Biblio

As we are living in the era of big data, high volumes of wide varieties of data which may be of different veracity (e.g., precise data, imprecise and uncertain data) are easily generated or collected at a high velocity in many real-life applications. Embedded in these big data is valuable knowledge and useful information, which can be discovered by big data science solutions. As a popular data science task, frequent pattern mining aims to discover implicit, previously unknown and potentially useful information and valuable knowledge in terms of sets of frequently co-occurring merchandise items and/or events. Many of the existing frequent pattern mining algorithms use a transaction-centric mining approach to find frequent patterns from precise data. However, there are situations in which an item-centric mining approach is more appropriate, and there are also situations in which data are imprecise and uncertain. Hence, in this paper, we present an item-centric algorithm for mining frequent patterns from big uncertain data. In recent years, big data have been gaining the attention from the research community as driven by relevant technological innovations (e.g., clouds) and novel paradigms (e.g., social networks). As big data are typically published online to support knowledge management and fruition processes, these big data are usually handled by multiple owners with possible secure multi-part computation issues. Thus, privacy and security of big data has become a fundamental problem in this research context. In this paper, we present, not only an item-centric algorithm for mining frequent patterns from big uncertain data, but also a privacy-preserving algorithm. In other words, we present- in this paper-a privacy-preserving item-centric algorithm for mining frequent patterns from big uncertain data. Results of our analytical and empirical evaluation show the effectiveness of our algorithm in mining frequent patterns from big uncertain data in a privacy-preserving manner.

This paper introduces a general framework for supporting data-driven privacy-preserving big data management in distributed environments, such as emerging Cloud settings. The proposed framework can be viewed as an alternative to classical approaches where the privacy of big data is ensured via security-inspired protocols that check several (protocol) layers in order to achieve the desired privacy. Unfortunately, this injects considerable computational overheads in the overall process, thus introducing relevant challenges to be considered. Our approach instead tries to recognize the "pedigree" of suitable summary data representatives computed on top of the target big data repositories, hence avoiding computational overheads due to protocol checking. We also provide a relevant realization of the framework above, the so-called Data-dRIven aggregate-PROvenance privacypreserving big Multidimensional data (DRIPROM) framework, which specifically considers multidimensional data as the case of interest.

The rise of Big Data is leading to an increasing demand for large-scale data-intensive applications (DIAs), which have to analyse massive amounts of personal data (e.g. customers' location, cars' speed, people heartbeat, etc.), some of which can be sensitive, meaning that its confidentiality has to be protected. In this context, DIA providers are responsible for enforcing privacy policies that account for the privacy preferences of data subjects as well as for general privacy regulations. This is the case, for instance, of data brokers, i.e. companies that continuously collect and analyse data in order to provide useful analytics to their clients. Unfortunately, the enforcement of privacy policies in modern DIAs tends to become cumbersome because (i) the number of policies can easily explode, depending on the number of data subjects, (ii) policy enforcement has to autonomously adapt to the application context, thus, requiring some non-trivial runtime reasoning, and (iii) designing and developing modern DIAs is complex per se. For the above reasons, we need specific design and runtime methods enabling so called privacy-by-design in a Big Data context. In this article we propose an approach for specifying, enforcing and checking privacy policies on DIAs designed according to the Google Dataflow model and we show that the enforcement approach behaves correctly in the considered cases and introduces a performance overhead that is acceptable given the requirements of a typical DIA.

