Biblio

Edge nodes are crucial for detection against multitudes of cyber attacks on Internet-of-Things endpoints and is set to become part of a multi-billion industry. The resource constraints in this novel network infrastructure tier constricts the deployment of existing Network Intrusion Detection System with Deep Learning models (DLM). We address this issue by developing a novel light, fast and accurate `Edge-Detect' model, which detects Distributed Denial of Service attack on edge nodes using DLM techniques. Our model can work within resource restrictions i.e. low power, memory and processing capabilities, to produce accurate results at a meaningful pace. It is built by creating layers of Long Short-Term Memory or Gated Recurrent Unit based cells, which are known for their excellent representation of sequential data. We designed a practical data science pipeline with Recurring Neural Network to learn from the network packet behavior in order to identify whether it is normal or attack-oriented. The model evaluation is from deployment on actual edge node represented by Raspberry Pi using current cybersecurity dataset (UNSW2015). Our results demonstrate that in comparison to conventional DLM techniques, our model maintains a high testing accuracy of 99% even with lower resource utilization in terms of cpu and memory. In addition, it is nearly 3 times smaller in size than the state-of-art model and yet requires a much lower testing time.

With the explosive growth of IoT applications, billions of things are now connected via edge devices and a colossal volume of data is sent over the internet. Providing security to the user data becomes crucial. The rise in zero-day attacks are a challenge in IoT scenarios. With the large scale of IoT application detection and mitigation of such attacks by the network administrators is cumbersome. The edge device Raspberry pi is remotely logged using Secure Shell (SSH) protocol in 90% of the IoT applications. The case study of SSH brute force attack on the edge device Raspberry pi is demonstrated with experimentation in the IoT networking scenario using Intrusion Detection System (IDS). The IP crawlers available on the internet are used by the attacker to obtain the IP address of the edge device. The proposed system continuously monitors traffic, analysis the log of attack patterns, detects and mitigates SSH brute attack. An attack hijacks and wastes the system resources depriving the authorized users of the resources. With the proposed IDS, we observe 25% CPU conservation, 40% power conservation and 10% memory conservation in resource utilization, as the IDS, mitigates the attack and releases the resources blocked by the attacker.

Aiming at the cyber security problem of the advanced metering infrastructure(AMI), an anomaly detection method based on edge computing framework for the AMI is proposed. Due to the characteristics of the edge node of data concentrator, the data concentrator has the capability of computing a large amount of data. In this paper, distributing the intrusion detection model on the edge node data concentrator of the AMI instead of the metering center, meanwhile, two-way communication of distributed local model parameters replaces a large amount of data transmission. The proposed method avoids the risk of privacy leakage during the communication of data in AMI, and it greatly reduces communication delay and computational time. In this paper, KDDCUP99 datasets is used to verify the effectiveness of the method. The results show that compared with Deep Convolutional Neural Network (DCNN), the detection accuracy of the proposed method reach 99.05%, and false detection rate only gets 0.74%, and the results indicts the proposed method ensures a high detection performance with less communication rounds, it also reduces computational consumption.

The emergence of the 5G network has boosted the advancements in the field of the internet of things (IoT) and edge/cloud computing. We present a novel architecture to detect fire in indoor and outdoor environments, dubbed as EAC-FD, an abbreviation of edge and cloud-based fire detection. Compared with existing frameworks, ours is lightweight, secure, cost-effective, and reliable. It utilizes a hybrid edge and cloud computing framework with Intel neural compute stick 2 (NCS2) accelerator is for inference in real-time with Raspberry Pi 3B as an edge device. Our fire detection model runs on the edge device while also capable of cloud computing for more robust analysis making it a secure system. We compare different versions of SSD-MobileNet architectures with ours suitable for low-end devices. The fire detection model shows a good balance between computational cost frames per second (FPS) and accuracy.

