Biblio

The rapid progress experienced in the Internet of Things (IoT) space is one that has introduced new and unique challenges for cybersecurity and IoT-Forensics. One of these problems is how digital forensics and incident response (DFIR) are handled in IoT. Since enormous users use IoT platforms to accomplish their day to day task, massive amounts of data streams are transferred with limited hardware resources; conducting DFIR needs a new approach to mitigate digital evidence and incident response challenges owing to the facts that there are no unified standard or classified principles for IoT forensics. Today's IoT DFIR relies on self-defined best practices and experiences. Given these challenges, IoT-related incidents need a more structured approach in identifying problems of DFIR. In this paper, we examined the major DFIR challenges in IoT by exploring the different phases involved in a DFIR when responding to IoT-related incidents. This study aims to provide researchers and practitioners a road-map that will help improve the standards of IoT security and DFIR.

Digital forensics is concerned with identifying, reporting and responding to security breaches. It is about how to acquire, analyze and report digital evidence and using the technical skills, discovering the traces of Cyber Crime. The field of digital forensics is in high demand due to the constant threats of data breaches and information hacks. Digital Forensics is utilized in the identification and elimination of crimes in any controversy where evidence is preserved in online space. This is the use of specialized techniques for retrieval, authentication and electronic data analysis. Computer forensics deals with the identification, preservation, analysis, documentation and presentation of digital evidence. The paper has analyzed the present-day trends that includes IoT forensics, cloud forensics, network forensics and social media forensics. Recent researches have shown a wide range of threats and cyber-attacks, which requires forensic investigators and forensics scientists to simplify the digital world. Hence, all our research gives a clear view of digital forensics which could be of a great help in forensic investigation. In this research paper we have discussed about the need and way to preserve the digital evidence, so that it is not compromised at any point in time and an unalter evidence can be presented before the court of law.

Digital images are becoming the backbone of the social platform. To day of life of the people, the high impact of the images has raised the concern of its authenticity. Image forensics need to be done to assure the authenticity. In this paper, a novel technique is proposed for digital image forensics. The proposed technique is applied for detection of median, averaging and Gaussian filtering in the images. In the proposed method, a first image is normalized using optimal range to obtain a better statistical information. Further, difference arrays are calculated on the normalized array and a proposed thresholding is applied on the normalized arrays. In the last, co-occurrence features are extracted from the thresholding difference arrays. In experimental analysis, significant performance gain is achieved. The detection capability of the proposed method remains upstanding on small size images even with low quality JPEG compression.

With the widespread adoption of Internet of Things (IoT) applications around the world, security related problems become a challenge since the number of cybercrimes that must be identified and investigated increased dramatically. The volume of data generated and handled is immense due to the increased number of IoT applications around the world. As a result, when a cybercrime happens, the volume of digital data needs to be dealt with is massive. Consequently, more effort and time are needed to handle the security issues. As a result, in digital forensics, the analysis phase is an important and challenging phase. This paper proposes a generic proactive model for the cybercrime analysis process in the Internet of Things. The model is focused on the classification of evidences in advance based on its significance and relation to past crimes, as well as the severity of the evidence in terms of the probability occurrence of a cybercrime. This model is supposed to save time and effort during the automated forensic investigation process.

Digital forensics investigation process begins with the acquisition, investigation until the presentation of investigation findings. Investigators are required to manage bits and pieces of digital evidence in the cloud and to correlate with evidence found in physical machines and network. The process could be made easy with a proper case management tool that is hosted in the web. The challenge of maintaining chain of custody, determining access to evidence, assignment of forensics investigator could be overcome when digital evidence is fully integrated in a single platform. Our proposed case management tool streamlines information gathering and integrates information on different platforms, shares information, tracks cases, and uploads data directly into a database. In addition, the case management tool facilitates the collaboration of investigators through sharing of forensics findings. These features allow case owner or administrator to track and monitor investigation progress in a forensically sound manner.

In the computer era, various digital devices are used along with networking technology for data communication in secured manner. But sometimes these systems are misused by the attackers. Information security with the high efficiency devices, tools are utilized for protecting the communication media and valuable data. In case of any unwanted incidents and security breaches, digital forensics methods and measures are well utilized for detecting the type of attacks, sources of attacks, their purposes. By utilizing information related to security measures, digital forensics evidences with suitable methodologies, digital forensics investigators detect the cyber-crimes. It is also necessary to prove the cyber-crimes before the law enforcement department. During this process investigators type to collect different types of information from the digital devices concerned to the cyber-attack. One of the major tasks of the digital investigator is collecting and managing the seizure records from the crime-scene. The present paper discusses the seizure record framework for digital forensics investigations.

