Biblio

Development of an intrusion detection system, which tries to detect signs of technology of malware, is discussed. The system can detect signs of technology of malware such as peer to peer (P2P) communication, DDoS attack, Domain Generation Algorithm (DGA), and network scanning. The system consists of beneficial botnet and the R statistical computing system. The beneficial botnet is a group of Wiki servers, agent bots and analyzing bots. The script in a Wiki page of the Wiki server controls an agent bot or an analyzing bot. An agent bot is placed between a LAN and its gateway. It can capture every packet between hosts in the LAN and hosts behind the gateway from the LAN. An analyzing bot can be placed anywhere in the LAN or WAN if it can communicate with the Wiki server for controlling the analyzing bot. The analyzing bot has R statistical computing system and it can analyze data which is collected by agent bots.

As the demand for smart devices in homes increases, more and more manufacturers have been launching these devices on a mass scale. But what they are missing out on is taking care of the security part of these IoT devices which results in a more vulnerable system. This paper presents an idea through a small-scale working model and the studies that made the same possible. IoT devices face numerous threats these days with the ease of access to powerful hacking tools such as aircrack-ng which provides services like monitoring, attacking and cracking Wifi networks. The essential thought of the proposed system is to give an idea of how some common attacks are carried out, how these attacks work and to device some form of prevention as an additional security layer for IoT devices in general. The system proposed here prevents most forms of attacks that target the victim IoT device using their MAC addresses. These include DoS and DDoS attacks, both of which are the main focus of this paper. This paper also points out some of the future research work that can be followed up.

Quantum computing is an emerging field that depends upon the basic properties of quantum physics and principles of classical systems. This leads a way to develop systems to solve complex problems that a classical system cannot do. In this article, we present simple methods to implement logic circuits using quantum gates. Logic gates and circuits are defined with quantum gates using Qiskit in Python. Later, they are verified with quantum circuits created by using IBM Quantum. Moreover, we propose a way of instantiating the basic logic circuits to design high-end logic expressions. As per our knowledge, the proposed simple approach may be helpful to solve the complex logical problems in near future.

As the core infrastructure of cloud data operation, exchange and storage, data centerneeds to ensure its security and reliability, which are the important prerequisites for the development of cloud computing. Due to various illegal accesses, attacks, viruses and other security threats, it is necessary to protect the boundary of cloud data center through security gateway. Since the traffic growing up to gigabyte level, the secure gateway must ensure high transmission efficiency and different network services to support the cloud services. In addition, data center is gradually evolving from IPv4 to IPv6 due to excessive consumption of IP addresses. Packet classification algorithm, which can divide packets into different specific streams, is very important for QoS, real-time data stream application and firewall. Therefore, it is necessary to design a high performance IPv6 packet classification algorithm suitable for security gateway.AsIPv6 has a128-bitIP address and a different packet structure compared with IPv4, the traditional IPv4 packet classification algorithm is not suitable properly for IPv6 situations. This paper proposes a fast packet classification algorithm for IPv6 - PCHA (packet classification based on hash andAdelson-Velsky-Landis Tree). It adopts the three flow classification fields of source IPaddress(SA), destination IPaddress(DA) and flow label(FL) in the IPv6 packet defined by RFC3697 to implement fast three-tuple matching of IPv6 packet. It is through hash matching of variable length IPv6 address and tree matching of shorter flow label. Analysis and testing show that the algorithm has a time complexity close to O(1) in the acceptable range of space complexity, which meets the requirements of fast classification of IPv6 packetsand can adapt well to the changes in the size of rule sets, supporting fast preprocessing of rule sets. Our algorithm supports the storage of 500,000 3-tuple rules on the gateway device and can maintain 75% of the performance of throughput for small packets of 78 bytes.

Logic encryption is a popular Design-for-Security(DfS) solution that offers protection against the potential adversaries in the third-party fab labs and end-users. However, over the years, logic encryption has been a target of several attacks, especially Boolean satisfiability attacks. This paper exploits SAT attack's inability of deobfuscating sequential circuits as a defense against it. We propose several strategies capable of preventing the SAT attack by obfuscating the scan-based Design-for-Testability (DfT) infrastructure. Unlike the existing SAT-resilient schemes, the proposed techniques do not suffer from poor output corruption for wrong keys. This paper also offers various probable solutions for inserting the key-gates into the circuit that ensures protection against numerous other attacks, which exploit weak key-gate locations. Along with several gate-level obfuscation strategies, this paper also presents a Cellular Automata (CA) guided FSM obfuscation strategy to offer protection at a higher abstraction level, that is, RTL-level. For all the proposed schemes, rigorous security analysis against various attacks evaluates their strengths and limitations. Testability analysis also ensures that none of the proposed techniques hamper the basic testing properties of the ICs. We also present a CA-based FSM watermarking strategy that helps to detect potential theft of the designer's IP by any adversary.

