Biblio

Transportation of people and goods is important and crucial in the context of smart cities. The trend in regard of people's mobility is moving from privately owned vehicles towards shared mobility. This trend is even stronger in urban areas, where space for parking is limited, and the mobility is supported by the public transport system, which lowers the need for private vehicles. Several challenges and barriers of currently available solutions retard a massive growth of this mobility option, such as the trust problem, data monopolism, or intermediary costs. Decentralizing mobility management is a promising approach to solve the current problems of the mobility market, allowing to move towards a more usable internet of mobility and smart transportation. Leveraging blockchain technology allows to cut intermediary costs, by utilizing smart contracts. Important in this ecosystem is the proof of identity of participants in the blockchain network. To proof the possession of the claimed identity, the private key corresponding to the wallet address is utilized, and therefore essential to protect. In this paper, a blockchain-based shared mobility platform is proposed and a proof-of-concept is shown. First, current problems and state-of-the-art systems are analyzed. Then, a decentralized concept is built based on ERC-721 tokens, implemented in a smart contract, and augmented with a Hardware Security Module (HSM) to protect the confidential key material. Finally, the system is evaluated and compared against state-of-the-art solutions.

Data are the basis in Digital Twin (DT) to set up bidirectional mapping between physical and virtual spaces, and realize critical environmental sensing, decision making and execution. Thus, trustworthiness is a necessity in data content as well as data operations. A dual blockchain framework is proposed to realize comprehensive data security in various DT scenarios. It is highly adaptable, scalable, evolvable, and easy to be integrated into Digital Twin Network (DTN) as enhancement.

Smart grids are one of the most important applications of cyber-physical systems. They intelligently transmit energy to customers by information technology, and have replaced the traditional power grid and are widely used. However, smart grids are vulnerable to cyber-attacks. Once attacked, it will cause great losses and lose the trust of customers. Therefore, it is important to evaluate the trustworthiness of smart grids. In order to evaluate the trustworthiness of smart grids, this paper uses a generalized stochastic Petri net (GSPN) to model smart grids. Considering various security threats that smart grids may face, we propose a general GSPN model for smart grids, which evaluates trustworthiness from three metrics of reliability, availability, and integrity by analyzing steady-state and transient probabilities. Finally, we obtain the value of system trustworthiness and simulation results show that the feasibility and effectiveness of our model for smart grids trustworthiness.

Analyzing safety and security requirements remains a difficult task in the development of real-life network protocols. Although numerous modeling and analyzing methods have been proposed in the past decades, most of them handle safety and security requirements separately without considering their interplay. In this work, we propose a collaborative modeling framework that enables co-analysis of safety and security requirements for network protocols. Our modeling framework is based on a well-defined type system and supports modeling of network topology, message flows, protocol behaviors and attacker behaviors. It also supports the specification of safety requirements as temporal logical formulae and typical security requirements as queries, and leverages on the existing verification tools for formal safety and security analysis via model transformations. We have implemented this framework in a prototype tool CMSS, and illustrated the capability of CMSS by using the 5G AKA initialization protocol as a case study.

Many embedded systems have evolved from simple bare-metal control systems to highly complex network-connected systems. These systems increasingly demand rich and feature-full operating-systems (OS) functionalities. Furthermore, the network connectedness offers attack vectors that require stronger security designs. To that end, this paper defines a prototypical RTOS API called Patina that provides services common in featurerich OSes (e.g., Linux) but absent in more trustworthy μ -kernel based systems. Examples of such services include communication channels, timers, event management, and synchronization. Two Patina implementations are presented, one on Composite and the other on seL4, each of which is designed based on the Principle of Least Privilege (PoLP) to increase system security. This paper describes how each of these μ -kernels affect the PoLP based design, as well as discusses security and performance tradeoffs in the two implementations. Results of comprehensive evaluations demonstrate that the performance of the PoLP based implementation of Patina offers comparable or superior performance to Linux, while offering heightened isolation.

