Biblio

In order to deal with APT(Advanced Persistent Threat) attacks, this paper proposes a quantifiable Attack-Defense Tree model. First, the model gives both attack and defense leaf node a variety of security attributes. And then quantifies the nodes through the analytic hierarchy process. Finally, it analyzes the impact of the defense measures on the attack behavior. Through the application of the model, we can see that the quantifiable Attack-Defense Tree model can well describe the impact of defense measures on attack behavior.

Today's enterprises are exposed to sophisticated attacks, such as Advanced Persistent Threats\textbackslashtextasciitilde(APT) attacks, which usually consist of stealthy multiple steps. To counter these attacks, enterprises often rely on causality analysis on the system activity data collected from a ubiquitous system monitoring to discover the initial penetration point, and from there identify previously unknown attack steps. However, one major challenge for causality analysis is that the ubiquitous system monitoring generates a colossal amount of data and hosting such a huge amount of data is prohibitively expensive. Thus, there is a strong demand for techniques that reduce the storage of data for causality analysis and yet preserve the quality of the causality analysis. To address this problem, in this paper, we propose NodeMerge, a template based data reduction system for online system event storage. Specifically, our approach can directly work on the stream of system dependency data and achieve data reduction on the read-only file events based on their access patterns. It can either reduce the storage cost or improve the performance of causality analysis under the same budget. Only with a reasonable amount of resource for online data reduction, it nearly completely preserves the accuracy for causality analysis. The reduced form of data can be used directly with little overhead. To evaluate our approach, we conducted a set of comprehensive evaluations, which show that for different categories of workloads, our system can reduce the storage capacity of raw system dependency data by as high as 75.7 times, and the storage capacity of the state-of-the-art approach by as high as 32.6 times. Furthermore, the results also demonstrate that our approach keeps all the causality analysis information and has a reasonably small overhead in memory and hard disk.

With the continuous development of the vehicular ad hoc network (VANET), many challenges related to network security have come one after another, among which privacy issues are particularly prominent. To help each network user decide when and where to protect their privacy, we suggest creating a user-centric privacy computing system in VANET. A risk assessment function and a set of decision weights are proposed to simulate the driver's decision-making intent in the vehicle network. Besides, proposed information and privacy joint metrics are used as the key indicators for dynamic selection of Mix-zone. Finally, by considering three influencing factors: maximum road capacity, user-centric quantitative privacy and attacker information measurement, defined mixzone creation mechanism to achieve privacy protection in VANET.

In recent years, the area of Mobile Ad-hoc Net-work(MANET) has received considerable attention among the research community owing to the advantages in its networking features as well as solving the unsolved issues in it. One field which needs more security is the mobile ad hoc network. Mobile Ad-hoc Network is a temporary network composed of mobile nodes, connected by wireless links, without fixed infrastructure. Network security plays a crucial role in this MANET and the traditional way of protecting the networks through firewalls and encryption software is no longer effective and sufficient. In order to provide additional security to the MANET, intrusion detection mechanisms should be added. In this paper, selective acknowledgment is used for detecting malicious nodes in the Mobile ad-hoc network is proposed. In this paper we propose a novel mechanism called selective acknowledgment for solving problems that airse with Adaptive ACKnowledgment (AACK). This mechanism is an enhancement to the AACK scheme where its Packet delivery ration and detection overhead is reduced. NS2 is used to simulate and evaluate the proposed scheme and compare it against the AACK. The obtained results show that the selective acknowledgment scheme outperforms AACK in terms of network packet delivery ratio and routing overhead.

Nowadays, Vehicular ad hoc network confronts many challenges in terms of security and privacy, due to the fact that data transmitted are diffused in an open access environment. However, highest of drivers want to maintain their information discreet and protected, and they do not want to share their confidential information. So, the private information of drivers who are distributed in this network must be protected against various threats that may damage their privacy. That is why, confidentiality, integrity and availability are the important security requirements in VANET. This paper focus on security threat in vehicle network especially on the availability of this network. Then we regard the rational attacker who decides to lead an attack based on its adversary's strategy to maximize its own attack interests. Our aim is to provide reliability and privacy of VANET system, by preventing attackers from violating and endangering the network. to ensure this objective, we adopt a tree structure called attack tree to model the attacker's potential attack strategies. Also, we join the countermeasures to the attack tree in order to build attack-defense tree for defending these attacks.

