Biblio

This paper analyzes techniques to enable differential privacy by adding Laplace noise to healthcare data. First, as healthcare data contain natural constraints for data to take only integral values, we show that drawing only integral values does not provide differential privacy. In contrast, rounding randomly drawn values to the nearest integer provides differential privacy. Second, when a variable is constructed using two other variables, noise must be added to only one of them. Third, if the constructed variable is a fraction, then noise must be added to its constituent private variables, and not to the fraction directly. Fourth, the accuracy of analytics following noise addition increases with the privacy budget, ϵ, and the variance of the independent variable. Finally, the accuracy of analytics following noise addition increases disproportionately with an increase in the privacy budget when the variance of the independent variable is greater. Using actual healthcare data, we provide evidence supporting the two predictions on the accuracy of data analytics. Crucially, to enable accuracy of data analytics with differential privacy, we derive a relationship to extract the slope parameter in the original dataset using the slope parameter in the noisy dataset.

In the differential privacy clustering algorithm, the added random noise causes the clustering centroids to be shifted, which affects the usability of the clustering results. To address this problem, we design a differential privacy K-means clustering algorithm based on an adaptive allocation of privacy budget to the clustering effect: Adaptive Differential Privacy K-means (ADPK-means). The method is based on the evaluation results generated at the end of each iteration in the clustering algorithm. First, it dynamically evaluates the effect of the clustered sets at the end of each iteration by measuring the separation and tightness between the clustered sets. Then, the evaluation results are introduced into the process of privacy budget allocation by weighting the traditional privacy budget allocation. Finally, different privacy budgets are assigned to different sets of clusters in the iteration to achieve the purpose of adaptively adding perturbation noise to each set. In this paper, both theoretical and experimental results are analyzed, and the results show that the algorithm satisfies e-differential privacy and achieves better results in terms of the availability of clustering results for the three standard datasets.

Web services use server-side input sanitization to guard against harmful input. Some web services publish their sanitization logic to make their client interface more usable, e.g., allowing clients to debug invalid requests locally. However, this usability practice poses a security risk. Specifically, services may share the regexes they use to sanitize input strings - and regex-based denial of service (ReDoS) is an emerging threat. Although prominent service outages caused by ReDoS have spurred interest in this topic, we know little about the degree to which live web services are vulnerable to ReDoS. In this paper, we conduct the first black-box study measuring the extent of ReDoS vulnerabilities in live web services. We apply the Consistent Sanitization Assumption: that client-side sanitization logic, including regexes, is consistent with the sanitization logic on the server-side. We identify a service's regex-based input sanitization in its HTML forms or its API, find vulnerable regexes among these regexes, craft ReDoS probes, and pinpoint vulnerabilities. We analyzed the HTML forms of 1,000 services and the APIs of 475 services. Of these, 355 services publish regexes; 17 services publish unsafe regexes; and 6 services are vulnerable to ReDoS through their APIs (6 domains; 15 subdomains). Both Microsoft and Amazon Web Services patched their web services as a result of our disclosure. Since these vulnerabilities were from API specifications, not HTML forms, we proposed a ReDoS defense for a popular API validation library, and our patch has been merged. To summarize: in client-visible sanitization logic, some web services advertise Re-DoS vulnerabilities in plain sight. Our results motivate short-term patches and long-term fundamental solutions. “Make measurable what cannot be measured.” -Galileo Galilei

Populations move across regions in search of better living possibilities, better life outcomes or going away from problems that affected their lives in the previous region they lived in. In the United States of America, this problem has been happening over decades. Intelligent Conversational Text-based Agents, also called Chatbots, and Artificial Intelligence are increasingly present in our lives and over recent years, their presence has increased considerably, due to the usability cases and the familiarity they are wining constantly. Using NLP algorithms for law in accessible platforms allows scaling of users to access a certain level of law expert who could assist users in need. This paper describes the motivation and circumstances of this problem as well as the description of the development of an Intelligent Conversational Agent system that was used by immigrants in the USA so they could get answers to questions and get suggestions about better legal options they could have access to. This system has helped thousands of people, especially in California

