Biblio

Physical Unclonable Functions (PUFs) are vulnerable to various modelling attacks. The chaotic behaviour of oscillating systems can be leveraged to improve their security against these attacks. We have integrated an Arbiter PUF implemented on a FPGA with Chua's oscillator circuit to obtain robust final responses. These responses are tested against conventional Machine Learning and Deep Learning attacks for verifying security of the design. It has been found that such a design is robust with prediction accuracy of nearly 50%. Moreover, the quality of the PUF architecture is evaluated for uniformity and uniqueness metrics and Monte Carlo analysis at varying temperatures is performed for determining reliability.

A database is an organized collection of data. Though a number of techniques, such as encryption and electronic signatures, are currently available for the protection of data when transmitted across sites. Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious threats and attacks. In this paper, we create 6 types of method for more secure ways to store and retrieve database information that is both convenient and efficient. Confidentiality, integrity, and availability, also known as the CIA triad, is a model designed to guide policies for information security within the database. There are many cryptography techniques available among them, ECC is one of the most powerful techniques. A user wants to the data stores or request, the user needs to authenticate. When a user who is authenticated, he will get key from a key generator and then he must be data encrypt or decrypt within the database. Every keys store in a key generator and retrieve from the key generator. We use 256 bits of AES encryption for rows level encryption, columns level encryption, and elements level encryption for the database. Next two method is encrypted AES 256 bits random key by using 521 bits of ECC encryption and signature for rows level encryption and column level encryption. Last method is most secure method in this paper, which method is element level encryption with AES and ECC encryption for confidentiality and ECC signature use for every element within the database for integrity. As well as encrypting data at rest, it's also important to ensure confidential data are encrypted in motion over our network to protect against database signature security. The advantages of elements level are difficult for attack because the attacker gets a key that is lose only one element. The disadvantages need to thousands or millions of keys to manage.

Research has observed context factors like occasion and time as influential factors for predicting whether or not to share a location with online friends. In other domains like social networks, personality was also found to play an important role. Furthermore, users are seeking a fine-grained disclosement policy that also allows them to display an obfuscated location, like the center of the current city, to some of their friends. In this paper, we observe which context factors and personality measures can be used to predict the correct privacy level out of seven privacy levels, which include obfuscation levels like center of the street or current city. Our results show that a prediction is possible with a precision 20% better than a constant value. We will give design indications to determine which context factors should be recorded, and how much the precision can be increased if personality and privacy measures are recorded using either a questionnaire or automated text analysis.

Research has observed context factors like occasion and time as influential factors for predicting whether or not to share a location with online friends. In other domains like social networks, personality was also found to play an important role. Furthermore, users are seeking a fine-grained disclosement policy that also allows them to display an obfuscated location, like the center of the current city, to some of their friends. In this paper, we observe which context factors and personality measures can be used to predict the correct privacy level out of seven privacy levels, which include obfuscation levels like center of the street or current city. Our results show that a prediction is possible with a precision 20% better than a constant value. We will give design indications to determine which context factors should be recorded, and how much the precision can be increased if personality and privacy measures are recorded using either a questionnaire or automated text analysis.

We developed a virtualization-based infringement incident response tool for cyber security training system using Cloud. This tool was developed by applying the concept of attack and defense which is the basic of military war game modeling and simulation. The main purpose of this software is to cultivate cyber security experts capable of coping with various situations to minimize the damage in the shortest time when an infringement incident occurred. This tool acquired the invaluable certificate from Korean government agency. This tool shall provide CBT type remote education such as scenario based infringement incident response training, hacking defense practice, and vulnerability measure practice. The tool works in Linux, Window operating system environments, and uses Korean e-government framework and secure coding to construct a situation similar to the actual information system. In the near future, Internet and devices connected to the Internet will be greatly enlarged, and cyber security threats will be diverse and widespread. It is expected that various kinds of hacking will be attempted in an advanced types using artificial intelligence technology. Therefore, we are working on applying the artificial intelligence technology to the current infringement incident response tool to cope with these evolving threats.

