Biblio

Named Data Networking (NDN) has been viewed as a promising future Internet architecture. It requires a new access control scheme to prevent the injection of unauthorized data request. In this paper, an access control supported by information service entity (ACISE) is proposed for NDN networks. A trust entity, named the information service entity (ISE), is deployed in each domain for the registration of the consumer and the edge router. The identity-based cryptography (IBC) is used to generate a private key for the authorized consumer at the ISE and to calculate a signature encapsulated in the Interest packet at the consumer. Therefore, the edge router could support the access control by the signature verification of the Interest packets so that no Interest packet from unauthorized consumer could be forwarded or replied. Moreover, shared keys are negotiated between authorized consumers and their edge routers. The subsequent Interest packets would be verified by the message authentication code (MAC) instead of the signature. The simulation results have shown that the ACISE scheme would achieve a similar response delay to the original NDN scheme when the NDN is under no attacks. However, the ACISE scheme is immune to the cache pollution attacks so that it could maintain a much smaller response delay compared to the other schemes when the NDN network is under the attacks.

Memory corruption attacks have existed for multiple decades, and have become a major threat to computer systems. At the same time, a number of defense techniques have been proposed by research community. With the wide adoption of CPU-based memory safety solutions, sophisticated attackers tend to tamper with system memory via direct memory access (DMA) attackers, which leverage DMA-enabled I/O peripherals to fully compromise system memory. The Input-Output Memory Management Units (IOMMUs) based solutions are widely believed to mitigate DMA attacks. However, recent works point out that attackers can bypass IOMMU-based protections by manipulating the DMA interfaces, which are particularly vulnerable to race conditions and other unsafe interactions.State-of-the-art hardware-supported memory protections rely on metadata to perform security checks on memory access. Consequently, the additional memory request for metadata results in significant performance degradation, which limited their feasibility in real world deployments. For quantitative analysis, we separate the total metadata access latency into DRAM latency, on-chip latency, and cache latency, and observe that the actual DRAM access is less than half of the total latency. To minimize metadata access latency, we propose EMC, a low-overhead heap memory safety solution that implements a tripwire based mechanism on the memory controller. In addition, by using memory controller as a natural gateway of various memory access data paths, EMC could provide comprehensive memory safety enforcement to all memory data paths from/to system physical memory. Our evaluation shows an 0.54% performance overhead on average for SPEC 2017 workloads.

The marine and maritime domain is well represented in the Sustainable Development Goals (SDG) envisaged by the United Nations, which aim at conserving and using the oceans, seas and their resources for sustainable development. At the same time, there is a need for improved safety in navigation, especially in coastal areas. Up to date, there exist operational services based on advanced technologies, including remote sensing and in situ monitoring networks which provide aid to the navigation and control over the environment for its preservation. Yet, the possibilities offered by crowdsensing have not yet been fully explored. This paper addresses this issue by presenting an app based on a crowdsensing approach for improved safety and awareness at sea. The app can be integrated into more comprehensive systems and frameworks for environmental monitoring as envisaged in our future work.

Autonomous vehicles (AVs) offer a wide range of promising benefits by reducing traffic accidents, environmental pollution, traffic congestion and land usage etc. However, to reap the intended benefits of AVs, it is inevitable that this technology should be trusted and accepted by the public. The consumer's substantial trust upon AVs will lead to its widespread adoption in the real-life. It is well understood that the preservation of strong security and privacy features influence a consumer's trust on a product in a positive manner. In this paper, we introduce a novel concept of digital labels for AVs to increase consumers awareness and trust regarding the security level of their vehicle. We present an architecture called Cybersecurity Box (CSBox) that leverages digital labels to display and inform consumers and passengers about cybersecurity status of the AV in use. The introduction of cybersecurity digital labels on the dashboard of AVs would attempt to increase the trust level of consumers and passengers on this promising technology.

In the multivariable fault diagnosis of industrial process, due to the existence of correlation between variables, the result of fault diagnosis will inevitably appear "smearing" effect. Although the fault diagnosis method based on the contribution of multi-dimensional reconstruction is helpful when multiple faults occur. But in order to correctly isolate all the fault variables, this method will become very inefficient due to the combination of variables. In this paper, a fault diagnosis method based on kNN and MRBC is proposed to fundamentally avoid the corresponding influence of "smearing", and a fast variable selection strategy is designed to accelerate the process of fault isolation. Finally, simulation study on a benchmark process verifies the effectiveness of the method, in comparison with the traditional method represented by FDA-based method.

To provide web browsing and video streaming services with desirable quality, cache servers have been widely used to deliver digital data to users from locations close to users. For example, in the MEC (mobile edge computing), cache memories are provided at base stations of 5G cellular networks to reduce the traffic load in the backhaul networks. Cache servers are also connected to many edge routers in the CDN (content delivery network), and they are provided at routers in the ICN (information-centric networking). However, the cache pollution attack (CPA) which degrades the cache hit ratio by intentionally sending many requests to non-popular contents will be a serious threat in the cache networks. Quickly detecting the CPA hosts and protecting the cache servers is important to effectively utilize the cache resources. Therefore, in this paper, we propose a method of accurately detecting the CPA hosts using a limited amount of memory resources. The proposed method is based on a Bloom filter using the combination of identifiers of host and content as keys. We also propose to use two Bloom filters in parallel to continuously detect CPA hosts. Through numerical evaluations, we show that the proposed method suppresses the degradation of the cache hit ratio caused by the CPA while avoiding the false identification of legitimate hosts.