Cyber-Physical Systems (CPS), such as Water Distribution Networks (WDNs), deploy digital devices to monitor and control the behavior of physical processes. These digital devices, however, are susceptible to cyber and physical attacks, that may alter their functionality, and therefore the integrity of their measurements/actions. In practice, industrial control systems utilize simple control laws, which rely on various sensor measurements and algorithms which are expected to operate normally. To reduce the impact of a potential failure, operators may deploy redundant components; this however may not be useful, e.g., when a cyber attack at a PLC component occurs. In this work, we address the problem of reducing vulnerability to cyber-physical attacks in water distribution networks. This is achieved by augmenting the graph which describes the information flow from sensors to actuators, by adding new connections and algorithms, to increase the number of redundant cyber components. These, in turn, increase the \textitcyber-physical security level, which is defined in the present paper as the number of malicious attacks a CPS may sustain before becoming unable to satisfy the control requirements. A proof-of-concept of the approach is demonstrated over a simple WDN, with intuition on how this can be used to increase the cyber-physical security level of the system.

For LTI control systems, we provide mathematical tools - in terms of Linear Matrix Inequalities - for computing outer ellipsoidal bounds on the reachable sets that attacks can induce in the system when they are subject to the physical limits of the actuators. Next, for a given set of dangerous states, states that (if reached) compromise the integrity or safe operation of the system, we provide tools for designing new artificial limits on the actuators (smaller than their physical bounds) such that the new ellipsoidal bounds (and thus the new reachable sets) are as large as possible (in terms of volume) while guaranteeing that the dangerous states are not reachable. This guarantees that the new bounds cut as little as possible from the original reachable set to minimize the loss of system performance. Computer simulations using a platoon of vehicles are presented to illustrate the performance of our tools.

As the Industrial Internet of Things (IIot) becomes more prevalent in critical application domains, ensuring security and resilience in the face of cyber-attacks is becoming an issue of paramount importance. Cyber-attacks against critical infrastructures, for example, against smart water-distribution and transportation systems, pose serious threats to public health and safety. Owing to the severity of these threats, a variety of security techniques are available. However, no single technique can address the whole spectrum of cyber-attacks that may be launched by a determined and resourceful attacker. In light of this, we consider a multi-pronged approach for designing secure and resilient IIoT systems, which integrates redundancy, diversity, and hardening techniques. We introduce a framework for quantifying cyber-security risks and optimizing IIoT design by determining security investments in redundancy, diversity, and hardening. To demonstrate the applicability of our framework, we present a case study in water-distribution systems. Our numerical evaluation shows that integrating redundancy, diversity, and hardening can lead to reduced security risk at the same cost.

An attack detection scheme is proposed to detect data integrity attacks on sensors in Cyber-Physical Systems (CPSs). A combined fingerprint for sensor and process noise is created during the normal operation of the system. Under sensor spoofing attack, noise pattern deviates from the fingerprinted pattern enabling the proposed scheme to detect attacks. To extract the noise (difference between expected and observed value) a representative model of the system is derived. A Kalman filter is used for the purpose of state estimation. By subtracting the state estimates from the real system states, a residual vector is obtained. It is shown that in steady state the residual vector is a function of process and sensor noise. A set of time domain and frequency domain features is extracted from the residual vector. Feature set is provided to a machine learning algorithm to identify the sensor and process. Experiments are performed on two testbeds, a real-world water treatment (SWaT) facility and a water distribution (WADI) testbed. A class of zero-alarm attacks, designed for statistical detectors on SWaT are detected by the proposed scheme. It is shown that a multitude of sensors can be uniquely identified with accuracy higher than 90% based on the noise fingerprint.

A novel scheme is proposed to authenticate sensors and detect data integrity attacks in a Cyber Physical System (CPS). The proposed technique uses the hardware characteristics of a sensor and physics of a process to create unique patterns (herein termed as fingerprints) for each sensor. The sensor fingerprint is a function of sensor and process noise embedded in sensor measurements. Uniqueness in the noise appears due to manufacturing imperfections of a sensor and due to unique features of a physical process. To create a sensor's fingerprint a system-model based approach is used. A noise-based fingerprint is created during the normal operation of the system. It is shown that under data injection attacks on sensors, noise pattern deviations from the fingerprinted pattern enable the proposed scheme to detect attacks. Experiments are performed on a dataset from a real-world water treatment (SWaT) facility. A class of stealthy attacks is designed against the proposed scheme and extensive security analysis is carried out. Results show that a range of sensors can be uniquely identified with an accuracy as high as 98%. Extensive sensor identification experiments are carried out on a set of sensors in SWaT testbed. The proposed scheme is tested on a variety of attack scenarios from the reference literature which are detected with high accuracy