Risk-based authentication (RBA) extends authentication mechanisms to make them more robust against account takeover attacks, such as those using stolen passwords. RBA is recommended by NIST and NCSC to strengthen password-based authentication, and is already used by major online services. Also, users consider RBA to be more usable than two-factor authentication and just as secure. However, users currently obtain RBA’s high security and usability benefits at the cost of exposing potentially sensitive personal data (e.g., IP address or browser information). This conflicts with user privacy and requires to consider user rights regarding the processing of personal data. We outline potential privacy challenges regarding different attacker models and propose improvements to balance privacy in RBA systems. To estimate the properties of the privacy-preserving RBA enhancements in practical environments, we evaluated a subset of them with long-term data from 780 users of a real-world online service. Our results show the potential to increase privacy in RBA solutions. However, it is limited to certain parameters that should guide RBA design to protect privacy. We outline research directions that need to be considered to achieve a widespread adoption of privacy preserving RBA with high user acceptance.

The course of operating system's labs usually fall behind the state of art technology. In this paper, we propose a Software Diversity-Assisted Defense (SDAD) lab based on software diversity, mainly targeting for students majoring in cyber security and computer science. This lab is consisted of multiple modules and covers most of the important concepts and principles in operating systems. Thus, the knowledge learned from the theoretical course will be deepened with the lab. For students majoring in cyber security, they can learn this new software diversity-based defense technology and understand how an exploit works from the attacker's side. The experiment is also quite stretchable, which can fit all level students.

The burgeoning networked computing devices create many distributed systems and generate new signals on a large scale. Many Internet of Things (IoT) applications, such as peer-to-peer streaming of multimedia data, crowdsourcing, and measurement by sensor networks, can be modeled as a form of big data. Processing massive data calls for new data structures and algorithms different from traditional ones designed for small-scale problems. For measurement from networked distributed systems, we consider an essential data format: signals on graphs. Due to limited computing resources, the sensor nodes in the distributed systems may outsource the computing tasks to third parties, such as cloud platforms, arising a severe concern on data privacy. A de-facto solution is to have third parties only process encrypted data. We propose a novel and efficient privacy-preserving secure outsourced computation protocol for denoising signals on the graph based on the information-theoretic secure multi-party computation (ITS-MPC). Denoising the data makes paths for further meaningful data processing. From experimenting with our algorithms in a testbed, the results indicate a better efficiency of our approach than a counterpart approach with computational security.

This paper presents the results of a multifaceted study of the behavior of a novel hydrokinetic energy harvester that utilizes vertical oscillations. Unlike traditional rotating turbines used in hydrokinetic energy, this particular device utilizes the fluid structure interactions of vortex-induced-vibration and gallop. Due to the unique characteristics of this vertical motion, a thorough examination of the proposed system was conducted via a three-pronged approach of simulation, emulation, and field testing. Using a permanent magnet synchronous generator as the electrical power generation source, an electrical power conversion system was simulated, emulated, and tested to achieve appropriate power smoothing for use in microgrid systems present in many Alaskan rural locations.

Human behavior analysis is the process that consists of activity monitoring and behavior recognition and has become the core component of intelligent applications such as security surveillance and fall detection. Generally, the techniques involved in behavior recognition include sensor and vision-based processing. During the process, the activity information is typically required to ensure a good recognition performance. On the other hand, the privacy issue attracts much attention and requires a limited range of activity monitoring accordingly. We study behavior analysis for such privacy-oriented applications. A local object tracking (LOT) technique based on an infrared sensor array is developed in a limited monitoring range and is further realized to a practical bed-exit system in the clinical test environment. The experimental results show a correct recognition rate of 99% for 6 bedside activities. In addition, 89% of participants in a satisfaction survey agree on its effectiveness.

As an important part of the intelligent measurement system, IOT terminal is in the “edge” layer of the intelligent measurement system architecture. It is the key node of power grid management and cloud fog integration. Its information security is the key to the construction of the security system of intelligent measurement, and the security link between the cloud and sensor measurement. With the in-depth integration of energy flow, information flow and business flow, and the in-depth application of digital technologies such as cloud computing, big data, internet of things, mobile Internet and artificial intelligence, the transformation and development of power system to digital and high-quality digital power grid has been accelerated. As a typical multi-dimensional complex system combining physical space and information space, the security threats and risks faced by the digital grid are more complex. The security risks in the information space will transfer the hazards to the power system and physical space. The Internet of things terminal is facing a more complex situation in the security field than before. This paper studies the feasibility of the security monitoring technology of the Internet of things terminal, in order to reduce the potential risks, improve the safe operation environment of the Internet of things terminal and improve the level of the security protection of the Internet of things terminal. One is to study the potential security problems of Internet of things terminal, and put forward the technical specification of security protection of Internet of things terminal. The second is to study the Internet of things terminal security detection technology, research and develop terminal security detection platform, and realize the unified detection of terminal security protection. The third is to study the security monitoring technology of the Internet of things terminal, develop the security monitoring system of the Internet of things terminal, realize the terminal security situation awareness and threat identification, timely discover the terminal security vulnerabilities, and ensure the stable and safe operation of the terminal and related business master station.

