Biblio

This project is an extension of ongoing research on Fully Homomorphic Encryption - Arithmetic Circuit Homomorphic Encryption. This paper focus on the implementation of pairing algorithm Supersingular Isogeny Diffie Hellman Key Exchange into Arithmetic Circuit Homomorphic Encryption as well as comparison and analyse with Elliptic Curve Diffie Hellman. Next, the paper will discuss on the latencies incurred due to pairing sessions between machines, key generations, key sizes, CPU usage and overall latency for the two respective key exchange methods to be compared against each other.

The Internet of Battlefield Things (IoBT) is a dynamically composed network of intelligent sensors and actuators that operate as a command and control, communications, computers, and intelligence complex-system with the aim to enable multi-domain operations. The use of artificial intelligence can help transform the IoBT data into actionable insight to create information and decision advantage on the battlefield. In this work, we focus on how accounting for uncertainty in IoBT systems can result in more robust and safer systems. Human trust in these systems requires the ability to understand and interpret how machines make decisions. Most real-world applications currently use deterministic machine learning techniques that cannot incorporate uncertainty. In this work, we focus on the machine learning task of classifying vehicles from their audio recordings, comparing deterministic convolutional neural networks (CNNs) with Bayesian CNNs to show that correctly estimating the uncertainty can help lead to robust decision-making in IoBT.

Cyber deception plays an important role in both proactive and reactive defense systems. Internet of Battlefield things connecting smart devices of any military tactical network is of great importance. The goal of cyber deception is to provide false information regarding the network state, and topology to protect the IoBT's network devices. In this paper, we propose a novel deceptive approach based on game theory that takes into account the topological aspects of the network and the criticality of each device. To find the optimal deceptive strategy, we formulate a two-player game to study the interactions between the network defender and the adversary. The Nash equilibrium of the game model is characterized. Moreover, we propose a scalable game-solving algorithm to overcome the curse of dimensionality. This approach is based on solving a smaller in-size subgame per node. Our numerical results show that the proposed deception approach effectively reduced the impact and the reward of the attacker

Internet of Battlefield Things (IoBTs) are well positioned to take advantage of recent technology trends that have led to the development of low-power neural accelerators and low-cost high-performance sensors. However, a key challenge that needs to be dealt with is that despite all the advancements, edge devices remain resource-constrained, thus prohibiting complex deep neural networks from deploying and deriving actionable insights from various sensors. Furthermore, deploying sophisticated sensors in a distributed manner to improve decision-making also poses an extra challenge of coordinating and exchanging data between the nodes and server. We propose an architecture that abstracts away these thorny deployment considerations from an end-user (such as a commander or warfighter). Our architecture can automatically compile and deploy the inference model into a set of distributed nodes and server while taking into consideration of the resource availability, variation, and uncertainties.

Wireless communications networks are an integral part of intelligent systems that enhance the automation of various activities and operations embarked by humans. For example, the development of intelligent devices imbued with sensors leverages emerging technologies such as machine learning (ML) and artificial intelligence (AI), which have proven to enhance military operations through communication, control, intelligence gathering, and situational awareness. However, growing concerns in cybersecurity imply that attackers are always seeking to take advantage of the widened attack surface to launch adversarial attacks which compromise the activities of legitimate users. To address this challenge, we leverage on deep learning (DL) and the principle of cyber-deception to propose a method for defending wireless networks from the activities of jammers. Specifically, we use DL to regulate the power allocated to users and the channel they use to communicate, thereby luring jammers into attacking designated channels that are considered to guarantee maximum damage when attacked. Furthermore, by directing its energy towards the attack on a specific channel, other channels are freed up for actual transmission, ensuring secure communication. Through simulations and experiments carried out, we conclude that this approach enhances security in wireless communication systems.

The Internet of Battlefield Things is a relatively new cyberphysical system and even though it shares a lot of concepts from the Internet of Things and wireless ad hoc networking in general, a lot of research is required to address its scale and peculiarities. In this article we examine a fundamental problem pertaining to the routing/dissemination of information, namely the construction of a backbone. We model an IoBT ad hoc network as a multilayer network and employ the concept of domination for multilayer networks which is a complete departure from the volume of earlier works, in order to select sets of nodes that will support the routing of information. Even though there is huge literature on similar topics during the past many years, the problem in military (IoBT) networks is quite different since these wireless networks are multilayer networks and treating them as a single (flat) network or treating each layer in isolation and calculating dominating set produces submoptimal or bad solutions; thus all the past literature which deals with single layer (flat) networks is in principle inappropriate. We design a new, distributed algorithm for calculating connected dominating sets which produces dominating sets of small cardinality. We evaluate the proposed algorithm on synthetic topologies, and compare it against the only two existing competitors. The proposed algorithm establishes itself as the clear winner in all experiments.

