Visible to the public Biblio

Filters: Keyword is Time Frequency Analysis  [Clear All Filters]
2019-03-15
Zhang, Sheng, Tang, Adrian, Jiang, Zhewei, Sethumadhavan, Simha, Seok, Mingoo.  2018.  Blacklist Core: Machine-Learning Based Dynamic Operating-Performance-Point Blacklisting for Mitigating Power-Management Security Attacks. Proceedings of the International Symposium on Low Power Electronics and Design. :5:1-5:6.
Most modern computing devices make available fine-grained control of operating frequency and voltage for power management. These interfaces, as demonstrated by recent attacks, open up a new class of software fault injection attacks that compromise security on commodity devices. CLKSCREW, a recently-published attack that stretches the frequency of devices beyond their operational limits to induce faults, is one such attack. Statically and permanently limiting frequency and voltage modulation space, i.e., guard-banding, could mitigate such attacks but it incurs large performance degradation and long testing time. Instead, in this paper, we propose a run-time technique which dynamically blacklists unsafe operating performance points using a neural-net model. The model is first trained offline in the design time and then subsequently adjusted at run-time by inspecting a selected set of features such as power management control registers, timing-error signals, and core temperature. We designed the algorithm and hardware, titled a BlackList (BL) core, which is capable of detecting and mitigating such power management-based security attack at high accuracy. The BL core incurs a reasonably small amount of overhead in power, delay, and area.
Lakshminarayana, Subhash, Karachiwala, Jabir Shabbir, Chang, Sang-Yoon, Revadigar, Girish, Kumar, Sristi Lakshmi Sravana, Yau, David K.Y., Hu, Yih-Chun.  2018.  Signal Jamming Attacks Against Communication-Based Train Control: Attack Impact and Countermeasure. Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. :160-171.
We study the impact of signal jamming attacks against the communication based train control (CBTC) systems and develop the countermeasures to limit the attacks' impact. CBTC supports the train operation automation and moving-block signaling, which improves the transport efficiency. We consider an attacker jamming the wireless communication between the trains or the train to wayside access point, which can disable CBTC and the corresponding benefits. In contrast to prior work studying jamming only at the physical or link layer, we study the real impact of such attacks on end users, namely train journey time and passenger congestion. Our analysis employs a detailed model of leaky medium-based communication system (leaky waveguide or leaky feeder/coaxial cable) popularly used in CBTC systems. To counteract the jamming attacks, we develop a mitigation approach based on frequency hopping spread spectrum taking into account domain-specific structure of the leaky-medium CBTC systems. Specifically, compared with existing implementations of FHSS, we apply FHSS not only between the transmitter-receiver pair but also at the track-side repeaters. To demonstrate the feasibility of implementing this technology in CBTC systems, we develop a FHSS repeater prototype using software-defined radios on both leaky-medium and open-air (free-wave) channels. We perform extensive simulations driven by realistic running profiles of trains and real-world passenger data to provide insights into the jamming attack's impact and the effectiveness of the proposed countermeasure.
Queiroz, Diego V., Gomes, Ruan D., Benavente-Peces, Cesar, Fonseca, Iguatemi E., Alencar, Marcelo S..  2018.  Evaluation of Channels Blacklists in TSCH Networks with Star and Tree Topologies. Proceedings of the 14th ACM International Symposium on QoS and Security for Wireless and Mobile Networks. :116-123.
The Time-Slotted Channel Hopping (TSCH) mode, defined by the IEEE 802.15.4e protocol, aims to reduce the effects of narrowband interference and multipath fading on some channels through the frequency hopping method. To work satisfactorily, this method must be based on the evaluation of the channel quality through which the packets will be transmitted to avoid packet losses. In addition to the estimation, it is necessary to manage channel blacklists, which prevents the sensors from hopping to bad quality channels. The blacklists can be applied locally or globally, and this paper evaluates the use of a local blacklist through simulation of a TSCH network in a simulated harsh industrial environment. This work evaluates two approaches, and both use a developed protocol based on TSCH, called Adaptive Blacklist TSCH (AB-TSCH), that considers beacon packets and includes a link quality estimation with blacklists. The first approach uses the protocol to compare a simple version of TSCH to configurations with different sizes of blacklists in star topology. In this approach, it is possible to analyze the channel adaption method that occurs when the blacklist has 15 channels. The second approach uses the protocol to evaluate blacklists in tree topology, and discusses the inherent problems of this topology. The results show that, when the estimation is performed continuously, a larger blacklist leads to an increase of performance in star topology. In tree topology, due to the simultaneous transmissions among some nodes, the use of smaller blacklist showed better performance.
Amosov, O. S., Amosova, S. G., Muller, N. V..  2018.  Identification of Potential Risks to System Security Using Wavelet Analysis, the Time-and-Frequency Distribution Indicator of the Time Series and the Correlation Analysis of Wavelet-Spectra. 2018 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon). :1-6.