With the rapid increase of practical problem complexity and code scale, the threat of software security is increasingly serious. Consequently, it is crucial to pay attention to the analysis of software source code vulnerability in the development stage and take efficient measures to detect the vulnerability as soon as possible. Machine learning techniques have made remarkable achievements in various fields. However, the application of machine learning in the domain of vulnerability static analysis is still in its infancy and the characteristics and performance of diverse methods are quite different. In this survey, we focus on a source code-oriented static vulnerability analysis method using machine learning techniques. We review the studies on source code vulnerability analysis based on machine learning in the past decade. We systematically summarize the development trends and different technical characteristics in this field from the perspectives of the intermediate representation of source code and vulnerability prediction model and put forward several feasible research directions in the future according to the limitations of the current approaches.

As a large amount of renewable energy is injected into the power grid, the source side of the power grid becomes extremely uncertain. Traditional static safety analysis methods based on pure physical models can no longer quickly and reliably give analysis results. Therefore, this paper proposes a deep learning-based static security analytical method. First, the static security assessment index of the power grid under the N-1 principle is proposed. Secondly, a neural network model and its input and output data for static safety analysis problems are designed. Finally, the validity of the proposed method was verified by IEEE grid data. Experiments show that the proposed method can quickly and accurately give the static security analysis results of the source-side high uncertainty grid.

Secure multi-party computation(SMPC) is an important research field in cryptography, secure multi-party computation has a wide range of applications in practice. Accordingly, information security issues have arisen. Aiming at security issues in Secure multi-party computation, we consider that semi-honest participants have malicious operations such as collusion in the process of information interaction, gaining an information advantage over honest parties through collusion which leads to deviations in the security of the protocol. To solve this problem, we combine information entropy to propose an n-round information exchange protocol, in which each participant broadcasts a relevant information value in each round without revealing additional information. Through the change of the uncertainty of the correct result value in each round of interactive information, each participant cannot determine the correct result value before the end of the protocol. Security analysis shows that our protocol guarantees the security of the output obtained by the participants after the completion of the protocol.

With the development of 5G technology and intelligent terminals, the future direction of the Industrial Internet of Things (IIoT) evolution is Pervasive Edge Computing (PEC). In the pervasive edge computing environment, intelligent terminals can perform calculations and data processing. By migrating part of the original cloud computing model's calculations to intelligent terminals, the intelligent terminal can complete model training without uploading local data to a remote server. Pervasive edge computing solves the problem of data islands and is also successfully applied in scenarios such as vehicle interconnection and video surveillance. However, pervasive edge computing is facing great security problems. Suppose the remote server is honest but curious. In that case, it can still design algorithms for the intelligent terminal to execute and infer sensitive content such as their identity data and private pictures through the information returned by the intelligent terminal. In this paper, we research the problem of honest but curious remote servers infringing intelligent terminal privacy and propose a differential privacy collaborative deep learning algorithm in the pervasive edge computing environment. We use a Gaussian mechanism that meets the differential privacy guarantee to add noise on the first layer of the neural network to protect the data of the intelligent terminal and use analytical moments accountant technology to track the cumulative privacy loss. Experiments show that with the Gaussian mechanism, the training data of intelligent terminals can be protected reduction inaccuracy.

Quasi-identifier is an attribute combined with other attributes to identify specific tuples or partial tuples. Improper selection of quasi-identifiers will lead to the failure of current privacy protection anonymization technology. Therefore, in this paper, we propose a method to solve single structured relational data quasi-identifiers based on functional dependency and determines the attribute classification standard. Firstly, the solution scope of quasi-identifier is determined to be all attributes except identity attributes and critical attributes. Secondly, the real data set is used to evaluate the dependency relationship between the indefinite attribute subset and the identity attribute to solve the quasi-identifiers set. Finally, we propose an algorithm to find all quasi-identifiers and experiment on real data sets of different sizes. The results show that our method can achieve better performance on the same dataset.

