Biblio

With the increase of computing power of quantum computers, classical cryptography schemes such as RSA and ECC are no longer secure in the era of quantum computers. The Cryptosystem based on coding has the advantage of resisting quantum computing and has a good application prospect in the future. McEliece Public Key Cryptography is a cryptosystem based on coding theory, whose security can be reduced to the decoding problem of general linear codes and can resist quantum attacks. Therefore, this paper proposes a cryptosystem based on the Polar-LDPC Concatenated Codes, which is an improvement on the original McEliece cipher scheme. The main idea is to take the generation matrix of Polar code and LDPC code as the private key, and the product of their hidden generation matrix as the public key. The plain text is encoded by Polar code and LDPC code in turn to obtain the encrypted ciphertext. The decryption process is the corresponding decoding process. Then, the experimental data presented in this paper prove that the proposed scheme can reduce key size and improve security compared with the original McEliece cryptosystem under the condition of selecting appropriate parameters. Moreover, compared with the improvement schemes based on McEliece proposed in recent years, the proposed scheme also has great security advantages.

Reversible data hiding (RDH) is an emerging area in the field of information security. The RDH schemes are widely explored in the field of cloud computing for data authentication and in medical image transmission for clinical data transmission along with medical images. The RDH schemes allow the data hider to embed sensitive information in digital content in such a way that later it can be extracted while recovering the original image. In this research, we explored the use of the RDH through the encryption scheme in a biometric authentication system. The internet of things (IoT) enabled biometric authentication systems are very common nowadays. In general, in biometric authentication, computationally complex tasks such as feature extraction and feature matching will be performed in a cloud server. The user-side devices will capture biometric data such as the face, fingerprint, or iris and it will be directly communicated to the cloud server for further processing. Since the confidentiality of biometric data needs to be maintained during the transmission, the original biometric data will be encrypted using any one of the data encryption techniques. In this manuscript, we propose the use of RDH through encryption approach to transmit two different biometric data as a single file without compromising confidentiality. The proposed scheme will ensure the integrity of the biometric data during transmission. For data hiding purposes, we have used a block-wise RDH through encryption scheme. The experimental study of the proposed scheme is carried out by embedding fingerprint data in the face images. The validation of the proposed scheme is carried out by extracting the fingerprint details from the face images during image decryption. The scheme ensures the exact recovery of face image images and fingerprint data at the receiver site.

We propose a human-operator guided planning approach to pushing-based manipulation in clutter. Most recent approaches to manipulation in clutter employs randomized planning. The problem, however, remains a challenging one where the planning times are still in the order of tens of seconds or minutes, and the success rates are low for difficult instances of the problem. We build on these control-based randomized planning approaches, but we investigate using them in conjunction with human-operator input. In our framework, the human operator supplies a high-level plan, in the form of an ordered sequence of objects and their approximate goal positions. We present experiments in simulation and on a real robotic setup, where we compare the success rate and planning times of our human-in-the-loop approach with fully autonomous sampling-based planners. We show that with a minimal amount of human input, the low-level planner can solve the problem faster and with higher success rates.

Distant supervision is a widely used data labeling method for relation extraction. While aligning knowledge base with the corpus, distant supervision leads to a mass of wrong labels which are defined as noise. The pattern-based denoising model has achieved great progress in selecting trustable sentences (instances). However, the writing of relation-specific patterns heavily relies on expert’s knowledge and is a high labor intensity work. To solve these problems, we propose a noise reduction framework, NOIR, to iteratively select trustable sentences with a little help of a human. Under the guidance of experts, the iterative process can avoid semantic drift. Besides, NOIR can help experts discover relation-specific tokens that are hard to think of. Experimental results on three real-world datasets show the effectiveness of the proposed method compared with state-of-the-art methods.

This paper integrates Software-Defined Networking (SDN) and Information -Centric Networking (ICN) framework to enable low latency-based stateful routing and caching management by leveraging a novel forwarding and caching strategy. The framework is implemented in a clean- slate environment that does not rely on the TCP/IP principle. It utilizes Pending Interest Tables (PIT) instead of Forwarding Information Base (FIB) to perform data dissemination among peers in the proposed IC-SDN framework. As a result, all data exchanged and cached in the system are organized in chunks with the same interest resulting in reduced packet overhead costs. Additionally, we propose an efficient caching strategy that leverages in- network caching and naming of contents through an IC-SDN controller to support off- path caching. The testbed evaluation shows that the proposed IC-SDN implementation achieves an increased throughput and reduced latency compared to the traditional information-centric environment, especially in the high load scenarios.

