Biblio

In many hostile military environments for instance war zone, unfriendly nature, etc., the systems perform on the specially promoted mode and nature which they tolerate the defined system network architecture. Preparation of Disruption-Tolerant systems (DTN) enhances the network between the remote devices which provided to the soldiers in the war zone, this situation conveys the reliable data transmission under scanner. Cipher text approach are based on the attribute based encryption which mainly acts on the attributes or role of the users, which is a successful cryptographic strategy to maintain the control issues and also allow reliable data transfer. Specially, the systems are not centralized and have more data constrained issues in the systems, implementing the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) was an important issue, where this strategy provides the new security and data protection approach with the help of the Key Revocation, Key Escrows and collaboration of the certain attributes with help of main Key Authorities. This paper mainly concentrates on the reliable data retrieval system with the help of CP-ABE for the Disruption-Tolerant Networks where multiple key authorities deal with respective attributes safely and securely. We performed comparison analysis on existing schemes with the recommended system components which are configured in the respective decentralized tolerant military system for reliable data retrieval.

With the rapid development of mobile internet, mobile devices are requiring more complex authorization policy to ensure an secure access control on mobile data. However mobiles have limited resources (computing, storage, etc.) and are not suitable to execute complex operations. Cloud computing is an increasingly popular paradigm for accessing powerful computing resources. Intuitively we can solve that problem by moving the complex access control process to the cloud and implement a fine-grained access control relying on the powerful cloud. However the cloud computation may not be trusted, a crucial problem is how to verify the correctness of such computations. In this paper, we proposed a public verifiable cloud access control scheme based on Parno's public verifiable computation protocol. For the first time, we proposed the conception and concrete construction of verifiable cloud access control. Specifically, we firstly design a user private key revocable Key Policy Attribute Based Encryption (KP-ABE) scheme with non-monotonic access structure, which can be combined with the XACML policy perfectly. Secondly we convert the XACML policy into the access structure of KP-ABE. Finally we construct a security provable public verifiable cloud access control scheme based on the KP-ABE scheme we designed.

Decentralized attribute-based encryption (ABE) is an efficient and flexible multi-authority attribute-based encryption system, since it does not requires the central authority and does not need to cooperate among the authorities for creating public parameters. Unfortunately, recent works show that the reality of the privacy preserving and security in almost well-known decentralized key policy ABE (KP-ABE) schemes are doubtful. How to construct a decentralized KP-ABE with the privacy-preserving and user collusion avoidance is still a challenging problem. Most recently, Y. Rahulamathavam et al. proposed a decentralized KP ABE scheme to try avoiding user collusion and preserving the user's privacy. However, we exploit the vulnerability of their scheme in this paper at first and present a collusion attack on their decentralized KP-ABE scheme. The attack shows the user collusion cannot be avoided. Subsequently, a new privacy-preserving decentralized KP-ABE is proposed. The proposed scheme avoids the linear attacks at present and achieves the user collusion avoidance. We also show that the security of the proposed scheme is reduced to decisional bilinear Diffie-Hellman assumption. Finally, numerical experiments demonstrate the efficiency and validity of the proposed scheme.

It is quite common nowadays for clients to outsource their personal data to a cloud service provider. However, it causes some new challenges in the area of data confidentiality and access control. Attribute-based encryption is a promising solution for providing confidentiality and fine-grained access control in a cloud-based cryptographic system. Moreover, in some cases, to preserve the privacy of clients and data, applying hidden access structures is required. Also, a data owner should be able to update his defined access structure at any time when he is online or not. As in several real-world application scenarios like e-health systems, the anonymity of recipients, and the possibility of updating access structures are two necessary requirements. In this paper, for the first time, we propose an attribute-based access control scheme with hidden access structures enabling the cloud to update access structures on expiry dates defined by a data owner.