CAPTCHAs are designed to prevent malicious bot programs from abusing websites. Most online service providers deploy audio CAPTCHAs as an alternative to text and image CAPTCHAs for visually impaired users. However, prior research investigating the security of audio CAPTCHAs found them highly vulnerable to automated attacks using Automatic Speech Recognition (ASR) systems. To improve the robustness of audio CAPTCHAs against automated abuses, we present the design and implementation of an audio adversarial CAPTCHA (aaeCAPTCHA) system in this paper. The aaeCAPTCHA system exploits audio adversarial examples as CAPTCHAs to prevent the ASR systems from automatically solving them. Furthermore, we conducted a rigorous security evaluation of our new audio CAPTCHA design against five state-of-the-art DNN-based ASR systems and three commercial Speech-to-Text (STT) services. Our experimental evaluations demonstrate that aaeCAPTCHA is highly secure against these speech recognition technologies, even when the attacker has complete knowledge of the current attacks against audio adversarial examples. We also conducted a usability evaluation of the proof-of-concept implementation of the aaeCAPTCHA scheme. Our results show that it achieves high robustness at a moderate usability cost compared to normal audio CAPTCHAs. Finally, our extensive analysis highlights that aaeCAPTCHA can significantly enhance the security and robustness of traditional audio CAPTCHA systems while maintaining similar usability.

ROS 2 is rapidly becoming a standard in the robotics industry. Built upon DDS as its default communication middleware and used in safety-critical scenarios, adding secu-rity to robots and ROS computational graphs is increasingly becoming a concern. The present work introduces SROS2, a series of developer tools and libraries that facilitate adding security to ROS 2 graphs. Focusing on a usability-centric approach in SROS2, we present a methodology for securing graphs systematically while following the DevSecOps model. We also demonstrate the use of our security tools by presenting an application case study that considers securing a graph using the popular Navigation2 and SLAM Toolbox stacks applied in a TurtieBot3 robot. We analyse the current capabilities of SROS2 and discuss the shortcomings, which provides insights for future contributions and extensions. Ultimately, we present SROS2 as usable security tools for ROS 2 and argue that without usability, security in robotics will be greatly impaired.

Robot Operating System 2 (ROS2) is the latest release of a framework for enabling robot applications. Data Distribution Service (DDS) middleware is used for communication between nodes in a ROS2 cluster. The DDS middleware provides a distributed discovery system, message definitions and serialization, and security. In ROS2, the DDS middleware is accessed through an abstraction layer, making it easy to switch from one implementation to another. The existing middleware implementations differ in a number of ways, e.g., in how they are supported in ROS2, in their support for the security features, their ease of use, their performance, and their interoperability. In this work, the focus is on the ease of use, interoperability, and security features aspects of ROS2 DDS middleware. We compare the ease of installation and ease of use of three different DDS middleware, and test the interoperability of different middleware combinations in simple deployment scenarios. We highlight the difference that enabling the security option makes to interoperability, and conduct performance experiments that show the effect that turning on security has on the communication performance. Our results provide guidelines for choosing and deploying DDS middleware on a ROS2 cluster.

This paper shows that the modern high customizable Xtensa architecture for embedded devices is exploitable by Return-Oriented Programming (ROP) attacks. We used a simple Hello-World application written with the RIOT OS as an almost minimal code basis for determining if the number of gadgets that can be found in this code base is sufficient to build a reasonably complex attack. We determined 859 found gadgets which are sufficient to create a gadget catalog for the Xtensa. Despite the code basis used being really small, the presented gadget catalog provides Turing completeness, which allows an arbitrary computation of any exploit program.

Due to the simplicity of implementation and high threat level, SQL injection attacks are one of the oldest, most prevalent, and most destructive types of security attacks on Web-based information systems. With the continuous development and maturity of artificial intelligence technology, it has been a general trend to use AI technology to detect SQL injection. The selection of the sample set is the deciding factor of whether AI algorithms can achieve good results, but dataset with tagged specific category labels are difficult to obtain. This paper focuses on data augmentation to learn similar feature representations from the original data to improve the accuracy of classification models. In this paper, deep convolutional generative adversarial networks combined with genetic algorithms are applied to the field of Web vulnerability attacks, aiming to solve the problem of insufficient number of SQL injection samples. This method is also expected to be applied to sample generation for other types of vulnerability attacks.