The wide adoption of Bloom filters makes their security an important issue to be addressed. For example, an attacker can increase their error rate through polluting and eventually saturating the filter by inserting elements that set to one a large number of positions in the filter. This is known as a pollution attack and requires that the attacker knows the hash functions used to construct the filter. Such information is not available in many practical settings and in addition a simple protection can be achieved through using a random salt in the hash functions. The same pollution attacks can also be done to counting Bloom filters that in addition to insertions and lookups support removals. This paper considers pollution attacks on counting Bloom filters. We describe two novel pollution attacks that do not require any knowledge of the counting Bloom filter implementation details and evaluate them. These methods show that a counting Bloom filter is vulnerable to pollution attacks even when the attacker has only access to the filter as a black box to perform insertions, removals, and lookups.

The key feature of NDN is in-network caching that every router has its cache to store data for future use, thus improve the usage of the network bandwidth and reduce the network latency. However, in-network caching increases the security risks - cache pollution attacks (CPA), which includes locality disruption (ruining the cache locality by sending random requests for unpopular contents to make them popular) and False Locality (introducing unpopular contents in the router's cache by sending requests for a set of unpopular contents). In this paper, we propose a machine learning method, named Triangle Area Based Multivariate Correlation Analysis (TAB-MCA) that detects the cache pollution attacks in NDN. This detection system has two parts, the triangle-area-based MCA technique, and the threshold-based anomaly detection technique. The TAB-MCA technique is used to extract hidden geometrical correlations between two distinct features for all possible permutations and the threshold-based anomaly detection technique. This technique helps our model to be able to distinguish attacks from legitimate traffic records without requiring prior knowledge. Our technique detects locality disruption, false locality, and combination of the two with high accuracy. Implementation of XC-topology, the proposed method shows high efficiency in mitigating these attacks. In comparison to other ML-methods, our proposed method has a low overhead cost in mitigating CPA as it doesn't require attackers' prior knowledge. Additionally, our method can also detect non-uniform attack distributions.

In this paper we consider the pollution attack in network coded systems where network nodes are computationally limited. We consider the combined use of cryptographic signature based security and information theoretic network error correction and propose a fountain-like network error correction code construction suitable for this purpose.

Network coding (NC) can significantly increase network performance and make lossy networks more reliable. Since the middle nodes modify the packets during their path to destination, integrity of the original packets cannot be checked using classical methods (MACs, Signatures, etc). Though, pollution attacks are the most common threat to network coded systems, where an infected node can inject the data flow of a network with a number of false packets and ban the receiver from properly decoding the packets. A lot of work in the security of NC in resisting pollution attacks has been investigated in recent years, majority have the same security parameter 1/q. A Homomorphic MAC scheme is presented earlier to resist pollution attacks with a security level 1/qˆl, In this paper, we will show that the mentioned scheme is subject to known-plaintext attacks. This is due to that part of the key can be revealed in an initial process. Also, the whole key could be revealed if the key is used more than once. Then, a modification to the mentioned scheme is proposed to overcome this issue. Besides, the MAC length is adjustable according to the required security level and not variable according to the vector's length which will accordingly increase the performance and efficiency of the scheme.

Reliable communication over the wireless network with high throughput is a major target for the next generation communication technologies. Network coding can significantly improve the throughput efficiency of the network in a cooperative environment. The small cell technology and device to device communication make network coding an ideal candidate for improved performance in the fifth generation of communication networks. However, the security concerns associated with network coding needs to be addressed before any practical implementations. Pollution attacks are considered one of the most threatening attacks in the network coding environment. Although there are different integrity schemes to detect polluted packets, identifying the exact adversary in a network coding environment is a less addressed challenge. This paper proposes a scheme for identifying and locating adversaries in a dense, network coding enabled environment of mobile nodes. It also discusses a non-repudiation protocol that will prevent adversaries from deceiving the network.

As Web traffics is increasing on the Internet, caching solutions for Web systems are becoming more important since they can greatly expand system scalability. An important part of a caching solution is cache replacement policy, which is responsible for selecting victim items that should be removed in order to make space for new objects. Typical replacement policies used in practice only take advantage of temporal reference locality by removing the least recently/frequently requested items from the cache. Although those policies work well in memory or filesystem cache, they are inefficient for Web systems since they do not exploit semantic relationship between Web items. This paper presents a semantic-aware caching policy that can be used in Web systems to enhance scalability. The proposed caching mechanism defines semantic distance from a web page to a set of pivot pages and use the semantic distances as a metric for choosing victims. Also, it use a function-based metric that combines access frequency and cache item size for tie-breaking. Our simulations show that out enhancements outperform traditional methods in terms of hit rate, which can be useful for websites with many small and similar-in-size web objects.

Usually, the air gap will appear inside the composite insulators and it will lead to serious accident. In order to detect these internal defects in composite insulators operated in the transmission lines, a new non-destructive technique has been proposed. In the study, the mathematical analysis model of the composite insulators inner defects, which is about heat diffusion, has been build. The model helps to analyze the propagation process of heat loss and judge the structure and defects under the surface. Compared with traditional detection methods and other non-destructive techniques, the technique mentioned above has many advantages. In the study, air defects of composite insulators have been made artificially. Firstly, the artificially fabricated samples are tested by flash thermography, and this method shows a good performance to figure out the structure or defects under the surface. Compared the effect of different excitation between flash and hair drier, the artificially samples have a better performance after heating by flash. So the flash excitation is better. After testing by different pollution on the surface, it can be concluded that different pollution don't have much influence on figuring out the structure or defect under the surface, only have some influence on heat diffusion. Then the defective composite insulators from work site are detected and the image of defect is clear. This new active thermography system can be detected quickly, efficiently and accurately, ignoring the influence of different pollution and other environmental restrictions. So it will have a broad prospect of figuring out the defeats and structure in composite insulators even other styles of insulators.