Wah Myint, Phyo Wah, Hlaing, Swe Zin, Htoon, Ei Chaw.
2020.
EAC: Encryption Access Control Scheme for Policy Revocation in Cloud Data. 2020 International Conference on Advanced Information Technologies (ICAIT). :182—187.
Since a lot of information is outsourcing into cloud servers, data confidentiality becomes a higher risk to service providers. To assure data security, Ciphertext Policy Attributes-Based Encryption (CP-ABE) is observed for the cloud environment. Because ciphertexts and secret keys are relying on attributes, the revocation issue becomes a challenge for CP-ABE. This paper proposes an encryption access control (EAC) scheme to fulfill policy revocation which covers both attribute and user revocation. When one of the attributes in an access policy is changed by the data owner, the authorized users should be updated immediately because the revoked users who have gained previous access policy can observe the ciphertext. Especially for data owners, four types of updating policy levels are predefined. By classifying those levels, each secret token key is distinctly generated for each level. Consequently, a new secret key is produced by hashing the secret token key. This paper analyzes the execution times of key generation, encryption, and decryption times between non-revocation and policy revocation cases. Performance analysis for policy revocation is also presented in this paper.
Sharafaldin, Iman, Ghorbani, Ali A..
2018.
EagleEye: A Novel Visual Anomaly Detection Method. 2018 16th Annual Conference on Privacy, Security and Trust (PST). :1–6.
We propose a novel visualization technique (Eagle-Eye) for intrusion detection, which visualizes a host as a commu- nity of system call traces in two-dimensional space. The goal of EagleEye is to visually cluster the system call traces. Although human eyes can easily perceive anomalies using EagleEye view, we propose two different methods called SAM and CPM that use the concept of data depth to help administrators distinguish between normal and abnormal behaviors. Our experimental results conducted on Australian Defence Force Academy Linux Dataset (ADFA-LD), which is a modern system calls dataset that includes new exploits and attacks on various programs, show EagleEye's efficiency in detecting diverse exploits and attacks.
Geeta, C. M., Rashmi, B. N., Raju, R. G. Shreyas, Raghavendra, S., Buyya, R., Venugopal, K. R., Iyengar, S. S., Patnaik, L. M..
2019.
EAODBT: Efficient Auditing for Outsourced Database with Token Enforced Cloud Storage. 2019 IEEE International WIE Conference on Electrical and Computer Engineering (WIECON-ECE). :1–4.
Database outsourcing is one of the important utilities in cloud computing in which the Information Proprietor (IP) transfers the database administration to the Cloud Service Provider (CSP) in order to minimize the administration cost and preservation expenses of the database. Inspite of its immense profit, it undergoes few security issues such as privacy of deployed database and provability of search results. In the recent past, few of the studies have been carried out on provability of search results of Outsourced Database (ODB) that affords correctness and completeness of search results. But in the existing schemes, since there is flow of data between the Information Proprietor and the clients frequently, huge communication cost prevails at the Information Proprietor side. To address this challenge, in this paper we propose Efficient Auditing for Outsourced Database with Token Enforced Cloud Storage (EAODBT). The proposed scheme reduces the large communication cost prevailing at the Information Proprietor side and achieves correctness and completeness of search results even if the mischievous CSP knowingly sends a null set. Experimental analysis show that the proposed scheme has totally reduced the huge communication cost prevailing between Information Proprietor and clients, and simultaneously achieves the correctness and completeness of search results.
Papakonstantinou, N., Linnosmaa, J., Bashir, A. Z., Malm, T., Bossuyt, D. L. V..
2020.
Early Combined Safety - Security Defense in Depth Assessment of Complex Systems. 2020 Annual Reliability and Maintainability Symposium (RAMS). :1—7.
