Biblio

Plaintext transmission is the major way of communication in the existing security and stability control (SSC) system of power grid. Such type of communication is easy to be invaded, camouflaged and hijacked by a third party, leading to a serious threat to the safe and stable operation of power system. Focusing on the communication security in SSC system, the authors use asymmetric encryption algorithm to encrypt communication messages, to generate random numbers through random noise of electrical quantities, and then use them to generate key pairs needed for encryption, at the same time put forward a set of key management mechanism for engineering application. In addition, the field engineering test is performed to verify that the proposed encryption method and management mechanism can effectively improve the communication in SSC system while ensuring the high-speed and reliable communication.

This paper presents a physically-secure wireless communication system utilizing orbital angular momentum (OAM) waves at 0.31THz. A trustworthy key distribution mechanism for symmetric key cryptography is proposed by exploiting random hopping among the orthogonal OAM-wave modes and phases. Keccak-f[400] based pseudorandom number generator provides randomness to phase distribution of OAM-wave modes for additional security. We assess the security vulnerabilities of using OAM modulation in a THz communication system under various physical-layer threat models as well as analyze the effectiveness of these threat models for varying attacker complexity levels under different conditions.

The robustness of the encryption systems in all of their types depends on the key generation. Thus, an encryption system can be said robust if the generated key(s) are very complex and random which prevent attackers or other analytical tools to break the encryption system. This paper proposed an enhanced key generation based on iris image as biometric, to be implemented dynamically in both of authentication process and data encryption. The captured iris image during the authentication process will be stored in a cloud server to be used in the next login to decrypt data. While in the current login, the previously stored iris image in the cloud server would be used to decrypt data in the current session. The results showed that the generated key meets the required randomness for several NIST tests that is reasonable for one use. The strength of the proposed approach produced unrepeated keys for encryption and each key will be used once. The weakness of the produced key may be enhanced to become more random.

Physical Unclonable Functions (PUFs) are the secured hardware primitives to authenticate Integrated Circuits (ICs) from various unauthorized attacks. The secured key generation mechanism through PUFs is based on random Process Variations (PVs) inherited by the CMOS transistors. In this paper, we proposed a chaotic-based challenge generation mechanism to feed the arbiter PUFs. The chaotic property is introduced to increase the non-linearity in the arbitration mechanism thereby the uncertainty of the keys is attained. The chaotic sequences are easy to generate, difficult to intercept, and have the additional advantage of being in a large number Challenge-Response Pair (CRP) generation. The proposed design has a significant advantage in key generation with improved uniqueness and diffuseness of 47.33%, and 50.02% respectively. Moreover, the enhancement in the reliability of 96.14% and 95.13% range from −40C to 125C with 10% fluctuations in supply voltage states that it has prominent security assistance to the Internet of Things (IoT) enabled devices against malicious attacks.

A novel secure physical layer key generation method for Connected and Autonomous Vehicles (CAVs) against an attacker is proposed under fading and Additive White Gaussian Noise (AWGN). In the proposed method, a random sequence key is added to the demodulated sequence to generate a unique pre-shared key (PSK) to enhance security. Extensive computer simulation results proved that an attacker cannot extract the same legitimate PSK generated by the received vehicle even if identical fading and AWGN parameters are used both for the legitimate vehicle and attacker.

True Random Number Generator (TRNG) is an important hardware security primitive for system security. TRNGs are capable of providing random bits for initialization vectors in encryption engines, for padding and nonces in authentication protocols and for seeds to pseudo random number generators (PRNG). A TRNG needs to meet the same statistical quality standards as a physical unclonable function (PUF) with regard to randomness and uniqueness, and therefore one can envision a unified architecture for both functions. In this paper, we investigate a FPGA implementation of a TRNG using the Shift-register Reconvergent-Fanout (SiRF) PUF. The SiRF PUF measures path delays as a source of entropy within a engineered logic gate netlist. The delays are measured at high precision using a time-to-digital converter, and then processed into a random bitstring using a series of linear-time mathematical operations. The SiRF PUF algorithm that is used for key generation is reused for the TRNG, with simplifications that improve the bit generation rate of the algorithm. This enables the TRNG to leverage both fixed PUF-based entropy and random noise sources, and makes the TRNG resilient to temperature-voltage attacks. TRNG bitstrings generated from a programmable logic implementation of the SiRF PUF-TRNG on a set of FPGAs are evaluated using statistical testing tools.

