Biblio

We study a problem of covert communication over binary symmetric channels (BSC) in an asynchronous setup. Here, Alice seeks to communicate to Bob over a BSC while trying to be covert with respect to Willie, who observes any communication through possibly a different BSC. When Alice communicates, she transmits a message (using a codeword of length n) at a random time uniformly distributed in a window of size Aw slots. We assume that Bob has side information about the time of transmission leading to a reduced uncertainty of Ab slots for Bob, where \$A\_b$\backslash$lt A\_w\$. In this setup, we seek to characterize the limits of covert communication as a function of the timing advantage. When Aw is increasing exponentially in n, we characterize the covert capacity as a function of Aw and Ab. When Aw is increasing sub-exponentially in n, we characterize lower and upper bounds on achievable covert bits and show that positive covert rates are not feasible irrespective of timing advantage. Using numerical work, we illustrate our results for different network scenarios, and also highlight a tradeoff between timing advantage and channel advantage (between Bob and Willie).

This paper considers the covert identification problem in which a sender aims to reliably convey an identification (ID) message to a set of receivers via a binary-input discrete memoryless channel (BDMC), and simultaneously to guarantee that the communication is covert with respect to a warden who monitors the communication via another independent BDMC. We prove a square-root law for the covert identification problem. This states that an ID message of size exp(exp($\Theta$($\surd$ n)) can be transmitted over n channel uses. We then characterize the exact pre-constant in the $\Theta$($\cdot$) notation. This constant is referred to as the covert identification capacity. We show that it equals the recently developed covert capacity in the standard covert communication problem, and somewhat surprisingly, the covert identification capacity can be achieved without any shared key between the sender and receivers. The achievability proof relies on a random coding argument with pulse-position modulation (PPM), coupled with a second stage which performs code refinements. The converse proof relies on an expurgation argument as well as results for channel resolvability with stringent input constraints.

The Digital Signature Algorithm (DSA) is a representative of a family of digital signature algorithms that are known to have a number of subliminal channels for covert data transmission. The capacity of these channels stretches from several bits (narrowband channels) to about 256 or so bits (a broadband channel). There are a couple of methods described in the literature to prevent the usage of the broadband channel with the help of a warden. In the present paper, we discuss some weaknesses of the known methods and suggest a solution that is free of the weaknesses and eliminates the broadband covert channel. Our solution also requires a warden who does not participate in signature generation and is able to check any signed message for the absence of the covert communication.

Covert communications enable a transmitter to send information reliably in the presence of an adversary, who looks to detect whether the transmission took place or not. We consider covert communications over quasi-static block fading channels, where users suffer from channel uncertainty. We investigate the adversary Willie's optimal detection performance in two extreme cases, i.e., the case of perfect channel state information (CSI) and the case of channel distribution information (CDI) only. It is shown that in the large detection error regime, Willie's detection performances of these two cases are essentially indistinguishable, which implies that the quality of CSI does not help Willie in improving his detection performance. This result enables us to study the covert transmission design without the need to factor in the exact amount of channel uncertainty at Willie. We then obtain the optimal and suboptimal closed-form solution to the covert transmission design. Our result reveals fundamental difference in the design between the case of quasi-static fading channel and the previously studied case of non-fading AWGN channel.

Nowadays a huge amount of sensitive information is sending via packet data networks and its security doesn't provided properly. Very often information leakage causes huge damage to organizations. One of the mechanisms to cause information leakage when it transmits through a communication channel is to construct a covert channel. Everywhere used packet networks provide huge opportunities for covert channels creating, which often leads to leakage of critical data. Moreover, covert channels based on packet length modifying can function in a system even if traffic encryption is applied and there are some data transfer schemes that are difficult to detect. The purpose of the paper is to construct and examine a normalization protection tool against covert channels. We analyze full and partial normalization, propose estimation of the residual covert channel capacity in a case of counteracting and determine the best parameters of counteraction tool.