As mobile devices and location-based services become increasingly ubiquitous, the privacy of mobile users' location traces continues to be a major concern. Traditional privacy solutions rely on perturbing each position in a user's trace and replacing it with a fake location. However, recent studies have shown that such point-based perturbation of locations is susceptible to inference attacks and suffers from serious utility losses, because it disregards the moving trajectory and continuity in full location traces. In this paper, we argue that privacy-preserving synthesis of complete location traces can be an effective solution to this problem. We present AdaTrace, a scalable location trace synthesizer with three novel features: provable statistical privacy, deterministic attack resilience, and strong utility preservation. AdaTrace builds a generative model from a given set of real traces through a four-phase synthesis process consisting of feature extraction, synopsis learning, privacy and utility preserving noise injection, and generation of differentially private synthetic location traces. The output traces crafted by AdaTrace preserve utility-critical information existing in real traces, and are robust against known location trace attacks. We validate the effectiveness of AdaTrace by comparing it with three state of the art approaches (ngram, DPT, and SGLT) using real location trace datasets (Geolife and Taxi) as well as a simulated dataset of 50,000 vehicles in Oldenburg, Germany. AdaTrace offers up to 3-fold improvement in trajectory utility, and is orders of magnitude faster than previous work, while preserving differential privacy and attack resilience.

Information Centric Networking (ICN) changed the communication model from host-based to content-based to cope with the high volume of traffic due to the rapidly increasing number of users, data objects, devices, and applications. ICN communication model requires new security solutions that will be integrated with ICN architectures. In this paper, we present a security framework to manage ICN traffic by detecting, preventing, and responding to ICN attacks. The framework consists of three components: availability, access control, and privacy. The availability component ensures that contents are available for legitimate users. The access control component allows only legitimate users to get restrictedaccess contents. The privacy component prevents attackers from knowing content popularities or user requests. We also show our specific solutions as examples of the framework components.

Real-time crowdsourced maps, such as Waze provide timely updates on traffic, congestion, accidents, and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based Sybil devices that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. To defend against Sybil devices, we propose a new approach based on co-location edges, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large proximity graphs that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and how they can be used to dramatically reduce the impact of the attacks. We have informed Waze/Google team of our research findings. Currently, we are in active collaboration with Waze team to improve the security and privacy of their system.

Today's emerging Industrial Internet of Things (IIoT) scenarios are characterized by the exchange of data between services across enterprises. Traditional access and usage control mechanisms are only able to determine if data may be used by a subject, but lack an understanding of how it may be used. The ability to control the way how data is processed is however crucial for enterprises to guarantee (and provide evidence of) compliant processing of critical data, as well as for users who need to control if their private data may be analyzed or linked with additional information - a major concern in IoT applications processing personal information. In this paper, we introduce LUCON, a data-centric security policy framework for distributed systems that considers data flows by controlling how messages may be routed across services and how they are combined and processed. LUCON policies prevent information leaks, bind data usage to obligations, and enforce data flows across services. Policy enforcement is based on a dynamic taint analysis at runtime and an upfront static verification of message routes against policies. We discuss the semantics of these two complementing enforcement models and illustrate how LUCON policies are compiled from a simple policy language into a first-order logic representation. We demonstrate the practical application of LUCON in a real-world IoT middleware and discuss its integration into Apache Camel. Finally, we evaluate the runtime impact of LUCON and discuss performance and scalability aspects.

It is well known that distributed cyber attacks simultaneously launched from many hosts have caused the most serious problems in recent years including problems of privacy leakage and denial of services. Thus, how to detect those attacks at early stage has become an important and urgent topic in the cyber security community. For this purpose, recognizing C&C (Command & Control) communication between compromised bots and the C&C server becomes a crucially important issue, because C&C communication is in the preparation phase of distributed attacks. Although attack detection based on signature has been practically applied since long ago, it is well-known that it cannot efficiently deal with new kinds of attacks. In recent years, ML(Machine learning)-based detection methods have been studied widely. In those methods, feature selection is obviously very important to the detection performance. We once utilized up to 55 features to pick out C&C traffic in order to accomplish early detection of DDoS attacks. In this work, we try to answer the question that "Are all of those features really necessary?" We mainly investigate how the detection performance moves as the features are removed from those having lowest importance and we try to make it clear that what features should be payed attention for early detection of distributed attacks. We use honeypot data collected during the period from 2008 to 2013. SVM(Support Vector Machine) and PCA(Principal Component Analysis) are utilized for feature selection and SVM and RF(Random Forest) are for building the classifier. We find that the detection performance is generally getting better if more features are utilized. However, after the number of features has reached around 40, the detection performance will not change much even more features are used. It is also verified that, in some specific cases, more features do not always means a better detection performance. We also discuss 10 important features which have the biggest influence on classification.

