Biblio

Matrix multiplication computation (MMC) is a common scientific and engineering computational task. But such computation involves enormous computing resources for large matrices, which is burdensome for the resource-limited clients. Cloud computing enables computational resource-limited clients to economically outsource such problems to the cloud server. However, outsourcing matrix multiplication to the cloud brings great security concerns and challenges since the matrices and their products often usually contains sensitive information. In a previous work, Lei et al. [1] proposed an algorithm for secure outsourcing MMC by using permutation matrix and the authors argued that it can achieve data privacy. In this paper, we first review the design of Lei's scheme and find a security vulnerability in their algorithm that it reveals the number of zero element in the input matrix to cloud server. Then we present a new verifiable, efficient, and privacy preserving algorithm for outsourcing MMC, which can protect the number privacy of zero elements in original matrices. Our algorithm builds on a series of carefully-designed pseudorandom matrices and well-designed privacy-preserving matrix transformation. Security analysis shows that our algorithm is practically-secure, and offers a higher level of privacy protection than the state-of-the-art algorithm.

The COPA authenticated encryption mode was proved to have a birthday-bound security on integrity, and its instantiation AES-COPA (v1/2) was claimed or conjectured to have a full security on tag guessing. The Marble (v1.0/1.1/1.2) authenticated encryption algorithm was claimed to have a full security on authenticity. Both AES-COPA (v1) and Marble (v1.0) were submitted to the Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) in 2014, and Marble was revised twice (v1.1/1.2) in the first round of CAESAR, and AES-COPA (v1) was tweaked (v2) for the second round of CAESAR. In this paper, we cryptanalyse the basic cases of COPA, AES-COPA and Marble, that process messages of a multiple of the block size long; we present collision-based almost universal forgery attacks on the basic cases of COPA, AES-COPA (v1/2) and Marble (v1.0/1.1/1.2), and show that the basic cases of COPA and AES-COPA have roughly at most a birthday-bound security on tag guessing and the basic case of Marble has roughly at most a birthday-bound security on authenticity. The attacks on COPA and AES-COPA do not violate their birthday-bound security proof on integrity, but the attack on AES-COPA violates its full security claim or conjecture on tag guessing. Therefore, the full security claim or conjecture on tag guessing of AES-COPA and the full security claim on authenticity of Marble are incorrectly far overestimated in the sense of a general understanding of full security of these security notions. Designers should pay attention to these attacks when designing authenticated encryption algorithms with similar structures in the future, and should be careful when claiming the security of an advanced form of a security notion without making a corresponding proof after proving the security of the security notion only under its most fundamental form.

Software Defined Networking (SDN), and its popular implementation OpenFlow, represent the foundation for the design and implementation of modern networks. The essential part of an SDN-based network are flow rules that enable network elements to steer and control the traffic and deploy policy enforcement points with a fine granularity at any entry-point in a network. Such applications, implemented with the usage of OpenFlow rules, are already integral components of widely used SDN controllers such as Floodlight or OpenDayLight. The implementation details of network policies are reflected in the composition of flow rules and leakage of such information provides adversaries with a significant attack advantage such as bypassing Access Control Lists (ACL), reconstructing the resource distribution of Load Balancers or revealing of Moving Target Defense techniques. In this paper we introduce a new attack vector on SDN by showing how the detailed composition of flow rules can be reconstructed by network users without any prior knowledge of the SDN controller or its architecture. To our best knowledge, in SDN, such reconnaissance techniques have not been considered so far. We introduce SDNMap, an open-source scanner that is able to accurately reconstruct the detailed composition of flow rules by performing active probing and listening to the network traffic. We demonstrate in a number of real-world SDN applications that this ability provides adversaries with a significant attack advantage and discuss ways to prevent the introduced reconnaissance techniques. Our SDNMap scanner is able to reconstruct flow rules between network endpoints with an accuracy of over 96%.