Web technologies are typically built with time constraints and security vulnerabilities. Automatic software vulnerability scanners are common tools for detecting such vulnerabilities among software developers. It helps to illustrate the program for the attacker by creating a great deal of engagement within the program. SQL Injection and Cross-Site Scripting (XSS) are two of the most commonly spread and dangerous vulnerabilities in web apps that cause to the user. It is very important to trust the findings of the site vulnerability scanning software. Without a clear idea of the accuracy and the coverage of the open-source tools, it is difficult to analyze the result from the automatic vulnerability scanner that provides. The important to do a comparison on the key figure on the automated vulnerability scanners because there are many kinds of a scanner on the market and this comparison can be useful to decide which scanner has better performance in term of SQL Injection and Cross-Site Scripting (XSS) vulnerabilities. In this paper, a method by Jose Fonseca et al, is used to compare open-source automated vulnerability scanners based on detection coverage and a method by Yuki Makino and Vitaly Klyuev for precision rate. The criteria vulnerabilities will be injected into the web applications which then be scanned by the scanners. The results then are compared by analyzing the precision rate and detection coverage of vulnerability detection. Two leading open source automated vulnerability scanners will be evaluated. In this paper, the scanner that being utilizes is OW ASP ZAP and Skipfish for comparison. The results show that from precision rate and detection rate scope, OW ASP ZAP has better performance than Skipfish by two times for precision rate and have almost the same result for detection coverage where OW ASP ZAP has a higher number in high vulnerabilities.

Internet of Things (IoT) devices have rooted themselves in the everyday life of billions of people. Thus, researchers have applied automated bug finding techniques to improve their overall security. However, due to the difficulties in extracting and emulating custom firmware, black-box fuzzing is often the only viable analysis option. Unfortunately, this solution mostly produces invalid inputs, which are quickly discarded by the targeted IoT device and do not penetrate its code. Another proposed approach is to leverage the companion app (i.e., the mobile app typically used to control an IoT device) to generate well-structured fuzzing inputs. Unfortunately, the existing solutions produce fuzzing inputs that are constrained by app-side validation code, thus significantly limiting the range of discovered vulnerabilities.In this paper, we propose a novel approach that overcomes these limitations. Our key observation is that there exist functions inside the companion app that can be used to generate optimal (i.e., valid yet under-constrained) fuzzing inputs. Such functions, which we call fuzzing triggers, are executed before any data-transforming functions (e.g., network serialization), but after the input validation code. Consequently, they generate inputs that are not constrained by app-side sanitization code, and, at the same time, are not discarded by the analyzed IoT device due to their invalid format. We design and develop Diane, a tool that combines static and dynamic analysis to find fuzzing triggers in Android companion apps, and then uses them to fuzz IoT devices automatically. We use Diane to analyze 11 popular IoT devices, and identify 11 bugs, 9 of which are zero days. Our results also show that without using fuzzing triggers, it is not possible to generate bug-triggering inputs for many devices.

Redaction of personal, confidential and sensitive information from documents is becoming increasingly important for individuals and organizations. In past years, there have been many well-publicized cases of data leaks from various popular companies. When the data contains sensitive information, these leaks pose a serious threat. To protect and conceal sensitive information, many companies have policies and laws about processing and sanitizing sensitive information in business documents.The traditional approach of manually finding and matching millions of words and then redacting is slow and error-prone. This paper examines different models to automate the identification and redaction of personal and sensitive information contained within the documents using named entity recognition. Sensitive entities example person’s name, bank account details or Aadhaar numbers targeted for redaction, are recognized based on the file’s content, providing users with an interactive approach to redact the documents by changing selected sensitive terms.