Drones are increasingly being used as mobile data collectors for various monitoring services. However, since they may move around in unattended hostile areas with valuable data, they can be the targets of malicious physical/cyber attacks. These attacks may aim at stealing privacy-sensitive data, including secret keys, and eavesdropping on communications between the drones and the ground station. To detect tampered drones, a code attestation technique is required. However, since attestation itself does not guarantee that the data in the drones' memory are not leaked, data collected by the drones must be protected and secret keys for secure communications must not be leaked. In this paper, we present a solution integrating techniques for software-based attestation, data encryption and secret key protection. We propose an attestation technique that fills up free memory spaces with data repositories. Data repositories consist of pseudo-random numbers that are also used to encrypt collected data. We also propose a group attestation scheme to efficiently verify the software integrity of multiple drones. Finally, to prevent secret keys from being leaked, we utilize a technique that converts short secret keys into large look-up tables. This technique prevents attackers from abusing free space in the data memory by filling up the space with the look-up tables. To evaluate the integrated solution, we implemented it on AR.Drone and Raspberry Pi.

Medical organizations find it challenging to adopt cloud-based electronic medical records services, due to the risk of data breaches and the resulting compromise of patient data. Existing authorization models follow a patient centric approach for EHR management where the responsibility of authorizing data access is handled at the patients' end. This however creates a significant overhead for the patient who has to authorize every access of their health record. This is not practical given the multiple personnel involved in providing care and that at times the patient may not be in a state to provide this authorization. Hence there is a need of developing a proper authorization delegation mechanism for safe, secure and easy cloud-based EHR management. We have developed a novel, centralized, attribute based authorization mechanism that uses Attribute Based Encryption (ABE) and allows for delegated secure access of patient records. This mechanism transfers the service management overhead from the patient to the medical organization and allows easy delegation of cloud-based EHR's access authority to the medical providers. In this paper, we describe this novel ABE approach as well as the prototype system that we have created to illustrate it.

In recent years, many users have uploaded data to the cloud for easy storage and sharing with other users. At the same time, security and privacy concerns for the data are growing. Attribute-based encryption (ABE) enables both data security and access control by defining users with attributes so that only those users who have matching attributes can decrypt them. For real-world applications of ABE, revocation of users or their attributes is necessary so that revoked users can no longer decrypt the data. In actual implementations, ABE is used in hybrid with a symmetric encryption scheme such as the advanced encryption standard (AES) where data is encrypted with AES and the AES key is encrypted with ABE. The hybrid encryption scheme requires re-encryption of the data upon revocation to ensure that the revoked users can no longer decrypt that data. To re-encrypt the data, the data owner (DO) must download the data from the cloud, then decrypt, encrypt, and upload the data back to the cloud, resulting in both huge communication costs and computational burden on the DO depending on the size of the data to be re-encrypted. In this paper, we propose an attribute-based proxy re-encryption method in which data can be re-encrypted in the cloud without downloading any data by adopting both ABE and Syalim's encryption scheme. Our proposed scheme reduces the communication cost between the DO and cloud storage. Experimental results show that the proposed method reduces the communication cost by as much as one quarter compared to that of the trivial solution.

