Biblio

Most common user authentication methods use some form of password or a combination of passwords. However, encryption schemes are generally not directly compatible with user passwords and thus, Password-Based Key Derivation Functions (PBKDFs) are used to convert user passwords into cryptographic keys. In this paper, we analyze the theoretical security of PBKDF2 and present two vulnerabilities, γ-collision and δ-collision. Using AES-128 as our exemplar, we show that due to γ-collision, text encrypted with one user password can be decrypted with γ 1 different passwords. We also provide a proof that finding− a collision in the derived key for AES-128 requires δ lesser calls to PBKDF2 than the known Birthday attack. Due to this, it is possible to break password-based AES-128 in O(264) calls, which is equivalent to brute-forcing DES.

This paper proposes a scheme for secure telecommunication based on synchronizing a chaotic Liu system with a nontrivial Lyapunov candidate, which allows for the control signal to act only on one state of the slave system. The proposal has the advantages of being robust against disturbances (internal and external) and simple, which is essential because it leads to significant cost reductions when implemented using analog electronics. A simulation study, which considers the presence of disturbances, is used to validate the theoretical results and show the easy implementation of the proposed approach.

This demo presents a new approach to detecting and countering the aLTEr attack by proactively searching for the threat and automatically remediating it. These processes leverage AI/ML techniques and the automation framework offered by the MonB5G architecture.

We propose a localized oscillation amplitude monitoring (OAM) method for the mitigation of cyber threats directed at the wide area control (WAC) system used to coordinate control of Flexible AC Transmission Systems (FACTS) for power oscillation damping (POD) of active power flow on inter-area tie lines. The method involves monitoring the inter-area tie line active power oscillation amplitude over a sliding window. We use system instability - inferred from oscillation amplitudes growing instead of damping - as evidence of an indication of a malfunction in the WAC of FACTS, possibly indicative of a cyber attack. Monitoring the presence of such a growth allows us to determine whether any destabilizing behaviors appear after the WAC system engages to control the POD. If the WAC signal increases the oscillation amplitude over time, thereby diminishing the POD performance, the FACTS falls back to POD using local measurements. The proposed method does not require an expansive system-wide view of the network. We simulate replay, control integrity, and timing attacks for a test system and present results that demonstrate the performance of the OAM method for mitigation.

Security and privacy threat modeling is commonly applied to systematically identify and address design-level security and privacy concerns in the early stages of architecture and design. Identifying and resolving these threats should remain a continuous concern during the development lifecycle. Especially with contemporary agile development practices, a single-shot upfront analysis becomes quickly outdated. Despite it being explicitly recommended by experts, existing threat modeling approaches focus largely on early development phases and provide limited support during later implementation phases.In this paper, we present an integrated threat analysis toolchain to support automated, continuous threat elicitation, assessment, and mitigation as part of a continuous integration pipeline in the GitLab DevOps platform. This type of automation allows for continuous attention to security and privacy threats during development at the level of individual commits, supports monitoring and managing the progress in addressing security and privacy threats over time, and enables more advanced and fine-grained analyses such as assessing the impact of proposed changes in different code branches or merge/pull requests by analyzing the changes to the threat model.

The transmission and storage process for the power data in an intelligent grid has problems such as a single point of failure in the central node, low data credibility, and malicious manipulation or data theft. The characteristics of decentralization and tamper-proofing of blockchain and its distributed storage architecture can effectively solve malicious manipulation and the single point of failure. However, there are few safe and reliable data transmission methods for the significant number and various identities of users and the complex node types in the power blockchain. Thus, this paper proposes a collaborative control scheme between on-chain and off-chain power data based on the distributed oracle technology. By building a trusted on-chain transmission mechanism based on distributed oracles, the scheme solves the credibility problem of massive data transmission and interactive power data between smart contracts and off-chain physical devices safely and effectively. Analysis and discussion show that the proposed scheme can realize the collaborative control between on-chain and off-chain data efficiently, safely, and reliably.

While a huge number of IoT devices are connecting to the cyber physical systems, the demand for security of these devices are increasing. Due to the demand, world-wide competition for lightweight cryptography oriented towards small devices have been held. Although tamper resistance against illegal attacks were evaluated in the competition, there is no evaluation for embedded malicious circuits such as hardware Trojan.To achieve security evaluation for embedded malicious circuits, this study proposes an implementation method of hardware Trojan for Elephant which is one of the finalists in the competition. And also, the implementation overhead of hardware Trojans and the security risk of hardware Trojan are evaluated.

