Biblio

Nowadays, Internet Of Everything (IOE) has demanded for a wide range of applications areas. IOE is started to replaces an Internet Of things (IOT). IOE is a combination of massive number of computing elements and sensors, people, processes and data through the Internet infrastructure. Device to Device communication and interfacing of Wireless Sensor network with IOE can makes any system as a Smart System. With the increased the use of Internet and Internet connected devices has opportunities for hackers to launch attacks on unprecedented scale and impact. The IOE can serve the varied security in the various sectors like manufacturing, agriculture, smart grid, payments, IoT gateways, healthcare and industrial ecosystems. To secure connections among people, process, data, and things, is a major challenge in Internet of Everything.. This paper focuses on various security Issues and Authentication Schemes in the IOE systems.

Intelligenta transportation is an important part of urban development. The core of realizing intelligent transportation is to master the urban road condition. This system processes the video of dashcam based on the Panoptic Segmentation network and adds a tracking module based on the comparison of front and rear frames and KM algorithm. The system mainly includes the following parts: embedded device, Panoptic Feature Pyramid Network, cloud server and Web site.

Modern verifiers for cryptographic protocols can analyze sophisticated designs automatically, but require the entire code of the protocol to operate. Compositional techniques, by contrast, allow us to verify each system component separately, against its own guarantees and assumptions about other components and the environment. Compositionality helps protocol design because it explains how the design can evolve and when it can run safely along other protocols and programs. For example, it might say that it is safe to add some functionality to a server without having to patch the client. Unfortunately, while compositional frameworks for protocol verification do exist, they require non-trivial human effort to identify specifications for the components of the system, thus hindering their adoption. To address these shortcomings, we investigate techniques for automated, compositional analysis of authentication protocols, using automata-learning techniques to synthesize assumptions for protocol components. We report preliminary results on the Needham-Schroeder-Lowe protocol, where our synthesized assumption was capable of lowering verification time while also allowing us to verify protocol variants compositionally.

Since a lot of information is outsourcing into cloud servers, data confidentiality becomes a higher risk to service providers. To assure data security, Ciphertext Policy Attributes-Based Encryption (CP-ABE) is observed for the cloud environment. Because ciphertexts and secret keys are relying on attributes, the revocation issue becomes a challenge for CP-ABE. This paper proposes an encryption access control (EAC) scheme to fulfill policy revocation which covers both attribute and user revocation. When one of the attributes in an access policy is changed by the data owner, the authorized users should be updated immediately because the revoked users who have gained previous access policy can observe the ciphertext. Especially for data owners, four types of updating policy levels are predefined. By classifying those levels, each secret token key is distinctly generated for each level. Consequently, a new secret key is produced by hashing the secret token key. This paper analyzes the execution times of key generation, encryption, and decryption times between non-revocation and policy revocation cases. Performance analysis for policy revocation is also presented in this paper.

Information visualization applications have become ubiquitous, in no small part thanks to the ease of wide distribution and deployment to users enabled by the web browser. Scientific visualization applications, relying on native code libraries and parallel processing, have been less suited to such widespread distribution, as browsers do not provide the required libraries or compute capabilities. In this paper, we revisit this gap in visualization technologies and explore how new web technologies, WebAssembly and WebGPU, can be used to deploy powerful visualization solutions for large-scale scientific data in the browser. In particular, we evaluate the programming effort required to bring scientific visualization applications to the browser through these technologies and assess their competitiveness against classic native solutions. As a main example, we present a new GPU-driven isosurface extraction method for block-compressed data sets, that is suitable for interactive isosurface computation on large volumes in resource-constrained environments, such as the browser. We conclude that web browsers are on the verge of becoming a competitive platform for even the most demanding scientific visualization tasks, such as interactive visualization of isosurfaces from a 1TB DNS simulation. We call on researchers and developers to consider investing in a community software stack to ease use of these upcoming browser features to bring accessible scientific visualization to the browser.

In today's world privacy is paramount in everyone's life. Alongside the growth of IoT (Internet of things), wearable devices are becoming widely popular for real-time user monitoring and wise service support. However, in contrast with the traditional short-range communications, these resource-scanty devices face various vulnerabilities and security threats during the course of interactions. Hence, designing a security solution for these devices while dealing with the limited communication and computation capabilities is a challenging task. In this work, PUF (Physical Unclonable Function) and lightweight cryptographic parameters are used together for performing two-way authentication between wearable devices and smartphone, while the simultaneous verification is performed by providing yoking-proofs to the Cloud Server. At the end, it is shown that the proposed scheme satisfies many security aspects and is flexible as well as lightweight.

