Biblio

We propose a high efficiency Early-Complete Brute Force Elimination method that speeds up the analysis flow of the Camouflage Integrated Circuit (IC). The proposed method is targeted for security qualification of the Camouflaged IC netlists in Intellectual Property (IP) protection. There are two main features in the proposed method. First, the proposed method features immediate elimination of the incorrect Camouflage gates combination for the rest of computation, concentrating the resources into other potential correct Camouflage gates combination. Second, the proposed method features early complete, i.e. revealing the correct Camouflage gates once all incorrect gates combination are eliminated, increasing the computation speed for the overall security analysis. Based on the Python programming platform, we implement the algorithm of the proposed method and test it for three circuits including ISCAS’89 benchmarks. From the simulation results, our proposed method, on average, features 71% lesser number of trials and 79% shorter run time as compared to the conventional method in revealing the correct Camouflage gates from the Camouflaged IC netlist.

In medical human-robot interactions, trust plays an important role since for patients there may be more at stake than during other kinds of encounters with robots. In the current study, we address issues of trust in the interaction with a prototype of a therapeutic robot, the Universal RoboTrainer, in which the therapist records patient-specific tasks for the patient by means of kinesthetic guidance of the patients arm, which is connected to the robot. We carried out a user study with twelve pairs of participants who collaborate on recording a training program on the robot. We examine a) the degree with which participants identify the situation as uncomfortable or distressing, b) participants' own strategies to mitigate that stress, c) the degree to which the robot is held responsible for the problems occurring and the amount of agency ascribed to it, and d) when usability issues arise, what effect these have on participants' trust. We find signs of distress mostly in contexts with usability issues, as well as many verbal and kinesthetic mitigation strategies intuitively employed by the participants. Recommendations for robots to increase users' trust in kinesthetic interactions include the timely production of verbal cues that continuously confirm that everything is alright as well as increased contingency in the presentation of strategies for recovering from usability issues arising.

This paper deals with electromagnetic vibration excitation of rotating machine blades in a purpose of dynamic measurement and testing. A novel method for increasing the excitation force is presented. At the same time, the suggested method allows to reduce blade remanent induction. Examples of measurements are shown, and obtained results are discussed.

This Innovative Practice Work in Progress paper makes the case for using concept inventories in cybersecurity education and presents an example of the development of a concept inventory in the field of secure programming. The secure programming concept inventory is being developed by a team of researchers from four universities. We used a Delphi study to define the content area to be covered by the concept inventory. Participants in the Delphi study included ten experts from academia, government, and industry. Based on the results, we constructed a concept map of secure programming concepts. We then compared this concept map to the Joint Task Force on Cybersecurity Education Curriculum 2017 guidelines to ensure complete coverage of secure programming concepts. Our mapping indicates a substantial match between the concept map and those guidelines.

The spotlight is on cybersecurity education programs to develop a qualified cybersecurity workforce to meet the demand of the professional field. The ACM CCECC (Committee for Computing Education in Community Colleges) is leading the creation of a set of guidelines for associate degree cybersecurity programs called Cyber2yr, formerly known as CSEC2Y. A task force of community college educators have created a student competency focused curriculum that will serve as a global cybersecurity guide for applied (AAS) and transfer (AS) degree programs to develop a knowledgeable and capable associate level cybersecurity workforce. Based on the importance of the Cyber2yr work; ABET a nonprofit, non-governmental agency that accredits computing programs has created accreditation criteria for two-year cybersecurity programs.

Tactical edge networks represent a uniquely challenging environment from the communications perspective, due to their limited bandwidth and high node mobility. Several middleware communication solutions have been proposed to address those issues, adopting an evolutionary design approach that requires facing quite a few complications to provide applications with a suited network programming model while building on top of the TCP/IP stack. Information Centric Networking (ICN), instead, represents a revolutionary, clean slate approach that aims at replacing the entire TCP/IP stack with a new communication paradigm, better suited to cope with fluctuating channel conditions and network disruptions. This paper, stemmed from research conducted within NATO IST-161 RTG, investigates the effectiveness of Named Data Networking (NDN), the de facto standard implementation of ICN, in the context of tactical edge networks and its potential for adoption. We evaluated an NDN-based Blue Force Tracking (BFT) dissemination application within the Anglova scenario emulation environment, and found that NDN obtained better-than-expected results in terms of delivery ratio and latency, at the expense of a relatively high bandwidth consumption.