Safety and security of complex critical infrastructures is very important for economic, environmental and social reasons. The interdisciplinary and inter-system dependencies within these infrastructures introduce difficulties in the safety and security design. Late discovery of safety and security design weaknesses can lead to increased costs, additional system complexity, ineffective mitigation measures and delays to the deployment of the systems. Traditionally, safety and security assessments are handled using different methods and tools, although some concepts are very similar, by specialized experts in different disciplines and are performed at different system design life-cycle phases.The methodology proposed in this paper supports a concurrent safety and security Defense in Depth (DiD) assessment at an early design phase and it is designed to handle safety and security at a high level and not focus on specific practical technologies. It is assumed that regardless of the perceived level of security defenses in place, a determined (motivated, capable and/or well-funded) attacker can find a way to penetrate a layer of defense. While traditional security research focuses on removing vulnerabilities and increasing the difficulty to exploit weaknesses, our higher-level approach focuses on how the attacker's reach can be limited and to increase the system's capability for detection, identification, mitigation and tracking. The proposed method can assess basic safety and security DiD design principles like Redundancy, Physical separation, Functional isolation, Facility functions, Diversity, Defense lines/Facility and Computer Security zones, Safety classes/Security Levels, Safety divisions and physical gates/conduits (as defined by the International Atomic Energy Agency (IAEA) and international standards) concurrently and provide early feedback to the system engineer. A prototype tool is developed that can parse the exported project file of the interdisciplinary model. Based on a set of safety and security attributes, the tool is able to assess aspects of the safety and security DiD capabilities of the design. Its results can be used to identify errors, improve the design and cut costs before a formal human expert inspection. The tool is demonstrated on a case study of an early conceptual design of a complex system of a nuclear power plant.
Li, R., Wu, B..
2020.
Early detection of DDoS based on φ-entropy in SDN networks. 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). 1:731—735.
Software defined network (SDN) is an emerging network architecture. Its control logic and forwarding logic are separated. SDN has the characteristics of centralized management, which makes it easier for malicious attackers to use the security vulnerabilities of SDN networks to implement distributed denial Service (DDoS) attack. Information entropy is a kind of lightweight DDoS early detection method. This paper proposes a DDoS attack detection method in SDN networks based on φ-entropy. φ-entropy can adjust related parameters according to network conditions and enlarge feature differences between normal and abnormal traffic, which can make it easier to detect attacks in the early stages of DDoS traffic formation. Firstly, this article demonstrates the basic properties of φ-entropy, mathematically illustrates the feasibility of φ-entropy in DDoS detection, and then we use Mini-net to conduct simulation experiments to compare the detection effects of DDoS with Shannon entropy.
Abaid, Z., Kaafar, M. A., Jha, S..
2017.
Early Detection of In-the-Wild Botnet Attacks by Exploiting Network Communication Uniformity: An Empirical Study. 2017 IFIP Networking Conference (IFIP Networking) and Workshops. :1–9.
Distributed attacks originating from botnet-infected machines (bots) such as large-scale malware propagation campaigns orchestrated via spam emails can quickly affect other network infrastructures. As these attacks are made successful only by the fact that hundreds of infected machines engage in them collectively, their damage can be avoided if machines infected with a common botnet can be detected early rather than after an attack is launched. Prior studies have suggested that outgoing bot attacks are often preceded by other ``tell-tale'' malicious behaviour, such as communication with botnet controllers (C&C servers) that command botnets to carry out attacks. We postulate that observing similar behaviour occuring in a synchronised manner across multiple machines is an early indicator of a widespread infection of a single botnet, leading potentially to a large-scale, distributed attack. Intuitively, if we can detect such synchronised behaviour early enough on a few machines in the network, we can quickly contain the threat before an attack does any serious damage. In this work we present a measurement-driven analysis to validate this intuition. We empirically analyse the various stages of malicious behaviour that are observed in real botnet traffic, and carry out the first systematic study of the network behaviour that typically precedes outgoing bot attacks and is synchronised across multiple infected machines. We then implement as a proof-of-concept a set of analysers that monitor synchronisation in botnet communication to generate early infection and attack alerts. We show that with this approach, we can quickly detect nearly 80% of real-world spamming and port scanning attacks, and even demonstrate a novel capability of preventing these attacks altogether by predicting them before they are launched.