With the advance in artificial intelligence and high-dimensional data analysis, federated learning (FL) has emerged to allow distributed data providers to collaboratively learn without direct access to local sensitive data. However, limiting access to individual provider’s data inevitably incurs security issues. For instance, backdoor attacks, one of the most popular data poisoning attacks in FL, severely threaten the integrity and utility of the FL system. In particular, backdoor attacks launched by multiple collusive attackers, i.e., distributed backdoor attacks, can achieve high attack success rates and are hard to detect. Existing defensive approaches, like model inspection or model sanitization, often require to access a portion of local training data, which renders them inapplicable to the FL scenarios. Recently, the norm clipping approach is developed to effectively defend against distributed backdoor attacks in FL, which does not rely on local training data. However, we discover that adversaries can still bypass this defense scheme through robust training due to its unchanged norm clipping threshold. In this paper, we propose a novel defense scheme to resist distributed backdoor attacks in FL. Particularly, we first identify that the main reason for the failure of the norm clipping scheme is its fixed threshold in the training process, which cannot capture the dynamic nature of benign local updates during the global model’s convergence. Motivated by it, we devise a novel defense mechanism to dynamically adjust the norm clipping threshold of local updates. Moreover, we provide the convergence analysis of our defense scheme. By evaluating it on four non-IID public datasets, we observe that our defense scheme effectively can resist distributed backdoor attacks and ensure the global model’s convergence. Noticeably, our scheme reduces the attack success rates by 84.23% on average compared with existing defense schemes.

Many people are becoming more reliant on internet social media sites like Facebook. Users can utilize these networks to reveal articles to them and engage with your peers. Several of the data transmitted from these connections is intended to be confidential. However, utilizing publicly available data and learning algorithms, it is feasible to forecast concealed informative data. The proposed research work investigates the different ways to initiate deduction attempts on freely released photo sharing data in order to envisage concealed informative data. Next, this research study offers three distinct sanitization procedures that could be used in a range of scenarios. Moreover, the effectualness of all these strategies and endeavor to utilize collective teaching and research to reveal important bits of the data set are analyzed. It shows how, by using the sanitization methods presented here, a user may lower the accuracy by including both global and interpersonal categorization techniques.

The Covid-19 Pandemic has caused huge losses worldwide and is still affecting people all around the world. Even after rigorous, incessant and dedicated efforts from people all around the world, it keeps mutating and spreading at an alarming rate. In times such as these, it is extremely important to take proper precautionary measures to stay safe and help to contain the spread of the virus. In this paper, we propose an innovative design of one such commonly used public disinfection method, an Automatic Walkthrough Sanitization Tunnel. It is a walkthrough sanitization tunnel which uses sensors to detect the target and automatically disinfects it followed by irradiation using UV-C rays for extra protection. There is a proposition to add an IoT based Temperature sensor and data relay module used to detect the temperature of any person entering the tunnel and in case of any anomaly, contact nearby covid wards to facilitate rapid treatment.

Among many application domains of machine learning in real-world settings, cyber security can benefit from more automated techniques to combat sophisticated adversaries. Modern network intrusion detection systems leverage machine learning models on network logs to proactively detect cyber attacks. However, the risk of adversarial attacks against machine learning used in these cyber settings is not fully explored. In this paper, we investigate poisoning attacks at training time against machine learning models in constrained cyber environments such as network intrusion detection; we also explore mitigations of such attacks based on training data sanitization. We consider the setting of poisoning availability attacks, in which an attacker can insert a set of poisoned samples at training time with the goal of degrading the accuracy of the deployed model. We design a white-box, realizable poisoning attack that reduced the original model accuracy from 95% to less than 50 % by generating mislabeled samples in close vicinity of a selected subset of training points. We also propose a novel Nested Training method as a defense against these attacks. Our defense includes a diversified ensemble of classifiers, each trained on a different subset of the training set. We use the disagreement of the classifiers' predictions as a data sanitization method, and show that an ensemble of 10 SVM classifiers is resilient to a large fraction of poisoning samples, up to 30% of the training data.