Recently deep learning has demonstrated much success within the fields of image and natural language processing, facial recognition, and computer vision. The success is attributed to large, accessible databases and deep learning's ability to learn highly accurate models. Thus, deep learning is being investigated as a viable end-to-end approach to digital communications design. This work investigates the use of adversarial deep learning to ensure that a radio can communicate covertly, via Direct Sequence Spread Spectrum (DSSS), with another while a third (the adversary) is actively attempting to detect, intercept and exploit their communications. The adversary's ability to detect and exploit the DSSS signals is hindered by: (i) generating a set of spreading codes that are balanced and result in low side lobes as well as (ii) actively adapting the encoding scheme. Lastly, DSSS communications performance is assessed using energy constrained devices to accurately portray IoT and IoBT device limitations.

This document paper presents a critical and condensed analyze on series of devices that are intended for the military field, making an overview analysis of the technical solutions presented and that identifying those aspects that are really important for the military field or that offering a new approach. We currently have a wide range of medical devices that can be adapted for use in the military, but this adaptation must follow some well-defined aspects. A device that does not offer 100% reliability will be difficult to adopt in a military system, where mistakes are not allowed.

The most widely used method to prevent adversaries from eavesdropping on sensitive sensor, robot, and war fighter communications is mathematically strong cryptographic algorithms. However, prevailing cryptographic protocol mandates are often made without consideration of resource constraints of devices in the internet of Battlefield Things (IoBT). In this article, we address the challenges of IoBT sensor data exchange in contested environments. Battlefield IoT (Internet of Things) devices need to exchange data and receive feedback from other devices such as tanks and command and control infrastructure for analysis, tracking, and real-time engagement. Since data in IoBT systems may be massive or sparse, we introduced a machine learning classifier to determine what type of data to transmit under what conditions. We compared Support Vector Machine, Bayes Point Match, Boosted Decision Trees, Decision Forests, and Decision Jungles on their abilities to recommend the optimal confidentiality preserving data and transmission path considering dynamic threats. We created a synthesized dataset that simulates platoon maneuvers and IED detection components. We found Decision Jungles to produce the most accurate results while requiring the least resources during training to produce those results. We also introduced the JointField blockchain network for joint and allied force data sharing. With our classifier, strategists, and system designers will be able to enable adaptive responses to threats while engaged in real-time field conflict.

The rapid advancement of IoT technologies has led to its flexible adoption in battle field networks, known as Internet of Battlefield Things (IoBT) networks. One important application of IoBT networks is the weather sensory network characterized with a variety of weather, land and environmental sensors. This data contains hidden trends and correlations, needed to provide situational awareness to soldiers and commanders. To interpret the incoming data in real-time, machine learning algorithms are required to automate strategic decision-making. Existing solutions are not well-equipped to provide the fine-grained feedback to military personnel and cannot facilitate a scalable, end-to-end platform for fast unlabeled data collection, cleaning, querying, analysis and threats identification. In this work, we present a scalable end-to-end IoBT data driven platform for SVAD (Storage, Visualization, Anomaly Detection) analysis of heterogeneous weather sensor data. Our SVAD platform includes extensive data cleaning techniques to denoise efficiently data to differentiate data from anomalies and noise data instances. We perform comparative analysis of unsupervised machine learning algorithms for multi-variant data analysis and experimental evaluation of different data ingestion pipelines to show the ability of the SVAD platform for (near) real-time processing. Our results indicate impending turbulent weather conditions that can be detected by early anomaly identification and detection techniques.

Internet of Battlefield Things (IoBT) is the application of Internet of Things (IoT) to a battlefield environment. IoBT networks operate in difficult conditions due to high mobility and unpredictable nature of battle fields and securing them is a challenge. There is increasing interest to use deception techniques to enhance the security of IoBT networks. A honeypot is a system installed on a network as a trap to attract the attention of an attacker and it does not store any valuable data. In this work, we introduce IoBT dual sensor gateways. We propose a Reinforcement Learning (RL)-assisted scheme, in which the IoBT dual sensor gateways intelligently switch between honeypot and real function based on a threshold. The optimal threshold is determined using reinforcement learning approach that adapts to nodes reputation. To focus on the impact of the mobile and uncertain behavior of IoBT networks on the proposed scheme, we consider the nodes as moving vehicles. We statistically analyze the results of our RL-based scheme obtained using ns-3 network simulation, and optimize value of the threshold.

