantic graphs encoding grouping of sensors governed by the physics of the asset. Process flow diagrams of an operational plant depicting causal relationships between sensors can also provide useful context for ML algorithms. Capturing such semantics by itself can be pretty challenging, however, our paper mainly focuses on, (a) designing and implementing effective anomaly detection pipelines using sparse Gaussian Graphical Models with various statistical distance metrics, and (b) differentiating these pipelines by embedding contextual semantics inferred from graphs so as to obtain better KPIs in practice. The motivation for the latter of these two has been explained above, and the former in particular is well motivated by the relatively mediocre performance of highly parametric deep learning methods for small tabular datasets (compared to images) such as IoT sensor data. In contrast to such traditional automated deep learning (AutoAI) techniques, our anomaly detection system is based on developing semantics-driven industry specific ML pipelines which perform scalable computation evaluating several models to identify the best model. We benchmark our AD method against state-of-the-art AD techniques on publicly available UCI datasets. We also conduct a case study on IoT sensor and semantic data procured from a large thermal energy asset to evaluate the importance of semantics in enhancing our pipelines. In addition, we also provide explainable insights for our model which provide a complete perspective to a reliability engineer.

With the emergence of smart grids as the primary means of distribution across wide areas, the importance of improving its resilience to faults and mishaps is increasing. The reliability of a distribution system depends upon its tolerance to attacks and the efficiency of restoration after an attack occurs. This paper proposes a unique approach to the restoration of smart grids under attack by impostors or due to natural calamities via optimal islanding of the grid with primary generators and distributed generators(DGs) into sub-grids minimizing the amount of load shed which needs to be incurred and at the same time minimizing the number of switching operations via graph theory. The minimum load which needs to be shed is computed in the first stage followed by selecting the nodes whose load needs to be shed to achieve such a configuration and then finally deriving the sequence of switching operations required to achieve the configuration. The proposed method is tested against standard IEEE 37-bus and a 1069-bus grid system and the minimum load shed along with the sequencing steps to optimal configuration and time to achieve such a configuration are presented which demonstrates the effectiveness of the method when compared to the existing methods in the field. Moreover, the proposed algorithm can be easily modified to incorporate any other constraints which might arise due to any operational configuration of the grid.

Privacy-preserving frequency computation is critical to privacy-preserving data mining in 2-Part Fully Distributed Setting (such as association rule analysis, clustering, and classification analysis) and has been investigated in many researches. However, these solutions are based on the Elgamal Cryptosystem, making computation and communication efficiency low. Therefore, this paper proposes an improved protocol using an Elliptic Curve Cryptosystem. The theoretical and experimental analysis shows that the proposed method is effective in both computing and communication compared to other methods.

The design of codes for communicating reliably over a statistically well defined channel is an important endeavor involving deep mathematical research and wide-ranging practical applications. In this work, we present the first family of codes obtained via deep learning, which significantly outperforms state-of-the-art codes designed over several decades of research. The communication channel under consideration is the Gaussian noise channel with feedback, whose study was initiated by Shannon; feedback is known theoretically to improve reliability of communication, but no practical codes that do so have ever been successfully constructed. We break this logjam by integrating information theoretic insights harmoniously with recurrent-neural-network based encoders and decoders to create novel codes that outperform known codes by 3 orders of magnitude in reliability and achieve a 3dB gain in terms of SNR. We also demonstrate several desirable properties of the codes: (a) generalization to larger block lengths, (b) composability with known codes, and (c) adaptation to practical constraints. This result also has broader ramifications for coding theory: even when the channel has a clear mathematical model, deep learning methodologies, when combined with channel-specific information-theoretic insights, can potentially beat state-of-the-art codes constructed over decades of mathematical research.

Mobile data offloading using opportunistic network has recently gained its significance to increase mobile data needs. Such offloaders need to be properly incentivized to encourage more and more users to act as helpers in such networks. The extent of help offered by mobile data offloading alternatives using appropriate incentive mechanisms is significant in such scenarios. The limitation of existing incentive mechanisms is that they are partial in implementation while most of them use third party intervention based derivation. However, none of the papers considers trust as an essential factor for incentive distribution. Although few works contribute to the trust analysis, but the implementation is limited to offloading determination only while the incentive is independent of trust. We try to investigate if trust could be related to the Nash equilibrium based incentive evaluation. Our analysis results show that trust-based incentive distribution encourages more than 50% offloaders to act positively and contribute successfully towards efficient mobile data offloading. We compare the performance of our algorithm with literature based salary-bonus scheme implementation and get optimum incentive beyond 20% dependence over trust-based output.

