Biblio

{Unikernel is smaller in size than existing operating systems and can be started and shut down much more quickly and safely, resulting in greater flexibility and security. Since unikernel does not include large modules like the file system in its library to reduce its size, it is common to choose offloading to handle file IO. However, the processing of IO offload of unikernel transfers the file IO command to the proxy of the file server and copies the file IO result of the proxy. This can result in a trade-off of rapid processing, an advantage of unikernel. In this paper, we propose a method to offload file IO and to perform file IO with direct copy from file server to unikernel}.

Mobile ad hoc network (MANET) requires extraneous energy effectualness and legion intelligence for which a best clustered based approach is pertained called the “Bee-Ad Hoc-C”. In MANET the mechanism of multi-hop routing is imperative but may leads to a challenging issue like lack of data privacy during communication. ECC (Elliptical Curve Cryptography) is integrated with the Bee clustering approach to provide an energy efficient and secure data delivery system. Even though it ensures data confidentiality, data reliability is still disputable such as data dropping attack, Black hole attack (Attacker router drops the data without forwarding to destination). In such cases the technique of overhearing is utilized by the neighbor routers and the packet forwarding statistics are measured based on the ratio between the received and forwarded packets. The presence of attack is detected if the packet forwarding ratio is poor in the network which paves a way to the alternate path identification for a reliable data transmission. The proposed work is an integration of SC-AODV along with ECC in Bee clustering approach with an extra added overhearing technique which n on the whole ensures data confidentiality, data reliability and energy efficiency.

Ad hoc network is sensitive to attacks because it has temporary nature and frequently recognized insecure environment. Both Ad hoc On-demand Distance Vector (AODV) and Ad hoc On-demand Multipath Distance vector (AOMDV) routing protocols have the strategy to take help from Wireless and mobile ad hoc networks. A mobile ad hoc network (MANET) is recognized as an useful internet protocol and where the mobile nodes are self-configuring and self-organizing in character. This research paper has focused on the detection and influence of black hole attack on the execution of AODV and AOMDV routing protocols and has also evaluated the performance of those two on-demand routing protocols in MANETs. AODV has the characteristics for discovering a single path in single route discovery and AOMDV has the characteristics for discovering multiple paths in single route discovery. Here a proposed method for both AODV and AOMDV routing protocol, has been applied for the detection of the black hole attack, which is the merge of both SHA-3 and Diffie-Hellman algorithm. This merge technique has been applied to detect black hole attack in MANET. This technique has been applied to measure the performance matrices for both AODV and AOMDV and those performance matrices are Average Throughput, Average End to End delay and Normalized Routing Load. Both AODV and AOMDV routing protocol have been compared with each other to show that under black hole attack, AOMDV protocol always has better execution than AODV protocol. Here, NS-2.35 has been used as the Network Simulator tool for the simulation of these particular three types of performance metrics stated above.

In this paper, we investigate the protection mechanism of source location privacy, in which back-tracing attack is performed by an adversary. A dynamic and disjoint routing mechanism (DDRM) is proposed to achieve a strong protection for source location privacy in an energy-efficient manner. Specially, the selection of intermediate node renders the message transmission randomly and flexibly. By constructing k disjoint paths, an adversary could not receive sufficient messages to locate the source node. Simulation results illustrate the effectiveness of the proposed mechanism.

In recent years, service providers, such as mobile operators providing wireless services, collected location data in enormous extent with the increase of the usages of mobile phones. Vertical businesses, such as banks, may want to use this location information for their own scenarios. However, service providers cannot directly provide these private data to the vertical businesses because of the privacy and legal issues. In this demo, we show how privacy preserving solutions can be utilized using such location-based queries without revealing each organization's sensitive data. In our demonstration, we used partially homomorphic cryptosystem in our protocols and showed practicality and feasibility of our proposed solution.