The globalization of IC manufacturing has increased the likelihood for IP providers to suffer financial and reputational loss from IP piracy. Logic locking prevents IP piracy by corrupting the functionality of an IP unless a correct secret key is inserted. However, existing logic-locking techniques can impose significant area overhead and performance impact (delay and power) on designs. In this work, we propose BISTLock, a logic-locking technique that utilizes built-in self-test (BIST) to isolate functional inputs when the circuit is locked. We also propose a set of security metrics and use the proposed metrics to quantify BISTLock's security strength for an open-source AES core. Our experimental results demonstrate that BISTLock is easy to implement and introduces an average of 0.74% area and no power or delay overhead across the set of benchmarks used for evaluation.

Achieving efficient and secure accesses to real-time information from the designated IoT node is the fundamental key requirement for the applications of the Internet of Things. However, IoT nodes are prone to physical attacks, public channels reveal the sensitive information, and gateways that manage the IoT nodes suffer from the single-point failure, thereby causing the security and privacy problems. In this paper, a blockchain-based user remote authentication scheme using physical unclonable functions (PUFs) is proposed to overcome these problems. The PUFs provide physically secure identities for the IoT nodes and the blockchain acts as a distributed database to manage the key materials reliably for gateways. The security analysis is conducted and shows that our scheme realizes reliable security features and resists various attacks. Furthermore, a prototype was implemented to prove our scheme is efficient, scalable, and suitable for IoT scenarios.

End-to-end encryption is now ubiquitous on the internet. By securing network communications with TLS, parties can insure that in-transit data remains inaccessible to collection and analysis. In the IoT domain however, end-to-end encryption can paradoxically decrease user privacy, as many IoT devices establish encrypted communications with the manufacturer's cloud backend. The content of these communications remains opaque to the user and in several occasions IoT devices have been discovered to exfiltrate private information (e.g., voice recordings) without user authorization. In this paper, we propose Inspection-Friendly TLS (IF-TLS), an IoT-oriented, TLS-based middleware protocol that preserves the encryption offered by TLS while allowing traffic analysis by middleboxes under the user's control. Differently from related efforts, IF-TLS is designed from the ground up for the IoT world, adding limited complexity on top of TLS and being fully controllable by the residential gateway. At the same time it provides flexibility, enabling the user to offload traffic analysis to either the gateway itself, or cloud-based middleboxes. We implemented a stable, Python-based prototype IF-TLS library; preliminary results show that performance overhead is limited and unlikely to affect quality-of-experience.

The contemporary IC supply chain depends heavily on third-party intellectual property (3PIP) that is integrated to in-house designs. As the correctness of such 3PIPs should be verified before integration, one important challenge for 3PIP vendors is proving the functionality of their designs while protecting the privacy of circuit implementations. In this work, we present Pythia that employs zero-knowledge proofs to enable vendors convince integrators about the functionality of a circuit without disclosing its netlist. Pythia automatically encodes netlists into zero knowledge-friendly format, evaluates them on different inputs, and proves correctness of outputs. We evaluate Pythia using the ISCAS'85 benchmark suite.

The Internet of Things technology has been used in a wide range of fields, ranging from industrial applications to individual lives. As a result, a massive amount of sensitive data is generated and transmitted by IoT devices. Those data may be accessed by a large number of complex users. Therefore, it is necessary to adopt an encryption scheme with access control to achieve more flexible and secure access to sensitive data. The Ciphertext Policy Attribute-Based Encryption (CP-ABE) can achieve access control while encrypting data can match the requirements mentioned above. However, the long ciphertext and the slow decryption operation makes it difficult to be used in most IoT devices which have limited memory size and computing capability. This paper proposes a modified CP-ABE scheme, which can implement the full security (adaptive security) under the access structure of AND gate. Moreover, the decryption overhead and the length of ciphertext are constant. Finally, the analysis and experiments prove the feasibility of our scheme.