Strings are used to model genomic, natural language, and web activity data, and are thus often shared broadly. However, string data sharing has raised privacy concerns stemming from the fact that knowledge of length-k substrings of a string and their frequencies (multiplicities) may be sufficient to uniquely reconstruct the string; and from that the inference of such substrings may leak confidential information. We thus introduce the problem of protecting length-k substrings of a single string S by applying Differential Privacy (DP) while maximizing data utility for frequency-based mining tasks. Our theoretical and empirical evidence suggests that classic DP mechanisms are not suitable to address the problem. In response, we employ the order-k de Bruijn graph G of S and propose a sampling-based mechanism for enforcing DP on G. We consider the task of enforcing DP on G using our mechanism while preserving the normalized edge multiplicities in G. We define an optimization problem on integer edge weights that is central to this task and develop an algorithm based on dynamic programming to solve it exactly. We also consider two variants of this problem with real edge weights. By relaxing the constraint of integer edge weights, we are able to develop linear-time exact algorithms for these variants, which we use as stepping stones towards effective heuristics. An extensive experimental evaluation using real-world large-scale strings (in the order of billions of letters) shows that our heuristics are efficient and produce near-optimal solutions which preserve data utility for frequency-based mining tasks.

With the rapid growth of data sharing through social media networks, determining relevant data items concerning a particular subject becomes paramount. We address the issue of establishing which images represent an event of interest through a semi-supervised learning technique. The method learns consistent and shared features related to an event (from a small set of examples) to propagate them to an unlabeled set. We investigate the behavior of five image feature representations considering low- and high-level features and their combinations. We evaluate the effectiveness of the feature embedding approach on five collected datasets from real-world events.

Thousands of people have lost their life by COVID-19 infection. Authorities have seen the calamities caused by the corona virus in China. So, when the trace of virus was found in India, the only possible way to stop the spread of the virus was to go into lockdown. In a country like India where a major part of the population depends on the daily wages, being in lockdown started affecting their life. People where tend to go out for getting the food items and other essentials, and this caused the spread of virus. Many were infected and many lost their life by this. Due to the pandemic, the whole world was affected and many people working in foreign countries lost their jobs as well. These people who came back to India caused further spread of the virus. The main reason for the spread is lack of hygiene and a proper system to monitor the symptoms. Even though our country was in lockdown for almost 6 months the number of COVID cases doesn't get diminished. It is not practical to extend the lockdown any further, and people have decided to live with the virus. But it is essential to take the necessary precautions while interacting with the society. Automated system for checking that all the COVID protocols are followed and early symptom identification before entering to a place are essential to stop the spread of the infection. This research work proposes a smart door system, which evaluates the COVID-19 risk factors and collects the data of person before entering into any place, thereby ensuring that non-infected people are only entering to the place and thus the spread of virus can be avoided.

The recent technological advances and changes in the daily human activities increased the production and sharing of data. In the ecosystem of interconnected systems, data can be circulated among systems for various reasons. This could lead to exchange of private or sensitive information between entities. Data Sanitisation involves processes and practices that remove sensitive and private information from documents before sharing them with entities that should not have access to this information. This paper presents the design and development of a data sanitisation and redaction solution for a Cyber Threat Intelligence sharing platform. The Data Sanitisation and Redaction Plugin has been designed with the purpose of operating as a plugin for the ECHO Project’s Early Warning System platform and enhancing its operative capabilities during information sharing. This plugin aims to provide automated security and privacy-based controls to the concept of CTI sharing over a ticketing system. The plugin has been successfully tested and the results are presented in this paper.