Elliptic curve cryptography (ECC) has shorter key length than other asymmetric cryptography algorithms such as RSA with the same security level. Existing faults in cryptographic computations can cause faulty results. If a fault occurs during encryption, false information will be sent to the destination, in which case channel error detection codes are unable to detect the fault. In this paper, we consider the error detection in elliptic curve scalar multiplication point, which is the most important operation in ECC. Our technique is based on non-linear error detection codes. We consider an algorithm for scalar multiplication point proposed by Microsoft research group. The proposed technique in our methods has less overhead for additions (36.36%) and multiplications (34.84%) in total, compared to previous works. Also, the proposed method can detect almost 100% of injected faults.

IoT-based services are widely increasing due to their advantages such as economy, automation, and comfort. Smart cities are among major applications of IoT-based systems. However, security and privacy threats are vital issues challenging the utilization of such services. Connectivity nature, variety of data technology, and volume of data maintained through these systems make their security analysis a difficult process. Threat modeling is one the best practices for security analysis, especially for complex systems. This paper proposes a threat extraction method for IoT-based systems. We elaborate on a smart city scenario with three services including lighting, car parking, and waste management. Investigating on these services, firstly, we identify thirty-two distinct threat types. Secondly, we distinguish threat root causes by associating a threat to constituent parts of the IoT-based system. In this way, threat instances can be extracted using the proposed derivation rules. Finally, we evaluate our method on a smart car parking scenario as well as on an E-Health system and identify more than 50 threat instances in each cases to show that the method can be easily generalized for other IoT-based systems whose constituent parts are known.

Website fingerprinting attack is a kind of traffic analysis attack that aims to identify the URL of visited websites using the Tor browser. Previous website fingerprinting attacks were based on batch learning methods which assumed that the traffic traces of each website are independent and generated from the stationary probability distribution. But, in realistic scenarios, the websites' concepts can change over time (dynamic websites) that is known as concept drift. To deal with data whose distribution change over time, the classifier model must update its model permanently and be adaptive to concept drift. Streaming algorithms are dynamic models that have these features and lead us to make a comparison of various representative data stream classification algorithms for website fingerprinting. Given to our experiments and results, by considering streaming algorithms along with statistical flow-based network traffic features, the accuracy grows significantly.

Millions of news are being exchanged daily among people. With the appearance of the Internet, the way of broadcasting news has changed and become faster, however it caused many problems. For instance, the increase in the speed of broadcasting news leads to an increase in the speed of fake news creation. Fake news can have a huge impression on societies. Additionally, the existence of a central entity, such as news agencies, could lead to fraud in the news broadcasting process, e.g. generating fake news and publishing them for their benefits. Since Blockchain technology provides a reliable decentralized network, it can be used to publish news. In addition, Blockchain with the help of decentralized applications and smart contracts can provide a platform in which fake news can be detected through public participation. In this paper, we proposed a new method for sharing and analyzing news to detect fake news using Blockchain, called SANUB. SANUB provides features such as publishing news anonymously, news evaluation, reporter validation, fake news detection and proof of news ownership. The results of our analysis show that SANUB outperformed the existing methods.

Internet of Things is the newfound information architecture based on the Internet that develops interactions between objects and services in a secure and reliable environment. As the availability of many smart devices rises, secure and scalable mass storage systems for aggregate data is required in IoTs applications. In this paper, we propose a new method for storing aggregate data in IoTs by use of ( t, n) -threshold secret sharing scheme in the cloud storage. In this method, original data is divided into t blocks that each block is considered as a share. This method is scalable and traceable, i.e., new data can be inserted or part of original data can be deleted, without changing shares, also cloud service providers' fault in sending invalid shares are detectable.

Currently, packet data networks are widespread. Their architectural features allow constructing covert channels that are able to transmit covert data under the conditions of using standard protection measures. However, encryption or packets length normalization, leave the possibility for an intruder to transfer covert data via timing covert channels (TCCs). In turn, inter-packet delay (IPD) normalization leads to reducing communication channel capacity. Detection is an alternative countermeasure. At the present time, detection methods based on machine learning are widely studied. The complexity of TCCs detection based on machine learning depends on the availability of traffic samples, and on the possibility of an intruder to change covert channels parameters. In the current work, we explore the cases of TCCs detection via