The dummy-based method has been commonly used to protect the users location privacy in location-based services, since it can provide precise results and generally do not rely on a third party or key sharing. However, the close spatiotemporal correlation between the consecutively reported locations enables the adversary to identify some dummies, which lead to the existing dummy-based schemes fail to protect the users location privacy completely. To address this limit, this paper proposes a new algorithm to produce dummy location by generating dummy trajectory, which naturally takes into account of the spatiotemporal correlation all round. Firstly, the historical trajectories similar to the user's travel route are chosen as the dummy trajectories which depend on the distance between two trajectories with the help of home gateway. Then, the dummy is generated from the dummy trajectory by taking into account of time reachability, historical query similarity and the computation of in-degree/out-degree. Security analysis shows that the proposed scheme successfully perturbs the spatiotemporal correlation between neighboring location sets, therefore, it is infeasible for the adversary to distinguish the users real location from the dummies. Furthermore, extensive experiments indicate that the proposal is able to protect the users location privacy effectively and efficiently.

Security of personal data in the e-healthcare has always been challenging issue. The embedded and wearable devices used to collect these personal and critical data of the patients and users are sensitive in nature. Attribute-Based Encryption is believed to provide access control along with data security for distributed data among multiple parties. These resources limited devices do have the capabilities to secure the data while sending to the cloud but instead it increases the overhead and latency of running the encryption algorithm. On the top of if confidentiality is required, which will add more latency. In order to reduce latency and overhead, we propose a new load balancing algorithm that will distribute the data to nearby devices with available resources to encrypt the data and send it to the cloud. In this article, we are proposing a load balancing algorithm for E-Health system called (GALB). Our algorithm is based on Genetic Algorithm (GA). Our algorithm (GALB) distribute the tasks that received to the main gateway between the devices on E-health environment. The distribution strategy is based on the available resources in the devices, the distance between the gateway and the those devices, and the complexity of the task (size) and CP-ABE encryption policy length. In order to evaluate our algorithm performance, we compare the near optimal solution proposed by GALB with the optimal solution proposed by LP.

Learning-based approaches often outperform hand-coded algorithmic solutions for many problems in robotics. However, learning long-horizon tasks on real robot hardware can be intractable, and transferring a learned policy from simulation to reality is still extremely challenging. We present a novel approach to model-free reinforcement learning that can leverage existing sub-optimal solutions as an algorithmic prior during training and deployment. During training, our gated fusion approach enables the prior to guide the initial stages of exploration, increasing sample-efficiency and enabling learning from sparse long-horizon reward signals. Importantly, the policy can learn to improve beyond the performance of the sub-optimal prior since the prior's influence is annealed gradually. During deployment, the policy's uncertainty provides a reliable strategy for transferring a simulation-trained policy to the real world by falling back to the prior controller in uncertain states. We show the efficacy of our Multiplicative Controller Fusion approach on the task of robot navigation and demonstrate safe transfer from simulation to the real world without any fine-tuning. The code for this project is made publicly available at https://sites.google.com/view/mcf-nav/home.

Equivalence checking is one of the most scalable and useful verification techniques in industry. NULL Convention Logic (NCL) circuits utilize dual-rail signals (i.e., two wires to represent one bit of DATA), where the wires are inverses of each other during a DATA wavefront. In this paper, a technique that exploits this invariant at NCL register boundaries is proposed to improve the efficiency of equivalence verification of NCL circuits.

The growth of IoT devices during the last decade has led to the development of smart ecosystems, such as smart homes, prone to cyberattacks. Traditional security methodologies support to some extend the requirement for preserving privacy and security of such deployments, but their centralized nature in conjunction with low computational capabilities of smart home gateways make such approaches not efficient. Last achievements on blockchain technologies allowed the use of such decentralized architectures to support cybersecurity defence mechanisms. In this work, a blockchain framework is presented to support the cybersecurity mechanisms of smart homes installations, focusing on the immutability of users and devices that constitute such environments. The proposed methodology provides also the appropriate smart contracts support for ensuring the integrity of the smart home gateway and IoT devices, as well as the dynamic and immutable management of blocked malicious IPs. The framework has been deployed on a real smart home environment demonstrating its applicability and efficiency.