The developments made in IoT applications have made wearable devices a popular choice for collecting user data to monitor this information and provide intelligent service support. Since wearable devices are continuously collecting and transporting a user's sensitive data over the network, there exist increased security challenges. Moreover, wearable devices lack the computation capabilities in comparison to traditional short-range communication devices. In this paper, authors propounded a Yoking Proof based remote Authentication scheme for Cloud-aided Wearable devices (YPACW) which takes PUF and cryptographic functions and joins them to achieve mutual authentication between the wearable devices and smartphone via a cloud server, by performing the simultaneous verification of these devices, using the established yoking-proofs. Relative to Liu et al.'s scheme, YPACW provides better results with the reduction of communication and processing cost significantly.

Regardless of the setting, edge computing has drawn much attention from both the academic and industrial communities. For edge computing, content delivery networks are both a concrete and production deployable use case. While viable at the WAN or telco edge scale, it is unclear if this extends to others, such as in home WiFi routers, as has been assumed by some. In this work-in-progress, we present an initial study on the viability of using smart edge WiFi routers as a caching location. We describe the simulator we created to test this, as well as the analysis of the results obtained. We use 1 day of e-commerce web log traffic from a public data set, as well as a sampled subset of our own site - part of an ecosystem of over 111 million users. We show that in the best case scenario, smart edge routers are inappropriate for e-commerce web caching.

Users leave when page loads take too long. This simple fact has complex implications for virtually all modern businesses, because accelerating content delivery through caching is not as simple as it used to be. As a fundamental technical challenge, the high degree of personalization in today's Web has seemingly outgrown the capabilities of traditional content delivery networks (CDNs) which have been designed for distributing static assets under fixed caching times. As an additional legal challenge for services with personalized content, an increasing number of regional data protection laws constrain the ways in which CDNs can be used in the first place. In this paper, we present Speed Kit as a radically different approach for content distribution that combines (1) a polyglot architecture for efficiently caching personalized content with (2) a natively GDPR-compliant client proxy that handles all sensitive information within the user device. We describe the system design and implementation, explain the custom cache coherence protocol to avoid data staleness and achieve Δ-atomicity, and we share field experiences from over a year of productive use in the e-commerce industry.

The traditional reactive web caching system is getting less popular day by day due to its inefficiency in handling the overwhelming requests for multimedia content. An intelligent web caching system intends to take optimal cache decisions by predicting future popular contents (FPC) proactively. In recent years, a few approaches have proposed some intelligent caching system where they were concerned about proactive caching. Those works intensified the importance of FPC prediction using the prediction models. However, only FPC prediction may not help to get the optimal solution in every scenario. In this paper, a technique named IntellCache has been proposed that increases the caching efficiency by taking a cache decision i.e. content storing decision before storing the predicted FPC. Different deep learning models such as- multilayer perceptron (MLP), Long short-term memory (LSTM) of Recurrent Neural Network (RNN) and ConvLSTM a combination of LSTM and Convolutional Neural Network (CNN) are compared to identify the most efficient model for FPC. The information on the contents of 18 years from the MovieLens data repository has been mined to evaluate the proposed approach. Results show that this proposed scheme outperforms previous solutions by achieving a higher cache hit ratio and lower average delay and thus, ensures users' satisfaction.

Machine-to-Machine (M2M) communication is a essential subset of the Internet of Things (IoT). Secure access to communication network systems by M2M devices requires the support of a secure and efficient anonymous authentication protocol. The Direct Anonymous Attestation (DAA) scheme in Trustworthy Computing is a verified security protocol. However, the existing defense system uses a static architecture. The “mimic defense” strategy is characterized by active defense, which is not effective against continuous detection and attack by the attacker. Therefore, in this paper, we propose a Mimic-DAA scheme that incorporates mimic defense to establish an active defense scheme. Multiple heterogeneous and redundant actuators are used to form a DAA verifier and optimization is scheduled so that the behavior of the DAA verifier unpredictable by analysis. The Mimic-DAA proposed in this paper is capable of forming a security mechanism for active defense. The Mimic-DAA scheme effectively safeguard the unpredictability, anonymity, security and system-wide security of M2M communication networks. In comparison with existing DAA schemes, the scheme proposed in this paper improves the safety while maintaining the computational complexity.