To identify potential risks to the system security presented by time series it is offered to use wavelet analysis, the indicator of time-and-frequency distribution, the correlation analysis of wavelet-spectra for receiving rather complete range of data about the process studied. The indicator of time-and-frequency localization of time series was proposed allowing to estimate the speed of non-stationary changing. The complex approach is proposed to use the wavelet analysis, the time-and-frequency distribution of time series and the wavelet spectra correlation analysis; this approach contributes to obtaining complete information on the studied phenomenon both in numerical terms, and in the form of visualization for identifying and predicting potential system security threats.

2019-02-08
Islam, Mohammad A., Ren, Shaolei.  2018.  Ohm's Law in Data Centers: A Voltage Side Channel for Timing Power Attacks. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :146-162.

Maliciously-injected power load, a.k.a. power attack, has recently surfaced as a new egregious attack vector for dangerously compromising the data center availability. This paper focuses on the emerging threat of power attacks in a multi-tenant colocation data center, an important type of data center where multiple tenants house their own servers and share the power distribution system. Concretely, we discover a novel physical side channel –- a voltage side channel –- which leaks the benign tenants' power usage information at runtime and helps an attacker precisely time its power attacks. The key idea we exploit is that, due to the Ohm's Law, the high-frequency switching operation (40\textasciitilde100kHz) of the power factor correction circuit universally built in today's server power supply units creates voltage ripples in the data center power lines. Importantly, without overlapping the grid voltage in the frequency domain, the voltage ripple signals can be easily sensed by the attacker to track the benign tenants' runtime power usage and precisely time its power attacks. We evaluate the timing accuracy of the voltage side channel in a real data center prototype, demonstrating that the attacker can extract benign tenants' power pattern with a great accuracy (correlation coefficient = 0.90+) and utilize 64% of all the attack opportunities without launching attacks randomly or consecutively. Finally, we highlight a few possible defense strategies and extend our study to more complex three-phase power distribution systems used in large multi-tenant data centers.

2018-04-11
Huang, Kaiyu, Qu, Y., Zhang, Z., Chakravarthy, V., Zhang, Lin, Wu, Z..  2017.  Software Defined Radio Based Mixed Signal Detection in Spectrally Congested and Spectrally Contested Environment. 2017 Cognitive Communications for Aerospace Applications Workshop (CCAA). :1–6.

In a spectrally congested environment or a spectrally contested environment which often occurs in cyber security applications, multiple signals are often mixed together with significant overlap in spectrum. This makes the signal detection and parameter estimation task very challenging. In our previous work, we have demonstrated the feasibility of using a second order spectrum correlation function (SCF) cyclostationary feature to perform mixed signal detection and parameter estimation. In this paper, we present our recent work on software defined radio (SDR) based implementation and demonstration of such mixed signal detection algorithms. Specifically, we have developed a software defined radio based mixed RF signal generator to generate mixed RF signals in real time. A graphical user interface (GUI) has been developed to allow users to conveniently adjust the number of mixed RF signal components, the amplitude, initial time delay, initial phase offset, carrier frequency, symbol rate, modulation type, and pulse shaping filter of each RF signal component. This SDR based mixed RF signal generator is used to transmit desirable mixed RF signals to test the effectiveness of our developed algorithms. Next, we have developed a software defined radio based mixed RF signal detector to perform the mixed RF signal detection. Similarly, a GUI has been developed to allow users to easily adjust the center frequency and bandwidth of band of interest, perform time domain analysis, frequency domain analysis, and cyclostationary domain analysis.