Iorga, Denis, Corlătescu, Dragos, Grigorescu, Octavian, Săndescu, Cristian, Dascălu, Mihai, Rughiniş, Razvan.
2020.
Early Detection of Vulnerabilities from News Websites using Machine Learning Models. 2020 19th RoEduNet Conference: Networking in Education and Research (RoEduNet). :1–6.
The drawbacks of traditional methods of cybernetic vulnerability detection relate to the required time to identify new threats, to register them in the Common Vulnerabilities and Exposures (CVE) records, and to score them with the Common Vulnerabilities Scoring System (CVSS). These problems can be mitigated by early vulnerability detection systems relying on social media and open-source data. This paper presents a model that aims to identify emerging cybernetic vulnerabilities in cybersecurity news articles, as part of a system for automatic detection of early cybernetic threats using Open Source Intelligence (OSINT). Three machine learning models were trained on a novel dataset of 1000 labeled news articles to create a strong baseline for classifying cybersecurity articles as relevant (i.e., introducing new security threats), or irrelevant: Support Vector Machines, a Multinomial Naïve Bayes classifier, and a finetuned BERT model. The BERT model obtained the best performance with a mean accuracy of 88.45% on the test dataset. Our experiments support the conclusion that Natural Language Processing (NLP) models are an appropriate choice for early vulnerability detection systems in order to extract relevant information from cybersecurity news articles.
Papakonstantinou, Nikolaos, Linnosmaa, Joonas, Alanen, Jarmo, Bashir, Ahmed Z., O'Halloran, Bryan, Van Bossuyt, Douglas L..
2019.
Early Hybrid Safety and Security Risk Assessment Based on Interdisciplinary Dependency Models. 2019 Annual Reliability and Maintainability Symposium (RAMS). :1–7.
Safety and security of complex critical infrastructures are very important for economic, environmental and social reasons. The complexity of these systems introduces difficulties in the identification of safety and security risks that emerge from interdisciplinary interactions and dependencies. The discovery of safety and security design weaknesses late in the design process and during system operation can lead to increased costs, additional system complexity, delays and possibly undesirable compromises to address safety and security weaknesses.
Pang, Y., Xue, X., Namin, A. S..
2016.
Early Identification of Vulnerable Software Components via Ensemble Learning. 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA). :476–481.
Software components, which are vulnerable to being exploited, need to be identified and patched. Employing any prevention techniques designed for the purpose of detecting vulnerable software components in early stages can reduce the expenses associated with the software testing process significantly and thus help building a more reliable and robust software system. Although previous studies have demonstrated the effectiveness of adapting prediction techniques in vulnerability detection, the feasibility of those techniques is limited mainly because of insufficient training data sets. This paper proposes a prediction technique targeting at early identification of potentially vulnerable software components. In the proposed scheme, the potentially vulnerable components are viewed as mislabeled data that may contain true but not yet observed vulnerabilities. The proposed hybrid technique combines the supports vector machine algorithm and ensemble learning strategy to better identify potential vulnerable components. The proposed vulnerability detection scheme is evaluated using some Java Android applications. The results demonstrated that the proposed hybrid technique could identify potentially vulnerable classes with high precision and relatively acceptable accuracy and recall.
Wenqi, Huang, Lingyu, Liang, Xin, Wang, Zhengguo, Ren, Shang, Cao, Xiaotao, Jiang.
2022.
An Early Warning Analysis Model of Metering Equipment Based on Federated Hybrid Expert System. 2022 15th International Symposium on Computational Intelligence and Design (ISCID). :217—220.
The smooth operation of metering equipment is inseparable from the monitoring and analysis of equipment alarm events by automated metering systems. With the generation of big data in power metering and the increasing demand for information security of metering systems in the power industry, how to use big data and protect data security at the same time has become a hot research field. In this paper, we propose a hybrid expert model based on federated learning to deal with the problem of alarm information analysis and identification. The hybrid expert system can divide the metering warning problem into multiple sub-problems for processing, which greatly improves the recognition and prediction accuracy. The experimental results show that our model has high accuracy in judging and identifying equipment faults.