The evolution of the Internet of Vehicles (IoV) paradigm has recently attracted a lot of researchers and industries. Vehicular Ad Hoc Networks (VANET) is the networking model that lies at the heart of this technology. It enables the vehicles to exchange relevant information concerning road conditions and safety. However, ensuring communication security has been and still is one of the main challenges to vehicles' interconnection. To secure the interconnected vehicular system, many cryptography techniques, communication protocols, and certification and reputation-based security approaches were proposed. Nonetheless, some limitations are still present, preventing the practical implementation of such approaches. In this paper, we first define a set of locally-perceived behavioral reputation parameters that enable a distributed evaluation of vehicles' reputation. Then, we integrate these parameters into the design of a reputation management system to exclude malicious or faulty vehicles from the IoV network. Our system can help in the prevention of several attacks on the VANET environment such as Sybil and Denial of Service attacks, and can be implemented in a fully decentralized fashion.

According to the information security requirements of the industrial control system and the technical features of the existing defense measures, a dynamic security control strategy based on trusted computing is proposed. According to the strategy, the Industrial Cyber-Physical System system information security solution is proposed, and the linkage verification mechanism between the internal fire control wall of the industrial control system, the intrusion detection system and the trusted connection server is provided. The information exchange of multiple network security devices is realized, which improves the comprehensive defense capability of the industrial control system, and because the trusted platform module is based on the hardware encryption, storage, and control protection mode, It overcomes the common problem that the traditional repairing and stitching technique based on pure software leads to easy breakage, and achieves the goal of significantly improving the safety of the industrial control system . At the end of the paper, the system analyzes the implementation of the proposed secure industrial control information security system based on the trustworthy calculation.

There has been growing concern about privacy and security risks towards electronic-government (e-government) services adoption. Though there are positive results of e- government, there are still other contestable challenges that hamper success of e-government services. While many of the challenges have received considerable attention, there is still little to no firm research on others such as privacy and security risks, effects of infrastructure both in urban and rural settings. Other concerns that have received little consideration are how for instance; e-government serves as a function of perceived usefulness, ease of use, perceived benefit, as well as cultural dimensions and demographic constructs in South Africa. Guided by technology acceptance model, privacy calculus, Hofstede cultural theory and institutional logic theory, the current research sought to examine determinants of e- government use in developing countries. Anchored upon the aforementioned theories and background, the current study proposed three recommendations as potential value chain, derived from e-government service in response to citizens (end- user) support, government and community of stakeholders.

e-Government is needed to actualize clean, effective, transparent and accountable governance as well as quality and reliable public services. The implementation of e-Government is currently constrained because there is no derivative regulation, one of which is the regulation for e-Government Security. To answer this need, this study aims to provide input on performance management and governance systems for e-Government Security with the hope that the control design for e-Government Security can be met. The results of this study are the e-Government Security Governance System taken from 28 core models of COBIT 2019. The 28 core models were taken using CSF and risk. Furthermore, performance management for this governance system consists of capability and maturity levels which is an extension of the evaluation process in the e-Government Evaluation Guidelines issued by the Ministry of PAN & RB. The evaluation of the design carried out by determining the current condition of capability and maturity level in Badan XYZ. The result of the evaluation shows that the design possible to be implemented and needed.

This paper presents a data-driven and physics-based method for detection of false data injection (FDI) in Smart Grids (SG). As the power grid transitions to the use of SG technology, it becomes more vulnerable to cyber-attacks like FDI. Current strategies for the detection of bad data in the grid rely on the physics based State Estimation (SE) process and statistical tests. This strategy is naturally vulnerable to undetected bad data as well as false positive scenarios, which means it can be exploited by an intelligent FDI attack. In order to enhance the robustness of bad data detection, the paper proposes the use of data-driven Machine Intelligence (MI) working together with current bad data detection via a combined Chi-squared test. Since MI learns over time and uses past data, it provides a different perspective on the data than the SE, which analyzes only the current data and relies on the physics based model of the system. This combined bad data detection strategy is tested on the IEEE 118 bus system.

Due to the increased diversity and complexity of cyberattacks, innovative and effective analytics are needed in order to identify critical cyber incidents on a corporate network even if no ground truth data is available. This paper develops an automated system which processes a set of intrusion alerts to create behavior aggregates and then classifies these aggregates into empirical attack models through a dynamic Bayesian approach with innovative feature engineering methods. Each attack model represents a unique collective attack behavior that helps to identify critical activities on the network. Using 2017 National Collegiate Penetration Testing Competition data, it is demonstrated that the developed system is capable of generating and refining unique attack models that make sense to human, without a priori knowledge.