Distributed Container-based cloud system has the advantages of rapid deployment, efficient virtualization, simplified configuration, and well-scalability. However, good scalability may slow down container-based cloud because it is more vulnerable to gray faults. As a new fault model similar with fail-slow and limping, gray fault has so many root causes that current studies focus only on a certain type of fault are not sufficient. And unlike traditional cloud, container is a black box provided by service providers, making it difficult for traditional API intrusion-based diagnosis methods to implement. A better approach should shield low-level causes from high-level processing. A Gray Fault Prediction Strategy based on Context Graph is proposed according to the correlation between gray faults and application scenarios. From historical data, the performance metrics related to how above context evolve to fault scenarios are established, and scenarios represented by corresponding data are stored in a graph. A scenario will be predicted as a fault scenario, if its isomorphic scenario is found in the graph. The experimental results show that the success rate of prediction is stable at more than 90%, and it is verified the overhead is optimized well.

Payment systems are a critical component of everyday life in our society. While in many situations payments are still slow, opaque, siloed, expensive or even fail, users expect them to be fast, transparent, cheap, reliable and global. Recent technologies such as distributed ledgers create opportunities for near-real-time, cheaper and more transparent payments. However, in order to achieve a global payment system, payments should be possible not only within one ledger, but also across different ledgers and geographies.In this paper we propose Secure Payments with Overlay Networks (SPON), a service that enables global payments across multiple ledgers by combining the transaction exchange provided by the Interledger protocol with an intrusion-tolerant overlay of relay nodes to achieve (1) improved payment latency, (2) fault-tolerance to benign failures such as node failures and network partitions, and (3) resilience to BGP hijacking attacks. We discuss the design goals and present an implementation based on the Interledger protocol and Spines overlay network. We analyze the resilience of SPON and demonstrate through experimental evaluation that it is able to improve payment latency, recover from path outages, withstand network partition attacks, and disseminate payments fairly across multiple ledgers. We also show how SPON can be deployed to make the communication between different ledgers resilient to BGP hijacking attacks.

The metal oxide arrester (MOA, shortly) is installed on the line side of the substation, which is the first line of defense for the overvoltage limitation of lightning intrusion wave. In order to deeply limit the switching overvoltage and cancel the closing resistance of the circuit breaker, the arrester is replaced by the controllable metal oxide arrester (CMOA, shortly) in the new technology. The controllable switch of CMOA can be mechanical switch or thyristor switch. Thyristor switches are sensitive to the current and current change rate (di/dt) under lightning intrusion wave. If the switch cannot withstand, appropriate protective measures must be taken to ensure the safe operation of the controllable switch under this working condition. The 1000kV West Beijing to Shijiazhuang UHV AC transmission and transformation expansion project is the first project of pilot application of CMOA. CMOA were installed at both ends of the outgoing branch of Dingtai line I. In order to study the influence of lightning intrusion wave on the controllable switch of CMOA, this paper selected this project to simulate the lightning stroke on the incoming section of Dingtai line I in Beijing West substation in the process of system air closing or single-phase reclosing, and obtained the current and di/dt of the controllable switch through CMOA under this working condition. Then the performances of mechanical and thyristor control switches were checked respectively. The results showed that the mechanical switch could withstand without protective measures. The tolerance of thyristor switch to i and di/dt exceeded the limit value, and measures should be taken to protect and limit it. In this paper, the protection measures of current limiting reactor were given, and the limiting effect of the protection measures was verified by simulation and test. It could fully meet the requirements and ensure the safe operation of thyristor controllable switch.

In the era of Internet of Things (IoT), the connection links are established from devices easily, which is vulnerable to insecure attacks from intruders, hence intrusion detection system in IoT is the need of an hour. One of the important thing for any organization is securing the confidential information and data from outside attacks as well as unauthorized access. There are many attempts made by the researchers to develop the strong intrusion detection system having high accuracy. These systems suffer from many disadvantages like unacceptable accuracy rates including high False Positive Rate (FPR) and high False Negative Rate (FNR), more execution time and failure rate. More of these system models are developed by using traditional machine learning techniques, which have performance limitations in terms of accuracy and timeliness both. These limitations can be overcome by using the deep learning techniques. Deep learning techniques have the capability to generate highly accurate results and are fault tolerant. Here, the intrusion detection model for IoT is designed by using the Taylor-Spider Monkey optimization (Taylor-SMO) which will be developed to train the Deep belief neural network (DBN) towards achieving an accurate intrusion detection model. The deep learning accuracy gets increased with increasing number of training data samples and testing data samples. The optimization based algorithm for training DBN helps to reduce the FPR and FNR in intrusion detection. The system will be implemented by using the NSL KDD dataset. Also, this model will be trained by using the samples from this dataset, before which feature extraction will be applied and only relevant set of attributes will be selected for model development. This approach can lead to better and satisfactory results in intrusion detection.