The article proposes an enhanced behavior model using graphs of state transitions. The properties and advantages of the proposed model are discussed, UML-based Cooperative Interaction of Automata Objects (CIAO) language is described, attribute approach on its parsing mechanism is introduced. The proposed model for describing behavior is aimed at achieving higher reliability and productivity indicators when designing the secure architecture and implementing reactive and distributed systems in comparison with traditional methods. A side-by-side goal is to create a convenient publication language for describing parallel algorithms and distributed reactive systems. The offered model has advantages under certain conditions in comparison with other models of behavior description in the field of the description of asynchronous distributed reacting systems.

Network Functions Virtualization (NFV) has provided a new way to design and deploy network security services, but it may fail to build a practically useful ecosystem that seamlessly integrates network security services if there is no standard interface between them. We propose a generic architecture for security management service based on Network Security Functions (NSF) using NFV. The proposed architecture allows users to define their security requirements in a user-friendly manner by providing the users with high-level security interfaces that do not require specific information about network resources and protocols. We design basic components (e.g., Security policy manager, NSF capability manager, Application logic, Policy updater and Event collector) and interfaces for the proposed architecture. We introduce three use cases: (1) blacklists of dangerous domains, (2) time-dependent access control policies and (3) detection of suspicious calls for VoIP-VoLTE services. We also explain how to implement our proposed architecture with an illustrative example. Furthermore, we discuss several technical challenges to deploy the proposed architecture in a real network environment.

In recent years, cyber security oriented research is paying much close attention on Vehicular Adhoc NETworks (VANETs). However, existing vehicular networks do not meet current security requirements. Typically for dynamic networks, maximal decentralization and rapidly changing topology of moving hosts form a number of security issues associated with ensuring access control of hosts, security policy enforcement, and resistance of the routing methods. To solve these problems generally, the paper reviews SDN (software defined networks) based network security architectures of VANET. The following tasks are solved in our work: composing of network security architectures for SDN-VANET (architecture with the central control and shared security servers, decentralized (zoned) architecture, hierarchical architecture); implementation of these architectures in virtual modeling environment; and experimental study of effectiveness of the suggested architectures. With large-scale vehicular networks, architectures with multiple SDN controllers are most effective. In small networks, the architecture with the central control also significantly outperforms the traditional VANET architecture. For the suggested architectures, three control modes are discussed in the paper: central, distributed and hybrid modes. Unlike common architectures, all of the proposed security architectures allow us to establish a security policy in m2m-networks and increase resistance capabilities of self-organizing networks.

With the development of the information and communications technology, new network architecture and applications keep emerging promoted by cloud computing, big data, virtualization technology, etc. As a novel network architecture, Software Defined Network (SDN) realizes separation of the control plane and the data plane, thus controlling hardware by a software platform which is known as the central controller. Through that method SDN realizes the flexible deployment of network resources. In the process of the development and application of SDN, its open architecture has exposed more and more security problem, which triggers a critical focus on how to build a secure SDN. Based on the hierarchical SDN architecture and characteristics, this paper analyzes the security threats that SDN may face in the application layer, the control layer, the resource layer and the interface layer. In order to solve those security threats, the paper presents an SDN security architecture which can provide corresponding defense ability. The paper also puts forward an enhanced access control strategy adopting an attribute-based encryption method in the SDN security architecture.

Smart city is gaining a significant attention all around the world. Narrowband technologies would have strong impact on achieving the smart city promises to its citizens with its powerful and efficient spectrum. The expected diversity of applications, different data structures and high volume of connecting devices for smart cities increase the persistent need to apply narrowband technologies. However, narrowband technologies have recognized limitations regarding security which make them an attractive target to cyber-attacks. In this paper, a novel platform architecture to secure smart city against cyber attackers is presented. The framework is providing a threat deep learning-based model to detect attackers based on users data behavior. The proposed architecture could be considered as an attempt toward developing a universal model to identify and block Denial of Service (DoS) attackers in a real time for smart city applications.