Peer review is a widely utilized pedagogical feedback mechanism for engaging students, which has been shown to improve educational outcomes. However, we find limited discussion and empirical measurement of peer review in visualization coursework. In addition to engagement, peer review provides direct and diverse feedback and reinforces recently-learned course concepts through critical evaluation of others’ work. In this paper, we discuss the construction and application of peer review in a computer science visualization course, including: projects that reuse code and visualizations in a feedback-guided, continual improvement process and a peer review rubric to reinforce key course concepts. To measure the effectiveness of the approach, we evaluate student projects, peer review text, and a post-course questionnaire from 3 semesters of mixed undergraduate and graduate courses. The results indicate that course concepts are reinforced with peer review—82% reported learning more because of peer review, and 75% of students recommended continuing it. Finally, we provide a road-map for adapting peer review to other visualization courses to produce more highly engaged students.

Amount and variety of training data drastically affect the performance of CNNs. Thus, annotation methods are becoming more and more critical to collect data efficiently. In this paper, we propose a simple yet efficient Interactive Self-Annotation framework to cut down both time and human labor cost for video object bounding box annotation. Our method is based on recurrent self-supervised learning and consists of two processes: automatic process and interactive process, where the automatic process aims to build a supported detector to speed up the interactive process. In the Automatic Recurrent Annotation, we let an off-the-shelf detector watch unlabeled videos repeatedly to reinforce itself automatically. At each iteration, we utilize the trained model from the previous iteration to generate better pseudo ground-truth bounding boxes than those at the previous iteration, recurrently improving self-supervised training the detector. In the Interactive Recurrent Annotation, we tackle the human-in-the-loop annotation scenario where the detector receives feedback from the human annotator. To this end, we propose a novel Hierarchical Correction module, where the annotated frame-distance binarizedly decreases at each time step, to utilize the strength of CNN for neighbor frames. Experimental results on various video datasets demonstrate the advantages of the proposed framework in generating high-quality annotations while reducing annotation time and human labor costs.

Recent years have witnessed several educational innovations to provide effective and engaging classroom instruction with the integration of immersive interactions based on augmented reality and virtual reality (AR/VR). This paper outlines the development of an ARCore-based application (app) that can impart interactive experiences for hands-on learning in engineering laboratories. The ARCore technology enables a smartphone to sense its environment and detect horizontal and vertical surfaces, thus allowing the smartphone to estimate any position in its workspace. In this mobile app, with touch-based interaction and AR feedback, the user can interact with a wheeled mobile robot and reinforce the concepts of kinematics for a differential drive mobile robot. The user experience is evaluated and system performance is validated through a user study with participants. The assessment shows that the proposed AR interface for interacting with the experimental setup is intuitive, easy to use, exciting, and recommendable.

Trip planning, which targets at planning a trip consisting of several ordered Points of Interest (POIs) under user-provided constraints, has long been treated as an important application for location-based services. The goal of trip planning is to maximize the chance that the users will follow the planned trip while it is difficult to directly quantify and optimize the chance. Conventional methods either leverage statistical analysis to rank POIs to form a trip or generate trips following pre-defined objectives based on constraint programming to bypass such a problem. However, these methods may fail to reflect the complex latent patterns hidden in the human mobility data. On the other hand, though there are a few deep learning-based trip recommendation methods, these methods still cannot handle the time budget constraint so far. To this end, we propose a TIme-aware Neural Trip Planning (TINT) framework to tackle the above challenges. First of all, we devise a novel attention-based encoder-decoder trip generator that can learn the correlations among POIs and generate trips under given constraints. Then, we propose a specially-designed reinforcement learning (RL) paradigm to directly optimize the objective to obtain an optimal trip generator. For this purpose, we introduce a discriminator, which distinguishes the generated trips from real-life trips taken by users, to provide reward signals to optimize the generator. Subsequently, to ensure the feedback from the discriminator is always instructive, we integrate an adversarial learning strategy into the RL paradigm to update the trip generator and the discriminator alternately. Moreover, we devise a novel pre-training schema to speed up the convergence for an efficient training process. Extensive experiments on four real-world datasets validate the effectiveness and efficiency of our framework, which shows that TINT could remarkably outperform the state-of-the-art baselines within short response time.