Recent work on intrusion-tolerance has shown that resilience to sophisticated network attacks requires system replicas to be deployed across at least three geographically distributed sites. While commodity data centers offer an attractive solution for hosting these sites due to low cost and management overhead, their use raises significant confidentiality concerns: system operators may not want private data or proprietary algorithms exposed to servers outside their direct control. We present a new model for Byzantine Fault Tolerant replicated systems that moves toward “intrusion tolerance as a service”. Under this model, application logic and data are only exposed to servers hosted on the system operator's premises. Additional offsite servers hosted in data centers can support the needed resilience without executing application logic or accessing unencrypted state. We have implemented this approach in the open-source Spire system, and our evaluation shows that the performance overhead of providing confidentiality can be less than 4% in terms of latency.

In November 2019, the government of Iran enforced a week-long total Internet blackout that prevented the majority of Internet connectivity into and within the nation. This work elaborates upon the Iranian Internet blackout by characterizing the event through Internet-scale, near realtime network traffic measurements. Beginning with an investigation of compromised machines scanning the Internet, nearly 50 TB of network traffic data was analyzed. This work discovers 856,625 compromised IP addresses, with 17,182 attributed to the Iranian Internet space. By the second day of the Internet shut down, these numbers dropped by 18.46% and 92.81%, respectively. Empirical analysis of the Internet-of-Things (IoT) paradigm revealed that over 90% of compromised Iranian hosts were fingerprinted as IoT devices, which saw a significant drop throughout the shutdown (96.17% decrease by the blackout's second day). Further examination correlates BGP reachability metrics and related data with geolocation databases to statistically evaluate the number of reachable Iranian ASNs (dropping from approximately 1100 to under 200 reachable networks). In-depth investigation reveals the top affected ASNs, providing network forensic evidence of the longitudinal unplugging of such key networks. Lastly, the impact's interruption of the Bitcoin cryptomining market is highlighted, disclosing a massive spike in unsuccessful (i.e., pending) transactions. When combined, these network traffic measurements provide a multidimensional perspective of the Iranian Internet shutdown.

The Border Gateway Protocol (BGP) is in charge of the route exchange at the Internet scale. Anomalies in BGP can have several causes (mis-configuration, outage and attacks). These anomalies are classified into large or small scale anomalies. Machine learning models are used to analyze and detect anomalies from the complex data extracted from BGP behavior. Two types of data representation can be used inside the machine learning models: a graph representation of the network (graph features) or a statistical computation on the data (statistical features). In this paper, we evaluate and compare the accuracy of machine learning models using graph features and statistical features on both large and small scale BGP anomalies. We show that statistical features have better accuracy for large scale anomalies, and graph features increase the detection accuracy by 15% for small scale anomalies and are well suited for BGP small scale anomaly detection.

An experimental network environment plays an important role to examine new systems and protocols. We have developed an experimental network construction tool called LiONv1 (Lightweight On-Demand Networking, ver.1). LiONv1 satisfies the following four requirements: programmer-friendly configuration file based on Infrastructure as Code, multiple virtualization technologies for virtual nodes, physical topology conscious virtual node placement, and L3 protocol agnostic virtual networks. None of existing experimental network environments satisfy all the four requirements. In this paper, we develop LiONv2 which satisfies three more requirements: diversity of available network devices, Internet-scale deployment, and disaggregation of network configuration and device configuration. LiONv2 employs NETCONF and YANG to achieve diversity of available network devices and Internet-scale deployment. LiONv2 also defines two YANG models which disaggregate network configuration and device configuration. LiONv2 is implemented in Go and C languages with public libraries for Go. Measurement results show that construction time of a virtual network is irrelevant to the number of virtual nodes if a single virtual node is created per physical node.