The design of public-key cryptography algorithm based on LWE hard problem is a hot topic in the field of post-quantum cryptography. In this paper, we design a new homomorphic encryption algorithm based on LWE problem. Firstly, to solve the problem that the existing encryption algorithms can only encrypt a single 0 or 1 bit, a new encryption algorithm based on LWE over integer is proposed, and its correctness and security are proved by theoretical analysis. Secondly, an additive homomorphism algorithm is constructed based on the algorithm, and the correctness of the algorithm is proved. The homomorphism algorithm can carry out multi-level homomorphism addition under certain parameters. Finally, the public key cryptography algorithm and homomorphic encryption algorithm are simulated through experiments, which verifies the correctness of the algorithm again, and compares the efficiency of the algorithm with existing algorithms. The experimental data shows that the algorithm has certain efficiency advantages.

Today's companies are increasingly relying on Internet of Everything (IoE) to modernize their operations. The very complexes characteristics of such system expose their applications and their exchanged data to multiples risks and security breaches that make them targets for cyber attacks. The aim of our work in this paper is to provide an cybersecurity strategy whose objective is to prevent and anticipate threats related to the IoE. An economic approach is used in order to help to take decisions according to the reduction of the risks generated by the non definition of the appropriate levels of security. The considered problem have been resolved by exploiting a combinatorial optimization approach with a practical case of knapsack. We opted for a bi-objective modeling under uncertainty with a constraint of cardinality and a given budget to be respected. To guarantee a robustness of our strategy, we have also considered the criterion of uncertainty by taking into account all the possible threats that can be generated by a cyber attacks over IoE. Our strategy have been implemented and simulated under MATLAB environement and its performance results have been compared to those obtained by NSGA-II metaheuristic. Our proposed cyber security strategy recorded a clear improvment of efficiency according to the optimization of the security level and cost parametrs.

Fog computing is a new computing paradigm that utilizes numerous mutually cooperating terminal devices or network edge devices to provide computing, storage, and communication services. Fog computing extends cloud computing services to the edge of the network, making up for the deficiencies of cloud computing in terms of location awareness, mobility support and latency. However, fog nodes are not active enough to perform tasks, and fog nodes recruited by cloud service providers cannot provide stable and continuous resources, which limits the development of fog computing. In the process of cloud service providers using the resources in the fog nodes to provide services to users, the cloud service providers and fog nodes are selfish and committed to maximizing their own payoffs. This situation makes it easy for the fog node to work negatively during the execution of the task. Limited by the low quality of resource provided by fog nodes, the payoff of cloud service providers has been severely affected. In response to this problem, an appropriate incentive mechanism needs to be established in the fog computing environment to solve the core problems faced by both cloud service providers and fog nodes in maximizing their respective utility, in order to achieve the incentive effect. Therefore, this paper proposes an incentive model based on repeated game, and designs a trigger strategy with credible threats, and obtains the conditions for incentive consistency. Under this condition, the fog node will be forced by the deterrence of the trigger strategy to voluntarily choose the strategy of actively executing the task, so as to avoid the loss of subsequent rewards when it is found to perform the task passively. Then, using evolutionary game theory to analyze the stability of the trigger strategy, it proves the dynamic validity of the incentive consistency condition.

The spread of Internet of Things (IoT) devices and high-speed communications, such as 5G, makes their services rich and diverse. Therefore, it is desirable to perform functions of rich services transparently and use edge computing environments flexibly at intermediate locations on the Internet, from the perspective of a network system. When this type of edge computing environment is achieved, IoT nodes as end devices of the Internet can fully utilize edge computing systems and cloud systems without any change, such as switching destination IP addresses between them, along with protocol maintenance for the switching. However, when the data transfer in the communication is encrypted, a decryption method is necessary at the edge, to realize these transparent edge services. In this study, a transparent common key-exchanging method with cloud service has been proposed as the destination node of a communication pair, to transparently decrypt a secure sockets layer-encrypted communication stream at the edge area. This enables end devices to be free from any changes and updates to communicate with the destination node.