Authentication is a process that provides access control of any type of computing applications by inspecting the user's identification with the database of authorized users. Passwords play the vital role in authentication mechanism to ensure the privacy of the information and avert from the illicit access. Password based authentication mechanism suffers from many password attacks such as shoulder surfing, brute forcing and dictionary attacks that crack the password of authentication schema by the adversary. Key Stroke technique, Click Pattern technique, Graphichical Password technique and Authentication panel are the several authentication techniques used to resist the password attacks in the literature. This research study critically reviews the types of password attacks and proposes a matrix based secure authentication mechanism which includes three phases namely, User generation phase, Matrix generation phase and Authentication phase to resist the existing password attacks. The performance measure of the proposed method investigates the results in terms existing password attacks and shows the good resistance to password attacks in any type of computing applications.

This paper explains how the commonly occurring DOS and Brute Force attacks on computer networks can be efficiently detected and network performance improved, which reduces costs and time. Therefore, network administrators attempt to instantly diagnose any network issues. The experimental work used the SNMP-MIB parameter datasets, which are collected via a specialised MIB dataset consisting of seven types of attack as noted in section three. To resolves such issues, this researched carried out several important contributions which are related to fault management concerns in computer network systems. A central task in the detection of the attacks relies on MIB feature behaviours using the suggested SFCM method. It was concluded that the DOS and Brute Force fault detection results for three different clustering methods demonstrated that the proposed SFCM detected every data point in the related group. Consequently, the FPC approached 1.0, its highest record, and an improved performance solution better than the EM methods and K-means are based on SNMP-MIB variables.

A parallel brute force attack on RC4 algorithm based on FPGA (Field Programmable Gate Array) with an efficient style has been presented. The main idea of this design is to use number of forecast keying methods to reduce the overall clock pulses required depended to key searching operation by utilizes on-chip BRAMs (block RAMs) of FPGA for maximizing the total number of key searching unit with taking into account the highest clock rate. Depending on scheme, 32 key searching units and main controller will be used in one Xilinx XC3S1600E-4 FPGA device, all these units working in parallel and each unit will be searching in a specific range of keys, by comparing the current result with the well-known cipher text if its match the found flag signal will change from 0 to 1 and the main controller will receive this signal and stop the searching operation. This scheme operating at 128-MHz clock frequency and gives us key searching speed of 7.7 × 106 keys/sec. Testing all possible keys (40-bits length), requires only around 39.5h.

Wireless communications have encountered a considerable improvement and have integrated human life through various applications, mainly by the widespread of mobile ad hoc and sensor networks. A fundamental characteristic of wireless communications are in their broadcast nature, which allows accessibility of information without placing restrictions on a user's location. However, accessibility also makes wireless communications vulnerable to eavesdropping. To enhance the security of network communication, we propose a separate key generation server which is responsible for key generation using complex random algorithm. The key will remain in database in encrypted format. To prevent brute force attack, we propose various group key generation algorithms in which every group will have separate group key to verify group member's identity. The group key will be verified with the session information before decryption, so that our system will prevent attack if any attacker knows the group key. To increase the security of the system, we propose three level encryption securities: Client side encryption using AES, Server side encryption using AES, and Artificial noise generation and addition. By using this our system is free from brute force attack as we are using three level message security and complex Random key generation algorithms.

Detection of network attacks is the first step to network security. Many different methods for attack detection were proposed in the past. However, descriptions of these methods are often not complete and it is difficult to verify that the actual implementation matches the description. In this demo paper, we propose to use Complex Event Processing (CEP) for developing detection methods based on network flows. By writing the detection methods in an Event Processing Language (EPL), we can address the above-mentioned problems. The SQL-like syntax of most EPLs is easily readable so the detection method is self-documented. Moreover, it is directly executable in the CEP system, which eliminates inconsistencies between documentation and implementation. The demo will show a running example of a multi-stage HTTP brute force attack detection using Esper and its EPL.

In the era of digitization, data security is a vital role in message transmission and all systems that deal with users require stronger encryption techniques that against brute force attack. Honey encryption (HE) algorithm is a user data protection algorithm that can deceive the attackers from unauthorized access to user, database and websites. The main part of conventional HE is distribution transforming encoder (DTE). However, the current DTE process using cumulative distribution function (CDF) has the weakness in message space limitation because CDF cannot solve the probability theory in more than four messages. So, we propose a new method in DTE process using discrete distribution function in order to solve message space limitation problem. In our proposed honeywords generation method, the current weakness of existing honeywords generation method such as storage overhead problem can be solved. In this paper, we also describe the case studies calculation of DTE in order to prove that new DTE process has no message space limitation and mathematical model using discrete distribution function for DTE process facilitates the distribution probability theory.