There is a growing movement to retrofit ageing, large scale infrastructures, such as water networks, with wireless sensors and actuators. Next generation Cyber-Physical Systems (CPSs) are a tight integration of sensing, control, communication, computation and physical processes. The failure of any one of these components can cause a failure of the entire CPS. This represents a system design challenge to address these interdependencies. Wireless communication is unreliable and prone to cyber-attacks. An attack upon the wireless communication of CPS would prevent the communication of up-to-date information from the physical process to the controller. A controller without up-to-date information is unable to meet system's stability and performance guarantees. We focus on design approach to make CPSs secure and we evaluate their resilience to jamming attacks aimed at disrupting the system's wireless communication. We consider classic time-triggered control scheme and various resource-aware event-triggered control schemes. We evaluate these on a water network test-bed against three jamming strategies: constant, random, and protocol aware. Our test-bed results show that all schemes are very susceptible to constant and random jamming. We find that time-triggered control schemes are just as susceptible to protocol aware jamming, where some event-triggered control schemes are completely resilient to protocol aware jamming. Finally, we further enhance the resilience of an event-triggered control scheme through the addition of a dynamical estimator that estimates lost or corrupted data.

The article analyzes the concept of "Resilience" in relation to the development of computing. The strategy for reacting to perturbations in this process can be based either on "harsh Resistance" or "smarter Elasticity." Our "Models" are descriptive in defining the path of evolutionary development as structuring under the perturbations of the natural order and enable the analysis of the relationship among models, structures and factors of evolution. Among those, two features are critical: parallelism and "fuzziness", which to a large extent determine the rate of change of computing development, especially in critical applications. Both reversible and irreversible development processes related to elastic and resistant methods of problem solving are discussed. The sources of perturbations are located in vicinity of the resource boundaries, related to growing problem size with progress combined with the lack of computational "checkability" of resources i.e. data with inadequate models, methodologies and means. As a case study, the problem of hidden faults caused by the growth, the deficit of resources, and the checkability of digital circuits in critical applications is analyzed.

As an emerging paradigm for energy-efficiency design, approximate computing can reduce power consumption through simplification of logic circuits. Although calculation errors are caused by approximate computing, their impacts on the final results can be negligible in some error resilient applications, such as Convolutional Neural Networks (CNNs). Therefore, approximate computing has been applied to CNNs to reduce the high demand for computing resources and energy. Compared with the traditional method such as reducing data precision, this paper investigates the effect of approximate computing on the accuracy and power consumption of CNNs. To optimize the approximate computing technology applied to CNNs, we propose a method for quantifying the error resilience of each neuron by theoretical analysis and observe that error resilience varies widely across different neurons. On the basic of quantitative error resilience, dynamic adaptation of approximate bit-width and the corresponding configurable adder are proposed to fully exploit the error resilience of CNNs. Experimental results show that the proposed method further improves the performance of power consumption while maintaining high accuracy. By adopting the optimal approximate bit-width for each layer found by our proposed algorithm, dynamic adaptation of approximate bit-width reduces power consumption by more than 30% and causes less than 1% loss of the accuracy for LeNet-5.

Engineering complex distributed systems is challenging. Recent solutions for the development of cyber-physical systems (CPS) in industry tend to rely on architectural designs based on service orientation, where the constituent components are deployed according to their service behavior and are to be understood as loosely coupled and mostly independent. In this paper, we develop a workflow that combines contract-based and CPS model-based specifications with service orientation, and analyze the resulting model using fault injection to assess the dependability of the systems. Compositionality principles based on the contract specification help us to make the analysis practical. The presented techniques are evaluated on two case studies.