In this paper, an implementation of a human in the loop (HITL) technique for robot navigation in an indoor environment is described. The HITL technique is integrated into the reinforcement learning algorithms for mobile robot navigation. Reinforcement algorithms, specifically Q-learning and SARSA, are used combined with HITL since these algorithms are good in exploration and navigation. Turtlebot3 has been used as the robot for validating the algorithms by implementing the system using Robot Operating System and Gazebo. The robot-assisted with human feedback was found to be better in navigation task execution when compared to standard algorithms without using human in the loop. This is a work in progress and the next step of this research is exploring other reinforced learning methods and implementing them on a physical robot.

In present research, an empirical model for building and maintaining students' intrinsic motivation to learn is proposed. Unlike many other models of motivation, this model is not based on psychological theories but is derived directly from empirical observations made by experienced learners and educators. Thanks to empirical nature of the proposed model, its application to educational practice may be more straightforward in comparison with assumptions-based motivation theories. Interestingly, the structure of the proposed model resembles to some extent the structure of the oscillator circuit containing an amplifier and a positive feedback loop.

Learning movement control is a fundamental process integral to infant development. However, it is still unclear how infants learn to control leg movement. This work explores the potential of using socially assistive robots to provide real-time adaptive reinforcement learning for infants. Ten 6 to 8-month old typically-developing infants participated in a study where a robot provided reinforcement when the infant’s right leg acceleration fell within the range of 9 to 20 m/s2. If infants increased the proportion of leg accelerations in this band, they were categorized as "performers". Six of the ten participating infants were categorized as performers; the performer subgroup increased the magnitude of acceleration, proportion of target acceleration for right leg, and ratio of right/left leg acceleration peaks within the target acceleration band and their right legs increased movement intensity from the baseline to the contingency session. The results showed infants specifically adjusted their right leg acceleration in response to a robot- provided reward. Further study is needed to understand how to improve human-robot interaction policies for personalized interventions for young infants.

Recent scientific results show that audio feedback associated with body movements can be fundamental during the development to learn new spatial concepts [1], [2]. Within the weDraw project [3], [4], we have investigated how this link can be useful to learn mathematical concepts. Here we present a study investigating how mathematical skills changes after multisensory training based on human-computer interaction (RobotAngle and BodyFraction activities). We show that embodied angle and fractions exploration associated with audio and visual feedback can be used in typical children to improve cognition of spatial mathematical concepts. We finally present the exploitation of our results: an online, optimized version of one of the tested activity to be used at school. The training result suggests that audio and visual feedback associated with body movements is informative for spatial learning and reinforces the idea that spatial representation development is based on sensory-motor interactions.

The prevalence of mobile devices (smartphones) along with the availability of high-speed internet access world-wide resulted in a wide variety of mobile applications that carry a large amount of confidential information. Although popular mobile operating systems such as iOS and Android constantly increase their defenses methods, data shows that the number of intrusions and attacks using mobile applications is rising continuously. Experts use techniques to detect malware before the malicious application gets installed, during the runtime or by the network traffic analysis. In this paper, we first present the information about different categories of mobile malware and threats; then, we classify the recent research methods on mobile malware traffic detection.

A recently emerged cellular network based One-Tap Authentication (OTAuth) scheme allows app users to quickly sign up or log in to their accounts conveniently: Mobile Network Operator (MNO) provided tokens instead of user passwords are used as identity credentials. After conducting a first in-depth security analysis, however, we have revealed several fundamental design flaws among popular OTAuth services, which allow an adversary to easily (1) perform unauthorized login and register new accounts as the victim, (2) illegally obtain identities of victims, and (3) interfere OTAuth services of legitimate apps. To further evaluate the impact of our identified issues, we propose a pipeline that integrates both static and dynamic analysis. We examined 1,025/894 Android/iOS apps, each app holding more than 100 million installations. We confirmed 396/398 Android/iOS apps are affected. Our research systematically reveals the threats against OTAuth services. Finally, we provide suggestions on how to mitigate these threats accordingly.