In this work, we have proposed a state-of-the-art face logging system that detects and logs high quality cropped face images of the people in real-time for security applications. Multiple strategies based on resolution, velocity and symmetry of faces have been applied to obtain best quality face images. The proposed system handles the issue of motion blur in the face images by determining the velocities of the detections. The output of the system is the face database, where four faces for each detected person are stored along with the time stamp and ID number tagged to it. The facial features are extracted by our system, which are used to search the person-of-interest instantly. The proposed system has been implemented in a docker container environment on two edge devices: the powerful NVIDIA Jetson TX2 and the cheaper NVIDIA Jetson N ano. The light and fast face detector (LFFD) used for detection, and ResN et50 used for facial feature extraction are optimized using TensorRT over these edge devices. In our experiments, the proposed system achieves the True Acceptance Rate (TAR) of 0.94 at False Acceptance Rate (FAR) of 0.01 while detecting the faces at 20–30 FPS on NVIDIA Jetson TX2 and about 8–10 FPS on NVIDIA Jetson N ano device. The advantage of our system is that it is easily deployable at multiple locations and also scalable based on application requirement. Thus it provides a realistic solution to face logging application as the query or suspect can be searched instantly, which may not only help in investigation of incidents but also in prevention of untoward incidents.

A smart home provides better living environment by allowing remote Internet access for controlling the home appliances and devices. Security of smart homes is an important application area commonly using Passive Infrared Sensors (PIRs), image capture and analysis but such solutions sometimes fail to detect an event. An unambiguous person detection is important for security applications so that no event is missed and also that there are no false alarms which result in waste of resources. Cloud platforms provide deep learning and IoT services which can be used to implement an automated and failsafe security application. In this paper, we demonstrate reliable person detection for indoor and outdoor scenarios by integrating an application running on an edge device with AWS cloud services. We provide results for identifying a person before authorizing entry, detecting any trespassing within the boundaries, and monitoring movements within the home.

In the field of image steganography, edge detection based implantation methods play vital rules in providing stronger security of hided data. In this arena, researcher applies a suitable edge detection method to detect edge pixels in an image. Those detected pixels then conceive secret message bits. A very recent trend is to employ multiple edge detection methods to increase edge pixels in an image and thus to enhance the embedding capacity. The uses of multiple edge detectors additionally boost up the data security. Like as the demand for embedding capacity, many applications need to have the modified image, i.e., stego image, with good quality. Indeed, when the message payload is low, it will not be a better idea to finds more local pixels for embedding that small payload. Rather, the image quality will look better, visually and statistically, if we could choose a part but sufficient pixels to implant bits. In this article, we propose an algorithm that uses multiple edge detection algorithms to find edge pixels separately and then selects pixels which are common to all edges. This way, the proposed method decreases the number of embeddable pixels and thus, increases the image quality. The experimental results provide promising output.

Image edge is considered to be the most important attribute to provide valuable image perception information. At present, video image data is developing towards high resolution and high frame number. The image data processing capacity is huge, so the processing speed is very strict to meet the real-time performance of image data transmission. In this context, we present a method to accelerate the real-time video image edge detection. FPGA is used as the development platform. The real-time edge detection algorithm of image data with 1280x720 resolution and 30 frame/s, combined with median filter, Sobel edge detection algorithm and corrosion expansion algorithm, makes the running time of image processing module shorter. The color image of the video image collected by camera is processed. The HDMI interface shows that the scheme has achieved ideal results in the FPGA hardware platform simulation model, greatly improves the efficiency of the algorithm, and provides a guarantee for the speed and stability of the real-time image processing system.

Internet of Things (IoT) and its applications are becoming commonplace with more devices, but always at risk of network security. It is therefore crucial for an IoT network design to identify attackers accurately, quickly and promptly. Many solutions have been proposed, mainly concerning secure IoT architectures and classification algorithms, but none of them have paid enough attention to reducing the complexity. Our proposal in this paper is an edge-cloud architecture that fulfills the detection task right at the edge layer, near the source of the attacks for quick response, versatility, as well as reducing the cloud's workload. We also propose a multi-attack detection mechanism called LCHA (Low-Complexity detection solution with High Accuracy) , which has low complexity for deployment at the edge zone while still maintaining high accuracy. The performance of our proposed mechanism is compared with that of other machine learning and deep learning methods using the most updated BoT-IoT data set. The results show that LCHA outperforms other algorithms such as NN, CNN, RNN, KNN, SVM, KNN, RF and Decision Tree in terms of accuracy and NN in terms of complexity.