Nandhini, M., Priya, P..  2017.  A Hybrid Routing Algorithm for Secure Environmental Monitoring System in WSN. 2017 International Conference on Communication and Signal Processing (ICCSP). :1061–1065.

Wireless sensor networks are the most prominent set of recently made sensor nodes. They play a numerous role in many applications like environmental monitoring, agriculture, Structural and industrial monitoring, defense applications. In WSN routing is one of the absolutely requisite techniques. It enhance the network lifetime. This can be gives additional priority and system security by using bio inspired algorithm. The combination of bio inspired algorithms and routing algorithms create a way to easy data transmission and improves network lifetime. We present a new metaheuristic hybrid algorithm namely firefly algorithm with Localizability aided localization routing protocol for encircle monitoring in wireless area. This algorithm entirely covers the wireless sensor area by localization process and clumping the sensor nodes with the use of LAL (Localizability Aided Localization) users can minimize the time latency, packet drop and packet loss compared to traditional methods.

Vasile, D. C., Svasta, P., Codreanu, N., Safta, M..  2017.  Active Tamper Detection Circuit Based on the Analysis of Pulse Response in Conductive Mesh. 2017 40th International Spring Seminar on Electronics Technology (ISSE). :1–6.

Tamper detection circuits provide the first and most important defensive wall in protecting electronic modules containing security data. A widely used procedure is to cover the entire module with a foil containing fine conductive mesh, which detects intrusion attempts. Detection circuits are further classified as passive or active. Passive circuits have the advantage of low power consumption, however they are unable to detect small variations in the conductive mesh parameters. Since modern tools provide an upper leverage over the passive method, the most efficient way to protect security modules is thus to use active circuits. The active tamper detection circuits are typically probing the conductive mesh with short pulses, analyzing its response in terms of delay and shape. The method proposed in this paper generates short pulses at one end of the mesh and analyzes the response at the other end. Apart from measuring pulse delay, the analysis includes a frequency domain characterization of the system, determining whether there has been an intrusion or not, by comparing it to a reference (un-tampered with) spectrum. The novelty of this design is the combined analysis, in time and frequency domains, of the small variations in mesh characteristic parameters.

Liu, Rui, Rawassizadeh, Reza, Kotz, David.  2017.  Toward Accurate and Efficient Feature Selection for Speaker Recognition on Wearables. Proceedings of the 2017 Workshop on Wearable Systems and Applications. :41–46.

Due to the user-interface limitations of wearable devices, voice-based interfaces are becoming more common; speaker recognition may then address the authentication requirements of wearable applications. Wearable devices have small form factor, limited energy budget and limited computational capacity. In this paper, we examine the challenge of computing speaker recognition on small wearable platforms, and specifically, reducing resource use (energy use, response time) by trimming the input through careful feature selections. For our experiments, we analyze four different feature-selection algorithms and three different feature sets for speaker identification and speaker verification. Our results show that Principal Component Analysis (PCA) with frequency-domain features had the highest accuracy, Pearson Correlation (PC) with time-domain features had the lowest energy use, and recursive feature elimination (RFE) with frequency-domain features had the least latency. Our results can guide developers to choose feature sets and configurations for speaker-authentication algorithms on wearable platforms.

Hawkins, William, Nguyen-Tuong, Anh, Hiser, Jason D., Co, Michele, Davidson, Jack W..  2017.  Mixr: Flexible Runtime Rerandomization for Binaries. Proceedings of the 2017 Workshop on Moving Target Defense. :27–37.