Cloud Computing is the most promising paradigm in recent times. It offers a cost-efficient service to individual and industries. However, outsourcing sensitive data to entrusted Cloud servers presents a brake to Cloud migration. Consequently, improving the security of data access is the most critical task. As an efficient cryptographic technique, Ciphertext Policy Attribute Based Encryption(CP-ABE) develops and implements fine-grained, flexible and scalable access control model. However, existing CP-ABE based approaches suffer from some limitations namely revocation, data owner overhead and computational cost. In this paper, we propose a sliced revocable solution resolving the aforementioned issues abbreviated RS-CPABE. We applied splitting algorithm. We execute symmetric encryption with Advanced Encryption Standard (AES)in large data size and asymmetric encryption with CP-ABE in constant key length. We re-encrypt in case of revocation one single slice. To prove the proposed model, we expose security and performance evaluation.

In the era of the ever-growing number of smart devices, fraudulent practices through Phishing Websites have become an increasingly severe threat to modern computers and internet security. These websites are designed to steal the personal information from the user and spread over the internet without the knowledge of the user using the system. These websites give a false impression of genuinity to the user by mirroring the real trusted web pages which then leads to the loss of important credentials of the user. So, Detection of such fraudulent websites is an essence and the need of the hour. In this paper, various classifiers have been considered and were found that ensemble classifiers predict to utmost efficiency. The idea behind was whether a combined classifier model performs better than a single classifier model leading to a better efficiency and accuracy. In this paper, for experimentation, three Meta Classifiers, namely, AdaBoostM1, Stacking, and Bagging have been taken into consideration for performance comparison. It is found that Meta Classifier built by combining of simple classifier(s) outperform the simple classifier's performance.

Due to practical constraints in preventing phishing through public network or insecure communication channels, simple physical unclonable function (PDF)-based authentication protocol with unrestricted queries and transparent responses is vulnerable to modeling and replay attacks. In this paper, we present a PUF-based authentication method to mitigate the practical limitations in applications where a resource-rich server authenticates a device with no strong restriction imposed on the type of PUF designs or any additional protection on the binary channel used for the authentication. Our scheme uses an active deception protocol to prevent machine learning (ML) attacks on a device. The monolithic system makes collection of challenge response pairs (CRPs) easy for model building during enrollment but prohibitively time consuming upon device deployment. A genuine server can perform a mutual authentication with the device at any time with a combined fresh challenge contributed by both the server and the device. The message exchanged in clear does not expose the authentic CRPs. The false PUF multiplexing is fortified against prediction of waiting time by doubling the time penalty for every unsuccessful authentication.

Deep learning is a popular powerful machine learning solution to the computer vision tasks. The most criticized vulnerability of deep learning is its poor tolerance towards adversarial images obtained by deliberately adding imperceptibly small perturbations to the clean inputs. Such negatives can delude a classifier into wrong decision making. Previous defensive techniques mostly focused on refining the models or input transformation. They are either implemented only with small datasets or shown to have limited success. Furthermore, they are rarely scrutinized from the hardware perspective despite Artificial Intelligence (AI) on a chip is a roadmap for embedded intelligence everywhere. In this paper we propose a new discriminative noise injection strategy to adaptively select a few dominant layers and progressively discriminate adversarial from benign inputs. This is made possible by evaluating the differences in label change rate from both adversarial and natural images by injecting different amount of noise into the weights of individual layers in the model. The approach is evaluated on the ImageNet Dataset with 8-bit truncated models for the state-of-the-art DNN architectures. The results show a high detection rate of up to 88.00% with only approximately 5% of false positive rate for MobileNet. Both detection rate and false positive rate have been improved well above existing advanced defenses against the most practical noninvasive universal perturbation attack on deep learning based AI chip.