Intelligent environments work collaboratively, bringing more comfort to human beings. The intelligence of these environments comes from technological advances in sensors and communication. IoT is the model developed that allows a wide and intelligent communication between devices. Hardware reduction of IoT devices results in vulnerabilities. Thus, there are numerous concerns regarding the security of user information, since mobile devices are easily trackable over the Internet. Care must be taken regarding the information in user profiles. Mobile devices are protected by a permission-based mechanism, which limits third-party applications from accessing sensitive device resources. In this context, this work aims to present a proposal for materialization of application for the evolution of user profiles in intelligent environments. Having as parameters the parameters presented in the proposed taxonomy. The proposed solution is the development of two applications, one for Android devices, responsible for allowing or blocking some features of the device. And another in Cloud, responsible for imposing the parameters and privacy criteria, formalizing the profile control module (PRIPRO - PRIvacy PROfiles).

This paper presents SWAT - System-Wide Analysis Toolkit. It is based on open source emulation and debugging projects and implements the approaches for non-intrusive system-wide analysis and debugging: lightweight OS-agnostic virtual machine introspection, full system execution replay, non-intrusive debugging with WinDbg, and full system reverse debugging. These features are based on novel non-intrusive introspection and reverse debugging methods. They are useful for stealth debugging and analysis of the platforms with custom kernels. SWAT includes multi-platform emulator QEMU with additional instrumentation and debugging features, GUI for convenient QEMU setup and execution, QEMU plugin for non-intrusive introspection, and modified version of GDB. Our toolkit may be useful for the developers of the virtual platforms, emulators, and firmwares/drivers/operating systems. Virtual machine intospection approach does not require loading any guest agents and source code of the OS. Therefore it may be applied to ROM-based guest systems and enables using of record/replay of the system execution. This paper includes the description of SWAT components, analysis methods, and some SWAT use cases.

Internet of Medical Things (IoMT) are getting popular in the smart healthcare domain. These devices are resource-constrained and are vulnerable to attack. As the IoMTs are connected to the healthcare network infrastructure, it becomes the primary target of the adversary due to weak security and privacy measures. In this regard, this paper proposes a security architecture for smart healthcare network infrastructures. The architecture uses various security components or services that are developed and deployed as virtual network functions. This makes the security architecture ready for future network frameworks such as OpenMANO. Besides, in this security architecture, only authenticated and trusted IoMTs serve the patients along with an encryption-based communication protocol, thus creating a secure, privacy-preserving and trusted healthcare network infrastructure.

Legacy and novel network services are expected to be migrated and designed to be deployed in fully virtualized environments. Starting with 5G, NFV becomes a formally required brick in the specifications, for services integrated within the infrastructure provider networks. This evolution leads to deployment of virtual resources Virtual-Machine (VM)-based, container-based and/or server-less platforms, all calling for a deep virtualization of infrastructure components. Such a network softwarization also unleashes further logical network virtualization, easing multi-layered, multi-actor and multi-access services, so as to be able to fulfill high availability, security, privacy and resilience requirements. However, the derived increased components heterogeneity makes the detection and the characterization of anomalies difficult, hence the relationship between anomaly detection and corresponding reconfiguration of the NFV stack to mitigate anomalies. In this article we propose an unsupervised machine-learning data-driven approach based on Long-Short- Term-Memory (LSTM) autoencoders to detect and characterize anomalies in virtualized networking services. With a radiography visualization, this approach can spot and describe deviations from nominal parameter values of any virtualized network service by means of a lightweight and iterative mean-squared reconstruction error analysis of LSTM-based autoencoders. We implement and validate the proposed methodology through experimental tests on a vIMS proof-of-concept deployed using Kubernetes.

The complexity and ubiquity of modern computing systems is a fertile ground for anomalies, including security and privacy breaches. In this paper, we propose a new methodology that addresses the practical challenges to implement anomaly detection approaches. Specifically, it is challenging to define normal behavior comprehensively and to acquire data on anomalies in diverse cloud environments. To tackle those challenges, we focus on anomaly detection approaches based on system performance signatures. In particular, performance signatures have the potential of detecting zero-day attacks, as those approaches are based on detecting performance deviations and do not require detailed knowledge of attack history. The proposed methodology leverages an analytical performance model and experimentation, and allows to control the rate of false positives in a principled manner. The methodology is evaluated using the TPCx-V workload, which was profiled during a set of executions using resource exhaustion anomalies that emulate the effects of anomalies affecting system performance. The proposed approach was able to successfully detect the anomalies, with a low number of false positives (precision 90%-98%).

The advent of Internet and recent technological developments have paved the way for IoT devices in different sectors. The demand for real-time response led to the development of fog computing which is now a popular computing technique. It provides processing, computing and storage at the network edge for latency-sensitive applications such as banking transactions, healthcare etc. This has further led to the pool of user's sensitive data across the web that needs to be secured. In order to find an efficient security solution, it is mandatory to prioritize amongst different fog-level security factors. The authors have therefore, adopted a fuzzy-based Analytical Hierarchy Approach (AHP) for ranking the security attributes in fog-driven IoT environment. The results have also been compared to the ones obtained from classical-AHP and are found to be correlated.