In the application scenarios of cloud computing, big data, and mobile Internet, covert and diverse network attacks have become a serious problem that threatens the security of enterprises and personal information assets. Abnormal network behaviour detection based on network behaviour characteristics has become an important means to protect network security. However, existing frameworks do not make full use of the characteristics of the correlation between continuous network behaviours, and do not use an algorithm that can process time-series data or process the original feature set into time-series data to match the algorithm. This paper proposes a time-series abnormal network behaviour detection framework. The framework consists of two parts: an algorithm model (DBN-BiGRU) that combines Deep Belief Network (DBN) and Bidirectional Gated Recurrent Unit (BiGRU), and a pre-processing scheme that processes the original feature analysis files of CICIDS2017 to good time-series data. This detection framework uses past and future behaviour information to determine current behaviours, which can improve accuracy, and can adapt to the large amount of existing network traffic and high-dimensional characteristics. Finally, this paper completes the training of the algorithm model and gets the test results. Experimental results show that the prediction accuracy of this framework is as high as 99.82%, which is better than the traditional frameworks that do not use time-series information.

With the rapid development of the Industrial Internet, the network security risks faced by industrial control systems (ICSs) are becoming more and more intense. How to do a good job in the security protection of industrial control systems is extremely urgent. For traditional network security, industrial control systems have some unique characteristics, which results in traditional intrusion detection systems that cannot be directly reused on it. Aiming at the industrial control system, this paper constructs all attack paths from the hacker's perspective through the attack tree model, and uses the LSTM algorithm to identify and classify the attack behavior, and then further classify the attack event by extracting atomic actions. Finally, through the constructed attack tree model, the results are reversed and predicted. The results show that the model has a good effect on attack recognition, and can effectively analyze the hacker attack path and predict the next attack target.

Information-Centric Networking (ICN) has attracted much attention as a promising future network design, which presents a paradigm shift from host-centric to content-centric. However, in edge computing scenarios, there is still no specific ICN forwarding mechanism to improve transmission performance. In this paper, we propose an edge-oriented forwarding mechanism (EFM) for edge computing scenarios. The rationale is to enable edge nodes smarter, such as acting as agents for both consumers and providers to improve content retrieval and distribution. On the one hand, EFM can assist consumers: the edge router can be used either as a fast content repository to satisfy consumers’ requests or as a smart delegate of consumers to request content from upstream nodes. On the other hand, EFM can assist providers: EFM leverages the optimized in-network recovery/retransmission to detect packet loss or even accelerate the content distribution. The goal of our research is to improve the performance of edge networks. Simulation results based on ndnSIM indicate that EFM can enable efficient content retrieval and distribution, friendly to both consumers and providers.

This paper discusses and demonstrates the construction of a quantum modular exponentiation circuit in the Qiskit simulator for use in Shor's Algorithm for integer factorization problem (IFP), which is deemed to be able to crack RSA cryptosystems when a large-qubit quantum computer exists. We base our implementation on Vedral, Barenco, and Ekert (VBE) proposal of quantum modular exponentiation, one of the firsts to explicitly provide the aforementioned circuit. Furthermore, we present an example simulation of how to construct a 7xmod 15 circuit in a step-by-step manner, giving clear and detailed information and consideration that currently not provided in the existing literature, and present the whole circuit for use in Shor's Algorithm. Our present simulation shows that the 4-bit VBE quantum modular exponentiation circuit can be constructed, simulated, and measured in Qiskit, while the Shor's Algorithm incorporating this VBE approach itself can be constructed but not yet simulated due to an overly large number of QASM instructions.

In this paper, an adaptive scan chain structure based plaintext analysis technique is proposed. The technology is implemented by three circuits, including adaptive scan chain circuit, plaintext analysis circuit and controller circuit. The plaintext is analyzed whether meet the characteristics of the differential cryptanalysis in the plaintext analysis module. The adaptive scan chain contains MUX, XOR and traditional scan chain, which is easy to implement. If the last bit of two plaintexts differs by one, the adaptive scan chain is controlled to input them into different scan chain. Compared with complicated scan chain, the structure of adaptive scan chain is variable and can mislead attackers who use differential cryptanalysis attack. Through experimental analysis, it is proved that the security of the adaptive scan chain structure is greatly improved.