In recent times, major cybersecurity breaches and cyber fraud had huge negative impact on victim organisations. The biggest impact made on major areas of business activities. Majority of organisations facing cybersecurity adversity and advanced threats suffers from huge financial and reputation loss. The current security technologies, policies and processes are providing necessary capabilities and cybersecurity mechanism to solve cyber threats and risks. However, current solutions are not providing required mechanism for decision making on impact of cybersecurity breaches and fraud. In this paper, we are reporting initial findings and proposing conceptual solution. The paper is aiming to provide a novel model for Cybersecurity Economics and Analysis (CEA). We will contribute to increasing harmonization of European cybersecurity initiatives and reducing fragmented practices of cybersecurity solutions and also helping to reach EU Digital Single Market goal. By introducing Cybersecurity Readiness Level Metrics the project will measure and increase effectiveness of cybersecurity programs, while the cost-benefit framework will help to increase the economic and financial viability, effectiveness and value generation of cybersecurity solutions for organisation's strategic, tactical and operational imperative. The ambition of the research development and innovation (RDI) is to increase and re-establish the trust of the European citizens in European digital environments through practical solutions.

Modern vehicles equipped with a large number of electronic components, sensors, actuators, and extensive connectivity, are the classical example of cyber-physical systems (CPS). Communication as an integral part of the CPS has enabled and offered many value-added services for vehicular networks. The communication mechanism helps to share contents with all vehicular network nodes and the surrounding environment, e.g., vehicles, traffic lights, and smart road signs, to efficiently take informed and smart decisions. Thus, it opens the doors to many security threats and vulnerabilities. Traditional TCP/IP-based communication paradigm focuses on securing the communication channel instead of the contents that travel through the network. Nevertheless, for content-centered application, content security is more important than communication channel security. To this end, named data networking (NDN) is one of the future Internet architectures that puts the contents at the center of communication and offers embedded content security. In this paper, we first identify the cyberattacks and security challenges faced by the vehicular CPS (VCPS). Next, we propose the NDN-based cyber-resilient, the layered and modular architecture for VCPS. The architecture includes the NDN's forwarding daemon, threat aversion, detection, and resilience components. A detailed discussion about the functionality of each component is also presented. Furthermore, we discuss the future challenges faced by the integration of NDN with VCPS to realize NDN-based VCPS.

Authorship attribution, an NLP problem where anonymous text is matched to its author, has important, cross-disciplinary applications, particularly those concerning cyber-defense. Our research examines the degree of sensitivity that attention-based models have to adversarial perturbations. We ask, what is the minimal amount of change necessary to maximally confuse a transformer model? In our investigation we examine a balanced subset of emails from the Enron email dataset, calculating the performance of our model before and after email signatures have been perturbed. Results show that the model's performance changed significantly in the absence of a signature, indicating the importance of email signatures in email authorship detection. Furthermore, we show that these models rely on signatures for shorter emails much more than for longer emails. We also indicate that additional research is necessary to investigate stylometric features and adversarial training to further improve classification model robustness.

SQL Injection and Cross-Site Scripting are the two most common attacks in database-based web applications. In this paper we propose a system to detect different types of SQL injection and XSS attacks associated with a web application, without the existence of any firewall, while significantly reducing the network overhead. We use properly modifications of the Nginx Reverse Proxy protocols and Suricata NIDS/ IPS rules. Pure work has been done from other researchers based on the capabilities of Nginx and Suricata and our approach with the experimental results provided in the paper demonstrate the efficiency of our system.

In the current network security situation, the types of network threats are complex and changeable. With the development of the Internet and the application of information technology, the general trend is opener. Important data and important business applications will face more serious security threats. However, with the development of cloud computing technology, the trend of large-scale deployment of important business applications in cloud centers has greatly increased. The development and use of software-defined networks in cloud data centers have greatly reduced the effect of traditional network security boundary protection. How to find an effective way to protect important applications in open multi-step large-scale cloud data centers is a problem we need to solve. Threat intelligence has become an important means to solve complex network attacks, realize real-time threat early warning and attack tracking because of its ability to analyze the threat intelligence data of various network attacks. Based on the research of threat intelligence, machine learning, cloud central network, SDN and other technologies, this paper proposes an active defense method of network security based on threat intelligence for super-large cloud data centers.

With the emergence of computationally intensive and delay sensitive applications, mobile edge computing(MEC) has become more and more popular. Simultaneously, MEC paradigm is faced with security challenges, the most harmful of which is DDoS attack. In this paper, we focus on the resource orchestration algorithm in MEC scenario to mitigate DDoS attack. Most of existing works on resource orchestration algorithm barely take into account DDoS attack. Moreover, they assume that MEC nodes are unselfish, while in practice MEC nodes are selfish and try to maximize their individual utility only, as they usually belong to different network operators. To solve such problems, we propose a price-based resource orchestration algorithm(PROA) using game theory and convex optimization, which aims at mitigating DDoS attack while maximizing the utility of each participant. Pricing resources to simulate market mechanisms, which is national to make rational decisions for all participants. Finally, we conduct experiment using Matlab and show that the proposed PROA can effectively mitigate DDoS attack on the attacked MEC node.