Mixr is a novel moving target defense (MTD) system that improves on the traditional address space layout randomization (ASLR) security technique by giving security architects the tools to add "runtime ASLR" to existing software programs and libraries without access to their source code or debugging information and without requiring changes to the host's linker, loader or kernel. Runtime ASLR systems rerandomize the code of a program/library throughout execution at rerandomization points and with a particular granularity. The security professional deploying the Mixr system on a program/library has the flexibility to specify the frequency of runtime rerandomization and the granularity. For example, she/he can specify that the program rerandomizes itself on 60-byte boundaries every time the write() system call is invoked. The Mixr MTD of runtime ASLR protects binary programs and software libraries that are vulnerable to information leaks and attacks based on that information. Mixr is an improvement on the state of the art in runtime ASLR systems. Mixr gives the security architect the flexibility to specify the rerandomization points and granularity and does not require access to the target program/library's source code, debugging information or other metadata. Nor does Mixr require changes to the host's linker, loader or kernel to execute the protected software. No existing runtime ASLR system offers those capabilities. The tradeoff is that applying the Mixr MTD of runtime ASLR protection requires successful disassembly of a program - something which is not always possible. Moreoever, the runtime overhead of a Mixr-protected program is non-trivial. Mixr, besides being a tool for implementing the MTD of runtime ASLR, has the potential to further improve software security in other ways. For example, Mixr could be deployed to implement noise injection into software to thwart side-channel attacks using differential power analysis.

Yoon, Man-Ki, Mohan, Sibin, Choi, Jaesik, Christodorescu, Mihai, Sha, Lui.  2017.  Learning Execution Contexts from System Call Distribution for Anomaly Detection in Smart Embedded System. Proceedings of the Second International Conference on Internet-of-Things Design and Implementation. :191–196.

Existing techniques used for anomaly detection do not fully utilize the intrinsic properties of embedded devices. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. Our prototype applied to a real-world open-source embedded application shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths.

Wang, J. K., Peng, Chunyi.  2017.  Analysis of Time Delay Attacks Against Power Grid Stability. Proceedings of the 2Nd Workshop on Cyber-Physical Security and Resilience in Smart Grids. :67–72.

The modern power grid, as a critical national infrastructure, is operated as a cyber-physical system. While the Wide-Area Monitoring, Protection and Control Systems (WAMPCS) in the power grid ensures stable dynamical responses by allowing real-time remote control and collecting measurement over across the power grid, they also expose the power grid to potential cyber-attacks. In this paper, we analyze the effects of Time Delay Attacks (TDAs), which disturb stability of the power grid by simply delaying the transfer of measurement and control demands over the grid's cyber infrastructure. Different from the existing work which simulates TDAs' impacts under specific scenarios, we come up with a generic analytical framework to derive the TDAs' effective conditions. In particular, we propose three concepts of TDA margins, TDA boundary, and TDA surface to define the insecure zones where TDAs are able to destabilize the grid. The proposed concepts and analytical results are exemplified in the context of Load Frequency Control (LFC), but can be generalized to other power control applications.

Bhalachandra, Sridutt, Porterfield, Allan, Olivier, Stephen L., Prins, Jan F., Fowler, Robert J..  2017.  Improving Energy Efficiency in Memory-Constrained Applications Using Core-Specific Power Control. Proceedings of the 5th International Workshop on Energy Efficient Supercomputing. :6:1–6:8.

Power is increasingly the limiting factor in High Performance Computing (HPC) at Exascale and will continue to influence future advancements in supercomputing. Recent processors equipped with on-board hardware counters allow real time monitoring of operating conditions such as energy and temperature, in addition to performance measures such as instructions retired and memory accesses. An experimental memory study presented on modern CPU architectures, Intel Sandybridge and Haswell, identifies a metric, TORo\_core, that detects bandwidth saturation and increased latency. TORo-Core is used to construct a dynamic policy applied at coarse and fine-grained levels to modulate per-core power controls on Haswell machines. The coarse and fine-grained application of dynamic policy shows best energy savings of 32.1% and 19.5% with a 2% slowdown in both cases. On average for six MPI applications, the fine-grained dynamic policy speeds execution by 1% while the coarse-grained application results in a 3% slowdown. Energy savings through frequency reduction not only provide cost advantages, they also reduce resource contention and create additional thermal headroom for non-throttled cores improving performance.