Halawa, Hassan, Ripeanu, Matei, Beznosov, Konstantin, Coskun, Baris, Liu, Meizhu.
2017.
An Early Warning System for Suspicious Accounts. Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security. :51–52.
In the face of large-scale automated cyber-attacks to large online services, fast detection and remediation of compromised accounts are crucial to limit the spread of new attacks and to mitigate the overall damage to users, companies, and the public at large. We advocate a fully automated approach based on machine learning to enable large-scale online service providers to quickly identify potentially compromised accounts. We develop an early warning system for the detection of suspicious account activity with the goal of quick identification and remediation of compromised accounts. We demonstrate the feasibility and applicability of our proposed system in a four month experiment at a large-scale online service provider using real-world production data encompassing hundreds of millions of users. We show that - even using only login data, features with low computational cost, and a basic model selection approach - around one out of five accounts later flagged as suspicious are correctly predicted a month in advance based on one week's worth of their login activity.
Yuxi Liu, Hatzinakos, D..
2014.
Earprint: Transient Evoked Otoacoustic Emission for Biometrics. Information Forensics and Security, IEEE Transactions on. 9:2291-2301.
Biometrics is attracting increasing attention in privacy and security concerned issues, such as access control and remote financial transaction. However, advanced forgery and spoofing techniques are threatening the reliability of conventional biometric modalities. This has been motivating our investigation of a novel yet promising modality transient evoked otoacoustic emission (TEOAE), which is an acoustic response generated from cochlea after a click stimulus. Unlike conventional modalities that are easily accessible or captured, TEOAE is naturally immune to replay and falsification attacks as a physiological outcome from human auditory system. In this paper, we resort to wavelet analysis to derive the time-frequency representation of such nonstationary signal, which reveals individual uniqueness and long-term reproducibility. A machine learning technique linear discriminant analysis is subsequently utilized to reduce intrasubject variability and further capture intersubject differentiation features. Considering practical application, we also introduce a complete framework of the biometric system in both verification and identification modes. Comparative experiments on a TEOAE data set of biometric setting show the merits of the proposed method. Performance is further improved with fusion of information from both ears.
Dong, B., Wang, H.(.
2017.
EARRING: Efficient Authentication of Outsourced Record Matching. 2017 IEEE International Conference on Information Reuse and Integration (IRI). :225–234.
Cloud computing enables the outsourcing of big data analytics, where a third-party server is responsible for data management and processing. In this paper, we consider the outsourcing model in which a third-party server provides record matching as a service. In particular, given a target record, the service provider returns all records from the outsourced dataset that match the target according to specific distance metrics. Identifying matching records in databases plays an important role in information integration and entity resolution. A major security concern of this outsourcing paradigm is whether the service provider returns the correct record matching results. To solve the problem, we design EARRING, an Efficient Authentication of outsouRced Record matchING framework. EARRING requires the service provider to construct the verification object (VO) of the record matching results. From the VO, the client is able to catch any incorrect result with cheap computational cost. Experiment results on real-world datasets demonstrate the efficiency of EARRING.
Reinbrecht, Cezar, Forlin, Bruno, Zankl, Andreas, Sepulveda, Johanna.
2018.
Earthquake — A NoC-based optimized differential cache-collision attack for MPSoCs. 2018 Design, Automation Test in Europe Conference Exhibition (DATE). :648—653.