This paper is to design substitution boxes (S-Boxes) using innovative I-Ching operators (ICOs) that have evolved from ancient Chinese I-Ching philosophy. These three operators-intrication, turnover, and mutual- inherited from I-Ching are specifically designed to generate S-Boxes in cryptography. In order to analyze these three operators, identity, compositionality, and periodicity measures are developed. All three operators are only applied to change the output positions of Boolean functions. Therefore, the bijection property of S-Box is satisfied automatically. It means that our approach can avoid singular values, which is very important to generate S-Boxes. Based on the periodicity property of the ICOs, a new network is constructed, thus to be applied in the algorithm for designing S-Boxes. To examine the efficiency of our proposed approach, some commonly used criteria are adopted, such as nonlinearity, strict avalanche criterion, differential approximation probability, and linear approximation probability. The comparison results show that S-Boxes designed by applying ICOs have a higher security and better performance compared with other schemes. Furthermore, the proposed approach can also be used to other practice problems in a similar way.

We introduce the strictly in-order core (SIC), a timing-predictable pipelined processor core. SIC is provably timing compositional and free of timing anomalies. This enables precise and efficient worst-case execution time (WCET) and multi-core timing analysis. SIC's key underlying property is the monotonicity of its transition relation w.r.t. a natural partial order on its microarchitectural states. This monotonicity is achieved by carefully eliminating some of the dependencies between consecutive instructions from a standard in-order pipeline design. SIC preserves most of the benefits of pipelining: it is only about 6-7% slower than a conventional pipelined processor. Its timing predictability enables orders-of-magnitude faster WCET and multi-core timing analysis than conventional designs.

In this paper, we consider the problem of decentralized verification for large-scale cascade interconnections of linear subsystems such that dissipativity properties of the overall system are guaranteed with minimum knowledge of the dynamics. In order to achieve compositionality, we distribute the verification process among the individual subsystems, which utilize limited information received locally from their immediate neighbors. Furthermore, to obviate the need for full knowledge of the subsystem parameters, each decentralized verification rule employs a model-free learning structure; a reinforcement learning algorithm that allows for online evaluation of the appropriate storage function that can be used to verify dissipativity of the system up to that point. Finally, we show how the interconnection can be extended by adding learning-enabled subsystems while ensuring dissipativity.

With the challenge of the vast amount of data generated by devices at the edge of networks, new architecture needs a well-established data service model that accounts for privacy concerns. This paper presents an architecture of data transmission and a data portfolio with privacy for fog-to-cloud (DPPforF2C). We would like to propose a practical data model with privacy from a digitalized information perspective at fog nodes. In addition, we also propose an architecture for implicating the privacy of DPPforF2C used in fog computing. Technically, we design a data portfolio based on the Message Queuing Telemetry Transport (MQTT) and the Advanced Message Queuing Protocol (AMQP). We aim to propose sample data models with privacy architecture because there are some differences in the data obtained from IoT devices and sensors. Thus, we propose an architecture with the privacy of DPPforF2C for publishing data from edge devices to fog and to cloud servers that could be applied to fog architecture in the future.

Wear and tear are essential in establishing the market value of an asset. From shutter counters on DSLRs to odometers inside cars, specific counters, that encode the degree of wear, exist on most products. But malicious modification of the information that they report was always a concern. Our work explores a solution to this problem by using the blockchain technology, a layered encoding of product attributes and identity-based cryptography. Merging such technologies is essential since blockchains facilitate the construction of a distributed database that is resilient to adversarial modifications, while identity-based signatures set room for a more convenient way to check the correctness of the reported values based on the name of the product and pseudonym of the owner alone. Nonetheless, we reinforce security by using ownership cards deployed around NFC tokens. Since odometer fraud is still a major practical concern, we discuss a practical scenario centered on vehicles, but the framework can be easily extended to many other assets.

We study a model where a data collector obtains data from users through a payment mechanism to learn the underlying state from the elicited data. The private signal of each user represents her individual knowledge about the state. Through social interactions, each user can also learn noisy versions of her friends' signals, which is called group signals. Based on both her private signal and group signals, each user makes strategic decisions to report a privacy-preserved version of her data to the data collector. We develop a Bayesian game theoretic framework to study the impact of social learning on users' data reporting strategies and devise the payment mechanism for the data collector accordingly. Our findings reveal that, the Bayesian-Nash equilibrium can be in the form of either a symmetric randomized response (SR) strategy or an informative non-disclosive (ND) strategy. A generalized majority voting rule is applied by each user to her noisy group signals to determine which strategy to follow. When a user plays the ND strategy, she reports privacy-preserving data completely based on her group signals, independent of her private signal, which indicates that her privacy cost is zero. Both the data collector and the users can benefit from social learning which drives down the privacy costs and helps to improve the state estimation at a given payment budget. We derive bounds on the minimum total payment required to achieve a given level of state estimation accuracy.