In response to the vulnerabilities in traditional perimeter-based network security, the zero trust framework is a promising approach to secure modern network systems and address the challenges. The core of zero trust security is agent-centric trust evaluation and trust-based security decisions. The challenges, however, arise from the limited observations of the agent's footprint and asymmetric information in the decision-making. An effective trust policy needs to tradeoff between the security and usability of the network. The explainability of the policy facilitates the human understanding of the policy, the trust of the result, as well as the adoption of the technology. To this end, we formulate a zero-trust defense model using Partially Observable Markov Decision Processes (POMDP), which captures the uncertainties in the observations of the defender. The framework leads to an explainable trust-threshold policy that determines the defense policy based on the trust scores. This policy is shown to achieve optimal performance under mild conditions. The trust threshold enables an efficient algorithm to compute the defense policy while providing online learning capabilities. We use an enterprise network as a case study to corroborate the results. We discuss key factors on the trust threshold and illustrate how the trust threshold policy can adapt to different environments.

Email-based phishing is still a widespread problem, that affects many users worldwide. Although many aspects of phishing have been extensively studied in the past, they mainly focus on the execution and prevention of different types of phishing and do not consider the process how attackers collect the contact information of potential victims. In this paper, we analyze the collection process of email addresses in more detail. Based on the results of this analysis, we propose email address separation as a way for users to detect phishing emails, and reason about its effectiveness against several typical types of phishing attacks. We find, that email address separation has the potential to greatly reduce the perceived authenticity of general phishing emails, that target a large amount of users, e.g., by impersonating a popular service and spreading malware or links to phishing websites. It is, however, not likely to prevent more sophisticated phishing attacks, that do not depend on the impersonation of a previously known organization or entity. Our results motivate further studies to analyze the usability and applicability of the proposed method, and to determine, whether address separation has additional positive effects on users’ phishing awareness or automated phishing detection.

Most of the existing calculation method of expert evaluation ability directly call data onto calculation, which leads to the risk of privacy leakage of expert review information and affects the peer review environment. With regard to this problem, a privacy protection method of experts' evaluation ability calculation of peer review is proposed. Privacy protection and data usability are adjusted according to privacy preferences. Using Gauss distribution and combining with the distributive law of real evaluation data, the virtual projects are generated, and the project data are anonymized according to the virtual projects. Laplace distribution is used to add noise to the evaluation sub score for perturbation, and the evaluation data are obfuscation according to the perturbation sub score. Based on the protected project data and evaluation data, the expert evaluation ability is calculated, and the review privacy is protected. The experimental results show that the proposed method can effectively balance the privacy protection and the accuracy of the calculation results.

The semaphore mechanism is an important part of the embedded operating system. Therefore, it is very necessary to ensure its safety. Traditional software testing methods are difficult to ensure 100% coverage of the program. Therefore, it is necessary to adopt a formal verfication method which proves the correctness of the program theoretically. This paper proposes a proof framework based on the theorem proof tool Coq: modeling the semaphore mechanism, extracting important properties from the requirement documents, and finally verifying that the semaphore mechanism can meet these properties, which means the correctness of the semaphore mechanism is proved and also illustrates the feasibility of the verification framework proposed in this paper, which lays a foundation for the verification of other modules of operating systems.

System recommendation is currently on the rise: more and more e-commerce rely on this feature to give more privilege to their users. However, system recommendation still faces a lot of problems that can lead to its downfall. For instance, the cold start problem and lack of privacy for user’s data in system recommendation will make the quality of this system lesser than ever. Moreover, e-commerce also faces another significant issue which is the lack of social presence. Compared to offline shopping, online shopping in e-commerce may be seen as lacking human presence and sociability as it is more impersonal, cold, automated, and generally devoid of face-to-face interactions. Hence, all of those issues mentioned above may lead to the regression of user’s trust toward e-commerce itself. This study will focus on solving those problems using conversational design interaction in the form of a Virtual Agent. This Virtual Agent can help e-commerce gather user preferences and give clear and direct information regarding the use of user’s data as well as help the user find products, promo, or similar products that they seek in e-commerce. The final result of this solution is a high fidelity prototype designed using User-Centered Design Methodology and Natural Conversational Framework. The implementation of this solution is carried out in Shopee e-commerce by modifying their product recommendation system. This prototype was measured using the usability testing method for usability goals efficient to use and user experience goals helpful.