Multi-Processor Systems-on-Chips (MPSoCs) are a platform for a wide variety of applications and use-cases. The high on-chip connectivity, the programming flexibility, and the reuse of IPs, however, also introduce security concerns. Problems arise when applications with different trust and protection levels share resources of the MPSoC, such as processing units, cache memories and the Network-on-Chip (NoC) communication structure. If a program gets compromised, an adversary can observe the use of these resources and infer (potentially secret) information from other applications. In this work, we explore the cache-based attack by Bogdanov et al., which infers the cache activity of a target program through timing measurements and exploits collisions that occur when the same cache location is accessed for different program inputs. We implement this differential cache-collision attack on the MPSoC Glass and introduce an optimized variant of it, the Earthquake Attack, which leverages the NoC-based communication to increase attack efficiency. Our results show that Earthquake performs well under different cache line and MPSoC configurations, illustrating that cache-collision attacks are considerable threats on MPSoCs.
Ivanova, M., Durcheva, M., Baneres, D., Rodríguez, M. E..
2018.
eAssessment by Using a Trustworthy System in Blended and Online Institutions. 2018 17th International Conference on Information Technology Based Higher Education and Training (ITHET). :1-7.
eAssessment uses technology to support online evaluation of students' knowledge and skills. However, challenging problems must be addressed such as trustworthiness among students and teachers in blended and online settings. The TeSLA system proposes an innovative solution to guarantee correct authentication of students and to prove the authorship of their assessment tasks. Technologically, the system is based on the integration of five instruments: face recognition, voice recognition, keystroke dynamics, forensic analysis, and plagiarism. The paper aims to analyze and compare the results achieved after the second pilot performed in an online and a blended university revealing the realization of trust-driven solutions for eAssessment.
Lu, Yiqin, Wang, Meng.
2016.
An Easy Defense Mechanism Against Botnet-based DDoS Flooding Attack Originated in SDN Environment Using sFlow. Proceedings of the 11th International Conference on Future Internet Technologies. :14–20.
As today's networks become larger and more complex, the Distributed Denial of Service (DDoS) flooding attack threats may not only come from the outside of networks but also from inside, such as cloud computing network where exists multiple tenants possibly containing malicious tenants. So, the need of source-based defense mechanism against such attacks is pressing. In this paper, we mainly focus on the source-based defense mechanism against Botnet-based DDoS flooding attack through combining the power of Software-Defined Networking (SDN) and sample flow (sFlow) technology. Firstly, we defined a metric to measure the essential features of this kind attack which means distribution and collaboration. Then we designed a simple detection algorithm based on statistical inference model and response scheme through the abilities of SDN. Finally, we developed an application to realize our idea and also tested its effect on emulation network with real network traffic. The result shows that our mechanism could effectively detect DDoS flooding attack originated in SDN environment and identify attack flows for avoiding the harm of attack spreading to target or outside. We advocate the advantages of SDN in the area of defending DDoS attacks, because it is difficult and laborious to organize selfish and undisciplined traditional distributed network to confront well collaborative DDoS flooding attacks.
Pulungan, Farid Fajriana, Sudiharto, Dodi Wisaksono, Brotoharsono, Tri.
2018.
Easy Secure Login Implementation Using Pattern Locking and Environmental Context Recognition. 2018 International Conference on Applied Engineering (ICAE). :1-6.
Smartphone has become the tool which is used daily in modern human life. Some activities in human life, according to the usage of the smartphone can be related to the information which has a high privilege and needs a privacy. It causes the owners of the smartphone needs a system which can protect their privacy. Unfortunately, the secure the system, the unease of the usage. Hence, the system which has an invulnerable environment but also gives the ease of use is very needful. The aspect which is related to the ease of use is an authentication mechanism. Sometimes, this aspect correspondence to the effectiveness and the efficiency. This study is going to analyze the application related to this aspect which is a lock screen application. This lock screen application uses the context data based on the environment condition around the user. The context data used are GPS location and Mac Address of Wi-Fi. The system is going to detect the context and is going to determine if the smartphone needs to run the authentication mechanism or to bypass it based on the analysis of the context data. Hopefully, the smartphone application which is developed still can provide mobility and usability features, and also can protect the user privacy even though it is located in the environment which its context data is unknown.
Gao, Jianbo, Liu, Han, Liu, Chao, Li, Qingshan, Guan, Zhi, Chen, Zhong.