Cui, T., Yu, H., Hao, F..  2017.  Security Control for Linear Systems Subject to Denial-of-Service Attacks. 2017 36th Chinese Control Conference (CCC). :7673–7678.

This paper studies the stability of event-triggered control systems subject to Denial-of-Service attacks. An improved method is provided to increase frequency and duration of the DoS attacks where closed-loop stability is not destroyed. A two-mode switching control method is adopted to maintain stability of event-triggered control systems in the presence of attacks. Moreover, this paper reveals the relationship between robustness of systems against DoS attacks and lower bound of the inter-event times, namely, enlarging the inter-execution time contributes to enhancing the robustness of the systems against DoS attacks. Finally, some simulations are presented to illustrate the efficiency and feasibility of the obtained results.

2018-02-27
Nembhard, F., Carvalho, M., Eskridge, T..  2017.  A Hybrid Approach to Improving Program Security. 2017 IEEE Symposium Series on Computational Intelligence (SSCI). :1–8.

The security of computer programs and systems is a very critical issue. With the number of attacks launched on computer networks and software, businesses and IT professionals are taking steps to ensure that their information systems are as secure as possible. However, many programmers do not think about adding security to their programs until their projects are near completion. This is a major mistake because a system is as secure as its weakest link. If security is viewed as an afterthought, it is highly likely that the resulting system will have a large number of vulnerabilities, which could be exploited by attackers. One of the reasons programmers overlook adding security to their code is because it is viewed as a complicated or time-consuming process. This paper presents a tool that will help programmers think more about security and add security tactics to their code with ease. We created a model that learns from existing open source projects and documentation using machine learning and text mining techniques. Our tool contains a module that runs in the background to analyze code as the programmer types and offers suggestions of where security could be included. In addition, our tool fetches existing open source implementations of cryptographic algorithms and sample code from repositories to aid programmers in adding security easily to their projects.

2017-11-13
Kar, Monodeep, Singh, Arvind, Mathew, Sanu, Rajan, Anand, De, Vivek, Mukhopadhyay, Saibal.  2016.  Exploiting Fully Integrated Inductive Voltage Regulators to Improve Side Channel Resistance of Encryption Engines. Proceedings of the 2016 International Symposium on Low Power Electronics and Design. :130–135.

This paper explores fully integrated inductive voltage regulators (FIVR) as a technique to improve the side channel resistance of encryption engines. We propose security aware design modes for low passive FIVR to improve robustness of an encryption-engine against statistical power attacks in time and frequency domain. A Correlation Power Analysis is used to attack a 128-bit AES engine synthesized in 130nm CMOS. The original design requires \textasciitilde250 Measurements to Disclose (MTD) the 1st byte of key; but with security-aware FIVR, the CPA was unsuccessful even after 20,000 traces. We present a reversibility based threat model for the FIVR-based protection improvement and show the robustness of security aware FIVR against such threat.

Böhme, Marcel, Pham, Van-Thuan, Roychoudhury, Abhik.  2016.  Coverage-based Greybox Fuzzing As Markov Chain. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1032–1043.

Coverage-based Greybox Fuzzing (CGF) is a random testing approach that requires no program analysis. A new test is generated by slightly mutating a seed input. If the test exercises a new and interesting path, it is added to the set of seeds; otherwise, it is discarded. We observe that most tests exercise the same few "high-frequency" paths and develop strategies to explore significantly more paths with the same number of tests by gravitating towards low-frequency paths. We explain the challenges and opportunities of CGF using a Markov chain model which specifies the probability that fuzzing the seed that exercises path i generates an input that exercises path j. Each state (i.e., seed) has an energy that specifies the number of inputs to be generated from that seed. We show that CGF is considerably more efficient if energy is inversely proportional to the density of the stationary distribution and increases monotonically every time that seed is chosen. Energy is controlled with a power schedule. We implemented the exponential schedule by extending AFL. In 24 hours, AFLFAST exposes 3 previously unreported CVEs that are not exposed by AFL and exposes 6 previously unreported CVEs 7x faster than AFL. AFLFAST produces at least an order of magnitude more unique crashes than AFL.