Recommender systems, which aim to suggest personalized lists of items for users, have drawn a lot of attention. In fact, many of these state-of-the-art recommender systems have been built on deep neural networks (DNNs). Recent studies have shown that these deep neural networks are vulnerable to attacks, such as data poisoning, which generate fake users to promote a selected set of items. Correspondingly, effective defense strategies have been developed to detect these generated users with fake profiles. Thus, new strategies of creating more ‘realistic’ user profiles to promote a set of items should be investigated to further understand the vulnerability of DNNs based recommender systems. In this work, we present a novel framework CopyAttack. It is a reinforcement learning based black-box attacking method that harnesses real users from a source domain by copying their profiles into the target domain with the goal of promoting a subset of items. CopyAttack is constructed to both efficiently and effectively learn policy gradient networks that first select, then further refine/craft user profiles from the source domain, and ultimately copy them into the target domain. CopyAttack’s goal is to maximize the hit ratio of the targeted items in the Top-k recommendation list of the users in the target domain. We conducted experiments on two real-world datasets and empirically verified the effectiveness of the proposed framework. The implementation of CopyAttack is available at https://github.com/wenqifan03/CopyAttack.

Recommender systems have been proved to be effective techniques to provide users with better experiences. However, when a recommender knows the user's preference characteristics or gets their sensitive information, then a series of privacy concerns are raised. A amount of solutions in the literature have been proposed to enhance privacy protection degree of recommender systems. Although the existing solutions have enhanced the protection, they led to a decrease in recommendation accuracy simultaneously. In this paper, we propose a security-aware hybrid recommendation method by combining the factorization and regression techniques. Specifically, the differential privacy mechanism is integrated into data pre-processing for data encryption. Firstly data are perturbed to satisfy differential privacy and transported to the recommender. Then the recommender calculates the aggregated data. However, applying differential privacy raises utility issues of low recommendation accuracy, meanwhile the use of a single model may cause overfitting. In order to tackle this challenge, we adopt a fusion prediction model by combining linear regression (LR) and matrix factorization (MF) for collaborative recommendation. With the MovieLens dataset, we evaluate the recommendation accuracy and regression of our recommender system and demonstrate that our system performs better than the existing recommender system under privacy requirement.

In a group shilling attack, attackers work collaboratively to inject fake profiles aiming to obtain desired recommendation result. This type of attacks is more harmful to recommender systems than individual shilling attacks. Previous studies pay much attention to detect individual attackers, and little work has been done on the detection of shilling groups. In this work, we introduce a topic modeling method of natural language processing into shilling attack detection and propose a shilling group detection method on the basis of hierarchical topic model. First, we model the given dataset to a series of user rating documents and use the hierarchical topic model to learn the specific topic distributions of each user from these rating documents to describe user rating behaviors. Second, we divide candidate groups based on rating value and rating time which are not involved in the hierarchical topic model. Lastly, we calculate group suspicious degrees in accordance with several indicators calculated through the analysis of user rating distributions, and use the k-means clustering algorithm to distinguish shilling groups. The experimental results on the Netflix and Amazon datasets show that the proposed approach performs better than baseline methods.

In the economics environment, Job Matching is always a challenge involving the evolution of knowledge and skills. A good matching of skills and jobs can stimulate the growth of economics. Recommender System (RecSys), as one kind of Job Matching, can help the candidates predict the future job relevant to their preferences. However, RecSys still has the problem of cold start and data sparsity. The content-based filtering in RecSys needs the adaptive data for the specific staffing tasks of Bidirectional Encoder Representations from Transformers (BERT). In this paper, we propose a job RecSys based on skills and locations using a domain-specific Knowledge Graph (KG). This system has three parts: a pipeline of Named Entity Recognition (NER) and Relation Extraction (RE) using BERT; a standardization system for pre-processing, semantic enrichment and semantic similarity measurement; a domain-specific Knowledge Graph (KG). Two different relations in the KG are computed by cosine similarity and Term Frequency-Inverse Document Frequency (TF-IDF) respectively. The raw data used in the staffing RecSys include 3000 descriptions of job offers from Indeed, 126 Curriculum Vitae (CV) in English from Kaggle and 106 CV in French from Linx of Capgemini Engineering. The staffing RecSys is integrated under an architecture of Microservices. The autonomy and effectiveness of the staffing RecSys are verified through the experiment using Discounted Cumulative Gain (DCG). Finally, we propose several potential research directions for this research.