With the growth of mobile computing techniques, mobile gambling scams have seen a rampant increase in the recent past. In mobile gambling scams, miscreants deliver scamming messages via mobile instant messaging, host scam gambling platforms on mobile apps, and adopt mobile payment channels. To date, there is little quantitative knowledge about how this trending cybercrime operates, despite causing daily fraud losses estimated at more than \$\$\$522,262 USD. This paper presents the first empirical study based on ground-truth data of mobile gambling scams, associated with 1,461 scam incident reports and 1,487 gambling scam apps, spanning from January 1, 2020 to December 31, 2020. The qualitative and quantitative analysis of this ground-truth data allows us to characterize the operational pipeline and full fraud kill chain of mobile gambling scams. In particular, we study the social engineering tricks used by scammers and reveal their effectiveness. Our work provides a systematic analysis of 1,068 confirmed Android and 419 iOS scam apps, including their development frameworks, declared permissions, compatibility, and backend network infrastructure. Perhaps surprisingly, our study unveils that public online app generators have been abused to develop gambling scam apps. Our analysis reveals several payment channels (ab)used by gambling scam app and uncovers a new type of money mule-based payment channel with the average daily gambling deposit of \$\$\$400,000 USD. Our findings enable a better understanding of the mobile gambling scam ecosystem, and suggest potential avenues to disrupt these scam activities.

Flush-based cache attacks like Flush+Reload and Flush+Flush are highly precise and effective. Most of the flush-based attacks provide high accuracy in controlled and isolated environments where attacker and victim share OS pages. However, we observe that these attacks are prone to low accuracy on a noisy multi-core system with co-running applications. Two root causes for the varying accuracy of flush-based attacks are: (i) the dynamic nature of core frequencies that fluctuate depending on the system load, and (ii) the relative placement of victim and attacker threads in the processor, like same or different physical cores. These dynamic factors critically affect the execution latency of key instructions like clflush and mov, rendering the pre-attack calibration step ineffective.We propose DABANGG, a set of novel refinements to make flush-based attacks resilient to system noise by making them aware of frequency and thread placement. First, we introduce pre-attack calibration that is aware of instruction latency variation. Second, we use low-cost attack-time optimizations like fine-grained busy waiting and periodic feedback about the latency thresholds to improve the effectiveness of the attack. Finally, we provide victim-specific parameters that significantly improve the attack accuracy. We evaluate DABANGG-enabled Flush+Reload and Flush+Flush attacks against the standard attacks in side-channel and covert-channel experiments with varying levels of compute, memory, and IO-intensive system noise. In all scenarios, DABANGG+Flush+Reload and DABANGG+Flush+Flush outperform the standard attacks in stealth and accuracy.

We have proposed a new Smart Meter Application (SMA) Framework. This application registers consumers at utility provider (Electricity), takes the meter reading for electricity and makes billing. The proposed application might offer higher level of flexibility and security, time saving and trustworthiness between consumers and authority offices. It’s expected that the application will be developed by Flutter to support Android and iOS Mobile Operating Systems.

Driven by the progress of data and compute-intensive methods in various scientific domains, there is an in-creasing demand from researchers working with highly sensitive data to have access to the necessary computational resources to be able to adapt those methods in their respective fields. To satisfy the computing needs of those researchers cost-effectively, it is an open quest to integrate reliable security measures on existing High Performance Computing (HPC) clusters. The fundamental problem with securely working with sensitive data is, that HPC systems are shared systems that are typically trimmed for the highest performance - not for high security. For instance, there are commonly no additional virtualization techniques employed, thus, users typically have access to the host operating system. Since new vulnerabilities are being continuously discovered, solely relying on the traditional Unix permissions is not secure enough. In this paper, we discuss a generic and secure workflow that can be implemented on typical HPC systems allowing users to transfer, store and analyze sensitive data. In our experiments, we see an advantage in the asynchronous execution of IO requests, while reaching 80 % of the ideal performance.