An information system is only as secure as its weakest point. In many information systems that remains to be the human factor, despite continuous attempts to educate the users about the importance of password security and enforcing password creation policies on them. Furthermore, not only do the average users' password creation and management habits remain more or less the same, but the password cracking tools, and more importantly, the computer hardware, keep improving as well. In this study, we performed a broad targeted attack combining several well-established cracking techniques, such as brute-force, dictionary, and hybrid attacks, on the passwords used by the students of a Slovenian university to access the online grading system. Our goal was to demonstrate how easy it is to crack most of the user-created passwords using simple and predictable patterns. To identify differences between them, we performed an analysis of the cracked and uncracked passwords and measured their strength. The results have shown that even a single low to mid-range modern GPU can crack over 95% of passwords in just few days, while a more dedicated system can crack all but the strongest 0.5% of them.

In recent years, developments in the field of computer vision have allowed deep learning-based techniques to surpass human-level performance. However, these advances have also culminated in the advent of adversarial machine learning techniques, capable of launching targeted image captioning attacks that easily fool deep learning models. Although attacks in the image domain are well studied, little work has been done in the video domain. In this paper, we show it is possible to extend prior attacks in the image domain to the video captioning task, without heavily affecting the video's playback quality. We demonstrate our attack against a state-of-the-art video captioning model, by extending a prior image captioning attack known as Show and Fool. To the best of our knowledge, this is the first successful method for targeted attacks against a video captioning model, which is able to inject 'subliminal' perturbations into the video stream, and force the model to output a chosen caption with up to 0.981 cosine similarity, achieving near-perfect similarity to chosen target captions.

An approach for effective regression test selection is proposed, which minimizes the resource usage and amount of time required for complete testing of new features. Provided are the details of the analysis of hashing algorithms used during implementation in-depth review of the software, together with the results achieved during the testing process.

Interior permanent magnet (IPM)-type linear oscillating actuators (LOAs) have a higher output power density than typical LOAs. Their mover consists of a permanent magnet (PM) and an iron core, however, this configuration generates significant side forces. The device can malfunction due to eccentricity in the electromagnetic behavior. Thus, here an electromagnetic design was developed to minimize this side force. In addition, dynamic analysis was performed considering the mechanical systems of LOAs. To perform a more accurate analysis, instantaneous inductance was considered according to the mover's position.

The aim of this paper is to explore the performance of two well-known wave energy converters (WECs) namely Floating Buoy Point Absorber (FBPA) and Oscillating Surge (OS) in onshore and offshore locations. To achieve clean energy targets by reducing greenhouse gas emissions, integration of renewable energy resources is continuously increasing all around the world. In addition to widespread renewable energy source such as wind and solar photovoltaic (PV), wave energy extracted from ocean is becoming more tangible day by day. In the literature, a number of WEC devices are reported. However, further investigations are still needed to better understand the behaviors of FBPA WEC and OS WEC under irregular wave conditions in onshore and offshore locations. Note that being surrounded by Bay of Bengal, Bangladesh has huge scope of utilizing wave power. To this end, FBPA WEC and OS WEC are simulated using the typical onshore and offshore wave height and wave period of the coastal area of Bangladesh. Afterwards, performances of the aforementioned two WECs are compared by analyzing their power output.

Linear oscillating actuators are emerging electrical motors applied to direct-drive electromechanical systems. They merit high efficiency and quick dynamical property due to the unique structure of spring oscillator. Resonant principle is the base of their high performance, which however, is easily influenced by various load, complex environment and mechanical failure. This paper studies the modeling of linear oscillating actuators in multi-work condition. Three kinds of load are considered in performance evaluation model. Simulations are conducted at different frequencies to obtain the actuator behavior, especially at non-resonance frequencies. A method of constant impedance angle is proposed to search the best working points in sorts of conditions. Eventually, analytical results reflect that the resonant parameter would drift with load, while linear oscillating actuators exhibits robustness in efficiency performance. Several evaluating parameters are concluded to assess the actuator health status.

Physical-layer security (PLS) has raised the attention of the research community in recent years, particularly for Internet of things (IoT) applications. Despite the use of classical cryptography, PLS provides security at physical layer, regardless of the computational power owned by the attacker. The investigations on PLS are numerous in the literature, but one main issue seems to be kept apart: how to measure the benefit that PLS can bring to cryptography? This paper tries to answer this question with an initial performance analysis of PLS in conjunction with typical cryptography of wireless communication protocols. Our results indicate that PLS can help cryptography to harden the attacker job in real operative scenario: PLS can increase the detection errors at the attacker's receiver, leading to inability to recover the cipher key, even if the plaintext is known.