The development of a robust strategy for network security is reliant upon a combination of in-house expertise and for completeness attack vectors used by attackers. A honeypot is one of the most popular mechanisms used to gather information about attacks and attackers. However, low-interaction honeypots only emulate an operating system and services, and are more prone to a fingerprinting attack, resulting in severe consequences such as revealing the identity of the honeypot and thus ending the usefulness of the honeypot forever, or worse, enabling it to be converted into a bot used to attack others. A number of tools and techniques are available both to fingerprint low-interaction honeypots and to defend against such fingerprinting; however, there is an absence of fingerprinting techniques to identify the characteristics and behaviours that indicate fingerprinting is occurring. Therefore, this paper proposes a fuzzy technique to correlate the attack actions and predict the probability that an attack is a fingerprinting attack on the honeypot. Initially, an experimental assessment of the fingerprinting attack on the low- interaction honeypot is performed, and a fingerprinting detection mechanism is proposed that includes the underlying principles of popular fingerprinting attack tools. This implementation is based on a popular and commercially available low-interaction honeypot for Windows - KFSensor. However, the proposed fuzzy technique is a general technique and can be used with any low-interaction honeypot to aid in the identification of the fingerprinting attack whilst it is occurring; thus protecting the honeypot from the fingerprinting attack and extending its life.

Smart Grid (SG) technology has been developing for years, which facilitates users with portable access to power through being applied in numerous application scenarios, one of which is the electric vehicle charging. In order to ensure the security of the charging process, users need authenticating with the smart meter for the subsequent communication. Although there are many researches in this field, few of which have endeavored to protect the anonymity and the untraceability of users during the authentication. Further, some studies consider the problem of user anonymity, but they are non-light-weight protocols, even some can not assure any fairness in key agreement. In this paper, we first points out that existing authentication schemes for Smart Grid are neither lack of critical security nor short of important property such as untraceability, then we propose a new two-factor lightweight user authentication scheme based on password and biometric. The authentication process of the proposed scheme includes four message exchanges among the user mobile, smart meter and the cloud server, and then a security one-time session key is generated for the followed communication process. Moreover, the scheme has some new features, such as the protection of the user's anonymity and untraceability. Security analysis shows that our proposed scheme can resist various well-known attacks and the performance analysis shows that compared to other three schemes, our scheme is more lightweight, secure and efficient.

Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.

Due to the rapid development of internet in our daily life, protecting privacy has become a focus of attention. To create privacy-preserving database and prevent illegal user access the database, oblivious transfer with access control (OTAC) was proposed, which is a cryptographic primitive that extends from oblivious transfer (OT). It allows a user to anonymously query a database where each message is protected by an access control policy and only if the user' s attribute satisfy that access control policy can obtain it. In this paper, we propose a new protocol for OTAC by using elliptic curve cryptography, which is more efficient compared to the existing similar protocols. In our scheme, we also preserves user's anonymity and ensures that the user's attribute is not disclosed to the sender. Additionally, our construction guarantees the user to verify the correctness of messages recovered at the end of each transfer phase.

With the pervasiveness of the Internet of Things (IoT) and the rapid progress of wireless communications, Wireless Body Area Networks (WBANs) have attracted significant interest from the research community in recent years. As a promising networking paradigm, it is adopted to improve the healthcare services and create a highly reliable ubiquitous healthcare system. However, the flourish of WBANs still faces many challenges related to security and privacy preserving. In such pervasive environment where the context conditions dynamically and frequently change, context-aware solutions are needed to satisfy the users' changing needs. Therefore, it is essential to design an adaptive access control scheme that can simultaneously authorize and authenticate users while considering the dynamic context changes. In this paper, we propose a context-aware access control and anonymous authentication approach based on a secure and efficient Hybrid Certificateless Signcryption (H-CLSC) scheme. The proposed scheme combines the merits of Ciphertext-Policy Attribute-Based Signcryption (CP-ABSC) and Identity-Based Broadcast Signcryption (IBBSC) in order to satisfy the security requirements and provide an adaptive contextual privacy. From a security perspective, it achieves confidentiality, integrity, anonymity, context-aware privacy, public verifiability, and ciphertext authenticity. Moreover, the key escrow and public key certificate problems are solved through this mechanism. Performance analysis demonstrates the efficiency and the effectiveness of the proposed scheme compared to benchmark schemes in terms of functional security, storage, communication and computational cost.

