Biblio

Novel acoustic wave networks comprising resonators achieving prescribed coupling are proposed. The design methodology is based on classic network synthesis of doubly- and/or singly-terminated networks. The synthesis of LTE Band 25 contiguous duplexer prototype is performed and its electrical characteristics are presented.

Acoustic tomography experiments for ocean observation require low-frequency, broadband, high power, small size underwater acoustic transducer, but there are contradictions between the performance of the transducer, therefore a longitudinal-bending fluid-cavity coupled broadband underwater acoustic transducer is presented. The difference between the transducer and the traditional JH transducer is that the opening position of the Helmholtz resonant cavity is arranged between the radiation cover plate and the cylindrical cavity. Based on the optimization results of the finite element software ANSYS produced a transducer test prototype. The test results show that the simulation results and experimental results are basically consistent, and the transmitting voltage response can reach 136dB, the transmitting voltage response fluctuation shall no more than 6dB through the range of 700-1200Hz in the horizontal direction, verified the longitudinal-bending mode and the fluid-cavity mode of the transducer are well coupled, and the transducer is an ideal low-frequency, broadband, high power, small size underwater acoustic transducer.

In many applications, software protection can not be sufficient to provide high security needed by some critical applications. A noteworthy example are the bitcoin wallets. Designed the most secure piece of software, their security can be compromised by a simple piece of malware infecting the device storing keys used for signing transactions. Secure hardware devices such as Trusted Platform Module (TPM) offers the ability to create a piece of code that can run unmolested by the rest of software applications hosted in the same machine. This has turned out to be a valuable approach for preventing several malware threats. Unfortunately, their restricted functionalities make them inconsistent with the use of multi and threshold signature mechanisms which are in the heart of real world cryptocurrency wallets implementation. This paper proposes an efficient multi-signature scheme that fits the requirement of the TPM. Based on discrete logarithm and pairings, our scheme does not require any interaction between signers and provide the same benefits as the well established BLS signature scheme. Furthermore, we proposed a formal model of our design and proved it security in a semi-honest model. Finally, we implemented a prototype of our design and studied its performance. From our experimental analysis, the proposed design is highly efficient and can serve as a groundwork for using TPM in future cryptocurrency wallets.

This paper presents the design and the verification of an efficient image protection method based on the QR code, which is a type of two-dimensional barcode widely used in various fields. For this purpose, we design a new image protection system consisting of a secure image generator and a secure image recognizer. One adds a new pre-processing block to the typical QR code generator and the other combines the existing QR code reader with a new post-processing block. The new architecture provides image de-identification. It is also flexible, allowing the use of text-based compression and encryption. We have implemented prototype applications for verifying the functions of the secure image generator and those of the secure image recognizer. As a result, it is shown that the proposed architecture can be used as a good solution for image privacy protection, especially in offline environments.

The real-time information of enemy locations is capable to transform the outcome of combat operations. Such information gathered using connected soldiers on the Internet of Battlefield Things (IoBT) is highly beneficial to create situational awareness (SA) and to plan an effective war strategy. This article presents the novel enemy localization method that uses the soldier's own locations and their gunshot direction. The hardware prototype has been developed that uses a triangulation for an enemy localization in two soldiers and a single enemy scenario. 4.24±1.77 m of average localization error and ±4° of gunshot direction error has been observed during this prototype testing. This basic model is further extended using three-stage software simulation for multiple soldiers and multiple enemy scenarios with the necessary assumptions. The effective algorithm has been proposed, which differentiates between the ghost and true predictions by analyzing the groups of subsequent shooting intents (i.e., frames). Four different complex scenarios are tested in the first stage of the simulation, around three to six frames are required for the accurate enemy localization in the relatively simple cases, and nine frames are required for the complex cases. The random error within ±4° in gunshot direction is included in the second stage of the simulation which required almost double the number of frames for similar four cases. As the number of frames increases, the accuracy of the proposed algorithm improves and better ghost point elimination is observed. In the third stage, two conventional clustering algorithms are implemented to validate the presented work. The comparative analysis shows that the proposed algorithm is faster, computationally simple, consistent, and reliable compared with others. Detailed analysis of hardware and software results for various scenarios has been discussed in this article.