The real-time map updating enables vehicles to obtain accurate and timely traffic information. Especially for driverless cars, real-time map updating can provide high-precision map service to assist the navigation, which requires vehicles to actively upload the latest road conditions. However, due to the untrusted network environment, it is difficult for the real-time map updating server to evaluate the authenticity of the road information from the vehicles. In order to prevent malicious vehicles from deliberately spreading false information and protect the privacy of vehicles from tracking attacks, this paper proposes a trust-based real-time map updating scheme. In this scheme, the public key is used as the identifier of the vehicle for anonymous communication with conditional anonymity. In addition, the blockchain is applied to provide the existence proof for the public key certificate of the vehicle. At the same time, to avoid the spread of false messages, a trust evaluation algorithm is designed. The fog node can validate the received massages from vehicles using Bayesian Inference Model. Based on the verification results, the road condition information is sent to the real-time map updating server so that the server can update the map in time and prevent the secondary traffic accident. In order to calculate the trust value offset for the vehicle, the fog node generates a rating for each message source vehicle, and finally adds the relevant data to the blockchain. According to the result of security analysis, this scheme can guarantee the anonymity and prevent the Sybil attack. Simulation results show that the proposed scheme is effective and accurate in terms of real-time map updating and trust values calculating.

Distributed consensus is a prototypical distributed optimization and decision making problem in social, economic and engineering networked systems. In collaborative applications investigating the effects of adversaries is a critical problem. In this paper we investigate distributed consensus problems in the presence of adversaries. We combine key ideas from distributed consensus in computer science on one hand and in control systems on the other. The main idea is to detect Byzantine adversaries in a network of collaborating agents who have as goal reaching consensus, and exclude them from the consensus process and dynamics. We describe a novel trust-aware consensus algorithm that integrates the trust evaluation mechanism into the distributed consensus algorithm and propose various local decision rules based on local evidence. To further enhance the robustness of trust evaluation itself, we also introduce a trust propagation scheme in order to take into account evidences of other nodes in the network. The resulting algorithm is flexible and extensible, and can incorporate more complex designs of decision rules and trust models. To demonstrate the power of our trust-aware algorithm, we provide new theoretical security performance results in terms of miss detection and false alarm rates for regular and general trust graphs. We demonstrate through simulations that the new trust-aware consensus algorithm can effectively detect Byzantine adversaries and can exclude them from consensus iterations even in sparse networks with connectivity less than 2f+1, where f is the number of adversaries.

Modern large scale technical systems often face iterative changes on their behaviours with the requirement of validated quality which is not easy to achieve completely with traditional testing. Regression verification is a powerful tool for the formal correctness analysis of software-driven systems. By proving that a new revision of the software behaves similarly as the original version of the software, some of the trust that the old software and system had earned during the validation processes or operation histories can be inherited to the new revision. This trust inheritance by the formal analysis relies on a number of implicit assumptions which are not self-evident but easy to miss, and may lead to a false sense of safety induced by a misunderstood regression verification processes. This paper aims at pointing out hidden, implicit assumptions of regression verification in the context of cyber-physical systems by making them explicit using practical examples. The explicit trust inheritance analysis would clarify for the engineers to understand the extent of the trust that regression verification provides and consequently facilitate them to utilize this formal technique for the system validation.

Security challenges present in Machine-to-Machine Communication (M2M-C) and big data paradigm are fundamentally different from conventional network security challenges. In M2M-C paradigms, “Trust” is a vital constituent of security solutions that address security threats and for such solutions,it is important to quantify and evaluate the amount of trust in the information and its source. In this work, we focus on Machine Learning (ML) Based Trust (MLBT) evaluation model for detecting malicious activities in a vehicular Based M2M-C (VBM2M-C) network. In particular, we present an Entropy Based Feature Engineering (EBFE) coupled Extreme Gradient Boosting (XGBoost) model which is optimized with Binary Particle Swarm optimization technique. Based on three performance metrics, i.e., Accuracy Rate (AR), True Positive Rate (TPR), False Positive Rate (FPR), the effectiveness of the proposed method is evaluated in comparison to the state-of-the-art ensemble models, such as XGBoost and Random Forest. The simulation results demonstrates the superiority of the proposed model with approximately 10% improvement in accuracy, TPR and FPR, with reference to the attacker density of 30% compared with the start-of-the-art algorithms.