The physical layer secret key generation exploiting wireless channel reciprocity has attracted considerable attention in the past two decades. On-going research have demonstrated its viability in various radio frequency (RF) systems. Most of existing work rely on quantization technique to convert channel measurements into digital binaries that are suitable for secret key generation. However, non-simultaneous packet exchanges in time division duplex systems and noise effects in practice usually create random channel measurements between two users, leading to inconsistent quantization results and mismatched secret bits. While significant efforts were spent in recent research to mitigate such non-reciprocity, no efficient method has been found yet. Unlike existing quantization-based approaches, we take a different viewpoint and perform the secret key agreement by solving a bipartite graph matching problem. Specifically, an efficient dual-permutation secret key generation method, DP-SKG, is developed to match the randomly permuted channel measurements between a pair of users by minimizing their discrepancy holistically. DP-SKG allows two users to generate the same secret key based on the permutation order of channel measurements despite the non-reciprocity over wireless channels. Extensive experimental results show that DP-SKG could achieve error-free key agreement on received signal strength (RSS) with a low cost under various scenarios.

Symbiotic radio (SR) has recently emerged as a promising technology to boost spectrum efficiency of wireless communications by allowing reflective communications underlying the active RF communications. In this paper, we leverage SR to boost physical layer security by using an array of passive reflecting elements constituting the intelligent reflecting surface (IRS), which is reconfigurable to induce diverse RF radiation patterns. In particular, by switching the IRS's phase shifting matrices, we can proactively create dynamic channel conditions, which can be exploited by the transceivers to extract common channel features and thus used to generate secret keys for encrypted data transmissions. As such, we firstly present the design principles for IRS-assisted key generation and verify a performance improvement in terms of the secret key generation rate (KGR). Our analysis reveals that the IRS's random phase shifting may result in a non-uniform channel distribution that limits the KGR. Therefore, to maximize the KGR, we propose both a heuristic scheme and deep reinforcement learning (DRL) to control the switching of the IRS's phase shifting matrices. Simulation results show that the DRL approach for IRS-assisted key generation can significantly improve the KGR.

The paradigm of quantum computation has led to the development of new algorithms as well variations on existing algorithms. In particular, novel cryptographic techniques based upon quantum computation are of great interest. Many classical encryption techniques naturally translate into the quantum paradigm because of their well-structured factorizations and the fact that they can be phased in the form of unitary operators. In this work, we demonstrate a quantum approach to data encryption and decryption based upon the McEliece cryptosystem using Reed-Muller codes. This example is of particular interest given that post-quantum analyses have highlighted this system as being robust against quantum attacks. Finally, in anticipation of quantum computation operating over binary fields, we discuss alternative operator factorizations for the proposed cryptosystem.

With China's overall national strength, the education of studying in China has entered a period of rapid development, and China has become one of the important destination countries for international student mobility. With political stability, rapid economic development, and continuous improvement in the quality of higher education, the educational value of studying in China is increasingly recognized by international students. International students study and live in the same way as domestic students. While the development of the Internet has brought convenience to people, it has also created many security risks. How to protect the information security of international students is the focus of this paper. This paper introduces the classification, characteristics and security risks of international students' personal information. In order to protect the private data of international students from being leaked, filtering rules are set in the campus network through WinRoute firewall to effectively prevent information from being leaked, tampered or deleted, which can be used for reference by other universities.

High-performance implementation of non-linear support vector machine (SVM) function is important in many applications. This paper develops a hardware design of Gaussian kernel function with high-performance since it is one of the most modules in non-linear SVM. The designed Gaussian kernel function consists of Norm unit and exponentiation function unit. The Norm unit uses fewer subtractors and multiplexers. The exponentiation function unit performs modified coordinate rotation digital computer algorithm with wide range of convergence and high accuracy. The presented circuit is implemented on a Xilinx field-programmable gate array platform. The experimental results demonstrate that the designed circuit achieves low resource utilization and high efficiency with relative error 0.0001.