With the popularity of smart devices in the power grid and the advancement of data collection technology, the amount of electricity usage data has exploded in recent years, which is beneficial for optimizing service quality and grid operation. However, current data analysis is mainly based on cloud platforms, which poses challenges to transmission bandwidth, computing resources, and transmission delays. To solve the problem, this paper proposes a graph convolution neural networks (GCNs) based edge-cloud collaborative anomaly detection model. Specifically, the time series is converted into graph data based on visibility graph model, and graph convolutional network model is adopted to classify the labeled graph data for anomaly detection. Then a model segmentation method is proposed to adaptively divide the anomaly detection model between the edge equipment and the back-end server. Experimental results show that the proposed scheme provides an effective solution to edge anomaly detection and can make full use of the computing resources of terminal equipment.

Digital watermarking is the multimedia leading security protection as it permanently escorts the digital content. Image copyright protection is becoming more anxious as the new 5G technology emerged. Protecting images with a robust scheme without distorting them is the main trade-off in digital watermarking. In this paper, a watermarking scheme based on discrete cosine transform (DCT) and singular value decomposition (SVD) using canny edge detector technique is proposed. A binary encrypted watermark is reshaped into a vector and inserted into the edge detected vector from the diagonal matrix of the SVD of DCT DC and low-frequency coefficients. Watermark insertion is performed by using an edge-tracing mechanism. The scheme is evaluated using the Peak Signal to Noise Ratio (PSNR) and Normalized Correlation (NC). Attained results are competitive when compared to present works in the field. Results show that the PSNR values vary from 51 dB to 55 dB.

The advantage of cryptographic systems based on elliptical curves over traditional systems is that they provide equivalent protection even when the key length used is small. This reduces the load time of the processors of the receiving and transmitting devices. But the development of computer technology leads to an increase in the stability of the cryptosystem, that is, the length of the keys. This article presents a method for converting elliptic curve equations to hidden parameter elliptic curve equations to increase stability without increasing key length.

Elliptic curve is a major area of research due to its application in elliptic curve cryptography. Due to their small key sizes, they offer the twofold advantage of reduced storage and transmission requirements. This also results in faster execution times. The authors propose an architecture to automatically generate test cases, for verification of elliptic curve operational circuits, based on user-defined prime field and the parameters used in the circuit to be tested. The ECC test case generations are based on the Galois field arithmetic operations which were the subject of previous work by the authors. One of the strengths of elliptic curve mathematics is its simplicity, which involves just three points (P, Q, and R), which pass through a line on the curve. The test cases generate points for a user-defined prime field which sequentially selects the input vector points (P and/or Q), to calculate the resultant output vector (R) easily. The testbench proposed here targets field programmable gate array (FPGAs) platforms and experimental results for ECC test case generation on different prime fields are presented, while ModelSim is used to validate the correctness of the ECC operations.

Digital signatures are increasingly used today. It replaces wet signature with the development of technology. Elliptic curve digital signature algorithm (ECDSA) is used in many applications thanks to its security and efficiency. However, some mathematical operations such as inversion operation in modulation slow down the speed of this algorithm. In this study, we propose a more efficient and secure ECDSA. In the proposed method, the inversion operation in modulation of signature generation and signature verification phases is removed. Thus, the efficiency and speed of the ECDSA have been increased without reducing its security. The proposed method is implemented in Python programming language using P-521 elliptic curve and SHA-512 algorithm.

The advantage of elliptic curve (EC) cryptographic systems is that they provide equivalent security even with small key lengths. However, the development of modern computing technologies leads to an increase in the length of keys. In this case, it is recommended to use a secret parameter to ensure sufficient access without increasing the key length. To achieve this result, the initiation of an additional secret parameter R into the EC equation is used to develop an EC-based key distribution algorithm. The article describes the algebraic structure of an elliptic curve with a secret parameter.

Homomorphic Encryption (HE) comes as a sophisticated and powerful cryptography system that can preserve the privacy of data in all cases when the data is at rest or even when data is in processing and computing. All the computations needed by the user or the provider can be done on the encrypted data without any need to decrypt it. However, HE has overheads such as big key sizes and long ciphertexts and as a result long execution time. This paper proposes a novel solution for big data analytic based on clustering and the Elliptical Curve Cryptography (ECC). The Extremely Distributed Clustering technique (EDC) has been used to divide big data into several subsets of cloud computing nodes. Different clustering techniques had been investigated, and it was found that using hybrid techniques can improve the performance and efficiency of big data analytic while at the same time data is protected and privacy is preserved using ECC.