We consider the possibility of detecting malicious behaviors of the advanced persistent threat (APT) at endpoints during incident response or forensics investigations. Specifically, we study the case where third-party sensors are not available; our observables are obtained solely from inherent digital artifacts of Windows operating systems. What is of particular interest is an artifact called the Application Compatibility Cache (Shimcache). As it is not apparent from the Shimcache when a file has been executed, we propose an algorithm of estimating the time of file execution up to an interval. We also show guarantees of the proposed algorithm's performance and various possible extensions that can improve the estimation. Finally, combining this approach with methods of machine learning, as well as information from other digital artifacts, we design a prototype system called XTEC and demonstrate that it can help hunt for the APT in a real-world case study.

Most Web sites rely on resources hosted by third parties such as CDNs. Third parties may be compromised or coerced into misbehaving, e.g. delivering a malicious script or stylesheet. Unexpected changes to resources hosted by third parties can be detected with the Subresource Integrity (SRI) mechanism. The focus of SRI is on scripts and stylesheets. Web fonts cannot be secured with that mechanism under all circumstances. The first contribution of this paper is to evaluates the potential for attacks using malicious fonts. With an instrumented browser we find that (1) more than 95% of the top 50,000 Web sites of the Tranco top list rely on resources hosted by third parties and that (2) only a small fraction employs SRI. Moreover, we find that more than 60% of the sites in our sample use fonts hosted by third parties, most of which are being served by Google. The second contribution of the paper is a proof of concept of a malicious font as well as a tool for automatically generating such a font, which targets security-conscious users who are used to verifying cryptographic fingerprints. Software vendors publish such fingerprints along with their software packages to allow users to verify their integrity. Due to incomplete SRI support for Web fonts, a third party could force a browser to load our malicious font. The font targets a particular cryptographic fingerprint and renders it as a desired different fingerprint. This allows attackers to fool users into believing that they download a genuine software package although they are actually downloading a maliciously modified version. Finally, we propose countermeasures that could be deployed to protect the integrity of Web fonts.

Certificate Transparency (CT) is an emerging system for enabling the rapid discovery of malicious or misissued certificates. Initially standardized in 2013, CT is now finally beginning to see widespread support. Although CT provides desirable security benefits, web browsers cannot begin requiring all websites to support CT at once, due to the risk of breaking large numbers of websites. We discuss challenges for deployment, analyze the adoption of CT on the web, and measure the error rates experienced by users of the Google Chrome web browser. We find that CT has so far been widely adopted with minimal breakage and warnings. Security researchers often struggle with the tradeoff between security and user frustration: rolling out new security requirements often causes breakage. We view CT as a case study for deploying ecosystem-wide change while trying to minimize end user impact. We discuss the design properties of CT that made its success possible, as well as draw lessons from its risks and pitfalls that could be avoided in future large-scale security deployments.

The popularity of Web-based computing has given increase to browser-based cyberattacks. These cyberattacks use websites that exploit various web browser vulnerabilities. To help regular users avoid exploit websites and engage in safe online activities, we propose a methodology of building a machine learning-powered predictive analytical model that will measure the risk of attacks and privacy breaches associated with visiting different websites and performing online activities using web browsers. The model will learn risk levels from historical data and metadata scraped from web browsers.

Internet of Things (IoT) is a key emerging technology which aims to connect objects over the internet. Software Defined Networking (SDN) is another new intelligent technology within networking domain which increases the network performance and provides better security, reliability, and privacy using dynamic software programs. In this paper, we have proposed a distributed secure Black SDN-IoT architecture with NFV implementation for smart cities. We have incorporated Black SDN that is highly secured SDN which gives better result in network performances, security, and privacy and secures both metadata and payload within each layer. This architecture also tried to introduce an approach which is more effective for building a cluster by means of Black SDN. Black SDN-loT with NFV concept brings benefits to the related fields in terms of energy savings and load balancing. Moreover, Multiple distributed controller have proposed to improve availability, integrity, privacy, confidentiality and etc. In the proposed architecture, the Black network provides higher security of each network layer comparative to the conventional network. Finally, this paper has discussed the architectural design of distributed secure Black SDN-IoT with NFV for smart cities and research challenges.