The continuous increase in sophistication of threat actors over the years has made the use of actionable threat intelligence a critical part of the defence against them. Such Cyber Threat Intelligence is published daily on several online sources, including vulnerability databases, CERT feeds, and social media, as well as on forums and web pages from the Surface and the Dark Web. Named Entity Recognition (NER) techniques can be used to extract the aforementioned information in an actionable form from such sources. In this paper we investigate how the latest advances in the NER domain, and in particular transformer-based models, can facilitate this process. To this end, the dataset for NER in Threat Intelligence (DNRTI) containing more than 300 pieces of threat intelligence reports from open source threat intelligence websites is used. Our experimental results demonstrate that transformer-based techniques are very effective in extracting cybersecurity-related named entities, by considerably outperforming the previous state- of-the-art approaches tested with DNRTI.

In the distributed file sharing system, a large number of users share bandwidth, upload resources and store them in a decentralized manner, thus offering both an abundant supply of high-quality resources and high-speed download. However, some users only enjoy the convenient service without uploading or sharing, which is called free riding. Free-riding may discourage other honest users. When free-riding users mount to a certain number, the platform may fail to work. The current available incentive mechanisms, such as reciprocal incentive mechanisms and reputation-based incentive mechanisms, which suffer simple incentive models, inability to achieve incentive circulation and dependence on a third-party trusted agency, are unable to completely solve the free-riding problem.In this paper we build a blockchain-based distributed file sharing platform and design a nested incentive scheme for this platform. The proposed nested incentive mechanism achieves the circulation of incentives in the platform and does not rely on any trusted third parties for incentive distribution, thus providing a better solution to free-riding. Our distributed file sharing platform prototype is built on the current mainstream blockchain. Nested incentive scheme experiments on this platform verify the effectiveness and superiority of our incentive scheme in solving the free-riding problem compared to other schemes.

Cloud computing has helped in managing big data and providing resources remotely and ubiquitously, but it has some latency and security concerns. Fog has provided tremendous advantages over cloud computing which include low latency rate, improved real-time interactions, reduced network traffic overcrowding, and improved reliability, however, security concerns need to be addressed separately. Another major issue in the cloud is Cloud Lock-in/Vendor Lock-in. Through this research, an effort has been made to extend fog computing and Searchable Encryption technologies. The proposed system can reduce the issue of cloud lock-in faced in traditional cloud computing. The SE schemes used in this paper are Symmetric Searchable Encryption (SSE) and Multi-keyword Ranked Searchable Encryption (MRSE) to achieve confidentiality, privacy, fine-grained access control, and efficient keyword search. This can help to achieve better access control and keyword search simultaneously. An important use of this technique is it helps to prevent the issue of cloud/vendor lock-in. This can shift some computation and storage of index tables over fog nodes that will reduce the dependency on Cloud Service Providers (CSPs).

Underwater Wireless Sensor Networks (UWSN) has vast application areas. Due to the unprotected nature, underwater security is a prime concern. UWSN becomes vulnerable to different attacks due to malicious nodes. Sybil attack is one of the major attacks in UWSN. Most of the proposed security methods are based on encryption and decryption which consumes resources of the sensor nodes. In this paper, a simple authentication mechanism is proposed for securing the UWSN from the Sybil attack. As the nodes have very less computation power and energy resources so this work is not followed any kind of encryption and decryption technique. An authentication process is designed in such a way that node engaged in communication authenticate neighboring nodes by node ID and the data stored in the cluster head. This work is also addressed sensor node compromisation issue through Hierarchical Fuzzy System (HFS) based trust management model. The trust management model has been simulated in Xfuzzy-3.5. After the simulation conducted, the proposed trust management mechanism depicts significant performance on detecting compromised nodes.

Security is the main concern for wireless sensor nodes and exposed against malicious attacks. To secure the communication between sensor nodes several key managing arrangements are already implemented. The key managing method for any protected application must minimally deliver safety facilities such as truthfulness. Diffie–Hellman key exchange in the absence of authentication is exposed to MITM (man-in-the-middle) attacks due to which the attacker node can easily interrupt the communication, by appearing as a valid node in the network. In wireless sensor networks, single path routing is very common but it suffers with the two problems i:e link failure which results in data loss and if any node in single path is compromised, there is no alternative to send the data to the destination securely. To overcome this problem, multipath routing protocol is used which provides both availability and consistency of data. AOMDV (Ad-hoc On-demand Multipath Distance Vector Routing Protocol) is used in a proposed algorithm which provides alternative paths to reach the data packets to the destination. This paper presents an algorithm DH-SAM (Diffie-Hellman- Sybil Attack Mitigation) to spot and mitigate Sybil nodes and make the network trusted with the objective of solving the issue of MITM attack in the network. After node authentication, secure keys are established between two communicating nodes for data transmission using the Diffie-Hellman algorithm. Performance evaluation of DH-SAM is done by using different metrics such as detection rate, PDR, throughput, and average end to end (AE2E) delay.