The transmission of various facilities and services via the network is known as cloud computing. They involve data storage, data centers, networks, internet, and software applications, among other systems and features. Cryptography is a technique in which plain text is converted into cipher-text to preserve information security. It basically consists of encryption and decryption. The level of safety is determined by the category of encryption and decryption technique employed. The key plays an important part in the encryption method. If the key is leaked, anyone can intrude into the data and there is no use of this encryption. When the data is lost and the server fails to deliver it to the user, then it is to be recovered from any of the backup server using a recovery technique. The main objective is to develop an advanced method to increase the scope for data protection in cloud. Elliptic Curve Cryptography is a relatively new approach in the area of cryptography. The degree of security provides higher as compared to other Cryptographic techniques. The raw data and it’s accompanying as CII characters are combined and sent into the Elliptic Curve Cryptography as a source. This method eliminates the need for the transmitter and recipient to have a similar search database. Finally, a plain text is converted into cipher-text using Elliptic Curve Cryptography. The results are oat aimed by implementing a C program for Elliptic Curve Cryptography. Encryption, decryption and recovery using suitable algorithms are done.

In recent times, security and privacy concerns associated with IoT devices have caught the attention of research community. The problem of securing IoT devices is immensely aggravating due to advancement in technology. These IoT devices are resource-constraint i.e. in terms of power, memory, computation, etc., so they are less capable to secure themselves. So we need a better approach to secure IoT devices within the limited resources. Several studies state that for these lightweight IoT devices Elliptic Curve Cryptography (ECC) suits perfectly. But there are several elliptic curve domain parameter standards, which may be used for different security levels. When any ECC based product is deployed then the selection of a suitable elliptic curve standard according to usability is become very important. So we have to choose one suitable standard domain parameter for the required security level. In this paper, two different elliptic curve standard domain parameters named secp256k1 and secp192k1 proposed by an industry consortium named Standards for Efficient Cryptography Group (SECG) [1] are implemented and then analyzed their performances metrics. The performance of each domain parameter is measured in computation time.

Binary Edwards curves (BEC) over finite fields can be used as an additive cyclic elliptic curve group to enable elliptic curve cryptography (ECC), where the most time consuming is scalar multiplication. This operation is computed by means of the group operation, either point addition or point doubling. The most notorious property of these curves is that their group operation is complete, which mitigates the need to verify for special cases. Different formulae for the group operation in BECs have been reported in the literature. Of particular interest are those designed to work with the differential properties of the Montgomery ladder, which offer constant time computation of the scalar multiplication as well as reduced field operations count. In this work, we review and compare the complexity of BEC differential addition and doubling in terms of field operations. We also provide software implementations of scalar multiplications which employ these formulae under a fair scenario. Our work provides insights on the advantages of using BECs in ECC. Our study of the different formulae for group addition in BEC also showcases the advantages and limitations of the different design strategies employed in each case.

Cryptography is the science or process used for the encryption and decryption of data that helps the users to store important information or share it across networks where it can be read only by the intended user. In this paper, Elliptic Curve Cryptography (ECC) has been proposed because of its small key size, less memory space and high speed. Elliptic curve scalar multiplication is an important part of elliptic curve systems. Here, the scalar multiplication is performed with the help of hybrid Karatsuba multiplier as the area utilization of Karatsuba multiplier is less. An alternative of digital signature algorithm, that is, Elliptic Curve Digital Signature Algorithm (ECDSA) along with the primary operations of elliptic curves have also been discussed in this paper.

Cloud security includes the strategies which works together to guard data and infrastructure with a set of policies, procedures, controls and technologies. These security events are arranged to protect cloud data, support supervisory obedience and protect customers' privacy as well as setting endorsement rules for individual users and devices. The partition-based handling and encryption mechanism which provide fine-grained admittance control and protected data sharing to the data users in cloud computing. Graph partition problems fall under the category of NP-hard problems. Resolutions to these problems are generally imitative using heuristics and approximation algorithms. Partition problems strategy is used in bi-criteria approximation or resource augmentation approaches with a common extension of hyper graphs, which can address the storage hierarchy.