2019.
EasyFlow: keep ethereum away from overflow. Proceedings of the 41st International Conference on Software Engineering: Companion Proceedings. :23–26.
While Ethereum smart contracts enabled a wide range of blockchain applications, they are extremely vulnerable to different forms of security attacks. Due to the fact that transactions to smart contracts commonly involve cryptocurrency transfer, any successful attacks can lead to money loss or even financial disorder. In this paper, we focus on the overflow attacks in Ethereum, mainly because they widely rooted in many smart contracts and comparatively easy to exploit. We have developed EasyFlow, an overflow detector at Ethereum Virtual Machine level. The key insight behind EasyFlow is a taint analysis based tracking technique to analyze the propagation of involved taints. Specifically, EasyFlow can not only divide smart contracts into safe contracts, manifested overflows, well-protected overflows and potential overflows, but also automatically generate transactions to trigger potential overflows. In our preliminary evaluation, EasyFlow managed to find potentially vulnerable Ethereum contracts with little runtime overhead. A demo video of EasyFlow is at https://youtu.be/QbUJkQI0L6o.
Canetti, Ran, Stoughton, Alley, Varia, Mayank.
2019.
EasyUC: Using EasyCrypt to Mechanize Proofs of Universally Composable Security. 2019 IEEE 32nd Computer Security Foundations Symposium (CSF). :167–16716.
We present a methodology for using the EasyCrypt proof assistant (originally designed for mechanizing the generation of proofs of game-based security of cryptographic schemes and protocols) to mechanize proofs of security of cryptographic protocols within the universally composable (UC) security framework. This allows, for the first time, the mechanization and formal verification of the entire sequence of steps needed for proving simulation-based security in a modular way: Specifying a protocol and the desired ideal functionality; Constructing a simulator and demonstrating its validity, via reduction to hard computational problems; Invoking the universal composition operation and demonstrating that it indeed preserves security. We demonstrate our methodology on a simple example: stating and proving the security of secure message communication via a one-time pad, where the key comes from a Diffie-Hellman key-exchange, assuming ideally authenticated communication. We first put together EasyCrypt-verified proofs that: (a) the Diffie-Hellman protocol UC-realizes an ideal key-exchange functionality, assuming hardness of the Decisional Diffie-Hellman problem, and (b) one-time-pad encryption, with a key obtained using ideal key-exchange, UC-realizes an ideal secure-communication functionality. We then mechanically combine the two proofs into an EasyCrypt-verified proof that the composed protocol realizes the same ideal secure-communication functionality. Although formulating a methodology that is both sound and workable has proven to be a complex task, we are hopeful that it will prove to be the basis for mechanized UC security analyses for significantly more complex protocols and tasks.
Chakraborty, Supriyo, Tripp, Omer.
2016.
Eavesdropping and Obfuscation Techniques for Smartphones. Proceedings of the International Conference on Mobile Software Engineering and Systems. :291–292.
Mobile apps often collect and share personal data with untrustworthy third-party apps, which may lead to data misuse and privacy violations. Most of the collected data originates from sensors built into the mobile device, where some of the sensors are treated as sensitive by the mobile platform while others permit unconditional access. Examples of privacy-prone sensors are the microphone, camera and GPS system. Access to these sensors is always mediated by protected function calls. On the other hand, the light sensor, accelerometer and gyroscope are considered innocuous. All apps have unrestricted access to their data. Unfortunately, this gap is not always justified. State-of-the-art privacy mechanisms on Android provide inadequate access control and do not address the vulnerabilities that arise due to unmediated access to so-called innocuous sensors on smartphones. We have developed techniques to demonstrate these threats. As part of our demonstration, we illustrate possible attacks using the innocuous sensors on the phone. As a solution, we present ipShield, a framework that provides users with greater control over their resources at runtime so as to protect against such attacks. We have implemented ipShield by modifying the AOSP.
Genkin, Daniel, Pachmanov, Lev, Pipman, Itamar, Tromer, Eran, Yarom, Yuval.