In recent times cloud services are used widely and due to which there are so many attacks on the cloud devices. One of the major attacks is DDos (distributed denial-of-service) -attack which mainly targeted the Memcached which is a caching system developed for speeding the websites and the networks through Memcached's database. The DDoS attack tries to destroy the database by creating a flood of internet traffic at the targeted server end. Attackers send the spoofing applications to the vulnerable UDP Memcached server which even manipulate the legitimate identity of the sender. In this work, we have proposed a vector quantization approach based on a supervised deep learning approach to detect the Memcached attack performed by the use of malicious firmware on different types of Cloud attached devices. This vector quantization approach detects the DDoas attack performed by malicious firmware on the different types of cloud devices and this also classifies the applications which are vulnerable to attack based on cloud-The Hackbeased services. The result computed during the testing shows the 98.2 % as legally positive and 0.034% as falsely negative.

In recent years, cross-domain roaming through Wi-Fi is ubiquitous, and the number of roaming users has increased dramatically. It is essential to authenticate users belonging to different institutes to ensure network privacy and security. Existing systems, such as eduroam, have centralized and hierarchical structure on indorse accounts that create privacy and security issues. We have proposed UniRoam, a blockchain-based cross-domain authentication scheme that provides accountability and anonymity without any trusted authority. Unlike traditional centralized approaches, UniRoam provides access authentication for its servers and users to provide anonymity and accountability without any privacy leakage issues efficiently. By using the sovrin identifier as an anonymous identity, we integrate our system with Hyperledger and Intel SGX to authenticate users that preserves both anonymity and trust when the user connects to the network. Therefore, UniRoam is highly “faulted-tolerant” to deal with different attacks and provides an effective solution that can be deployed easily in different environments.

Authentication is a challenging and emerging issue for Fog-IoT security paradigms. The fog nodes toward large-scale end-users offer various interacted IoT services. The authentication process usually involves expressing users' personal information such as username, email, and password to the Authentication Server (AS). However, users are not intended to express their identities or information over the fog or cloud servers. Hence, we have proposed an Anonymous User Authentication Scheme for Fog-IoT (AUASF) to keep the anonymity existence of the IoT users and detect the intruders. To provide anonymity, the user can send encrypted credentials such as username, email, and mobile number through the Cloud Service Provider (CSP) for registration. IoT user receives the response with a default password and a secret Id from the CSP. After that, the IoT user submits the default password for first-time access to Fog Service Provider (FSP). The FSP assigns a One Time Password (OTP) to each user for further access. The developed scheme is equipped with hash functions, symmetric encryptions, and decryptions for security perceptions across fog that serves better than the existing anonymity schemes.

The Open Data Cube (ODC) initiative, with support from the Committee on Earth Observation Satellites (CEOS) System Engineering Office (SEO) has developed a state-of-the-art suite of software tools and products to facilitate the analysis of Earth Observation data. This paper presents a short summary of our novel architecture approach in a project related to the Open Data Cube (ODC) community that provides users with their own ODC sandbox environment. Users can have a sandbox environment all to themselves for the purpose of running Jupyter notebooks that leverage the ODC. This novel architecture layout will remove the necessity of hosting multiple users on a single Jupyter notebook server and provides better management tooling for handling resource usage. In this new layout each user will have their own credentials which will give them access to a personal Jupyter notebook server with access to a fully deployed ODC environment enabling exploration of solutions to problems that can be supported by Earth observation data.

Shared register emulations on top of message-passing systems provide an illusion of a simpler shared memory system which can make the task of a system designer easier. Numerous shared register applications have a considerably high read-to-write ratio. Thus, having algorithms that make reads more efficient than writes is a fair trade-off.Typically, such algorithms for reads and writes are asymmetric and sacrifice the stringent consistency condition atomicity, as it is impossible to have fast reads for multi-writer atomicity. Safety is a consistency condition that has has gathered interest from both the systems and theory community as it is weaker than atomicity yet provides strong enough guarantees like "strong consistency" or read-my-write consistency. One requirement that is assumed by many researchers is that of the reliable broadcast (RB) primitive, which ensures the "all or none" property during a broadcast. One drawback is that such a primitive takes 1.5 rounds to complete and requires server-to-server communication.This paper implements an efficient multi-writer multi-reader safe register without using a reliable broadcast primitive. Moreover, we provide fast reads or one-shot reads – our read operations can be completed in one round of client-to-server communication. Of course, this comes with the price of requiring more servers when compared to prior solutions assuming reliable broadcast. However, we show that this increased number of servers is indeed necessary as we prove a tight bound on the number of servers required to implement Byzantine-fault tolerant safe registers in a system without reliable broadcast.We extend our results to data stored using erasure coding as well. We present an emulation of single-writer multi-reader safe register based on MDS codes. The usage of MDS codes reduces storage and communication costs. On the negative side, we also show that to use MDS codes and at the same time achieve one-shot reads, we need even more servers.