With the development of Software Defined Networking, its software programmability and openness brings new idea for network security. Therefore, many Software Defined Security Architectures emerged at the right moment. Software Defined Security decouples security control plane and security data plane. In Software Defined Security Architectures, underlying security devices are abstracted as security resources in resource pool, intellectualized and automated security business management and orchestration can be realized through software programming in security control plane. However, network management has been becoming extremely complicated due to expansible network scale, varying network devices, lack of abstraction and heterogeneity of network especially. Therefore, new-type open security devices are needed in SDS Architecture for unified management so that they can be conveniently abstracted as security resources in resource pool. This paper firstly analyses why open security devices are needed in SDS architecture and proposes a method of opening security devices. Considering this new architecture requires a new security scheduling mechanism, this paper proposes a security resource scheduling algorithm which is used for managing and scheduling security resources in resource pool according to user s security demand. The security resource scheduling algorithm aims to allocate a security protection task to a suitable security resource in resource pool so that improving security protection efficiency. In the algorithm, we use BP neural network to predict the execution time of security tasks to improve the performance of the algorithm. The simulation result shows that the algorithm has ideal performance. Finally, a usage scenario is given to illustrate the role of security resource scheduling in software defined security architecture.

In the Content-Centric Networking (CCN) architecture, content confidentiality is treated as an application-layer concern. Data is only encrypted if the producer and consumer agree on a suitable access control policy and enforcement mechanism. In contrast, transport encryption in TCP/IP applications is increasingly opportunistic for better privacy. This type of encryption is woefully lacking in CCN. To that end, we present TRAPS, a protocol to enable transparent packet security and opportunistic encryption for all CCN data. TRAPS builds on the assumption that knowledge of a name gives one access to the corresponding content; otherwise, by design, the content remains encrypted and secure. TRAPS builds on recent advances in memory hard functions and message-locked encryption to protect data in transit. We show that the security of TRAPS is dependent on the distribution of content names and argue that it can be significantly improved if secure sessions are used to transmit small pieces of information from producers to consumers. Our performance assessment indicates TRAPS is capable of providing opportunistic encryption to CCN without significant throughput loss for reasonable packet throughput measurements.

This paper present a new Low Drop-Out Voltage Regulator (LDO) and highlight the topologies and the advantages of the LDO for hardware security protection of Wireless Sensor Networks (WSNs), this integrated circuits are considered as an ideal solution in low power System on-chip applications (SOC) for their compact sizes and low cost. The advancement in low-power design makes it possible that ubiquitous device can be powered by low-power energy source such as ambient energy or small size batteries. In many well supplied devices the problem related to power is essentially related to cost. However for low-powered devices the problem of power is not only economics but also becomes very essential in terms of functionality. Due to the usual very small amount of energy or unstable energy available the way the engineer manages power becomes a key point in this area. Therefore, another focus of this dissertation is to try finding ways to improve the security of power management problems. Complementary metal oxide-semiconductor (CMOS) has become the predominant technology in integrated circuit design due to its high density, power savings and low manufacturing costs. The whole integrated circuit industry will still continue to benefit from the geometric downsizing that comes with every new generation of semiconductor manufacturing processes. Therefore, only several CMOS analog integrated circuit design techniques are proposed for low-powered ubiquitous device in this dissertation. This paper reviews the basics of LDO regulators and discusses the technology advances in the latest generation of LDOs that make them the preferred solution for many points of load power requirements. The paper will also introduce characteristics of CMOS LDO regulators and discuss their unique benefits in portable electronics applications. these new device offer a real advantages for the power management security of new applications mobile. Power efficiency and some practical issues for the CMOS im- lementation of these LDO structures are discussed.

Use of internet increases day by day so securing network and data is a big issue. So, it is very important to maintain security to ensure safe and trusted communication of information between different organizations. Because of these IDS is a very useful component of computer and network security. IDS system is used by many organizations or industries to detect the weakness in their security, documenting previous attacks and threats and preventing all of this from violating security policies. Because of these advantages, this system is important in system security. In this paper, we find a multilevel solution for different approaches (attacks) based on intrusion detection system. In this paper, we identify different attacks and find the solutions for different type of attacks such as DDOS, SQL injection and Brute force attack. In this case, we use client-server architecture. To implement this we maintain profile of user and base on this we find normal user or attacker when system find that attack is present then it directly block the attack.