This paper studies the secure computation offloading for multi-user multi-server mobile edge computing (MEC)-enabled internet of things (IoT). A novel jamming signal scheme is designed to interfere with the decoding process at the Eve, but not impair the uplink task offloading from users to APs. Considering offloading latency and secrecy constraints, this paper studies the joint optimization of communication and computation resource allocation, as well as partial offloading ratio to maximize the total secrecy offloading data (TSOD) during the whole offloading process. The considered problem is nonconvex, and we resort to block coordinate descent (BCD) method to decompose it into three subproblems. An efficient iterative algorithm is proposed to achieve a locally optimal solution to power allocation subproblem. Then the optimal computation resource allocation and offloading ratio are derived in closed forms. Simulation results demonstrate that the proposed algorithm converges fast and achieves higher TSOD than some heuristics.

Concurrency programs often induce buggy results due to the unexpected interaction among threads. The detection of these concurrency bugs costs a lot because they usually appear under a specific execution trace. How to virtually explore different thread schedules to detect concurrency bugs efficiently is an important research topic. Many techniques have been proposed, including lightweight techniques like adaptive randomized scheduling (ARS) and heavyweight techniques like maximal causality reduction (MCR). Compared to heavyweight techniques, ARS is efficient in exploring different schedulings and achieves state-of-the-art performance. However, it will lead to explore large numbers of redundant thread schedulings, which will reduce the efficiency. Moreover, it suffers from the “cold start” issue, when little information is available to guide the distance calculation at the beginning of the exploration. In this work, we propose a Heuristic-Enhanced Adaptive Randomized Scheduling (HARS) algorithm, which improves ARS to detect concurrency bugs guided with novel distance metrics and heuristics obtained from existing research findings. Compared with the adaptive randomized scheduling method, it can more effectively distinguish the traces that may contain concurrency bugs and avoid redundant schedules, thus exploring diverse thread schedules effectively. We conduct an evaluation on 45 concurrency Java programs. The evaluation results show that our algorithm performs more stably in terms of effectiveness and efficiency in detecting concurrency bugs. Notably, HARS detects hard-to-expose bugs more effectively, where the buggy traces are rare or the bug triggering conditions are tricky.

As millions of IoT devices are interconnected together for better communication and computation, compromising even a single device opens a gateway for the adversary to access the network leading to an epidemic. It is pivotal to detect any malicious activity on a device and mitigate the threat. Among multiple feasible security threats, malware (malicious applications) poses a serious risk to modern IoT networks. A wide range of malware can replicate itself and propagate through the network via the underlying connectivity in the IoT networks making the malware epidemic inevitable. There exist several techniques ranging from heuristics to game-theory based technique to model the malware propagation and minimize the impact on the overall network. The state-of-the-art game-theory based approaches solely focus either on the network performance or the malware confinement but does not optimize both simultaneously. In this paper, we propose a throughput-aware game theory-based end-to-end IoT network security framework to confine the malware epidemic while preserving the overall network performance. We propose a two-player game with one player being the attacker and other being the defender. Each player has three different strategies and each strategy leads to a certain gain to that player with an associated cost. A tailored min-max algorithm was introduced to solve the game. We have evaluated our strategy on a 500 node network for different classes of malware and compare with existing state-of-the-art heuristic and game theory-based solutions.

Skyline computation is an increasingly popular query, with broad applicability to many domains. Given the trend to outsource databases, and due to the sensitive nature of the data (e.g., in healthcare), it is essential to evaluate skylines on encrypted datasets. Research efforts acknowledged the importance of secure skyline computation, but existing solutions suffer from several shortcomings: (i) they only provide ad-hoc security; (ii) they are prohibitively expensive; or (iii) they rely on assumptions such as the presence of multiple non-colluding parties in the protocol. Inspired by solutions for secure nearest-neighbors, we conjecture that a secure and efficient way to compute skylines is through result materialization. However, materialization is much more challenging for skylines queries due to large space requirements. We show that pre-computing skyline results while minimizing storage overhead is NP-hard, and we provide heuristics that solve the problem more efficiently, while maintaining storage at reasonable levels. Our algorithms are novel and also applicable to regular skyline computation, but we focus on the encrypted setting where materialization reduces the response time of skyline queries from hours to seconds. Extensive experiments show that we clearly outperform existing work in terms of performance, and our security analysis proves that we obtain a small (and quantifiable) data leakage.