In this paper we propose a solution to support iOS developers in creating better applications, to use static analysis to investigate source code and detect secure coding issues while simultaneously pointing out good practices and/or secure APIs they should use.

Cybersecurity in control systems has been actively discussed in recent years. In particular, networked control systems (NCSs) over the Internet are exposed to various types of cyberattacks such as false data injection attacks. This paper proposes a detection and mitigation method of the false data injection attacks in interactive NCSs, i.e., bilateral teleoperation systems. A bilateral teleoperation system exchanges position and force information through the Internet between the master and slave robots. The proposed method utilizes two redundant communication channels for both the master-to-slave and slave-to-master paths. The attacks are detected by a tamper detection observer (TDO) on each of the master and slave sides. The TDO compares the position responses of actual robots and robot models. A path selector on each side chooses the appropriate position and force responses from the responses received through the two communication channels, based on the outputs of the TDO. The proposed method is validated by simulations with attack models.

In Diffie-Hellman Key Exchange (DHKE), two parties need to communicate to each other by sharing their secret key (cipher text) over an unsecure communication channel. An adversary or cryptanalyst can easily get their secret keys but cannot get the information (plaintext). Brute force is one the common tools used to obtain the secret key, but when the key is too large (etc. 1024 bits and 2048 bits) this tool is no longer suitable. Thus timing attacks have become more attractive in the new cryptographic era where networked embedded systems security present several vulnerabilities such as lower processing power and high deployment scale. Experiments on timing attacks are useful in helping cryptographers make security schemes more resistant. In this work, we timed the computations of the Discrete Log Hard Problem of the Diffie Hellman Key Exchange (DHKE) protocol implemented on an embedded system network and analyzed the timing patterns of 1024-bit and 2048-bit keys that was obtained during the attacks. We have chosen to implement the protocol on the Raspberry-pi board over U-BOOT Bare Metal and we used the GMP bignum library to compute numbers greater than 64 bits on the embedded system.

Distributed Denial of Service (DDoS) attacks have two defense perspectives firstly, to defend your network, resources and other information assets from this disastrous attack. Secondly, to prevent your network to be the part of botnet (botforce) bondage to launch attacks on other networks and resources mainly be controlled from a control center. This work focuses on the development of a botnet prevention system for Internet of Things (IoT) that uses the benefits of both Software Defined Networking (SDN) and Distributed Blockchain (DBC). We simulate and analyze that using blockchain and SDN, how can detect and mitigate botnets and prevent our devices to play into the hands of attackers.

The installation of a protection system can provide protection by either deterring or stopping an attacker. Both modes of effectiveness-deterring and stopping-are uncertain. Some have guessed that deterrence plays a much bigger role than stopping force. The force of deterrence should therefore be of considerable interest, especially if its effect could be estimated and incorporated into a larger risk analysis and business case for developing and buying new systems, but nowhere has it been estimated quantitatively. The effect of one type of deterrence, namely, influencing an attacker's choice of targets-or target shifting, biasing an attacker away from some targets toward others-is assessed quantitatively here using a game-theoretic approach. It is shown that its positive effects are significant. It features as a force multiplier on the order of magnitude or more, even for low-performance security countermeasures whose effectiveness may be compromised somewhat, of necessity, in order to keep the number of false alarms serviceably low. The analysis furthermore implies that there are certain minimum levels of stopping performance that a protection should provide in order to avoid attracting the choice of attackers (under deterrence). Nothing in the analysis argues for complacency in security. Developers must still design the best affordable systems. The analysis enters into the middle ground of security, between no protection and impossibly perfect protection. It counters the criticisms that some raise about lower-level, affordable, sustainable measures that security providers naturally gravitate toward. Although these measures might in some places be defeated in ways that a non-expert can imagine, the measures are not for that reason irresponsible or to be dismissed. Their effectiveness can be much greater than they first appear.

To decouple the multi-axis motion in the 6 degrees of freedom magnetically levitated actuators (MLAs), this paper introduces a numerical method to model the force and torque distribution. Taking advantage of the Gaussian quadrature, the concept of coil node is developed to simplify the Lorentz integral into the summation of the interaction between each magnetic node in the remanence region and each coil node in the coil region. Utilizing the coordinate transformation in the numerical method, the computation burden is independent of the position and the rotation angle of the moving part. Finally, the experimental results prove that the force and torque predicted by the numerical model are rigidly consistent with the measurement, and the force and torque in all directions are decoupled properly based on the numerical solution. Compared with the harmonic model, the numerical wrench model is more suitable for the MLAs undertaking both the translational and rotational displacements.