Network Function Virtualization (NFV) is a recent concept where virtualization enables the shift from network functions (e.g., routers, switches, load-balancers, proxies) on specialized hardware appliances to software images running on all-purpose, high-volume servers. The resource allocation problem in the NFV environment has received considerable attention in the past years. However, little attention was paid to the security aspects of the problem in spite of the increasing number of vulnerabilities faced by cloud-based applications. Securing the services is an urgent need to completely benefit from the advantages offered by NFV. In this paper, we show how a network service request, composed of a set of service function chains (SFC) should be modified and enriched to take into consideration the security requirements of the supported service. We examine the well-known security best practices and propose a two-step algorithm that extends the initial SFC requests to a more complex chaining model that includes the security requirements of the service.

The usage of small drones/UAVs has significantly increased recently. Consequently, there is a rising potential of small drones being misused for illegal activities such as terrorism, smuggling of drugs, etc. posing high-security risks. Hence, tracking and surveillance of drones are essential to prevent security breaches. The similarity in the appearance of small drone and birds in complex background makes it challenging to detect drones in surveillance videos. This paper addresses the challenge of detecting small drones in surveillance videos using popular and advanced deep learning-based object detection methods. Different CNN-based architectures such as ResNet-101 and Inception with Faster-RCNN, as well as Single Shot Detector (SSD) model was used for experiments. Due to sparse data available for experiments, pre-trained models were used while training the CNNs using transfer learning. Best results were obtained from experiments using Faster-RCNN with the base architecture of ResNet-101. Experimental analysis on different CNN architectures is presented in the paper, along with the visual analysis of the test dataset.

In view of the challenges with Aids to Navigation (AtoN) managements and emergency response, the present study designs and presents an AtoN real-time video surveillance system based on the AIS collision warning. The key technologies regarding with AtoN cradle head control and testing algorithms, video image fusion, system operation and implementation are demonstrated in details. Case study is performed at Guan River (China) to verify the effectiveness of the AtoN real-time video surveillance system for maritime security supervision. The research results indicate that the intellective level of the AtoN maintenance and managements could be significantly improved. The idea of designing modules brings a good flexibility and a high portability for the present surveillance system, therefore provides a guidance for the design of similar maritime surveillance systems.

Electronic Medical Record (EMR) is a medical record management system. EMR contains personal data of patients that is critical. The critical nature of medical records is the reason for the necessity to develop security policies as guidelines for EMR in SIMRS in XZY Hospital. In this study, analysis and risk assessment conducted to EMR management at SIMRS in XZY Hospital. Based on this study, the security of SIMRS in XZY Hospital is categorized as high. Security and Privacy Control mapping based on NIST SP800-53 rev 5 obtained 57 security controls related to privacy aspects as control options to protect EMR in SIMRS in XZY Hospital. The policy designing was done using The Triangle framework for Policy Analysis. The analysis obtained from the policy decisions of the head of XYZ Hospital. The contents of the security policy are provisions on the implementation of security policies of EMR, outlined of 17 controls were selected.

Open-source honeypots are a vital component in the protection of networks and the observation of trends in the threat landscape. Their open nature also enables adversaries to identify the characteristics of these honeypots in order to detect and avoid them. In this study, we investigate the prevalence of 14 open- source honeypots running more or less default configurations, making them easily detectable by attackers. We deploy 20 simple signatures and test them for false positives against servers for domains in the Alexa top 10,000, official FTP mirrors, mail servers in real operation, and real IoT devices running telnet. We find no matches, suggesting good accuracy. We then measure the Internet-wide prevalence of default open-source honeypots by matching the signatures with Censys scan data and our own scans. We discovered 19,208 honeypots across 637 Autonomous Systems that are trivially easy to identify. Concentrations are found in research networks, but also in enterprise, cloud and hosting networks. While some of these honeypots probably have no operational relevance, e.g., they are student projects, this explanation does not fit the wider population. One cluster of honeypots was confirmed to belong to a well-known security center and was in use for ongoing attack monitoring. Concentrations in an another cluster appear to be the result of government incentives. We contacted 11 honeypot operators and received response from 4 operators, suggesting the problem of lack of network hygiene. Finally, we find that some honeypots are actively abused by attackers for hosting malicious binaries. We notified the owners of the detected honeypots via their network operators and provided recommendations for customization to avoid simple signature-based detection. We also shared our results with the honeypot developers.