Additive manufacturing (AM, or 3D printing) is a novel manufacturing technology that has been adopted in industrial and consumer settings. However, the reliance of this technology on computerization has raised various security concerns. In this paper, we address issues associated with sabotage via tampering during the 3D printing process by presenting an approach that can verify the integrity of a 3D printed object. Our approach operates on acoustic side-channel emanations generated by the 3D printer’s stepper motors, which results in a non-intrusive and real-time validation process that is difficult to compromise. The proposed approach constitutes two algorithms. The first algorithm is used to generate a master audio fingerprint for the verifiable unaltered printing process. The second algorithm is applied when the same 3D object is printed again, and this algorithm validates the monitored 3D printing process by assessing the similarity of its audio signature with the master audio fingerprint. To evaluate the quality of the proposed thresholds, we identify the detectability thresholds for the following minimal tampering primitives: insertion, deletion, replacement, and modification of a single tool path command. By detecting the deviation at the time of occurrence, we can stop the printing process for compromised objects, thus saving time and preventing material waste. We discuss various factors that impact the method, such as background noise, audio device changes and different audio recorder positions.

Device-to-device communication is widely used for mobile devices and Internet of Things. Authentication and key agreement are critical to build a secure channel between two devices. However, existing approaches often rely on a pre-built fingerprint database and suffer from low key generation rate. We present GeneWave, a fast device authentication and key agreement protocol for commodity mobile devices. GeneWave first achieves bidirectional initial authentication based on the physical response interval between two devices. To keep the accuracy of interval estimation, we eliminate time uncertainty on commodity devices through fast signal detection and redundancy time cancellation. Then, we derive the initial acoustic channel response for device authentication. We design a novel coding scheme for efficient key agreement while ensuring security. Therefore, two devices can authenticate each other and securely agree on a symmetric key. GeneWave requires neither special hardware nor pre-built fingerprint database, and thus it is easyto-use on commercial mobile devices. We implement GeneWave on mobile devices (i.e., Nexus 5X and Nexus 6P) and evaluate its performance through extensive experiments. Experimental results show that GeneWave efficiently accomplish secure key agreement on commodity smartphones with a key generation rate 10× faster than the state-of-the-art approach.

This paper presents a novel low power security system based on magnetic anomaly detection by using Tunneling Magnetoresistance (TMR) magnetic sensors. In this work, a smart light has been developed, which consists of TMR sensors array, detection circuits, a micro-controller and a battery. Taking the advantage of low power consumption of TMR magnetic sensors, the smart light powered by Li-ion battery can work for several months. Power Spectrum Density of the obtained signal was analyzed to reject background noise and improve the signal to noise ratio effectively by 1.3 dB, which represented a 30% detection range improvement. Also, by sending the signals to PC, the magnetic fingerprints of the objects have been configured clearly. In addition, the quick scan measurement has been also performed to demonstrate that the system can discriminate the multiple objects with 30 cm separation. Since the whole system was compact and portable, it can be used for security check at office, meeting room or other private places without attracting any attention. Moreover, it is promising to integrate multiply such systems together to achieve a wireless security network in large-scale monitoring.

Smart personal insulin pumps have been widely adopted by type 1 diabetes. However, many wireless insulin pump systems lack security mechanisms to protect them from malicious attacks. In previous works, the read-write attacks over RF channels can be launched stealthily and could jeopardize patients' lives. Protecting patients from such attacks is urgent. To address this issue, we propose a novel visible light channel based access control scheme for wireless infusion insulin pumps. This scheme employs an infrared photodiode sensor as a receiver in an insulin pump, and an infrared LED as an emitter in a doctor's reader (USB) to transmit a PIN/shared key to authenticate the doctor's USB. The evaluation results demonstrate that our scheme can reliably pass the authentication process with a low false accept rate (0.05% at a distance of 5cm).

Wireless communication based on optical spectrum has been a promising technology to support increasing bandwidth demand in the recent years. Light fidelity, optical camera communication, visible light communication, underwater optical wireless communication, free space optical communication are such technologies those have been already deployed to support the challenges in wireless communications. Those technologies create massive data traffic as lots of infrastructures and servers are connected with the internet. Software defined optical wireless networks have been introduced in this paper as a solution to this phenomenon. An architecture has been designed where we provide the general software defined networking (SDN) structure and describe the possible tasks which can be performed by the SDN for optical wireless communication.