An open source and low-cost Supervisory Control and Data Acquisition System based on Node-RED and Arduino microcontrollers is presented in this paper. The system is designed for monitoring, supervision, and remotely controlling motors and sensors deployed for oil and gas facilities. The Internet of Things (IoT) based SCADA system consists of a host computer on which a server is deployed using the Node-RED programming tool and two terminal units connected to it: Arduino Uno and Arduino Mega. The Arduino Uno collects and communicates the data acquired from the temperature, flowrate, and water level sensors to the Node-Red on the computer through the serial port. It also uses a local liquid crystal display (LCD) to display the temperature. Node-RED on the computer retrieves the data from the voltage, current, rotary, accelerometer, and distance sensors through the Arduino Mega. Also, a web-based graphical user interface (GUI) is created using Node-RED and hosted on the local server for parsing the collected data. Finally, an HTTP basic access authentication is implemented using Nginx to control the clients' access from the Internet to the local server and to enhance its security and reliability.

A Supervisory Control and Data Acquisition (SCADA) system used in controlling or monitoring purpose in industrial process automation system is the process of collecting data from instruments and sensors located at remote sites and transmitting data at a central site. Most of the existing works on SCADA system focused on simulation-based study which cannot always mimic the real world situations. We propose a novel methodology that analyzes SCADA logs on offline basis and helps to detect process-related threats. This threat takes place when an attacker performs malicious actions after gaining user access. We conduct our experiments on a real-life SCADA system of a Power transmission utility. Our proposed methodology will automate the analysis of SCADA logs and systemically identify undesired events. Moreover, it will help to analyse process-related threats caused by user activity. Several test study suggest that our approach is powerful in detecting undesired events that might caused by possible malicious occurrence.

With its huge real-world demands, large-scale confidential computing still cannot be supported by today's Trusted Execution Environment (TEE), due to the lack of scalable and effective protection of high-throughput accelerators like GPUs, FPGAs, and TPUs etc. Although attempts have been made recently to extend the CPU-like enclave to GPUs, these solutions require change to the CPU or GPU chips, may introduce new security risks due to the side-channel leaks in CPU-GPU communication and are still under the resource constraint of today's CPU TEE.To address these problems, we present the first Heterogeneous TEE design that can truly support large-scale compute or data intensive (CDI) computing, without any chip-level change. Our approach, called HETEE, is a device for centralized management of all computing units (e.g., GPUs and other accelerators) of a server rack. It is uniquely designed to work with today's data centres and clouds, leveraging modern resource pooling technologies to dynamically compartmentalize computing tasks, and enforce strong isolation and reduce TCB through hardware support. More specifically, HETEE utilizes the PCIe ExpressFabric to allocate its accelerators to the server node on the same rack for a non-sensitive CDI task, and move them back into a secure enclave in response to the demand for confidential computing. Our design runs a thin TCB stack for security management on a security controller (SC), while leaving a large set of software (e.g., AI runtime, GPU driver, etc.) to the integrated microservers that operate enclaves. An enclaves is physically isolated from others through hardware and verified by the SC at its inception. Its microserver and computing units are restored to a secure state upon termination.We implemented HETEE on a real hardware system, and evaluated it with popular neural network inference and training tasks. Our evaluations show that HETEE can easily support the CDI tasks on the real-world scale and incurred a maximal throughput overhead of 2.17% for inference and 0.95% for training on ResNet152.