End-to-end encryption is now ubiquitous on the internet. By securing network communications with TLS, parties can insure that in-transit data remains inaccessible to collection and analysis. In the IoT domain however, end-to-end encryption can paradoxically decrease user privacy, as many IoT devices establish encrypted communications with the manufacturer's cloud backend. The content of these communications remains opaque to the user and in several occasions IoT devices have been discovered to exfiltrate private information (e.g., voice recordings) without user authorization. In this paper, we propose Inspection-Friendly TLS (IF-TLS), an IoT-oriented, TLS-based middleware protocol that preserves the encryption offered by TLS while allowing traffic analysis by middleboxes under the user's control. Differently from related efforts, IF-TLS is designed from the ground up for the IoT world, adding limited complexity on top of TLS and being fully controllable by the residential gateway. At the same time it provides flexibility, enabling the user to offload traffic analysis to either the gateway itself, or cloud-based middleboxes. We implemented a stable, Python-based prototype IF-TLS library; preliminary results show that performance overhead is limited and unlikely to affect quality-of-experience.

Studies on two-factor authentication based on RFID and face recognition have been carried out on a large scale. However, these studies didn't discuss the way to overcome the weaknesses of face recognition authentication in the access control systems. In this study, two authentication factors, RFID and face recognition, were implemented using the LBP (Local Binary Pattern) algorithm to overcome weaknesses of face recognition authentication in the access control system. Based on the results of performance testing, the access control system has 100% RFID authentication and 80% face recognition authentication. The average time for the RFID authentication process is 0.03 seconds, the face recognition process is 6.3885 seconds and the verification of the face recognition is 0.1970 seconds. The access control system can still work properly after three days without being switched off. The results of security testing showed that the capabilities spoofing detection has 100% overcome the photo attack.

Traceability is a fundamental component of the modern software development process that helps to ensure properly functioning, secure programs. Due to the high cost of manually establishing trace links, researchers have developed automated approaches that draw relationships between pairs of textual software artifacts using similarity measures. However, the effectiveness of such techniques are often limited as they only utilize a single measure of artifact similarity and cannot simultaneously model (implicit and explicit) relationships across groups of diverse development artifacts. In this paper, we illustrate how these limitations can be overcome through the use of a tailored probabilistic model. To this end, we design and implement a HierarchiCal PrObabilistic Model for SoftwarE Traceability (Comet) that is able to infer candidate trace links. Comet is capable of modeling relationships between artifacts by combining the complementary observational prowess of multiple measures of textual similarity. Additionally, our model can holistically incorporate information from a diverse set of sources, including developer feedback and transitive (often implicit) relationships among groups of software artifacts, to improve inference accuracy. We conduct a comprehensive empirical evaluation of Comet that illustrates an improvement over a set of optimally configured baselines of ≈14% in the best case and ≈5% across all subjects in terms of average precision. The comparative effectiveness of Comet in practice, where optimal configuration is typically not possible, is likely to be higher. Finally, we illustrate Comet's potential for practical applicability in a survey with developers from Cisco Systems who used a prototype Comet Jenkins plugin.

This article describes a new way to generate and distribute secret encryption keys, in which the processes of generating a public key and formicating a secret encryption key are performed in algebra with a parameter, the secrecy of which provides increased durability of the key.

This paper presents Foggy, an anonymous communication system focusing on providing users with anonymous web browsing. Foggy provides a microservice-based proxy for web browsing and other low-latency network activities without exposing users' metadata and browsed content to adversaries. It is designed with decentralized information management, web caching, and configurable service selection. Although Foggy seems to be more centralized compared with Tor, it gains an advantage in manageability while retaining anonymity. Foggy can be deployed by several agencies to become more decentralized. We prototype Foggy and test its performance. Our experiments show Foggy's low latency and deployability, demonstrating its potential to be a commercial solution for real-world deployment.