Fully Homomorphic Encryption (FHE) allows a third party to perform arbitrary computations on encrypted data, learning neither the inputs nor the computation results. Hence, it provides resilience in situations where computations are carried out by an untrusted or potentially compromised party. This powerful concept was first conceived by Rivest et al. in the 1970s. However, it remained unrealized until Craig Gentry presented the first feasible FHE scheme in 2009.The advent of the massive collection of sensitive data in cloud services, coupled with a plague of data breaches, moved highly regulated businesses to increasingly demand confidential and secure computing solutions. This demand, in turn, has led to a recent surge in the development of FHE tools. To understand the landscape of recent FHE tool developments, we conduct an extensive survey and experimental evaluation to explore the current state of the art and identify areas for future development.In this paper, we survey, evaluate, and systematize FHE tools and compilers. We perform experiments to evaluate these tools’ performance and usability aspects on a variety of applications. We conclude with recommendations for developers intending to develop FHE-based applications and a discussion on future directions for FHE tools development.

Threats and risks against supply chains are increasing and a framework to add the trustworthiness of supply chain has been considered. In this framework, organisations in the supply chain validate the conformance to the pre-defined requirements. The results of validations are linked each other to achieve the trustworthiness of the entire supply chain. In this paper, we further consider this framework for data supply chains. First, we implement the framework and evaluate the performance. The evaluation shows 500 digital evidences (logs) can be checked in 0.28 second. We also propose five methods to improve the performance as well as five new functionalities to improve usability. With these functionalities, the framework also supports maintaining the certificate chain.

Authentication, forms an important step in any security system to allow access to resources that are to be restricted. In this paper, we propose a novel artificial intelligence-assisted risk-based two-factor authentication method. We begin with the details of existing systems in use and then compare the two systems viz: Two Factor Authentication (2FA), Risk-Based Two Factor Authentication (RB-2FA) with each other followed by our proposed AIA-RB-2FA method. The proposed method starts by recording the user features every time the user logs in and learns from the user behavior. Once sufficient data is recorded which could train the AI model, the system starts monitoring each login attempt and predicts whether the user is the owner of the account they are trying to access. If they are not, then we fallback to 2FA.

CAPTCHA or Completely Automated Public Turing test to Tell Computers and Humans Apart is a technique to distinguish between humans and computers by generating and evaluating tests that can be passed by humans but not computer bots. However, captchas are not foolproof, and they can be bypassed which raises security concerns. Hence, sites over the internet remain open to such vulnerabilities. This research paper identifies the vulnerabilities found in some of the commonly used captcha schemes by cracking them using Deep Learning techniques. It also aims to provide solutions to safeguard against these vulnerabilities and provides recommendations for the generation of secure captchas.

Data provenance (keeping track of who did what, where, when and how) boasts of various attractive use cases for distributed systems, such as intrusion detection, forensic analysis and secure information dependability. This potential, however, can only be realized if provenance is accessible by its primary stakeholders: the end-users. Existing provenance systems are designed in a `all-or-nothing' fashion, making provenance inaccessible, difficult to extract and crucially, not controlled by its key stakeholders. To mitigate this, we propose that provenance be separated into system, data-specific and file-metadata provenance. Furthermore, we expand data-specific provenance as changes at a fine-grain level, or provenance-per-change, that is recorded alongside its source. We show that with the use of delta-encoding, provenance-per-change is viable, asserting our proposed architecture to be effectively realizable.

Rescue robots are expected to soon become commonplace at disaster sites, where they are increasingly being deployed to provide rescuers with improved access and intervention capabilities while mitigating risks. The presence of robots in operation areas, however, is likely to carry a layer of additional ethical complexity to situations that are already ethically challenging. In addition, limited guidance is available for ethically informed, practical decision-making in real-life disaster settings, and specific ethics training programs are lacking. The contribution of this paper is thus to propose a tool aimed at supporting ethics training for rescuers operating with rescue robots. To this end, we have designed an interactive text-based simulation. The simulation was developed in Python, using Tkinter, Python's de-facto standard GUI. It is designed in accordance with the Case-Based Learning approach, a widely used instructional method that has been found to work well for ethics training. The simulation revolves around a case grounded in ethical themes we identified in previous work on ethical issues in rescue robotics: fairness and discrimination, false or excessive expectations, labor replacement, safety, and trust. Here we present the design of the simulation and the results of usability testing.