With the popularity of smart devices and the widespread use of the Wi-Fi-based indoor localization, edge computing is becoming the mainstream paradigm of processing massive sensing data to acquire indoor localization service. However, these data which were conveyed to train the localization model unintentionally contain some sensitive information of users/devices, and were released without any protection may cause serious privacy leakage. To solve this issue, we propose a lightweight differential privacy-preserving mechanism for the edge computing environment. We extend ε-differential privacy theory to a mature machine learning localization technology to achieve privacy protection while training the localization model. Experimental results on multiple real-world datasets show that, compared with the original localization technology without privacy-preserving, our proposed scheme can achieve high accuracy of indoor localization while providing differential privacy guarantee. Through regulating the value of ε, the data quality loss of our method can be controlled up to 8.9% and the time consumption can be almost negligible. Therefore, our scheme can be efficiently applied in the edge networks and provides some guidance on indoor localization privacy protection in the edge computing.

Transacting IoT data must be different in many from traditional approaches in order to build much-needed trust in data marketplaces, trust that will be the key to their sustainability. Data generated internally to an organization is usually not enough to remain competitive, enhance customer experiences, or improve strategic decision-making. In this paper, we propose a decentralized and trustless architecture through the posting of trade records while including the transaction process on distributed ledgers. This approach can efficiently enhance the degree of transparency, as all contract-oriented interactions will be written on-chain. Storage via an end-to-end encrypted message channel allows transmitting and accessing trusted data streams over distributed ledgers regardless of the size or cost of the device, while simultaneously making a verifiable Auth-compliant request to the platform. Furthermore, the platform will complete matching, trading and refunding processes with-out human intervention, and it also protects the rights of data providers and consumers through trading policies which apply revolutionary game theory to the machine economy.

Deep neural networks (DNNs) have demonstrated impressive performance on many challenging machine learning tasks. However, DNNs are vulnerable to adversarial inputs generated by adding maliciously crafted perturbations to the benign inputs. As a growing number of attacks have been reported to generate adversarial inputs of varying sophistication, the defense-attack arms race has been accelerated. In this paper, we present MODEF, a cross-layer model diversity ensemble framework. MODEF intelligently combines unsupervised model denoising ensemble with supervised model verification ensemble by quantifying model diversity, aiming to boost the robustness of the target model against adversarial examples. Evaluated using eleven representative attacks on popular benchmark datasets, we show that MODEF achieves remarkable defense success rates, compared with existing defense methods, and provides a superior capability of repairing adversarial inputs and making correct predictions with high accuracy in the presence of black-box attacks.

The application of line current differential relays (LCDRs) to protect transmission lines has recently proliferated. However, the reliance of LCDRs on digital communication channels has raised growing cyber-security concerns. This paper investigates the impacts of false data injection attacks (FDIAs) on the performance of LCDRs. It also develops coordinated attacks that involve multiple components, including LCDRs, and can cause false line tripping. Additionally, this paper proposes a technique for detecting FDIAs against LCDRs and differentiating them from actual faults in two-terminal lines. In this method, when an LCDR detects a fault, instead of immediately tripping the line, it calculates and measures the superimposed voltage at its local terminal, using the proposed positive-sequence (PS) and negative-sequence (NS) submodules. To calculate this voltage, the LCDR models the protected line in detail and replaces the rest of the system with a Thevenin equivalent that produces accurate responses at the line terminals. Afterwards, remote current measurement is utilized by the PS and NS submodules to compute each sequence's superimposed voltage. A difference between the calculated and the measured superimposed voltages in any sequence reveals that the remote current measurements are not authentic. Thus, the LCDR's trip command is blocked. The effectiveness of the proposed method is corroborated using simulation results for the IEEE 39-bus test system. The performance of the proposed method is also tested using an OPAL real-time simulator.