We have proposed a method of designing embedded clock-cycle-sensitive Hardware Trojans (HTs) to manipulate finite state machine (FSM). By using pipeline to choose and customize critical path, the Trojans can facilitate a series of attack and need no redundant circuits. One cannot detect any malicious architecture through logic analysis because the proposed circuitry is the part of FSM. Furthermore, this kind of HTs alerts the trusted systems designers to the importance of clock tree structure. The attackers may utilize modified clock to bypass certain security model or change the circuit behavior.

A5-1 algorithm is a stream cipher used to encrypt voice data in GSM, which needs to be realized with high performance due to real-time requirements. Traditional implementation on FPGA or ASIC can't obtain a trade-off among performance, cost and flexibility. To this aim, this paper introduces CGRCA to implement A5-1, and in order to optimize the performance and resource consumption, this paper proposes a resource-based path seeking (RPS) algorithm to develop an advanced implementation. Experimental results show that final optimal throughput of A5-1 implemented on CGRCA is 162.87Mbps when the frequency is 162.87MHz, and the set-up time is merely 87 cycles, which is optimal among similar works.

Robust Trojans are inserted in outsourced products resulting in security vulnerabilities. Post-silicon testing is done mandatorily to detect such malicious inclusions. Logic testing becomes obsolete for larger circuits with sequential Trojans. For such cases, side channel analysis is an effective approach. The major challenge with the side channel analysis is reduction in hardware Trojan detection sensitivity due to process variation (process variation could lead to false positives and false negatives and it is unavoidable during a manufacturing stage). In this paper Self Referencing method is proposed that measures leakage power of the circuit at four different time windows that hammers the Trojan into triggering and also help to identify/eliminate false positives/false negatives due to process variation.

Security of sensible data for ultraconstrained IoT smart devices is one of the most challenging task in modern design. The needs of CPA-resistant cryptographic devices has to deal with the demanding requirements of small area and small impact on the overall power consumption. In this work, a novel current-mode feedback suppressor as on-chip analog-level CPA countermeasure is proposed. It aims to suppress differences in power consumption due to data-dependency of CMOS cryptographic devices, in order to counteract CPA attacks. The novel countermeasure is able to improve MTD of unprotected CMOS implementation of at least three orders of magnitude, providing a ×1.1 area and ×1.7 power overhead.

This work applies side channel analysis on hardware implementations of two CAESAR candidates, Keyak and Ascon. Both algorithms are cryptographic sponges with an iterated permutation. The algorithms share an s-box so attacks on the non-linear step of the permutation are similar. This work presents the first results of a DPA attack on Keyak using traces generated by an FPGA. A new attack is crafted for a larger sensitive variable to reduce the number of traces. It also presents and applies the first CPA attack on Ascon. Using a toy-sized threshold implementation of Ascon we try to give insight in the order of the steps of a permutation.

The number of resource-limited wireless devices utilized in many areas of Internet of Things is growing rapidly; there is a concern about privacy and security. Various lightweight block ciphers are proposed; this work presents a modified lightweight block cipher algorithm. A Linear Feedback Shift Register is used to replace the key generation function in the XTEA1 Algorithm. Using the same evaluation conditions, we analyzed the software implementation of the modified XTEA using FELICS (Fair Evaluation of Lightweight Cryptographic Systems) a benchmarking framework which calculates RAM footprint, ROM occupation and execution time on three largely used embedded devices: 8-bit AVR microcontroller, 16-bit MSP microcontroller and 32-bit ARM microcontroller. Implementation results show that it provides less software requirements compared to original XTEA. We enhanced the security level and the software performance.