Lipinski, Piotr, Michalak, Krzysztof, Lancucki, Adrian.  2016.  Improving Classification of Patterns in Ultra-High Frequency Time Series with Evolutionary Algorithms. Proceedings of the 2016 on Genetic and Evolutionary Computation Conference Companion. :127–128.

This paper proposes a method of distinguishing stock market states, classifying them based on price variations of securities, and using an evolutionary algorithm for improving the quality of classification. The data represents buy/sell order queues obtained from rebuild order book, given as price-volume pairs. In order to put more emphasis on certain features before the classifier is used, we use a weighting scheme, further optimized by an evolutionary algorithm.

Mala, H., Adavoudi, A., Aghili, S. F..  2016.  Security analysis of the RBS block cipher. 2016 24th Iranian Conference on Electrical Engineering (ICEE). :130–132.

Radio Frequency Identification (RFID) systems are widely used today because of their low price, usability and being wireless. As RFID systems use wireless communication, they may encounter challenging security problems. Several lightweight encryption algorithms have been proposed so far to solve these problems. The RBS block cipher is one of these algorithms. In designing RBS, conventional block cipher elements such as S-box and P-box are not used. RBS is based on inserting redundant bits between altered plaintext bits using an encryption key Kenc. In this paper, considering not having a proper diffusion as the main defect of RBS, we propose a chosen ciphertext attack against this algorithm. The data complexity of this attack equals to N pairs of text and its time complexity equals to N decryptions, where N is the size of the encryption key Kenc.

Park, B., DeMarco, C. L..  2016.  Optimal control via waveform relaxation for power systems cyber-security applications. 2016 IEEE Power and Energy Society General Meeting (PESGM). :1–5.

This paper formulates a power system related optimal control problem, motivated by potential cyber-attacks on grid control systems, and ensuing defensive response to such attacks. The problem is formulated as a standard nonlinear program in the GAMS optimization environment, with system dynamics discretized over a short time horizon providing constraint equations, which are then treated via waveform relaxation. Selection of objective function and additional decision variables is explored first for identifying grid vulnerability to cyber-attacks that act by modifying feedback control system parameters. The resulting decisions for the attacker are then fixed, and the optimization problem is modified with a new objective function and decision variables, to explore a defender's possible response to such attacks.

Singh, S. K., Bziuk, W., Jukan, A..  2016.  Balancing Data Security and Blocking Performance with Spectrum Randomization in Optical Networks. 2016 IEEE Global Communications Conference (GLOBECOM). :1–7.

Data randomization or scrambling has been effectively used in various applications to improve the data security. In this paper, we use the idea of data randomization to proactively randomize the spectrum (re)allocation to improve connections' security. As it is well-known that random (re)allocation fragments the spectrum and thus increases blocking in elastic optical networks, we analyze the tradeoff between system performance and security. To this end, in addition to spectrum randomization, we utilize an on-demand defragmentation scheme every time a request is blocked due to the spectrum fragmentation. We model the occupancy pattern of an elastic optical link (EOL) using a multi-class continuous-time Markov chain (CTMC) under the random-fit spectrum allocation method. Numerical results show that although both the blocking and security can be improved for a particular so-called randomization process (RP) arrival rate, while with the increase in RP arrival rate the connections' security improves at the cost of the increase in overall blocking.

Sharma, P., Patel, D., Shah, D., Shukal, D..  2016.  Image security using Arnold method in tetrolet domain. 2016 Fourth International Conference on Parallel, Distributed and Grid Computing (PDGC). :312–315.