With the increasing diversity of application needs (datacenters, IoT, content retrieval, industrial automation, etc.), new network architectures are continually being proposed to address specific and particular requirements. From a network management perspective, it is both important and challenging to enable evolution towards such new architectures. Given the ubiquity of the Internet, a clean-slate change of the entire infrastructure to a new architecture is impractical. It is believed that we will see new network architectures coming into existence with support for interoperability between separate architectural islands. We may have servers, and more importantly, content, residing in domains having different architectures. This paper presents COIN, a content-oriented interoperability framework for current and future Internet architectures. We seek to provide seamless connectivity and content accessibility across multiple of these network architectures, including the current Internet. COIN preserves each domain's key architectural features and mechanisms, while allowing flexibility for evolvability and extensibility. We focus on Information-Centric Networks (ICN), the prominent class of Future Internet architectures. COIN avoids expanding domain-specific protocols or namespaces. Instead, it uses an application-layer Object Resolution Service to deliver the right "foreign" names to consumers. COIN uses translation gateways that retain essential interoperability state, leverages encryption for confidentiality, and relies on domain-specific signatures to guarantee provenance and data integrity. Using NDN and MobilityFirst as important candidate solutions of ICN, and IP, we evaluate COIN. Measurements from an implementation of the gateways show that the overhead is manageable and scales well.

TV networks are no longer just closed networks. They are increasingly carrying Internet services, integrating and interoperating with home IoT and the Internet. In addition, client devices are becoming intelligent. At the same time, they are facing more security risks. Security incidents such as attacks on TV systems are commonplace, and there are many incidents that cause negative effects. The security protection of TV networks mainly adopts security protection schemes similar to other networks, such as constructing a security perimeter; there are few security researches specifically carried out for client-side devices. This paper focuses on the mainstream architecture of the integration of HFC TV network and the Internet, and conducts a comprehensive security test and analysis for client-side devices including EOC cable bridge gateways and smart TV Set-Top-BoX. Results show that the TV network client devices have severe vulnerabilities such as command injection and system debugging interfaces. Attackers can obtain the system control of TV clients without authorization. In response to the results, we put forward systematic suggestions on the client security protection of smart TV networks in current days.

We propose a high efficiency Early-Complete Brute Force Elimination method that speeds up the analysis flow of the Camouflage Integrated Circuit (IC). The proposed method is targeted for security qualification of the Camouflaged IC netlists in Intellectual Property (IP) protection. There are two main features in the proposed method. First, the proposed method features immediate elimination of the incorrect Camouflage gates combination for the rest of computation, concentrating the resources into other potential correct Camouflage gates combination. Second, the proposed method features early complete, i.e. revealing the correct Camouflage gates once all incorrect gates combination are eliminated, increasing the computation speed for the overall security analysis. Based on the Python programming platform, we implement the algorithm of the proposed method and test it for three circuits including ISCAS’89 benchmarks. From the simulation results, our proposed method, on average, features 71% lesser number of trials and 79% shorter run time as compared to the conventional method in revealing the correct Camouflage gates from the Camouflaged IC netlist.

We consider the problem of protecting cloud services from simultaneous white-box and black-box attacks. Recent research in cryptographic program obfuscation considers the problem of protecting the confidentiality of programs and any secrets in them. In this model, a provable program obfuscation solution makes white-box attacks to the program not more useful than black-box attacks. Motivated by very recent results showing successful black-box attacks to machine learning programs run by cloud servers, we propose and study the approach of augmenting the program obfuscation solution model so to achieve, in at least some class of application scenarios, program confidentiality in the presence of both white-box and black-box attacks.We propose and formally define encrypted-input program obfuscation, where a key is shared between the entity obfuscating the program and the entity encrypting the program's inputs. We believe this model might be of interest in practical scenarios where cloud programs operate over encrypted data received by associated sensors (e.g., Internet of Things, Smart Grid).Under standard intractability assumptions, we show various results that are not known in the traditional cryptographic program obfuscation model; most notably: Yao's garbled circuit technique implies encrypted-input program obfuscation hiding all gates of an arbitrary polynomial circuit; and very efficient encrypted-input program obfuscation for range membership programs and a class of machine learning programs (i.e., decision trees). The performance of the latter solutions has only a small constant overhead over the equivalent unobfuscated program.

Optical Code Division Multiple Access (OCDMA) is an inevitable innovation to cope up with the impediments of regularly expanding information traffic and numerous user accesses in optical systems. In Spectral Amplitude Coding (SAC)-OCDMA systems cross correlation and Multiple Access Interference (MAI) are utmost concerns. For eliminating the cross correlation, reducing the MAI and to enhance the security, in this work, all optical Diagonal Identity Matrices codes (DIM) with Zero Cross-Correlation (ZCC) and optical gating are presented. Chip rate of the proposed work is 0.03 ns and total 60 users are considered with semiconductor optical amplifier based AND operation. Effects of optical gating are analyzed in the presence/absence of eavesdropper in terms of Q factor and received extinction ratio. Proposed system has advantages for service provider because this is mapping free technique and can be easily designed for large number of users.