Recent proposals for trusted hardware platforms, such as Intel SGX and the MIT Sanctum processor, offer compelling security features but lack formal guarantees. We introduce a verification methodology based on a trusted abstract platform (TAP), a formalization of idealized enclave platforms along with a parameterized adversary. We also formalize the notion of secure remote execution and present machine-checked proofs showing that the TAP satisfies the three key security properties that entail secure remote execution: integrity, confidentiality and secure measurement. We then present machine-checked proofs showing that SGX and Sanctum are refinements of the TAP under certain parameterizations of the adversary, demonstrating that these systems implement secure enclaves for the stated adversary models.

Side-channel collision attacks have been one of the most powerful attack techniques, combining advantages of traditional side-channel attack and mathematical cryptanalysis. In this paper, we propose a novel multiple-bits side-channel collision attack based on double distance voting detection, which can find all 120 relations among 16 key bytes with only 32 averaged power traces when applied to AES (Advanced Encryption Standard) algorithm. Practical attack experiments are performed successfully on a hardware implementation of AES on FPGA board. Results show that the necessary number of traces for our method is about 50% less than correlation-enhanced collision attack and 76% less than binary voting test with 90% success rate.

Due to its low cost and availability, magnetic sensors nowadays are often incorporated into security systems to detect or localize threats. This paper, with the help of a correlated pre-published work, describes preliminary steps to ensure reliable results that could help in reducing inaccuracies/ errors in case of considering a security system that detects Magnetic IEDs employing AMR-based magnetic field sensors.

The implementation of RFID technology in computer systems gives access to quality information on the location or object tracking in real time, thereby improving workflow and lead to safer, faster and better business decisions. This paper discusses the quantitative indicators of the quality of the computer system supported by RFID technology applied in monitoring facilities (pallets, packages and people) marked with RFID tag. Results of analysis of quantitative indicators of quality compute system supported by RFID technology are presented in tables.

The transition effect ring oscillator (TERO) based true random number generator (TRNG) was proposed by Varchola and Drutarovsky in 2010. There were several stochastic models for this advanced TRNG based on ring oscillator. This paper proposed an improved TERO based TRNG and implements both on Altera Cyclone series FPGA platform and on a 0.13um CMOS ASIC process. FPGA experimental results show that this balanced TERO TRNG is in good performance as the experimental data results past the national institute of standards and technology (NIST) test in 1M bit/s. The TRNG is feasible for a security SoC.

Hierarchical based formation is one of the approaches widely used to minimize the energy consumption in which node with higher residual energy routes the data gathered. Several hierarchical works were proposed in the literature with two and three layered architectures. In the work presented in this paper, we propose an enhanced architecture for three layered hierarchical clustering based approach, which is referred to as enhanced three-layer hierarchical clustering approach (EHCA). The EHCA is based on an enhanced feature of the grid node in terms of its mobility. Further, in our proposed EHCA, we introduce distributed clustering technique for lower level head selection and incorporate security mechanism to detect the presence of any malicious node. We show by simulation results that our proposed EHCA reduces the energy consumption significantly and thus improves the lifetime of the network. Also, we highlight the appropriateness of the proposed EHCA for battlefield surveillance applications.

Next generation 5G wireless networks pose several important security challenges. One fundamental challenge is key management between the two communicating parties. The goal is to establish a common secret key through an unsecured wireless medium. In this paper, we introduce a new physical layer paradigm for secure key exchange between the legitimate communication parties in the presence of a passive eavesdropper. The proposed method ensures secrecy via pre-equalization and guarantees reliable communications by the use of Low Density Parity Check (LDPC) codes. One of the main findings of this paper is to demonstrate through simulations that the diversity order of the eavesdropper will be zero unless the main and eavesdropping channels are almost correlated, while the probability of key mismatch between the legitimate transmitter and receiver will be low. Simulation results demonstrate that the proposed approach achieves very low secret key mismatch between the legitimate users, while ensuring very high error probability at the eavesdropper.