Both the Internet of Things (IoT) and Information Centric Networking (ICN) have gathered a lot of attention from both research and industry in recent years. While ICN has proved to be beneficial in many situations, it is not widely deployed outside research projects, also not addressing needs of IoT application programming interfaces (APIs). On the other hand, today's IoT solutions are built on top of the host-centric communication model associated with the usage of the Internet Protocol (IP). This paper contributes a discussion on the need of an integration of a specific form of IoT APIs, namely WebSocket based streaming APIs, into an ICN. Furthermore, different access models are discussed and requirements are derived from real world APIs. Finally, the design of an ICN-style extension is presented using one of the examined APIs.

Information-Centric Networking (ICN) is among the promising architecture that can drive the need and versatility towards the future generation (xG) needs. In the future, support for network communication relies on the area of telemedicine, autonomous vehicles, and disaster recovery. In the disaster recovery case, there is a high possibility where the communication path is severed. Multicast communication and DTN-friendly route algorithm are becoming suitable options to send a packet message to get a faster response and to see any of the nodes available for service, this approach could give burden to the core network. Also, during disaster cases, many people would like to communicate, receive help, and find family members. Flooding the already disturbed/severed network will further reduce communication performance efficiency even further. Thus, this study takes into consideration prioritization factors to allow networks to process and delivering priority content. For this purpose, the proposed technique introduces the Routable Prefix Identifier (RP-ID) that takes into account the prioritization factor to enable optimization in Delay Tolerant ICN communication.

The emerging time-sensitive applications, such as industrial automation, smart grids, and telesurgery, pose strong demands for enabling large-scale IP-based deterministic networks. The IETF DetNet working group recently proposes a Cycle Specified Queuing and Forwarding (CSQF) solution. However, CSQF only specifies an underlying device-level primitive while how to achieve network-wide flow scheduling remains undefined. Previous scheduling mechanisms are mostly oriented to the context of local area networks, making them inapplicable to the cyclic traffic in wide area networks. In this paper, we design the Cycle Tags Planning (CTP) mechanism, a first mathematical model to enable network-wide scheduling for cyclic traffic in large-scale deterministic networks. Then, a novel scheduling algorithm named flow offset and cycle shift (FO-CS) is designed to compute the flows' cycle tags. The FO-CS algorithm is evaluated under long-distance network topologies in remote industrial control scenarios. Compared with the Naive algorithm without using FO-CS, simulation results demonstrate that FO-CS improves the scheduling flow number by 31.2% in few seconds.

In this paper, we focus on Information-Centric Delay-Tolerant Network (ICDTN), which incorporates the communication paradigm of Information-Centric Networking (ICN) into Delay-Tolerant Networking (DTN). Conventional ICNs adopt a naming scheme that names the content with the content identifier. However, a past study proposed an alternative naming scheme that describes the name of content with the content descriptor. We believe that, in ICDTN, it is more suitable to utilize the approach using the content descriptor. In this paper, we therefore propose keyword-based ICDTN that resolves content requests and deliveries contents based on keywords, i.e., content descriptor, in the request and response messages.

Network embedding, which aims to map the discrete network topology to a continuous low-dimensional representation space with the major topological properties preserved, has emerged as an essential technique to support various network inference tasks. However, incorporating both the evolutionary nature and the network's heterogeneity remains a challenge for existing network embedding methods. In this study, we propose a novel Translation-Based Dynamic Heterogeneous Network Embedding (TransDHE) approach to consider both the aspects simultaneously. For a dynamic heterogeneous network with a sequence of snapshots and multiple types of nodes and edges, we introduce a translation-based embedding module to capture the heterogeneous characteristics (e.g., type information) of each single snapshot. An orthogonal alignment module and RNN-based aggregation module are then applied to explore the evolutionary patterns among multiple successive snapshots for the final representation learning. Extensive experiments on a set of real-world networks demonstrate that TransDHE can derive the more informative embedding result for the network dynamic and heterogeneity over state-of-the-art network embedding baselines.

Network function virtualization (NFV / VNF) and information-centric networking (ICN) are two trending technologies that have attracted expert's attention. NFV is a technique in which network functions (NF) are decoupling from commodity hardware to run on to create virtual communication services. The virtualized class nodes can bring several advantages such as reduce Operating Expenses (OPEX) and Capital Expenses (CAPEX). On the other hand, ICN is a technique that breaks the host-centric paradigm and shifts the focus to “named information” or content-centric. ICN provides highly efficient content retrieval network architecture where popular contents are cached to minimize duplicate transmissions and allow mobile users to access popular contents from caches of network gateways. This paper investigates the implementation of NFV in ICN. Besides, reviewing and discussing the weaknesses and strengths of each architecture in a critical analysis manner of both network architectures. Eventually, highlighted the current issues and future challenges of both architectures.