Recent technological advancements have enabled proliferated use of small embedded and IoT devices for collecting, processing, and transferring the security-critical information and user data. This exponential use has acted as a catalyst in the recent growth of sophisticated attacks such as the replay, man-in-the-middle, and malicious code modification to slink, leak, tweak or exploit the security-critical information in malevolent activities. Therefore, secure communication and software state assurance (at run-time and boot-time) of the device has emerged as open security problems. Furthermore, these devices need to have an appropriate recovery mechanism to bring them back to the known-good operational state. Previous researchers have demonstrated independent methods for attack detection and safeguard. However, the majority of them lack in providing onboard system recovery and secure communication techniques. To bridge this gap, this manuscript proposes SRACARE - a framework that utilizes the custom lightweight, secure communication protocol that performs remote/local attestation, and secure boot with an onboard resilience recovery mechanism to protect the devices from the above-mentioned attacks. The prototype employs an efficient lightweight, low-power 32-bit RISC-V processor, secure communication protocol, code authentication, and resilience engine running on the Artix 7 Field Programmable Gate Array (FPGA) board. This work presents the performance evaluation and state-of-the-art comparison results, which shows promising resilience to attacks and demonstrate the novel protection mechanism with onboard recovery. The framework achieves these with only 8% performance overhead and a very small increase in hardware-software footprint.

The increasing vulnerabilities in Android kernel make it an attractive target to the attackers. Most kernel-targeted attacks are initiated through system calls. For security purpose, Google has introduced a Linux kernel security mechanism named “seccomp” since Android O to constrain the system calls accessible to the Android apps. Unfortunately, existing Android seccomp mechanism provides a fairly coarse-grained restriction by enforcing a unified seccomp policy containing more than 250 system calls for Android apps, which greatly reduces the effectiveness of seccomp. Also, it lacks an approach to profile the unnecessary system calls for a given Android app. In this paper we present a two-level control scheme named SASAK, which can shrink the attack surface of Android kernel by strictly constraining the system calls available to the Android apps with seccomp mechanism. First, instead of leveraging a unified seccomp policy for all Android apps, SASAK introduces an architecture- dedicated system call constraining by enforcing two separate and refined seccomp policies for the 32-bit Android apps and 64-bit Android apps, respectively. Second, we provide a tool to profile the necessary system calls for a given Android app and enforce an app-dedicated seccomp policy to further reduce the allowed system calls for the apps selected by the users. The app-dedicated control could dynamically change the seccomp policy for an app according to its actual needs. We implement a prototype of SASAK and the experiment results show that the architecture-dedicated constraining reduces 39.6% system calls for the 64-bit apps and 42.5% system calls for the 32-bit apps. 33% of the removed system calls for the 64-bit apps are vulnerable, and the number for the 32-bit apps is 18.8%. The app-dedicated restriction reduces about 66.9% and 62.5% system calls on average for the 64-bit apps and 32-bit apps, respectively. In addition, SASAK introduces negligible performance overhead.

The security of wireless network devices has received widespread attention, but most existing schemes cannot achieve fine-grained device identification. In practice, the security vulnerabilities of a device are heavily depending on its model and firmware version. Motivated by this issue, we propose a universal, extensible and device-independent framework called SCAFFISD, which can provide fine-grained identification of wireless routers. It can generate access rules to extract effective information from the router admin page automatically and perform quick scans for known device vulnerabilities. Meanwhile, SCAFFISD can identify rogue access points (APs) in combination with existing detection methods, with the purpose of performing a comprehensive security assessment of wireless networks. We implement the prototype of SCAFFISD and verify its effectiveness through security scans of actual products.

This research is dedicated to the development of a prototype of open infrastructure for users’ internet traffic filtering on a browser level. We described the advantages of a distributed approach in comparison with current centralized solutions. Besides, we suggested a solution to define the optimum size for a URL storage block in Ethereum network. This solution may be used for the development of infrastructure of DApps applications on Ethereum network in future. The efficiency of the suggested approach is supported by several experiments.

Code randomization is considered as the basis of mitigation against code reuse attacks, fundamentally supporting some recent proposals such as execute-only memory (XOM) that aims at dynamic return-oriented programming (ROP) attacks. However, existing code randomization methods are hard to achieve a good balance between high-randomization entropy and semantic consistency. In particular, they always ignore code semantic consistency, incurring performance loss and incompatibility with current security schemes, e.g., control flow integrity (CFI). In this paper, we present an enhanced code randomization method termed as HCRESC, which can improve the randomization entropy significantly, meanwhile ensure the semantic consistency between variants and the original code. HCRESC reschedules instructions within the range of functions rather than basic blocks, thus producing more variants of the original code and preserving the code's semantic. We implement HCRESC on Linux platform of x86-64 architecture and demonstrate that HCRESC can increase the randomization entropy of x86-64 code over than 120% compared with existing methods while ensuring control flow and size of the code unaltered.