With the rise of the cloud computing and services, the network environments tend to be more complex and enormous. Security control becomes more and more hard due to the frequent and various access and requests. There are a few techniques to solve the problem which developed separately in the recent years. Network Micro-Segmentation provides the system the ability to keep different parts separated. Zero Trust Model ensures the network is access to trusted users and business by applying the policy that verify and authenticate everything. With the combination of Segmentation and Zero Trust Model, a system will obtain the ability to control the access to organizations' or industrial valuable assets. To implement the cooperation, the paper designs a strategy named light verification to help the process to be painless for the cost of inspection. The strategy was found to be effective from the perspective of the technical management, security and usability.

Multi-factor authentication (MFA) systems are being deployed for user authentication in online and personal device systems, whereas physical spaces mostly rely on single-factor authentication; examples are entering offices and homes, airport security, and classroom attendance. The Internet of Things (IoT) growth and market interest has created a diverse set of low-cost and flexible sensors and actuators that can be used for MFA. However, combining multiple authentication factors in a physical space adds several challenges, such as complex deployment, reduced usability, and increased energy consumption. We introduce MAFIA (Multi-layered Architecture For IoT-based Authentication), a novel architecture for co-located user authentication composed of multiple IoT devices. In MAFIA, we improve the security of physical spaces while considering usability, privacy, energy consumption, and deployment complexity. MAFIA is composed of three layers that define specific purposes for devices, guiding developers in the authentication design while providing a clear understanding of the trade-offs for different configurations. We describe a case study for an Automated Classroom Attendance System, where we evaluated three distinct types of authentication setups and showed that the most secure setup had a greater usability penalty, while the other two setups had similar attributes in terms of security, privacy, complexity, and usability but varied highly in their energy consumption.

Recently, phishing attacks have taking a new dimension with the addition of quick response code to phishing attacks vectors. Quick response code phishing attack is when an attacker lures its victims to voluntarily divulge personal information such as password, personal identification number, username and other information such as online banking details through the use of quick response code. This attack is on the rise as more and more people have adopted mobile phone usage not just for communication only but to perform transaction seamlessly. The ease of creation and use of quick response code has made it easily acceptable to both provider of goods and services and consumers. This attack is semantic as it exploits human vulnerabilities; as users can hardly know what is hidden in the quick response code before usage. This study reviewed various methodologies that earlier researcher have used to detect this semantic-based attack of phishing. The strength of each methodology, its weakness and general research gaps identified.

The advancing information technology is playing more and more important role in data mining of relational database.1 The transfer and sharing of databases cause the copyright-related security threats. Database watermarking technology can effectively solve the problem with copyright protection and traceability, which has been attracting researchers' attention. In this paper, we proposed a novel, robust and reversible database watermarking technique, named histogram shifting watermarking based on random forest and genetic algorithm (RF-GAHCSW). It greatly improves the watermark capacity by means of histogram width reduction and eliminates the impact of the prediction error attack. Meanwhile, random forest algorithm is used to select important attributes for watermark embedding, and genetic algorithm is employed to find the optimal secret key for the database grouping and determine the position of watermark embedding to improve the watermark capacity and reduce data distortion. The experimental results show that the robustness of RF-GAHCSW is greatly improved, compared with the original HSW, and the distortion has little effect on the usability of database.

The analysis of large-scale software and finding security vulnerabilities while its evolving is difficult without using supplementary tools, because of the size and complexity of today's systems. However just by looking at a report, doesn't transmit the overall picture of the system in terms of security vulnerabilities and its evolution throughout the project lifecycle. Software visualization is a program comprehension technique used in the context of the present and explores large amounts of information precisely. For the analysis of security vulnerabilities of complex software systems, Secure Codecity with Evolution is an interactive 3D visualization tool that can be utilized. Its studies techniques and methods are used for graphically illustrating security aspects and the evolution of software. The Main goal of the proposed Framework defined as uplift, simplify, and clarify the mental representation that a software engineer has of a software system and its evolution in terms of its security. Static code was visualised based on a city metaphor, which represents classes as buildings and packages as districts of a city. Identified Vulnerabilities were represented in a different color according to the severity. To visualize a number of different aspects, A large variety of options were given. Users can evaluate the evolution of the security vulnerabilities of a system on several versions using Matrices provided which will help users go get an overall understanding about security vulnerabilities varies with different versions of software. This framework was implemented using SonarQube for software vulnerability detection and ThreeJs for implementing the City Metaphor. The evaluation results evidently show that our framework surpasses the existing tools in terms of accuracy, efficiency and usability.