IoT applications are changing our daily lives. These innovative applications are supported by new communication technologies and protocols. Particularly, the information-centric network (ICN) paradigm is well suited for many IoT application scenarios that involve large-scale wireless sensor networks (WSNs). Even though the ICN approach can significantly reduce the network traffic by optimizing the process of information recovery from network nodes, it is also possible to apply data aggregation strategies. This paper proposes an unsupervised machine learning-based data aggregation strategy for multi-hop information-centric WSNs. The results show that the proposed algorithm can significantly reduce the ICN data traffic while having reduced information degradation.

This paper integrates Software-Defined Networking (SDN) and Information -Centric Networking (ICN) framework to enable low latency-based stateful routing and caching management by leveraging a novel forwarding and caching strategy. The framework is implemented in a clean- slate environment that does not rely on the TCP/IP principle. It utilizes Pending Interest Tables (PIT) instead of Forwarding Information Base (FIB) to perform data dissemination among peers in the proposed IC-SDN framework. As a result, all data exchanged and cached in the system are organized in chunks with the same interest resulting in reduced packet overhead costs. Additionally, we propose an efficient caching strategy that leverages in- network caching and naming of contents through an IC-SDN controller to support off- path caching. The testbed evaluation shows that the proposed IC-SDN implementation achieves an increased throughput and reduced latency compared to the traditional information-centric environment, especially in the high load scenarios.

Congestion control is one of the essential keys to enhance network efficiency so that the network can perform well even in the case of packet drop. This problem is even more challenging in Information-Centric Networking (ICN), a typical Future Internet design, which employs the packet flooding policy for forwarding the information. To diminish the high traffic load due to the huge number of packets in the era of the Internet of Things (IoT), this paper proposes an effective caching and forwarding algorithm to diminish the congestion rate of the IoT wireless sensor in ICN. The proposed network system utilizes accumulative popularity-based delay transmission time for forwarding strategy and includes the consecutive chunks-based segment caching scheme. The evaluation results using ndnSIM, a widely-used ns-3 based ICN simulator, demonstrated that the proposed system can achieve less interest packet drop rate, more cache hit rate, and higher network throughput, compared to the relevant ICN-based benchmarks. These results prove that the proposed ICN design can achieve higher network efficiency with a lower congestion rate than that of the other related ICN systems using IoT sensors.

ICN (Information-Centric Networking) is a traditional networking approach which focuses on Internet design, while SDN (Software Defined Networking) is known as a speedy and flexible networking approach. Integrating these two approaches can solve different kinds of traditional networking problems. On the other hand, it may expose new challenges. In this paper, we study how these two networking approaches are been combined to form SDN-based ICN architecture to improve network administration. Recent research is explored to identify the SDN-based ICN challenges, provide a critical analysis of the current integration approaches, and determine open issues for further research.

Fake news, frequently making use of tampered photos, has currently emerged as a global epidemic, mainly due to the widespread use of social media as a present alternative to traditional news outlets. This development is often due to the swiftly declining price of advanced cameras and phones, which prompts the simple making of computerized pictures. The accessibility and usability of picture-altering softwares make picture-altering or controlling processes significantly simple, regardless of whether it is for the blameless or malicious plan. Various investigations have been utilized around to distinguish this sort of controlled media to deal with this issue. This paper proposes an efficient technique of copy-move forgery detection using the deep learning method. Two deep learning models such as Buster Net and VGG with FPN are used here to detect copy move forgery in digital images. The two models' performance is evaluated using the CoMoFoD dataset. The experimental result shows that VGG with FPN outperforms the Buster Net model for detecting forgery in images with an accuracy of 99.8% whereas the accuracy for the Buster Net model is 96.9%.

The transmission and storage process for the power data in an intelligent grid has problems such as a single point of failure in the central node, low data credibility, and malicious manipulation or data theft. The characteristics of decentralization and tamper-proofing of blockchain and its distributed storage architecture can effectively solve malicious manipulation and the single point of failure. However, there are few safe and reliable data transmission methods for the significant number and various identities of users and the complex node types in the power blockchain. Thus, this paper proposes a collaborative control scheme between on-chain and off-chain power data based on the distributed oracle technology. By building a trusted on-chain transmission mechanism based on distributed oracles, the scheme solves the credibility problem of massive data transmission and interactive power data between smart contracts and off-chain physical devices safely and effectively. Analysis and discussion show that the proposed scheme can realize the collaborative control between on-chain and off-chain data efficiently, safely, and reliably.

While a huge number of IoT devices are connecting to the cyber physical systems, the demand for security of these devices are increasing. Due to the demand, world-wide competition for lightweight cryptography oriented towards small devices have been held. Although tamper resistance against illegal attacks were evaluated in the competition, there is no evaluation for embedded malicious circuits such as hardware Trojan.To achieve security evaluation for embedded malicious circuits, this study proposes an implementation method of hardware Trojan for Elephant which is one of the finalists in the competition. And also, the implementation overhead of hardware Trojans and the security risk of hardware Trojan are evaluated.