The image contains a lot of visual as well as hidden information. Both, information must be secured at the time of transmission. With this motivation, a scheme is proposed based on encryption in tetrolet domain. For encryption, an iterative based Arnold transform is used in proposed methodology. The images are highly textured, which contains the authenticity of the image. For that, decryption process is performed in this way so that maximum, the edges and textures should be recovered, effectively. The suggested method has been tested on standard images and results obtained after applying suggested method are significant. A comparison is also performed with some standard existing methods to measure the effectiveness of the suggested method.

2017-09-26
Benton, Kevin, Camp, L. Jean.  2016.  Firewalling Scenic Routes: Preventing Data Exfiltration via Political and Geographic Routing Policies. Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense. :31–36.

In this paper we describe a system that allows the real time creation of firewall rules in response to geographic and political changes in the control-plane. This allows an organization to mitigate data exfiltration threats by analyzing Border Gateway Protocol (BGP) updates and blocking packets from being routed through problematic jurisdictions. By inspecting the autonomous system paths and referencing external data sources about the autonomous systems, a BGP participant can infer the countries that traffic to a particular destination address will traverse. Based on this information, an organization can then define constraints on its egress traffic to prevent sensitive data from being sent via an untrusted region. In light of the many route leaks and BGP hijacks that occur today, this offers a new option to organizations willing to accept reduced availability over the risk to confidentiality. Similar to firewalls that allow organizations to block traffic originating from specific countries, our approach allows blocking outbound traffic from transiting specific jurisdictions. To illustrate the efficacy of this approach, we provide an analysis of paths to various financial services IP addresses over the course of a month from a single BGP vantage point that quantifies the frequency of path alterations resulting in the traversal of new countries. We conclude with an argument for the utility of country-based egress policies that do not require the cooperation of upstream providers.

2017-09-19
Zúquete, André.  2016.  Exploitation of Dual Channel Transmissions to Increase Security and Reliability in Classic Bluetooth Piconets. Proceedings of the 12th ACM Symposium on QoS and Security for Wireless and Mobile Networks. :55–60.

In this paper we discuss several improvements to the security and reliability of a classic Bluetooth network (piconet) that can arise from the fact of being able to transmit the same frame with two frequencies on each slot, instead of the actual standard, that uses only one frequency. Furthermore, we build upon this possibility and we show that piconet participants can explore many strategies to increase the security of their communications by confounding eavesdroppers, such as multiple hopping sequences, random selection of a hopping sequence on each transmission slot and variable frame encryption per hopping sequence. Finally, all this can be decided independently by any piconet participant without having to agree in real time on some type of service with other participants of the same piconet.

2017-05-22
Manzoor, Emaad, Milajerdi, Sadegh M., Akoglu, Leman.  2016.  Fast Memory-efficient Anomaly Detection in Streaming Heterogeneous Graphs. Proceedings of the 22Nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. :1035–1044.

Given a stream of heterogeneous graphs containing different types of nodes and edges, how can we spot anomalous ones in real-time while consuming bounded memory? This problem is motivated by and generalizes from its application in security to host-level advanced persistent threat (APT) detection. We propose StreamSpot, a clustering based anomaly detection approach that addresses challenges in two key fronts: (1) heterogeneity, and (2) streaming nature. We introduce a new similarity function for heterogeneous graphs that compares two graphs based on their relative frequency of local substructures, represented as short strings. This function lends itself to a vector representation of a graph, which is (a) fast to compute, and (b) amenable to a sketched version with bounded size that preserves similarity. StreamSpot exhibits desirable properties that a streaming application requires: it is (i) fully-streaming; processing the stream one edge at a time as it arrives, (ii) memory-efficient; requiring constant space for the sketches and the clustering, (iii) fast; taking constant time to update the graph sketches and the cluster summaries that can process over 100,000 edges per second, and (iv) online; scoring and flagging anomalies in real time. Experiments on datasets containing simulated system-call flow graphs from normal browser activity and various attack scenarios (ground truth) show that StreamSpot is high-performance; achieving above 95% detection accuracy with small delay, as well as competitive time and memory usage.