Technological progress in cloud networking, 5G networks, and the IoT (Internet of Things) are remarkable. In addition, demands for flexible construction of SoEs (Systems on Engagement) for various type of businesses are increasing. In such environments, dynamic changes of network rules, such as access control (AC) or packet forwarding, are required to ensure function and security in networks. On the other hand, it is becoming increasingly difficult to grasp the exact situation in such networks by utilizing current well-known network verification technologies since a huge number of network rules are complexly intertwined. To mitigate these issues, we have proposed a scalable network verification approach utilizing the concept of "Packet Equivalence Class (PEC)," which enable precise network function verification by strictly recognizing the impact range of each network rule. However, this approach is still not scalable for very large-scale networks which consist of tens of thousands of routers. In this paper, we enhanced our impact range detection algorithm for practical large-scale networks. Through evaluation in the network with more than 80,000 AC rules, we confirmed that our enhanced algorithm can achieve precise impact range detection in under 600 seconds.

The usage of wireless devices is increased from last decade due to its reliable, fast and easy transfer of data. Ensuring the security to these networks is a crucial thing. There are several types of network attacks, in this paper, DDoS attacks on networks and techniques, consequences, effects and prevention methods are focused on. The DDoS attack is carried out by multiple attackers on a system which floods the system with a greater number of incoming requests to the system. The destination system cannot immediately respond to the huge requests, due to this server crashes or halts. To detect, or to avoid such scenarios Intrusion prevention system is designed. The IPS block the network attacker at its first hop and thus reduce the malicious traffic near its source. Intrusion detection system prevents the attack without the prior knowledge of the attacker. The attack is detected at the router side and path is changed to transfer the files. The proposed model is designed to obtain the dynamic path for efficient transmission in wireless neworks.

In today's era, the probability of the wireless devices getting hacked has grown extensively. Due to the various WLAN vulnerabilities, hackers can break into the system. There is a lack of awareness among the people about security mechanisms. From the past experiences, the study reveals that router security encrypted protocol is often cracked using several ways like dictionary attack and brute force attack. The identified methods are costly, require extensive hardware, are not reliable and do not detect all the vulnerabilities of the system. This system aims to test all router protocols which are WEP, WPA, WPA2, WPS and detect the vulnerabilities of the system. Kali Linux version number 2.0 is being used over here and therefore the tools like airodump-ng, aircrack-ng are used to acquire access point pin which gives prevention methods for detected credulity and aims in testing various security protocols to make sure that there's no flaw which will be exploited.

Lately mining of information from online life is pulling in more consideration because of the blast in the development of Big Data. In security, Big Data manages an assortment of immense advanced data for investigating, envisioning and to draw the bits of knowledge for the expectation and anticipation of digital assaults. Big Data Analytics (BDA) is the term composed by experts to portray the art of dealing with, taking care of and gathering a great deal of data for future evaluation. Data is being made at an upsetting rate. The quick improvement of the Internet, Internet of Things (IoT) and other creative advances are the rule liable gatherings behind this proceeded with advancement. The data made is an impression of the earth, it is conveyed out of, along these lines can use the data got away from structures to understand the internal exercises of that system. This has become a significant element in cyber security where the objective is to secure resources. Moreover, the developing estimation of information has made large information a high worth objective. Right now, investigate ongoing exploration works in cyber security comparable to huge information and feature how Big information is secured and how huge information can likewise be utilized as a device for cyber security. Simultaneously, a Big Data based concentrated log investigation framework is actualized to distinguish the system traffic happened with assailants through DDOS, SQL Injection and Bruce Force assault. The log record is naturally transmitted to the brought together cloud server and big information is started in the investigation process.

Traditional security solutions that rely on public key infrastructure present scalability and transparency challenges when deployed in Internet of Things (IoT). In this paper, we develop a blockchain based authentication mechanism for IoT that can be integrated into the traditional transport layer security protocols such as Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). Our proposed mechanism is an alternative to the traditional Certificate Authority (CA)-based Public Key Infrastructure (PKI) that relies on x.509 certificates. Specifically, the proposed solution enables the modified TLS/DTLS a viable option for resource constrained IoT devices where minimizing memory utilization is critical. Experiments show that blockchain based authentication can reduce dynamic memory usage by up to 20%, while only minimally increasing application image size and time of execution of the TLS/DTLS handshake.

Session management is a fundamental component of web applications: despite the apparent simplicity, correctly implementing web sessions is extremely tricky, as witnessed by the large number of existing attacks. This motivated the design of formal methods to rigorously reason about web session security which, however, are not supported at present by suitable automated verification techniques. In this paper we introduce the first security type system that enforces session security on a core model of web applications, focusing in particular on server-side code. We showcase the expressiveness of our type system by analyzing the session management logic of HotCRP, Moodle, and phpMyAdmin, unveiling novel security flaws that have been acknowledged by software developers.