In this paper, a new intrusion detection mechanism is proposed based on Trust and Packet Loss Rate at Sensor Node in WSNs. To find the true malicious nodes, the proposed mechanism performs a deep analysis on the packet loss. Two independent metrics such as buffer capacity metric and residual energy metric are considered for packet loss rate evaluation. Further, the trust evaluation also considers the basic communication interactions between sensor nodes. Based on these three metrics, a new composite metric called Packet Forwarding Probability (PFP) is derived through which the malicious nodes are identified. Simulation experiments are conducted over the proposed mechanism and the performance is evaluated through False Positive Rate (FPR) and Malicious Detection Rate (MDR). The results declare that the proposed mechanism achieves a better performance compared to the conventional approaches.

Agile and DevOps are widely adopted by the industry. Hence, integrating security activities with industrial practices, such as continuous integration (CI) pipelines, is necessary to detect security flaws and adhere to regulators’ demands early. In this paper, we analyze automated security activities in CI pipelines of enterprise-driven open source software (OSS). This shall allow us, in the long-run, to better understand the extent to which security activities are (or should be) part of automated pipelines. In particular, we mine publicly available OSS repositories and survey a sample of project maintainers to better understand the role that security activities and their related tools play in their CI pipelines. To increase transparency and allow other researchers to replicate our study (and to take different perspectives), we further disclose our research artefacts.Our results indicate that security activities in enterprise-driven OSS projects are scarce and protection coverage is rather low. Only 6.83% of the analyzed 8,243 projects apply security automation in their CI pipelines, even though maintainers consider security to be rather important. This alerts industry to keep the focus on vulnerabilities of 3rd Party software and it opens space for other improvements of practice which we outline in this manuscript.

Statistical structure learning (SSL)-based approaches have been employed in the recent years to detect different types of anomalies in a variety of cyber-physical systems (CPS). Although these approaches outperform conventional methods in the literature, their computational complexity, need for large number of measurements and centralized computations have limited their applicability to large-scale networks. In this work, we propose a distributed, multi-agent maximum likelihood (ML) approach to detect anomalies in smart grid applications aiming at reducing computational complexity, as well as preserving data privacy among different players in the network. The proposed multi-agent detector breaks the original ML problem into several local (smaller) ML optimization problems coupled by the alternating direction method of multipliers (ADMM). Then, these local ML problems are solved by their corresponding agents, eventually resulting in the construction of the global solution (network's information matrix). The numerical results obtained from two IEEE test (power transmission) systems confirm the accuracy and efficiency of the proposed approach for anomaly detection.

In this paper, we present the concept of boosting the resiliency of optimization-based observers for cyber-physical systems (CPS) using auxiliary sources of information. Due to the tight coupling of physics, communication and computation, a malicious agent can exploit multiple inherent vulnerabilities in order to inject stealthy signals into the measurement process. The problem setting considers the scenario in which an attacker strategically corrupts portions of the data in order to force wrong state estimates which could have catastrophic consequences. The goal of the proposed observer is to compute the true states in-spite of the adversarial corruption. In the formulation, we use a measurement prior distribution generated by the auxiliary model to refine the feasible region of a traditional compressive sensing-based regression problem. A constrained optimization-based observer is developed using l1-minimization scheme. Numerical experiments show that the solution of the resulting problem recovers the true states of the system. The developed algorithm is evaluated through a numerical simulation example of the IEEE 14-bus system.

In January 2017 encrypted Internet traffic surpassed non-encrypted traffic. Although encryption increases security, it also masks intrusions and attacks by blocking the access to packet contents and traffic features, therefore making data analysis unfeasible. In spite of the strong effect of encryption, its impact has been scarcely investigated in the field. In this paper we study how encryption affects flow feature spaces and machine learning-based attack detection. We propose a new cross-layer feature vector that simultaneously represents traffic at three different levels: application, conversation, and endpoint behavior. We analyze its behavior under TLS and IPSec encryption and evaluate the efficacy with recent network traffic datasets and by using Random Forests classifiers. The cross-layer multi-key approach shows excellent attack detection in spite of TLS encryption. When IPsec is applied, the reduced variant obtains satisfactory detection for botnets, yet considerable performance drops for other types of attacks. The high complexity of network traffic is unfeasible for monolithic data analysis solutions, therefore requiring cross-layer analysis for which the multi-key vector becomes a powerful profiling core.

This article describes attacks methods, vectors and technics used by threat actors during pandemic situations in the world. Identifies common targets of threat actors and cyber-attack tactics. The article analyzes cybersecurity challenges and specifies possible solutions and improvements in cybersecurity. Defines cybersecurity controls, which should be taken against analyzed attack vectors.