The limited spectrum resources need to provide safe and efficient spectrum service for the intensive users. Malicious spectrum work nodes will affect the normal operation of the entire system. Using the blockchain model, consensus algorithm Praft based on optimized Raft is to solve the consensus problem in Byzantine environment. Message digital signatures give the spectrum node some fault tolerance and tamper resistance. Spectrum sharing among spectrum nodes is carried out in combination with game theory. The existing game theoretical algorithm does not consider the influence of spectrum occupancy of primary users and cognitive users on primary users' utility and enthusiasm at the same time. We elicits a reinforcement factor and analyzes the effect of the reinforcement factor on strategy performance. This scheme optimizes the previous strategy so that the profits of spectrum nodes are improved and a good Nash equilibrium is shown, while Praft solves the Byzantine problem left by Raft.

The automatic detection of vulnerabilities in Web applications using taint analysis is a hot topic. However, existing taint analysis methods for sanitizers identification are too simple to find available taint transmission chains effectively. These methods generally use pre-constructed dictionaries or simple keywords to identify, which usually suffer from large false positives and false negatives. No doubt, it will have a greater impact on the final result of the taint analysis. To solve that, we summarise and classify the commonly used sanitizers in Web applications and propose an identification method based on semantic analysis. Our method can accurately and completely identify the sanitizers in the target Web applications through static analysis. Specifically, we analyse the natural semantics and program semantics of existing sanitizers, use semantic analysis to find more in Web applications. Besides, we implemented the method prototype in PHP and achieved a vulnerability detection tool called VulChecker. Then, we experimented with some popular open-source CMS frameworks. The results show that Vulchecker can accurately identify more sanitizers. In terms of vulnerability detection, VulChecker also has a lower false positive rate and a higher detection rate than existing methods. Finally, we used VulChecker to analyse the latest PHP applications. We identified several new suspicious taint data propagation chains. Before the paper was completed, we have identified four unreported vulnerabilities. In general, these results show that our approach is highly effective in improving vulnerability detection based on taint analysis.

Nowadays, smart contracts manage more and more digital assets and have become an attractive target for adversaries. To prevent smart contracts from malicious attacks, a thorough test is indispensable and must be finished before deployment because smart contracts cannot be modified after being deployed. Fuzzing is an important testing approach, but most existing smart contract fuzzers can hardly solve the constraints which involve deeply nested conditional statements, resulting in low coverage. To address this problem, we propose Targy, an efficient targeted mutation strategy based on dynamic taint analysis. We obtain the taint flow by dynamic taint propagation, and generate a more accurate mutation strategy for the input parameters of functions to simultaneously satisfy all conditional statements. We implemented Targy on sFuzz with 3.6 thousand smart contracts running on Ethereum. The numbers of covered branches and detected vulnerabilities increase by 6% and 7% respectively, and the average time required for covering a branch is reduced by 11 %.

Attack surface detection for the complex software is needed to find targets for the fuzzing, because testing the whole system with many inputs is not realistic. Researchers that previously applied taint analysis for dealing with different security tasks in the virtual machines did not examined how to apply it for attack surface detection. I.e., getting the program modules and functions, that may be affected by input data. We propose using taint tracking within a virtual machine and virtual machine introspection to create a new approach that can detect the internal module interfaces that can be fuzz tested to assure that software is safe or find the vulnerabilities.

Mutation-based taint inference (MTI) is a novel technique for taint analysis. Compared with traditional techniques that track propagations of taint tags, MTI infers a variable is tainted if its values change due to input mutations, which is lightweight and conceptually sound. However, there are 3 challenges to its efficiency and scalability: (1) it cannot efficiently record variable values to monitor their changes; (2) it consumes a large amount of memory monitoring variable values, especially on complex programs; and (3) its excessive memory overhead leads to a low hit ratio of CPU cache, which slows down the speed of taint inference. This paper presents an efficient and scalable solution named HashMTI. We first explain the above challenges based on 4 observations. Motivated by these challenges, we propose a hash record scheme to efficiently monitor changes in variable values and significantly reduce the memory overhead. The scheme is based on our specially selected and optimized hash functions that possess 3 crucial properties. Moreover, we propose the DoubleMutation strategy, which applies additional mutations to mitigate the limitation of the hash record and detect more taint information. We implemented a prototype of HashMTI and evaluated it on 18 real-world programs and 4 LAVA-M programs. Compared with the baseline OrigMTI, HashMTI significantly reduces the overhead while having similar accuracy. It achieves a speedup of 2.5X to 23.5X and consumes little memory which is on average 70.4 times less than that of OrigMTI.