Connected cars have received massive attention in Intelligent Transportation System. Many potential services, especially safety-related ones, rely on spatial-temporal messages periodically broadcast by cars. Without a secure authentication algorithm, malicious cars may send out invalid spatial-temporal messages and then deny creating them. Meanwhile, a lot of private information may be disclosed from these spatial-temporal messages. Since cars move on expressways at high speed, any authentication must be performed in real-time to prevent crashes. In this paper, we propose a Fast and Anonymous Spatial-Temporal Trust (FastTrust) mechanism to ensure these properties. In contrast to most authentication protocols which rely on fixed infrastructures, FastTrust is distributed and mostly designed on symmetric-key cryptography and an entropy-based commitment, and is able to fast authenticate spatial-temporal messages. FastTrust also ensures the anonymity and unlinkability of spatial-temporal messages by developing a pseudonym-varying scheduling scheme on cars. We provide both analytical and simulation evaluations to show that FastTrust achieves the security and privacy properties. FastTrust is low-cost in terms of communication and computational resources, authenticating 20 times faster than existing Elliptic Curve Digital Signature Algorithm.

In spite of being a promising technology which will make our lives a lot easier we cannot be oblivious to the fact IoT is not safe from online threat and attacks. Thus, along with the growth of IoT we also need to work on its aspects. Taking into account the limited resources that these devices have it is important that the security mechanisms should also be less complex and do not hinder the actual functionality of the device. In this paper, we propose an ECC based lightweight authentication for IoT devices which deploy RFID tags at the physical layer. ECC is a very efficient public key cryptography mechanism as it provides privacy and security with lesser computation overhead. We also present a security and performance analysis to verify the strength of our proposed approach.

Anonymity networks provide privacy to the users by relaying their data to multiple destinations in order to reach the final destination anonymously. Multilayer of encryption is used to protect the users' privacy from attacks or even from the operators of the stations. In this research, we showed how flow analysis could be used to identify encrypted anonymity network traffic under four scenarios: (i) Identifying anonymity networks compared to normal background traffic; (ii) Identifying the type of applications used on the anonymity networks; (iii) Identifying traffic flow behaviors of the anonymity network users; and (iv) Identifying / profiling the users on an anonymity network based on the traffic flow behavior. In order to study these, we employ a machine learning based flow analysis approach and explore how far we can push such an approach.

Personal privacy is an important issue when publishing social network data. An attacker may have information to reidentify private data. So, many researchers developed anonymization techniques, such as k-anonymity, k-isomorphism, l-diversity, etc. In this paper, we focus on graph k-degree anonymity by editing edges. Our method is divided into two steps. First, we propose an efficient algorithm to find a new degree sequence with theoretically minimal edit cost. Second, we insert and delete edges based on the new degree sequence to achieve k-degree anonymity.

Nowadays, Vehicular ad hoc network confronts many challenges in terms of security and privacy, due to the fact that data transmitted are diffused in an open access environment. However, highest of drivers want to maintain their information discreet and protected, and they do not want to share their confidential information. So, the private information of drivers who are distributed in this network must be protected against various threats that may damage their privacy. That is why, confidentiality, integrity and availability are the important security requirements in VANET. This paper focus on security threat in vehicle network especially on the availability of this network. Then we regard the rational attacker who decides to lead an attack based on its adversary's strategy to maximize its own attack interests. Our aim is to provide reliability and privacy of VANET system, by preventing attackers from violating and endangering the network. to ensure this objective, we adopt a tree structure called attack tree to model the attacker's potential attack strategies. Also, we join the countermeasures to the attack tree in order to build attack-defense tree for defending these attacks.