Industry 4.0 or the fourth industrial revolution encapsulates future industry development trends to achieve more intelligent manufacturing processes, including reliance on Cyber Physical Systems (CPS). The increase in online access and control given by the incorporation of CPSs introduces a new challenge securing the operations of the CPS in that they are not supported by standard security protocols. This paper describes a process used to effectively protect the operations of an IIoT system by implementing security protocols on the CPS within the IIoT. A series of predefined boundary conditions of the safety critical parameters for which a heating and cooling CPS can safely operate within were established. If the CPS is commended to operate outside of these boundaries, it will disconnect from all external communication network and default to some pre-defined safe-operation mode until the system has been evaluated locally by an administrator and released from the safe-mode. This method was tested and validated by establishing a sample IIoT and CPS testbed setup which monitor and control the temperature of a target environment. An attack was initiated to force the target environment outside of the determined safety-critical parameters. The system responded by disabling all network ports and defaulted to the safe-operation mode established previously.

Phishing is typically deployed as an attack vector in the initial stages of a hacking endeavour. Due to it low-risk rightreward nature it has seen a widespread adoption, and detecting it has become a challenge in recent times. This paper proposes a novel means of detecting phishing websites using a Generative Adversarial Network. Taking into account the internal structure and external metadata of a website, the proposed approach uses a generator network which generates both legitimate as well as synthetic phishing features to train a discriminator network. The latter then determines if the features are either normal or phishing websites, before improving its detection accuracy based on the classification error. The proposed approach is evaluated using two different phishing datasets and is found to achieve a detection accuracy of up to 94%.

We consider transmissions of secure messages over a burst erasure wiretap channel under decoding delay constraint. For block codes we introduce and study delay optimal secure burst erasure correcting (DO-SBE) codes that provide perfect security and recover a burst of erasures of a limited length with minimum possible delay. Our explicit constructions of DO-SBE block codes achieve maximum secrecy rate. We also consider a model of a burst erasure wiretap channel for the streaming setup, where in any sliding window of a given size, in a stream of encoded source packets, the eavesdropper is able to observe packets in an interval of a given size. For that model we obtain an information theoretic upper bound on the secrecy rate for delay optimal streaming codes. We show that our block codes can be used for construction of delay optimal burst erasure correcting streaming codes which provide perfect security and meet the upper bound for a certain class of code parameters.

Botnet has been evolving over time since its birth. Nowadays, P2P (Peer-to-Peer) botnet has become a main threat to cyberspace security, owing to its strong concealment and easy expansibility. In order to effectively detect P2P botnet, researchers often focus on the analysis of network traffic. For the sake of enriching P2P botnet detection methods, the author puts forward a new sight of applying distributed threat intelligence sharing system to P2P botnet detection. This system aims to fight against distributed botnet by using distributed methods itself, and then to detect botnet in real time. To fulfill the goal of botnet detection, there are 3 important parts: the threat intelligence sharing and evaluating system, the BAV quantitative TI model, and the AHP and HMM based analysis algorithm. Theoretically, this method should work on different types of distributed cyber threat besides P2P botnet.

Serving heterogeneous traffic demand requires efficient resource utilization to deliver the promises of 5G wireless network towards enhanced mobile broadband, massive machine type communication and ultra-reliable low-latency communication. In this paper, an integrated user application-specific demand characteristics as well as network characteristics evaluation based online slice allocation model for 5G wireless network is proposed. Such characteristics include, available bandwidth, power, quality of service demand, service priority, security sensitivity, network load, predictive load etc. A degree of intra-slice resource sharing elasticity has been considered based on their availability. The availability has been assessed based on the current availability as well as forecasted availability. On the basis of application characteristics, an admission control strategy has been proposed. An interactive AMF (Access and Mobility Function)- RAN (Radio Access Network) information exchange has been assumed. A cost function has been derived to quantify resource allocation decision metric that is valid for both static and dynamic nature of user and network characteristics. A dynamic intra-slice decision boundary estimation model has been proposed. A set of analytical comparative results have been attained in comparison to the results available in the literature. The results suggest the proposed resource allocation framework performance is superior to the existing results in the context of network utility, mean delay and network grade of service, while providing similar throughput. The superiority reported is due to soft nature of the decision metric while reconfiguring slice resource block-size and boundaries.