Avoiding security vulnerabilities is very important for embedded systems. Dynamic Information Flow Tracking (DIFT) is a powerful technique to analyze SW with respect to security policies in order to protect the system against a broad range of security related exploits. However, existing DIFT approaches either do not exist for Virtual Prototypes (VPs) or fail to model complex hardware/software interactions.In this paper, we present a novel approach that enables early and accurate DIFT of binaries targeting embedded systems with custom peripherals. Leveraging the SystemC framework, our DIFT engine tracks accurate data flow information alongside the program execution to detect violations of security policies at run-time. We demonstrate the effectiveness and applicability of our approach by extensive experiments.

This work describes the architecture and prototype implementation of a novel trust-aware continuous authorization technology that targets consumer Internet of Things (IoT), e.g., Smart Home. Our approach extends previous authorization models in three complementary ways: (1) By incorporating trust-level evaluation formulae as conditions inside authorization rules and policies, while supporting the evaluation of such policies through the fusion of an Attribute-Based Access Control (ABAC) authorization policy engine with a Trust-Level-Evaluation-Engine (TLEE). (2) By introducing contextualized, continuous monitoring and re-evaluation of policies throughout the authorization life-cycle. That is, mutable attributes about subjects, resources and environment as well as trust levels that are continuously monitored while obtaining an authorization, throughout the duration of or after revoking an existing authorization. Whenever change is detected, the corresponding authorization rules, including both access control rules and trust level expressions, are re-evaluated.(3) By minimizing the computational and memory footprint and maximizing concurrency and modular evaluation to improve performance while preserving the continuity of monitoring. Finally we introduce an application of such model in Zero Trust Architecture (ZTA) for consumer IoT.

The push for data sharing and data processing across organisational boundaries creates challenges at many levels of the software stack. Data sharing and processing rely on the participating parties agreeing on the permissible operations and expressing them into actionable contracts and policies. Converting these contracts and policies into a operational infrastructure is still a matter of research and therefore begs the question how should a digital data market place infrastructure look like? In this paper we investigate how communication fabric and applications can be tightly coupled into a multi-domain overlay network which enforces accountability. We prove our concepts with a prototype which shows how a simple workflow can run across organisational boundaries.

This paper deals with the design and development of a Li-Fi (light fidelity) simplex communication system for data exchange between Android mobile devices. Li-Fi is an up-to-date technology in the modern world, since it uses visible light for data exchange, allowing for high-speed communication. The paper includes a brief review of Li-Fi technology, a review of the literature used, and a study of technological methods for implementing such systems, based on scientific sources. We propose the algorithms for data exchange, packet formation, and encryption-decryption. The paper presents the developed mobile application and the transceiver device, the development results, as well as experiments with the developed prototype. The results show that Li-Fi technology is workable and is a good alternative to existing communication methods.

In isolated network domains, global trustworthiness (e.g., consistent network view) is critical to the multiple-domain business partners who aim to perform the trusted corporations depending on each isolated network view. However, to achieve such global trustworthiness across distributed network domains is a challenge. This is because when multiple-domain partners are required to exchange their local domain views with each other, it is difficult to ensure the data trustworthiness among them. In addition, the isolated domain view in each partner is prone to be destroyed by malicious falsification attacks. To this end, we propose a blockchain-based approach that can ensure the trustworthiness among multiple-party domains. In this paper, we mainly present the design and implementation of the proposed trustworthiness-protection system. A cloud-based prototype and a local testbed are developed based on Ethereum. Finally, experimental results demonstrate the effectiveness of the proposed prototype and testbed.