Data privacy and security is a leading concern for providers and customers of cloud computing, where Virtual Machines (VMs) can co-reside within the same underlying physical machine. Side channel attacks within multi-tenant virtualized cloud environments are an established problem, where attackers are able to monitor and exfiltrate data from co-resident VMs. Virtualization services have attempted to mitigate such attacks by preventing VM-to-VM interference on shared hardware by providing logical resource isolation between co-located VMs via an internal virtual network. However, such approaches are also insecure, with attackers capable of performing network channel attacks which bypass mitigation strategies using vectors such as ARP Spoofing, TCP/IP steganography, and DNS poisoning. In this paper we identify a new vulnerability within the internal cloud virtual network, showing that through a combination of TAP impersonation and mirroring, a malicious VM can successfully redirect and monitor network traffic of VMs co-located within the same physical machine. We demonstrate the feasibility of this attack in a prominent cloud platform - OpenStack - under various security requirements and system conditions, and propose countermeasures for mitigation.

ARM devices (mobile phone, IoT devices) are getting more popular in our daily life due to the low power consumption and cost. These devices carry a huge number of user's private information, which attracts attackers' attention and increase the security risk. The operating systems (e.g., Android, Linux) works out many memory data protection strategies on user's private information. However, the monolithic OS may contain security vulnerabilities that are exploited by the attacker to get root or even kernel privilege. Once the kernel privilege is obtained by the attacker, all data protection strategies will be gone and user's private information can be taken away. In this paper, we propose a hardened memory data protection framework called H-Securebox to defeat kernel-level memory data stolen attacks. H-Securebox leverages ARM hardware virtualization technique to protect the data on the memory with hypervisor privilege. We designed three types H-Securebox for programing developers to use. Although the attacker may have kernel privilege, she can not touch private data inside H-Securebox, since hypervisor privilege is higher than kernel privilege. With the implementation of H-Securebox system assisting by a tiny hypervisor on Raspberry Pi2 development board, we measure the performance overhead of our system and do the security evaluations. The results positively show that the overhead is negligible and the malicious application with root or kernel privilege can not access the private data protected by our system.

Web attacks have proliferated across the whole Internet in recent years. To protect websites, security vendors and researchers collect attack information using web honeypots. However, web attackers can hide themselves by using stepping stones (e.g., VPN, encrypted proxy) or anonymous networks (e.g., Tor network). Conventional web honeypots lack an effective way to gather information about an attacker's identity, which raises a big obstacle for cybercrime traceability and forensics. Traditional forensics methods are based on traffic analysis; it requires that defenders gain access to the entire network. It is not suitable for honeypots. In this paper, we present the design, implementation, and deployment of the Micro-Honeypot, which aims to use the browser fingerprinting technique to track a web attacker. Traditional honeypot lure attackers and records attacker's activity. Micro-Honeypot is deployed in a honeypot. It will run and gather identity information when an attacker visits the honeypot. Our preliminary results show that Micro-Honeypot could collect more information and track attackers although they might have used proxies or anonymous networks to hide themselves.

There are different traditional approaches to handling a large number of computers or workstations in a campus setting, ranging from imaging to virtualized environments. The common factor among the traditional approaches is to have a user workstation with a local hard drive (nonvolatile storage), scratchpad volatile memory, a CPU (Central Processing Unit) and connectivity to access resources on the network. This paper presents the use of block streaming, normally used for storage, to serve operating system and applications on-demand over the network to a workstation, also referred to as a client, a client computer, or a client workstation. In order to avoid per seat licensing, an Open Source solution is used, and in order to minimize the field maintenance and meet security privacy constraints, a workstation need not have a permanent storage such as a hard disk drive. A complete blue print, based on performance analyses, is provided to determine the type of network architecture, servers, workstations per server, and minimum workstation configuration, suitable for supporting such a solution. The results of implementing the proposed solution campus wide, supporting more than 450 workstations, are presented as well.