The COVID-19 pandemic introduced novel incentives for adversaries to exploit the state of turmoil. As we have witnessed with the increase in for instance phishing attacks and domain name registrations piggybacking the COVID-19 brand name. In this paper, we perform an analysis at Internet-scale of COVID-19 domain name registrations during the early stages of the virus' spread, and investigate the rationales behind them. We leverage the DomainTools COVID-19 Threat List and additional measurements to analyze over 150,000 domains registered between January 1st 2020 and May 1st 2020. We identify two key rationales for covid-related domain registrations. Online marketing, by either redirecting traffic or hosting a commercial service on the domain, and domain parking, by registering domains containing popular COVID-19 keywords, presumably anticipating a profit when reselling the domain later on. We also highlight three public policy take-aways that can counteract this domain registration behavior.

The Internet-of-Things (IoT) paradigm at large continues to be compromised, hindering the privacy, dependability, security, and safety of our nations. While the operational security communities (i.e., CERTS, SOCs, CSIRT, etc.) continue to develop capabilities for monitoring cyberspace, tools which are IoT-centric remain at its infancy. To this end, we address this gap by innovating an actionable Cyber Threat Intelligence (CTI) feed related to Internet-scale infected IoT devices. The feed analyzes, in near real-time, 3.6TB of daily streaming passive measurements ( ≈ 1M pps) by applying a custom-developed learning methodology to distinguish between compromised IoT devices and non-IoT nodes, in addition to labeling the type and vendor. The feed is augmented with third party information to provide contextual information. We report on the operation, analysis, and shortcomings of the feed executed during an initial deployment period. We make the CTI feed available for ingestion through a public, authenticated API and a front-end platform.

With the increasing number of electric vehicles, the scale of the market also increases. In the past, the electric vehicle market had problems such as opaque information, numerous levels and data leakage, which were criticized for the impact of the overall development and policies of the electric vehicle industry. In view of the problems existing in the transparency and security of big data management transactions of the Internet of vehicles, this paper combs the commercial operation framework of the Internet of Vehicles Platform, analyses the feasibility and necessity of establishing the token system of the Internet of Vehicles Platform, and constructs the token economic system architecture of the Internet of Vehicles Platform and its development path.

Vehicular networks have been considered as a hopeful technology to enhance road safety, which is a crossing area of Internet of Things (IoT) and Intelligent Transportation Systems (ITS). Current Internet architecture using the TCP/IP model and based on host-to-host is limited when it comes to vehicular communications which are characterized by high speed and dynamic topology. Thus, using Named Data Networking (NDN) in connected vehicles may tackle the issues faced with the TCP/IP model. In this paper, we investigate the security concerns of applying NDN in vehicular environments and discuss the remaining challenges in order to guide researchers in this field to choose their future research direction.

Vehicles play an integral part in the life of a human being by facilitating in everyday tasks. The major concern that arises with this fact is that the rate of vehicle thefts have increased exponentially and retrieving them becomes almost impossible as the responsible party completely alters the stolen vehicles, leaving them untraceable. Ultimately, tracking and monitoring of vehicles using on-vehicle sensors is a promising and an efficient solution. The Internet of Things (IoT) is expected to play a vital role in revolutionizing the Security and Safety industry through a system of sensor networks by periodically sending the data from the sensors to the cloud for storage, from where it can be accessed to view or take any necessary actions (if required). The main contributions of this paper are the implementation and results of the prototype of a vehicle tracking and monitoring system. The system comprises of an Arduino UNO board connected to the Global Positioning System (GPS) module, Neo-6M, which senses the exact location of the vehicle in the form of latitude and longitude, and the ESP8266 Wi-Fi module, which sends the data to the Application Programming Interface (API) Cloud service, ThingSpeak, for storage and analyzing. An Android based mobile application is developed that utilizes the stored data from the Cloud and presents the user with the findings. Results show that the prototype is not only simple and cost effective, but also efficient and can be readily used by everyone from all walks of life to protect their vehicles.

As modern vehicles are complex IoT devices with intelligence capable to connect to an external infrastructure and use Vehicle-to-Everything (V2X) communication, there is a need to secure the communication to avoid being a target for cyber-attacks. Also, the organs of the car (sensors, communication, and control) each could have a vulnerability, that leads to accidents or potential deaths. Manufactures of cars have a huge responsibility to secure the safety of their costumers and should not skip the important security research, instead making sure to implement important security measures, which makes your car less likely to be attacked. This paper covers the relevant attacks and threats to modern vehicles and presents a security analysis with potential countermeasures. We discuss the future of modern and autonomous vehicles and conclude that more countermeasures must be taken to create a future and safe concept.