In the indoor scenario, visible light communications (VLC) is regarded as one of the most promising candidates for future wireless communications. Recently, the physical layer security for indoor VLC has drawn considerable attention. In this paper, the secrecy capacity of indoor VLC is analyzed. Initially, an VLC system with a transmitter, a legitimate receiver, and an eavesdropper is established. In the system, the nonnegativity, the peak optical intensity constraint and the dimmable average optical intensity constraint are considered. Based on the principle of information theory, the closed-form expressions of the upper and the lower bounds on the secrecy capacity are derived, respectively. Numerical results show that the upper and the lower bounds on secrecy capacity are very tight, which verify the accuracy of the derived closed-form expressions.

Visible light communication is a solution for high-security wireless data transmission. In this paper, we first analyze the potential vulnerability of the system from eavesdropping outside the room. By setting up a signal to noise ratio threshold, we define a vulnerable area outside of the room through a window. We compute the receiver aperture needed to capture the signal and what portion of the space is most vulnerable to eavesdropping. Based on the analysis, we propose a solution to improve the security by optimizing the modulation efficiency of each LED in the indoor lamp. The simulation results show that the proposed solution can improve the security considerably while maintaining the indoor communication performance.

In this paper, a method is proposed for improving the physical layer security for indoor visible light communication (VLC) networks with angle diversity transmitters. An angle diversity transmitter usually consists of multiple narrow-beam light-emitting diode (LED) elements with different orientations. Angle diversity transmitters are suitable for confidential data transmission, since data transmission via narrow light beams can effectively avoid the leakage of messages. In order to improve security performance, protection zones are introduced to the systems with angle diversity transmitters. Simulation results show that over 50% performance improvement can be obtained by adding protection zones.

Vulnerabilities in hypervisors are crucial in multi-tenant clouds and attractive for attackers because a vulnerability in the hypervisor can undermine all the virtual machine (VM) security. This paper focuses on vulnerabilities in instruction emulators inside hypervisors. Vulnerabilities in instruction emulators are not rare; CVE-2017-2583, CVE-2016-9756, CVE-2015-0239, CVE-2014-3647, to name a few. For backward compatibility with legacy x86 CPUs, conventional hypervisors emulate arbitrary instructions at any time if requested. This design leads to a large attack surface, making it hard to get rid of vulnerabilities in the emulator. This paper proposes FWinst that narrows the attack surface against vulnerabilities in the emulator. The key insight behind FWinst is that the emulator should emulate only a small subset of instructions, depending on the underlying CPU micro-architecture and the hypervisor configuration. FWinst recognizes emulation contexts in which the instruction emulator is invoked, and identifies a legitimate subset of instructions that are allowed to be emulated in the current context. By filtering out illegitimate instructions, FWinst narrows the attack surface. In particular, FWinst is effective on recent x86 micro-architectures because the legitimate subset becomes very small. Our experimental results demonstrate FWinst prevents existing vulnerabilities in the emulator from being exploited on Westmere micro-architecture, and the runtime overhead is negligible.

The concept of Internet of Things (IoT) has received considerable attention and development in recent years. There have been significant studies on access control models for IoT in academia, while companies have already deployed several cloud-enabled IoT platforms. However, there is no consensus on a formal access control model for cloud-enabled IoT. The access-control oriented (ACO) architecture was recently proposed for cloud-enabled IoT, with virtual objects (VOs) and cloud services in the middle layers. Building upon ACO, operational and administrative access control models have been published for virtual object communication in cloud-enabled IoT illustrated by a use case of sensing speeding cars as a running example. In this paper, we study AWS IoT as a major commercial cloud-IoT platform and investigate its suitability for implementing the afore-mentioned academic models of ACO and VO communication control. While AWS IoT has a notion of digital shadows closely analogous to VOs, it lacks explicit capability for VO communication and thereby for VO communication control. Thus there is a significant mismatch between AWS IoT and these academic models. The principal contribution of this paper is to reconcile this mismatch by showing how to use the mechanisms of AWS IoT to effectively implement VO communication models. To this end, we develop an access control model for virtual objects (shadows) communication in AWS IoT called AWS-IoT-ACMVO. We develop a proof-of-concept implementation of the speeding cars use case in AWS IoT under guidance of this model, and provide selected performance measurements. We conclude with a discussion of possible alternate implementations of this use case in AWS IoT.