Nowadays, peoples are very concerned about their data privacy. Hence, all the current security methods should be improved to stay relevant in this fast-growing technology world. Visual Cryptography (VC) is a cryptographic technique that using the image processing method. The implementation of VC can be varying and flexible to be applied to the system that requires an extra security precaution as it is one of the effective solutions in securing the data exchange between two or more parties. The main purpose of the development of V-CRYPT System is to improve the current VC technique and make it more complex in the encryption and decryption process. V-CRYPT system will let the user enter the key, then select the image that they want to encrypt, and the system will split the image into four shares: share0, share1, share2, share3. Each pixel of the image will be splatted into a smaller block of subpixels in each of the four shares and encrypted as two subpixels in each of the shares. The decryption will work only when the user selects all the shares, and the correct text key is entered. The system will superimpose all the shares and producing one perfect image. If the incorrect key is entered, the resulted image will be unidentified. The results show that V- CRYPT is a valuable alternative to existing methods where its security level is higher in terms of adding a secure key and complexity.

With the advancement of network technology, users can now easily gain access to and benefit from networks. However, the number of network violations is increasing. The main issue with this violation is that irresponsible individuals are infiltrating the network. Network intrusion can be interpreted in a variety of ways, including cyber criminals forcibly attempting to disrupt network connections, gaining unauthorized access to valuable data, and then stealing, corrupting, or destroying the data. There are already numerous systems in place to detect network intrusion. However, the systems continue to fall short in detecting and counter-attacking network intrusion attacks. This research aims to enhance the detection of Denial of service (DoS) by identifying significant features and identifying abnormal network activities more accurately. To accomplish this goal, the study proposes an Intrusion Analysis System for detecting Denial of service (DoS) network attacks using machine learning. The accuracy rate of the proposed method using random forest was demonstrated in our experimental results. It was discovered that the accuracy rate with each dataset is greater than 98.8 percent when compared to traditional approaches. Furthermore, when features are selected, the detection time is significantly reduced.

Scientific applications built on wide-area distributed systems such as emerging cloud based architectures and the legacy grid computing infrastructure often struggle with user adoption even though they succeed from a systems research perspective. This paper examines the coupling of user-centered design processes with modern distributed systems. Further in this paper, we describe approaches for conceptualizing a product that solves a recognized need: to develop a data gateway to serve the data management and research needs of experimentalists of electron microscopes and similar shared scientific instruments in the context of a research service laboratory. The purpose of the data gateway is to provide secure, controlled access to data generated from a wide range of scientific instruments. From the functional perspective, we focus on the basic processing of raw data that underlies the lab's "business" processes, the movement of data from the laboratory to central access and archival storage points, and the distribution of data to respective authorized users. Through the gateway interface, users will be able to share the instrument data with collaborators or copy it to remote storage servers. Basic pipelines for extracting additional metadata (through a pluggable parser framework) will be enabled. The core contribution described in this paper, building on the aforementioned distributed data management capabilities, is the adoption of user-centered design processes for developing the scientific user interface. We describe the user-centered design methodology for exploring user needs, iteratively testing the design, learning from user experiences, and adapting what we learn to improve design and capabilities. We further conclude that user-centered design is, in turn, best enabled by an adaptable distributed systems framework. A key challenge to implementing a user-centered design is to have design tools closely linked with a software system architecture that can evolve over time while providing a highly available data gateway. A key contribution of this paper is to share the insights from crafting such an evolvable design-build-evaluate-deploy architecture and plans for iterative development and deployment.

The HPC application community has proposed many new application communication structures, middleware interfaces, and communication models to improve HPC application performance. Modifying proxy applications is the standard practice for the evaluation of these novel methodologies. Currently, this requires the creation of a new version of the proxy application for each combination of the approach being tested. In this article, we present a modular proxy-application framework, MiniMod, that enables evaluation of a combination of independently written computation kernels, data transfer logic, communication access, and threading libraries. MiniMod is designed to allow rapid development of individual modules which can be combined at runtime. Through MiniMod, developers only need a single implementation to evaluate application impact under a variety of scenarios.We demonstrate the flexibility of MiniMod’s design by using it to implement versions of a heat diffusion kernel and the miniFE finite element proxy application, along with a variety of communication, granularity, and threading modules. We examine how changing communication libraries, communication granularities, and threading approaches impact these applications on an HPC system. These experiments demonstrate that MiniMod can rapidly improve the ability to assess new middleware techniques for scientific computing applications and next-generation hardware platforms.