Due to its ability to detect many frequently occurring security vulnerabilities, taint analysis is one of the core static analyses used by many static application security testing (SAST) tools. Previous studies have identified issues that software developers face with SAST tools. This paper reports on our experience in building a configurable taint analysis tool, named SecuCheck, that runs in multiple integrated development environments. SecuCheck is built on top of multiple existing components and comes with a Java-internal domain-specific language fluentTQL for specifying taint-flows, designed for software developers. We evaluate the applicability of SecuCheck in detecting eleven taint-style vulnerabilities in microbench programs and three real-world Java applications with known vulnerabilities. Empirically, we identify factors that impact the runtime of SecuCheck.

Various algorithms and models have been proposed to address text classification tasks; however, they rarely consider incorporating the additional knowledge hidden in class labels. We argue that hidden information in class labels leads to better classification accuracy. In this study, instead of encoding the labels into numerical values, we incorporated the knowledge in the labels into the original model without changing the model architecture. We combined the output of an original classification model with the relatedness calculated based on the embeddings of a sequence and a keyword set. A keyword set is a word set to represent knowledge in the labels. Usually, it is generated from the classes while it could also be customized by the users. The experimental results show that our proposed method achieved statistically significant improvements in text classification tasks. The source code and experimental details of this study can be found on Github11https://github.com/HeroadZ/KiL.

As cyber threats continue to grow and expertise resources are limited, organisations need to find ways to evaluate their resilience efficiently and take proactive measures against an attack from a specific adversary before it occurs. Threat modelling is an excellent method of assessing the resilience of ICT systems, forming Attack (Defense) Graphs (ADGs) that illustrate an adversary’s attack vectors. Cyber Threat Intelligence (CTI) is information that helps understand the current cyber threats, but has little integration with ADGs. This paper contributes with an approach that resolves this problem by using CTI feeds of known threat actors to enrich ADGs under multiple reuse. This enables security analysts to take proactive measures and strengthen their ICT systems against current methods used by any threat actor that is believed to pose a threat to them.

In recent years, the development of deep learning has brought new ideas to internal threat detection. In this paper, three common deep learning algorithms for threat detection are optimized and innovated, and feature embedding, drift detection and sample weighting are introduced into FCNN. Adaptive multi-iteration method is introduced into Support Vector Data Description (SVDD). A dynamic threshold adjustment mechanism is introduced in VAE. In threat detection, three methods are used to detect the abnormal behavior of users, and the intersection of output results is taken as the final threat judgment basis. Experiments on cert r6.2 data set show that this method can significantly reduce the false positive rate.

The use of video surveillance (VS) has grown significantly using the internet as a platform. Thus security issues on such videos must be addressed. Video frames can have multiple objects and various features over video length. Moving object detection (MOD) and real-time tracking requires security strategies designed to protect videos. This paper is proposed to design an asymmetric encryption method (RSA). The paper has contributed in two stages. In the first phase the fast video segmentation method based on a global variable threshold is designed to facilitate MOD. Later in second pass the RSA-based encryption is used to maintain the efficiency of the object detection. The secure key generation method is demonstrated. The performances of two global thresholds are demonstrated and compared under the encrypted video data. It is found that that method is very effective in finding objects under the context of video surveillance in real time.

In recent years, the complexity of software vulnera-bilities has continued to increase. Manual vulnerability detection methods alone no longer meet the demand. With the rapid development of the deep learning, many neural network models have been widely applied to source code vulnerability detection. The variant of recurrent neural network (RNN), bidirectional Long Short-Term Memory (BiLSTM), has been a popular choice in vulnerability detection. However, is BiLSTM the most suitable choice? To answer this question, we conducted a series of experiments to investigate the effectiveness of different neural network models for source code vulnerability detection. The results shows that the variants of RNN, gated recurrent unit (GRU) and bidirectional GRU, are more capable of detecting source code fragments with mixed vulnerability types. And the concatenated convolutional neural network is more capable of detecting source code fragments of single vulnerability types.