The limited spectrum resources need to provide safe and efficient spectrum service for the intensive users. Malicious spectrum work nodes will affect the normal operation of the entire system. Using the blockchain model, consensus algorithm Praft based on optimized Raft is to solve the consensus problem in Byzantine environment. Message digital signatures give the spectrum node some fault tolerance and tamper resistance. Spectrum sharing among spectrum nodes is carried out in combination with game theory. The existing game theoretical algorithm does not consider the influence of spectrum occupancy of primary users and cognitive users on primary users' utility and enthusiasm at the same time. We elicits a reinforcement factor and analyzes the effect of the reinforcement factor on strategy performance. This scheme optimizes the previous strategy so that the profits of spectrum nodes are improved and a good Nash equilibrium is shown, while Praft solves the Byzantine problem left by Raft.

As the number of Internet of things devices increases, there is a growing importance of securely managing and storing the secret and private keys in these devices. Public-key cryptosystems or symmetric encryption algorithms both use special keys that need to be kept secret from other peers in the network. Additionally, ensuring the integrity of the installed application firmware of these devices is another security problem. In this study, private key storage methods are explained in general. Also, ESP32-S2 device is used for experimental case study for its robust built-in trusted platform module. Secure boot and flash encryption functionalities of ESP32-S2 device, which offers a solution to these security problems, are explained and tested in detail.

This paper reviews the video watermarking schemes resistance against tampering attacks. There are several transform methods which are used for Video Watermarking including Discrete Fourier Transform (DFT), Discrete Cosine Transform (DCT), Discrete wavelet transform (DWT) and are discussed and compared in this paper. The results are presented in a table with a summary of their advantages.

A tamper-resistant logical operation method based on integrated nanophotonics is proposed focusing on electromagnetic side-channel attacks. In the proposed method, only the phase of each optical signal is modulated depending on its logical state, which keeps the power of optical signals in optical logic circuits constant. This provides logic-gate-level tamper resistance which is difficult to achieve with CMOS circuits. An optical implementation method based on electronically-controlled phase shifters is then proposed. The electrical part of proposed circuits achieves 300 times less instantaneous current change, which is proportional to intensity of the leaked electromagnetic wave, than a CMOS logic gate.

The IFDS algorithm can be memory-intensive, requiring a memory budget of more than 100 GB of RAM for some applications. The large memory requirements significantly restrict the deployment of IFDS-based tools in practise. To improve this, we propose a disk-assisted solution that drastically reduces the memory requirements of traditional IFDS solvers. Our solution saves memory by 1) recomputing instead of memorizing intermediate analysis data, and 2) swapping in-memory data to disk when memory usages reach a threshold. We implement sophisticated scheduling schemes to swap data between memory and disks efficiently. We have developed a new taint analysis tool, DiskDroid, based on our disk-assisted IFDS solver. Compared to FlowDroid, a state-of-the-art IFDS-based taint analysis tool, for a set of 19 apps which take from 10 to 128 GB of RAM by FlowDroid, DiskDroid can analyze them with less than 10GB of RAM at a slight performance improvement of 8.6%. In addition, for 21 apps requiring more than 128GB of RAM by FlowDroid, DiskDroid can analyze each app in 3 hours, under the same memory budget of 10GB. This makes the tool deployable to normal desktop environments. We make the tool publicly available at https://github.com/HaofLi/DiskDroid.

Mutation-based taint inference (MTI) is a novel technique for taint analysis. Compared with traditional techniques that track propagations of taint tags, MTI infers a variable is tainted if its values change due to input mutations, which is lightweight and conceptually sound. However, there are 3 challenges to its efficiency and scalability: (1) it cannot efficiently record variable values to monitor their changes; (2) it consumes a large amount of memory monitoring variable values, especially on complex programs; and (3) its excessive memory overhead leads to a low hit ratio of CPU cache, which slows down the speed of taint inference. This paper presents an efficient and scalable solution named HashMTI. We first explain the above challenges based on 4 observations. Motivated by these challenges, we propose a hash record scheme to efficiently monitor changes in variable values and significantly reduce the memory overhead. The scheme is based on our specially selected and optimized hash functions that possess 3 crucial properties. Moreover, we propose the DoubleMutation strategy, which applies additional mutations to mitigate the limitation of the hash record and detect more taint information. We implemented a prototype of HashMTI and evaluated it on 18 real-world programs and 4 LAVA-M programs. Compared with the baseline OrigMTI, HashMTI significantly reduces the overhead while having similar accuracy. It achieves a speedup of 2.5X to 23.5X and consumes little memory which is on average 70.4 times less than that of OrigMTI.