This paper revealed the development and implementation of the wearable sensors based on transient responses of textile chemical sensors for odorant detection system as wearable sensor of humanoid robot. The textile chemical sensors consist of nine polymer/CNTs nano-composite gas sensors which can be divided into three different prototypes of the wearable humanoid robot; (i) human axillary odor monitoring, (ii) human foot odor tracking, and (iii) wearable personal gas leakage detection. These prototypes can be integrated into high-performance wearable wellness platform such as smart clothes, smart shoes and wearable pocket toxic-gas detector. While operating mode has been designed to use ZigBee wireless communication technology for data acquisition and monitoring system. Wearable humanoid robot offers several platforms that can be applied to investigate the role of individual scent produced by different parts of the human body such as axillary odor and foot odor, which have potential health effects from abnormal or offensive body odor. Moreover, wearable personal safety and security component in robot is also effective for detecting NH3 leakage in environment. Preliminary results with nine textile chemical sensors for odor biomarker and NH3 detection demonstrates the feasibility of using the wearable humanoid robot to distinguish unpleasant odor released when you're physically active. It also showed an excellent performance to detect a hazardous gas like ammonia (NH3) with sensitivity as low as 5 ppm.

With the development of IoT and 5G networks, the demand for the next-generation intelligent transportation system has been growing at a rapid pace. Dynamic mapping has been considered one of the key technologies to reduce traffic accidents and congestion in the intelligent transportation system. However, as the number of vehicles keeps growing, a huge volume of mapping traffic may overload the central cloud, leading to serious performance degradation. In this paper, we propose and prototype a CUPS (control and user plane separation)-based edge computing architecture for the dynamic mapping and quantify its benefits by prototyping. There are a couple of merits of our proposal: (i) we can mitigate the overhead of the networks and central cloud because we only need to abstract and send global dynamic mapping information from the edge servers to the central cloud; (ii) we can reduce the response latency since the dynamic mapping traffic can be isolated from other data traffic by being generated and distributed from a local edge server that is deployed closer to the vehicles than the central server in cloud. The capabilities of our system have been quantified. The experimental results have shown our system achieves throughput improvement by more than four times, and response latency reduction by 67.8% compared to the conventional central cloud-based approach. Although these results are still obtained from the preliminary evaluations using our prototype system, we believe that our proposed architecture gives insight into how we utilize CUPS and edge computing to enable efficient dynamic mapping applications.

This work proposes a scheme to detect, isolate and mitigate malicious disruption of electro-mechanical processes in legacy PLCs where each PLC works as a finite state machine (FSM) and goes through predefined states depending on the control flow of the programs and input-output mechanism. The scheme generates a group-signature for a particular state combining the signature shares from each of these PLCs using \$(k,\textbackslashtextbackslash l)\$-threshold signature scheme.If some of them are affected by the malicious code, signature can be verified by k out of l uncorrupted PLCs and can be used to detect the corrupted PLCs and the compromised state. We use OpenPLC software to simulate Legacy PLC system on Raspberry Pi and show İ/O\$ pin configuration attack on digital and pulse width modulation (PWM) pins. We describe the protocol using a small prototype of five instances of legacy PLCs simultaneously running on OpenPLC software. We show that when our proposed protocol is deployed, the aforementioned attacks get successfully detected and the controller takes corrective measures. This work has been developed as a part of the problem statement given in the Cyber Security Awareness Week-2017 competition.

The transition from high school to university is an exciting time for students including many new challenges. Particularly in the field of science, technology, engineering, and mathematics, the university dropout rate may reach up to 40%. The studies of physics rely on many abstract concepts and quantities that are not directly visible like energy or heat. We developed a mixed reality application for education, which augments the thermal conduction of metal by overlaying a representation of temperature as false-color visualization directly onto the object. This real-time augmentation avoids attention split and overcomes the perception gap by amplifying the human eye. Augmented and Virtual Reality environments allow students to perform experiments that were impossible to conduct for security or financial reasons. With the application, we try to foster a deeper understanding of the learning material and higher engagement during the studies.

There is a need for new tools and techniques to aid automotive engineers performing cybersecurity testing on connected car systems. This is in order to support the principle of secure-by-design. Our research has produced a method to construct useful automotive security tooling and tests. It has been used to implement Controller Area Network (CAN) fuzz testing (a dynamic security test) via a prototype CAN fuzzer. The black-box fuzz testing of a laboratory vehicle's display ECU demonstrates the value of a fuzzer in the automotive field, revealing bugs in the ECU software, and weaknesses in the vehicle's systems design.