Vulnerabilities in the source code of software are critical issues in the realm of software engineering. Coping with vulnerabilities in software source code is becoming more challenging due to several aspects of complexity and volume. Deep learning has gained popularity throughout the years as a means of addressing such issues. In this paper, we propose an evaluation of vulnerability detection performance on source code representations and evaluate how Machine Learning (ML) strategies can improve them. The structure of our experiment consists of 3 Deep Neural Networks (DNNs) in conjunction with five different source code representations; Abstract Syntax Trees (ASTs), Code Gadgets (CGs), Semantics-based Vulnerability Candidates (SeVCs), Lexed Code Representations (LCRs), and Composite Code Representations (CCRs). Experimental results show that employing different ML strategies in conjunction with the base model structure influences the performance results to a varying degree. However, ML-based techniques suffer from poor performance on class imbalance handling when used in conjunction with source code representations for software vulnerability detection.

Vulnerability detection identifies defects in various commercial software. Because most vulnerability detection methods are based on the source code, they are not useful if the source code is unavailable. In this paper, we propose a binary vulnerability detection method and use our tool named BVD that extracts binary features with the help of an intermediate language and then detects the vulnerabilities using an embedding model. Sufficiently robust features allow the binaries compiled in cross-architecture to be compared. Consequently, a similarity evaluation provides more accurate results.

As more and more visible light communication (VLC) and visible light sensing (VLS) systems are mounted on today’s light fixtures, how to guarantee the authenticity of the visible light (VL) signal in these systems becomes an urgent problem. This is because almost all of today’s light fixtures are unprotected and can be openly accessed by almost anyone, and hence are subject to tampering and substitution attacks. In this paper, by exploiting the intrinsic linear superposition characteristics of visible light, we propose VL-Watchdog, a scalable and always-on signal-level spoofing detection framework that is applicable to both VLC and VLS systems. VL-Watchdog is based on redundant orthogonal encoding of the transmitted visible light, and can be implemented as a small hardware add-on to an existing VL system. The effectiveness of the proposed framework was validated through extensive numerical evaluations against a comprehensive set of factors.

This work studies an energy-efficient jamming scheme for enhancing physical layer security in visible light communication (VLC). We consider a VLC system where multiple LED luminaries are deployed together with a legitimate user (i.e., Bob) and passive eavesdroppers (i.e., Eves). In such a scenario, the closest LED luminary to Bob serves as the transmitter while the rest of the luminaries act as jammers transmitting artificial noise (AN) to possibly degrade the quality of Eves' channels. A joint design of precoder and AN is then investigated to maximize the energy efficiency (EE) of the communication channel to Bob while ensuring a certain amount of AN power to confuse Eves. To solve the design problem, we make use of a combination of the Dinkelbach and convex-concave procedure (CCCP), which guarantees to converge to a local optimum.

Recently, the physical layer security (PLS) is becoming an important research area for visible light communication (VLC) systems. In this paper, the secrecy rate performance is investigated for an indoor multi-user visible light communication (VLC) system using artificial noise (AN). In the considered model, all users simultaneously communicate with the legitimate receiver under wiretap channels. The legitimate receiver uses the minimum mean squared error (MMSE) equalizer to detect the received signals. Both lower bound and upper bound of the secrecy rate are obtained for the case that users' signals are uniformly distributed. Simulation results verify the theoretical findings and show the system secrecy rate performance for various positions of illegal eavesdropper.

This paper represents the experimental implementation of an encryption-based visible light communication system for indoor communication over 14m, two single LED transmitters as the data source, and four receivers considered as data receivers for performance evaluation.

Data security and privacy have become an important problem while big data systems are growing dramatically fast in various application fields. Paillier additive homomorphic cryptosystem is widely used in information security fields such as big data security, communication security, cloud computing security, and artificial intelligence security. However, how to improve its computational performance is one of the most critical problems in practice. In this paper, we propose two modifications to improve the performance of the Paillier cryptosystem. Firstly, we introduce a key generation method to generate the private key with low Hamming weight, and this can be used to accelerate the decryption computation of the Paillier cryptosystem. Secondly, we propose an acceleration method based on Hensel lifting in the Paillier cryptosystem. This method can obtain a faster and improved decryption process by showing the mathematical analysis of the decryption algorithm.