The network security problem brought by the cloud computing has become an important issue to be dealt with in information construction. Since anomaly detection and attack detection in cloud environment need to find the vulnerability through the reverse analysis of data flow, it is of great significance to carry out the reverse analysis of unknown network protocol in the security application of cloud environment. To solve this problem, an improved mining method on bitstream protocol association rules with unknown type and format is proposed. The method combines the location information of the protocol framework to make the frequent extraction process more concise and accurate. In addition, for the frame separation problem of unknown protocol, we design a hierarchical clustering algorithm based on Jaccard distance and a frame field delimitation method based on the proximity of information entropy between bytes. The experimental results show that this technology can correctly resolve the protocol format and realize the purpose of anomaly detection in cloud computing, and ensure the security of cloud services.

IPsec is widely used for internet security because it offers confidentiality, integrity, and authenticity also protects from replay attacks. IP Security depends on numerous frameworks, organization propels, and cryptographic techniques. IPsec is a heavyweight complex security protocol suite. Because of complex architecture and implementation processes, security implementers prefer TLS. Because of complex implementation, it is impractical to manage over the IoT devices. We propose a simplified and lite version of internet security protocol implemented with only ESP. For encryption, we use AES, RAS-RLP public key cryptography.

Network security is of vital importance, and Information Technology admins must always be vigilant. But they often lack the expertise and skills required to harden the network properly, in with the emergence of security threats. The router plays a significant role in maintaining operational security for an organization. When it comes to information security, information security professionals mainly focus on protecting items such as firewalls, virtual private networks, etc. Routers are the foundation of any network's communication method, which means all the network information passes through the routers, making them a desirable target. The proposed automation of the router security hardening solution will immediately improve the security of routers and ensure that they are updated and hardened with minimal human intervention and configuration changes. This is specially focused on small and medium-sized organizations lacking workforce and expertise on network security and will help secure the routers with less time consumption, cost, and increased efficiency. The solution consists of four primary functions, initial configuration, vulnerability fixing, compliance auditing, and rollback. These focus on all aspects of router security in a network, from its configuration when it is initially connected to the network to checking its compliance errors, continuously monitoring the vulnerabilities that need to be fixed, and ensuring that the behavior of the devices is stable and shows no abnormalities when it comes to configuration changes.

The vast majority of nowadays remote code execution attacks target virtual function tables (vtables). Attackers hijack vtable pointers to change the control flow of a vulnerable program to their will, resulting in full control over the underlying system. In this paper, we present NoVT, a compiler-based defense against vtable hijacking. Instead of protecting vtables for virtual dispatch, our solution replaces them with switch-case constructs that are inherently control-flow safe, thus preserving control flow integrity of C++ virtual dispatch. NoVT extends Clang to perform a class hierarchy analysis on C++ source code. Instead of a vtable, each class gets unique identifier numbers which are used to dispatch the correct method implementation. Thereby, NoVT inherently protects all usages of a vtable, not just virtual dispatch. We evaluate NoVT on common benchmark applications and real-world programs including Chromium. Despite its strong security guarantees, NoVT improves runtime performance of most programs (mean overhead −0.5%, −3.7% min, 2% max). In addition, protected binaries are slightly smaller than unprotected ones. NoVT works on different CPU architectures and protects complex C++ programs against strong attacks like COOP and ShrinkWrap.

Natural Language Processing is being used in every field of human to machine interaction. Database queries although have a confined set of instructions, but still found to be complex and dedicated human resources are required to write, test, optimize and execute structured query language statements. This makes it difficult, time-consuming and many a time inaccurate too. Such difficulties can be overcome if the queries are formed dynamically with standard procedures. In this work, parsing, lexical analysis, synonym detection and formation processes of the natural language processing are being proposed to be used for dynamically generating SQL queries and optimization of them for fast processing with high accuracy. NLP parsing of the user inputted text for retrieving, creation and insertion of data are being proposed to be created dynamically from English text inputs. This will help users of the system to generate reports from the data as per the requirement without the complexities of SQL. The proposed system will not only generate queries dynamically but will also provide high accuracy and performance.