The diagnosis of performance issues in cloud environments is a challenging problem, due to the different levels of virtualization, the diversity of applications and their interactions on the same physical host. Moreover, because of privacy, security, ease of deployment and execution overhead, an agent-less method, which limits its data collection to the physical host level, is often the only acceptable solution. In this paper, a precise host-based method, to recover wait state for the processes inside a given Virtual Machine (VM), is proposed. The virtual Process State Detection (vPSD) algorithm computes the state of processes through host kernel tracing. The state of a virtual Process (vProcess) is displayed in an interactive trace viewer (Trace Compass) for further inspection. Our proposed VM trace analysis algorithm has been open-sourced for further enhancements and for the benefit of other developers. Experimental evaluations were conducted using a mix of workload types (CPU, Disk, and Network), with different applications like Hadoop, MySQL, and Apache. vPSD, being based on host hypervisor tracing, brings a lower overhead (around 0.03%) as compared to other approaches.

Data privacy and security is a leading concern for providers and customers of cloud computing, where Virtual Machines (VMs) can co-reside within the same underlying physical machine. Side channel attacks within multi-tenant virtualized cloud environments are an established problem, where attackers are able to monitor and exfiltrate data from co-resident VMs. Virtualization services have attempted to mitigate such attacks by preventing VM-to-VM interference on shared hardware by providing logical resource isolation between co-located VMs via an internal virtual network. However, such approaches are also insecure, with attackers capable of performing network channel attacks which bypass mitigation strategies using vectors such as ARP Spoofing, TCP/IP steganography, and DNS poisoning. In this paper we identify a new vulnerability within the internal cloud virtual network, showing that through a combination of TAP impersonation and mirroring, a malicious VM can successfully redirect and monitor network traffic of VMs co-located within the same physical machine. We demonstrate the feasibility of this attack in a prominent cloud platform - OpenStack - under various security requirements and system conditions, and propose countermeasures for mitigation.

ARM devices (mobile phone, IoT devices) are getting more popular in our daily life due to the low power consumption and cost. These devices carry a huge number of user's private information, which attracts attackers' attention and increase the security risk. The operating systems (e.g., Android, Linux) works out many memory data protection strategies on user's private information. However, the monolithic OS may contain security vulnerabilities that are exploited by the attacker to get root or even kernel privilege. Once the kernel privilege is obtained by the attacker, all data protection strategies will be gone and user's private information can be taken away. In this paper, we propose a hardened memory data protection framework called H-Securebox to defeat kernel-level memory data stolen attacks. H-Securebox leverages ARM hardware virtualization technique to protect the data on the memory with hypervisor privilege. We designed three types H-Securebox for programing developers to use. Although the attacker may have kernel privilege, she can not touch private data inside H-Securebox, since hypervisor privilege is higher than kernel privilege. With the implementation of H-Securebox system assisting by a tiny hypervisor on Raspberry Pi2 development board, we measure the performance overhead of our system and do the security evaluations. The results positively show that the overhead is negligible and the malicious application with root or kernel privilege can not access the private data protected by our system.

Although the importance of mobile applications grows every day, recent vulnerability reports argue the application's deficiency to meet modern security standards. Testing strategies alleviate the problem by identifying security violations in software implementations. This paper proposes a novel testing methodology that applies state machine learning of mobile Android applications in combination with algorithms that discover attack paths in the learned state machine. The presence of an attack path evidences the existence of a vulnerability in the mobile application. We apply our methods to real-life apps and show that the novel methodology is capable of identifying vulnerabilities.

The caching of frequently requested web resources is an integral part of the web ever since. Cacheability is the main pillar for the web's scalability and an important mechanism for optimizing resource consumption and performance. Caches exist in many variations and locations on the path between web client and server with the browser cache being ubiquitous to date. Web developers need to have a profound understanding of the concepts and policies of web caching even when exploiting these advantages is not relevant. Neglecting web caching may otherwise result in more serve consequences than the simple loss of scalability and efficiency. Recent misuse of web caching systems shows to affect the application's behavior as well as privacy and security. In this paper we introduce a tool-based approach to disburden web developers while keeping them informed about caching influences. Our first contribution is a structured test suite containing 397 web caching test cases. In order to make this collection easily adoptable we introduce an automated testing tool for executing the test cases against web browsers. Based on the developed testing tool we conduct a systematic analysis on the behavior of web browser caches and their compliance with relevant caching standards. Our findings on desktop and mobile versions of Chrome, Firefox, Safari and Edge show many diversities as well as discrepancies. Appropriate tooling supports web developers in uncovering such adversities. As our baseline of test cases is specified using a specification language that enables extensibility, developers as well as administrators and researchers can systematically add and empirically explore caching properties of interest even in non-browser scenarios.