We use mobile apps on a daily basis and there is an app for everything. We trust these applications with our most personal data. It is therefore important that these apps are as secure and well usable as possible. So far most studies on the maintenance and security of mobile applications have been done on Android applications. We do, however, not know how well these results translate to iOS.This research project aims to close this gap by analysing iOS applications with regards to maintainability and security. Regarding maintainability, we analyse code smells in iOS applications, the evolution of code smells in iOS applications and compare code smell distributions in iOS and Android applications. Regarding security, we analyse the evolution of the third-party library dependency network for the iOS ecosystem. Additionally, we analyse how publicly reported vulnerabilities spread in the library dependency network.Regarding maintainability, we found that the distributions of code smells in iOS and Android applications differ. Code smells in iOS applications tend to correspond to smaller classes, such as Lazy Class. Regarding security, we found that the library dependency network of the iOS ecosystem is not growing as fast as in some other ecosystems. There are less dependencies on average than for example in the npm ecosystem and, therefore, vulnerabilities do not spread as far.

As information and communication technologies evolve every day, so does the use of technology in our daily lives. Along with our increasing dependence on digital information assets, security vulnerabilities are becoming more and more apparent. Passwords are a critical component of secure access to digital systems and applications. They not only prevent unauthorized access to these systems, but also distinguish the users of such systems. Research on password predictability often relies on surveys or leaked data. Therefore, there is a gap in the literature for studies that consider real data in this regard. This study investigates the password security awareness of 161 computer engineering students enrolled in a Linux-based undergraduate course at Ataturk University. The study is conducted in two phases, and in the first phase, 12 dictionaries containing also real student data are formed. In the second phase of the study, a dictionary-based brute-force attack is utilized by means of a serial and parallel version of a Bash script to crack the students’ passwords. In this respect, the /etc/shadow file of the Linux system is used as a basis to compare the hashed versions of the guessed passwords. As a result, the passwords of 23 students, accounting for 14% of the entire student group, were cracked. We believe that this is an unacceptably high prediction rate for such a group with high digital literacy. Therefore, due to this important finding of the study, we took immediate action and shared the results of the study with the instructor responsible for administering the information security course that is included in our curriculum and offered in one of the following semesters.

Existing solutions for scheduling arbitrarily complex distributed applications on networks of computational nodes are insufficient for scenarios where the network topology is changing rapidly. New Internet of Things (IoT) domains like the Internet of Robotic Things (IoRT) and the Internet of Battlefield Things (IoBT) demand solutions that are robust and efficient in environments that experience constant and/or rapid change. In this paper, we demonstrate how recent advancements in machine learning (in particular, in graph convolutional neural networks) can be leveraged to solve the task scheduling problem with decent performance and in much less time than traditional algorithms.

On the Internet of Battlefield Things (IoBT), unmanned aerial vehicles (UAVs) provide significant operational advantages. However, the exploitation of the UAV by an untrustworthy entity might lead to security violations or possibly the destruction of crucial IoBT network functionality. The IoBT system has substantial issues related to data tampering and fabrication through illegal access. This paper proposes the use of an intelligent architecture called IoBT-Net, which is built on a convolution neural network (CNN) and connected with blockchain technology, to identify and trace illicit UAV in the IoBT system. Data storage on the blockchain ledger is protected from unauthorized access, data tampering, and invasions. Conveniently, this paper presents a low complexity and robustly performed CNN called LRCANet to estimate AOA for object localization. The proposed LRCANet is efficiently designed with two core modules, called GFPU and stacks, which are cleverly organized with regular and point convolution layers, a max pool layer, and a ReLU layer associated with residual connectivity. Furthermore, the effectiveness of LRCANET is evaluated by various network and array configurations, RMSE, and compared with the accuracy and complexity of the existing state-of-the-art. Additionally, the implementation of tailored drone-based consensus is evaluated in terms of three major classes and compared with the other existing consensus.

Military networks consist of heterogeneous devices that provide soldiers with real-time terrain and mission intel-ligence. The development of next-generation Software Defined Networks (SDN)-enabled devices is enabling the modernization of traditional military networks. Commonly, traditional military networks take the trustworthiness of devices for granted. How-ever, the recent modernization of military networks introduces cyber attacks such as data and identity spoofing attacks. Hence, it is crucial to ensure the trustworthiness of network traffic to ensure the mission's outcome. This work proposes a Continuous Behavior-based Authentication (CBA) protocol that integrates network traffic analysis techniques to provide robust and efficient network management flow by separating data and control planes in SDN-enabled military networks. The evaluation of the CBA protocol aimed to measure the efficiency of the proposed protocol in realistic military networks. Furthermore, we analyze the overall network overhead of the CBA protocol and its accuracy to detect rogue network traffic data from field devices.