This paper proposes an artificial immune information security protection technology architecture for embedded system of Electric power equipment. By simulating the three functions of human immunity, namely "immune homeostasis", "immune surveillance" and "immune defense", the power equipment is endowed with the ability of human like active immune security protection. Among them, "immune homeostasis" is constructed by trusted computing technology components to establish a trusted embedded system running environment. Through fault-tolerant component construction, "immune surveillance" and "immune defense" realize illegal data defense, business logic legitimacy check and equipment status evaluation, realize real-time perception and evaluation of power equipment's own security status, as well as fault emergency handling and event backtracking record, so that power equipment can realize self recovery from abnormal status. The proposed technology architecture is systematic, scientific and rich in scalability, which can significantly improve the information security protection ability of electric power equipment.

Internet of Things (IoT) wireless devices has the capability to interconnect small footprint devices and its key purpose is to have seamless connection without operational barriers. It is built upon a three-layer (Perception, Transportation and Application) protocol stack architecture. A multitude of security principles must be imposed at each layer for the proper and efficient working of various IoT applications. In the forthcoming years, it is anticipated that IoT devices will be omnipresent, bringing several benefits. The intrinsic security issues in conjunction with the resource constraints in IoT devices enables the proliferation of security vulnerabilities. The absence of specifically designed IoT frameworks, specifications, and interoperability issues further exacerbate the challenges in the IoT arena. This paper conducts an investigation in IoT wireless security with a focus on the major security challenges and considerations from an IoT protocol stack perspective. The vulnerabilities in the IoT protocol stack are laid out along with a gap analysis, evaluation, and the discussion on countermeasures. At the end of this work, critical issues are highlighted with the aim of pointing towards future research directions and drawing conclusions out of it.

Quantum computers have the potential to outshine classical alternatives in solving specific problems, under the assumption of mature enough hardware. A specific subset of these problems relate to military applications. In this paper we consider the state-of-the-art of quantum technologies and different applications of this technology. Additionally, four use-cases of quantum computing specific for military applications are presented. These use-cases are directly in line with the 2021 AI strategic agenda of the Netherlands Ministry of Defense.

A door enables you to enter a room without breaking through a wall. Also, a door enables you for privacy, environmental or security reasons. The problem statement which is the biometric system sometimes is sensitive and will not be able to sense the biological pattern of the employer’s fingerprint due to sweat and other factors. Next, people tend to misplace their key or RFID card. Apart from that, people tend to forget their pin number for a door lock. The objective of this paper is to present a secret knock intensity for door lock security system using Arduino and mobile. This project works by using a knock intensity and send the information to mobile application via wireless network to unlock or lock the door.

Scientific computing sometimes involves computation on sensitive data. Depending on the data and the execution environment, the HPC (high-performance computing) user or data provider may require confidentiality and/or integrity guarantees. To study the applicability of hardware-based trusted execution environments (TEEs) to enable secure scientific computing, we deeply analyze the performance impact of general purpose TEEs, AMD SEV, and Intel SGX, for diverse HPC benchmarks including traditional scientific computing, machine learning, graph analytics, and emerging scientific computing workloads. We observe three main findings: 1) SEV requires careful memory placement on large scale NUMA machines (1×-3.4× slowdown without and 1×-1.15× slowdown with NUMA aware placement), 2) virtualization-a prerequisite for SEV- results in performance degradation for workloads with irregular memory accesses and large working sets (1×-4× slowdown compared to native execution for graph applications) and 3) SGX is inappropriate for HPC given its limited secure memory size and inflexible programming model (1.2×-126× slowdown over unsecure execution). Finally, we discuss forthcoming new TEE designs and their potential impact on scientific computing.