2016.
ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1626–1638.
We show that elliptic-curve cryptography implementations on mobile devices are vulnerable to electromagnetic and power side-channel attacks. We demonstrate full extraction of ECDSA secret signing keys from OpenSSL and CoreBitcoin running on iOS devices, and partial key leakage from OpenSSL running on Android and from iOS's CommonCrypto. These non-intrusive attacks use a simple magnetic probe placed in proximity to the device, or a power probe on the phone's USB cable. They use a bandwidth of merely a few hundred kHz, and can be performed cheaply using an audio card and an improvised magnetic probe.
Cordoș, Claudia, Mihail\u a, Laura, Faragó, Paul, Hintea, Sorin.
2021.
ECG Signal Classification Using Convolutional Neural Networks for Biometric Identification. 2021 44th International Conference on Telecommunications and Signal Processing (TSP). :167–170.
The latest security methods are based on biometric features. The electrocardiogram is increasingly used in such systems because it provides biometric features that are difficult to falsify. This paper aims to study the use of the electrocardiogram together with the Convolutional Neural Networks, in order to identify the subjects based on the ECG signal and to improve the security. In this study, we used the Fantasia database, available on the PhysioNet platform, which contains 40 ECG recordings. The ECG signal is pre-processed, and then spectrograms are generated for each ECG signal. Spectrograms are applied to the input of several architectures of Convolutional Neural Networks like Inception-v3, Xception, MobileNet and NasNetLarge. An analysis of performance metrics reveals that the subject identification method based on ECG signal and CNNs provides remarkable results. The best accuracy value is 99.5% and is obtained for Inception-v3.
Cordeiro, Renato, Gajaria, Dhruv, Limaye, Ankur, Adegbija, Tosiron, Karimian, Nima, Tehranipoor, Fatemeh.
2020.
ECG-Based Authentication Using Timing-Aware Domain-Specific Architecture. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems. 39:3373–3384.
Electrocardiogram (ECG) biometric authentication (EBA) is a promising approach for human identification, particularly in consumer devices, due to the individualized, ubiquitous, and easily identifiable nature of ECG signals. Thus, computing architectures for EBA must be accurate, fast, energy efficient, and secure. In this article, first, we implement an EBA algorithm to achieve 100% accuracy in user authentication. Thereafter, we extensively analyze the algorithm to show the distinct variance in execution requirements and reveal the latency bottleneck across the algorithm's different steps. Based on our analysis, we propose a domain-specific architecture (DSA) to satisfy the execution requirements of the algorithm's different steps and minimize the latency bottleneck. We explore different variations of the DSA, including one that features the added benefit of ensuring constant timing across the different EBA steps, in order to mitigate the vulnerability to timing-based side-channel attacks. Our DSA improves the latency compared to a base ARM-based processor by up to 4.24×, while the constant timing DSA improves the latency by up to 19%. Also, our DSA improves the energy by up to 5.59×, as compared to the base processor.
Oikonomou, Nikos, Mengidis, Notis, Spanopoulos-Karalexidis, Minas, Voulgaridis, Antonis, Merialdo, Matteo, Raisr, Ivo, Hanson, Kaarel, de La Vallee, Paloma, Tsikrika, Theodora, Vrochidis, Stefanos et al..
2021.
ECHO Federated Cyber Range: Towards Next-Generation Scalable Cyber Ranges. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :403—408.
Cyber ranges are valuable assets but have limitations in simulating complex realities and multi-sector dependencies; to address this, federated cyber ranges are emerging. This work presents the ECHO Federated Cyber Range, a marketplace for cyber range services, that establishes a mechanism by which independent cyber range capabilities can be interconnected and accessed via a convenient portal. This allows for more complex and complete emulations, spanning potentially multiple sectors and complex exercises. Moreover, it supports a semi-automated approach for processing and deploying service requests to assist customers and providers interfacing with the marketplace. Its features and architecture are described in detail, along with the design, validation and deployment of a training scenario.