This work takes a novel approach to classifying the behavior of devices by exploiting the single-purpose nature of IoT devices and analyzing the complexity and variance of their network traffic. We develop a formalized measurement of complexity for IoT devices, and use this measurement to precisely tune an anomaly detection algorithm for each device. We postulate that IoT devices with low complexity lead to a high confidence in their behavioral model and have a correspondingly more precise decision boundary on their predicted behavior. Conversely, complex general purpose devices have lower confidence and a more generalized decision boundary. We show that there is a positive correlation to our complexity measure and the number of outliers found by an anomaly detection algorithm. By tuning this decision boundary based on device complexity we are able to build a behavioral framework for each device that reduces false positive outliers. Finally, we propose an architecture that can use this tuned behavioral model to rank each flow on the network and calculate a trust score ranking of all traffic to and from a device which allows the network to autonomously make access control decisions on a per-flow basis.

We consider distributed Kalman filter for dynamic state estimation over wireless sensor networks. It is promising but challenging when network is under cyber attacks. Since the information exchange between nodes, the malicious attacks quickly spread across the entire network, which causing large measurement errors and even to the collapse of sensor networks. Aiming at the malicious network attack, a trust-based distributed processing frame is proposed. Which allows neighbor nodes to exchange information, and a series of trusted nodes are found using truth discovery. As a demonstration, distributed Cooperative Localization is considered, and numerical results are provided to evaluate the performance of the proposed approach by considering random, false data injection and replay attacks.

Vehicular Ad-hoc Networks (VANETs) play an essential role in ensuring safe, reliable and faster transportation with the help of an Intelligent Transportation system. The trustworthiness of vehicles in VANETs is extremely important to ensure the authenticity of messages and traffic information transmitted in extremely dynamic topographical conditions where vehicles move at high speed. False or misleading information may cause substantial traffic congestions, road accidents and may even cost lives. Many approaches exist in literature to measure the trustworthiness of GPS data and messages of an Autonomous Vehicle (AV). To the best of our knowledge, they have not considered the trustworthiness of other On-Board Unit (OBU) components of an AV, along with GPS data and transmitted messages, though they have a substantial relevance in overall vehicle trust measurement. In this paper, we introduce a novel model to measure the overall trustworthiness of an AV considering four different OBU components additionally. The performance of the proposed method is evaluated with a traffic simulation model developed by Simulation of Urban Mobility (SUMO) using realistic traffic data and considering different levels of uncertainty.

A semi-quantum key distribution (SQKD) protocol allows two users A and B to establish a shared secret key that is secure against an all-powerful adversary E even when one of the users (e.g., B) is semi-quantum or classical in nature while the other is fully-quantum. A mediated SQKD protocol allows two semi-quantum users to establish a key with the help of an adversarial quantum server. We introduce the concept of a multi-mediated SQKD protocol where two (or more) adversarial quantum servers are used. We construct a new protocol in this model and show how it can withstand high levels of quantum noise, though at a cost to efficiency. We perform an information theoretic security analysis and, along the way, prove a general security result applicable to arbitrary MM-SQKD protocols. Finally, a comparison is made to previous (S)QKD protocols.

We consider information theoretic security in a two-hop combination network where there are groups of end users with distinct degrees of connectivity served by a layer of relays. The model represents a network set up with users having access to asymmetric resources, here the number of relays that they are connected to, yet demand security guarantees uniformly. We study two security constraints separately and simultaneously: secure delivery where the information must be kept confidential from an external entity that wiretaps the delivery phase; and secure caching where each cache-aided end-user can retrieve the file it requests and cannot obtain any information on files it does not. The achievable schemes we construct are multi-stage where each stage completes requests by a class of users.

In this work we introduce a novel QKD protocol capable of smoothly transitioning, via a user-tuneable parameter, from classical to semi-quantum in order to help understand the effect of quantum communication resources on secure key distribution. We perform an information theoretic security analysis of this protocol to determine what level of "quantumness" is sufficient to achieve security, and we discover some rather interesting properties of this protocol along the way.

We consider a setup in which the channel from Alice to Bob is less noisy than the channel from Eve to Bob. We show that there exist encoding and decoding which accomplish error correction and authentication simultaneously; that is, Bob is able to correctly decode a message coming from Alice and reject a message coming from Eve with high probability. The system does not require any secret key shared between Alice and Bob, provides information theoretic security, and can safely be composed with other protocols in an arbitrary context.