Load balancing and IP anycast are traffic routing algorithms used to speed up delivery of the Domain Name System. In case of a DDoS attack or an overload condition, the value of these protocols is critical, as they can provide intrinsic DDoS mitigation with the failover alternatives. In this paper, we present a methodology for predicting the next DNS response in the light of a potential redirection to less busy servers, in order to mitigate the size of the attack. Our experiments were conducted using data from the Nov. 2015 attack of the Root DNS servers and Logistic Regression, k-Nearest Neighbors, Support Vector Machines and Random Forest as our primary classifiers. The models were able to successfully predict up to 83% of responses for Root Letters that operated on a small number of sites and consequently suffered the most during the attacks. On the other hand, regarding DNS requests coming from more distributed Root servers, the models demonstrated lower accuracy. Our analysis showed a correlation between the True Positive Rate metric and the number of sites, as well as a clear need for intelligent management of traffic in load balancing practices.

We discuss the current landscape in quantum communication and cryptography, and focus in particular on recent photonic implementations, using encoding in discrete or continuous properties of light, of central quantum network protocols, enabling secret key distribution, verification of entangled resources and transactions of quantum money, with maximal security guarantees. We also describe current challenges in this field and our efforts towards the miniaturization of the developed photonic systems, their integration into telecommunication network infrastructures, including with satellite links, as well as the practical demonstration of novel protocols featuring a quantum advantage in communication efficiency for a wide range of useful tasks in a network environment. These advances enrich the resources and applications of the emerging quantum networks that will play a central role in the context of future quantum-safe communications.

Explaining reasoning and behaviour of artificial intelligent systems to human users becomes increasingly urgent, especially in the field of machine learning. Many recent contributions approach this issue with post-hoc methods, meaning they consider the final system and its outcomes, while the roots of included artefacts are widely neglected. However, we argue in this position paper that there needs to be a stronger focus on the development process. Without insights into specific design decisions and meta information that accrue during the development an accurate explanation of the resulting model is hardly possible. To remedy this situation we propose to increase process transparency by applying provenance methods, which serves also as a basis for increased explainability.

Graphics Processing Units (GPUs) are getting popularly utilized for multi-purpose applications in order to enhance highly performed parallelism of computation. As memory virtualization methods in GPU nodes are not efficiently provided to deal with diverse memory usage patterns for these applications, the success of their execution depends on exclusive and limited use of physical memory in GPU environments. Therefore, it is important to predict a pattern change of GPU memory usage during runtime execution of an application. Data provenance extracted from application characteristics, GPU runtime environments, input, and execution patterns from runtime monitoring, is defined for supporting application management to set runtime configuration and predict an experimental result, and utilize resource with co-located applications. In this paper, we define data provenance of an application on GPUs and manage data by profiling the execution of CUDA scientific applications. Data provenance management helps to predict execution patterns of other similar experiments and plan efficient resource configuration.

Software rejuvenation has been proposed as a strategy to protect cyber-physical systems (CSPs) against unanticipated and undetectable cyber attacks. The basic idea is to refresh the system periodically with a secure and trusted copy of the online software so as to eliminate all effects of malicious modifications to the run-time code and data. This paper considers software rejuvenation design from a control-theoretic perspective. Invariant sets for the Lyapunov function for the safety controller are used to derive bounds on the time that the CPS can operate in mission control mode before the software must be refreshed. With these results it can be guaranteed that the CPS will remain safe under cyber attacks against the run-time system. The approach is illustrated using simulation of the nonlinear dynamics of a quadrotor system. The concluding section discusses directions for further research.