Biblio

Security has become a significant factor of Internet of Things (IoT) and Cyber Physical Systems (CPS) wherein the devices usually vary in computing power and intrinsic hardware features. It is necessary to use security-by-design method in the development of these systems. This paper focuses on the security design issue about this sort of heterogeneous embedded systems and proposes a systematic approach aiming to achieve optimal security design objective.

In this study, we prove strong stability for a typical time-varying nonlinear dynamic system in batch culture, which is hard to obtain analytical solutions and equilibrium points. To this end, firstly, we construct a linear variational system to the nonlinear dynamic system. Secondly, we give a proof that the fundamental matrix solution to this dynamic system is bounded. Combined with the above two points, the strong stability for the nonlinear dynamic system is proved.

Ubiquitous Electric Internet of Things (UEIoT) is the next generation electrical energy networks. The distributed and open structure of UEIoT is weak and vulnerable to security threats. To solve the security problem of UEIoT terminal, in this paper, the interaction between smart terminals and the malicious attackers in UEIoT as a differential game is investigated. A complex decision-making process and interactions between the smart terminal and attackers are analyzed. Through derivation and analysis of the model, an algorithm for the optimal defense strategy of UEIoT is designed. The results lay a theoretical foundation, which can support UEIoT make a dynamic strategy to improve the defensive ability.

The CAN (Controller Area Network) bus, which transmits and receives ECU control information in vehicle, has a critical risk of external intrusion because there is no standardized security system. Recently, the need for IDS (Intrusion Detection System) to detect external intrusion of CAN bus is increasing, and high accuracy and real-time processing for intrusion detection are required. In this paper, we propose Hybrid MR (Machine learning and Ruleset) -IDS based on machine learning and ruleset to improve IDS performance. For high accuracy and detection rate, feature engineering was conducted based on the characteristics of the CAN bus, and the generated features were used in detection step. The proposed Hybrid MR-IDS can cope to various attack patterns that have not been learned in previous, as well as the learned attack patterns by using both advantages of rule set and machine learning. In addition, by collecting CAN data from an actual vehicle in driving and stop state, five attack scenarios including physical effects during all driving cycle are generated. Finally, the Hybrid MR-IDS proposed in this paper shows an average of 99% performance based on F1-score.

Mobile devices have been widely used to deploy security-sensitive applications such as mobile payments, mobile offices etc. SM2 digital signature technology is critical in these applications to provide the protection including identity authentication, data integrity, action non-repudiation. Since mobile devices are prone to being stolen or lost, several server-aided SM2 cooperative signature schemes have been proposed for the mobile scenario. However, existing solutions could not well fit the high-concurrency scenario which needs lightweight computation and communication complexity, especially for the server sides. In this paper, we propose a SM2 cooperative signature algorithm (SM2-CSA) for the high-concurrency scenario, which involves only one-time client-server interaction and one elliptic curve addition operation on the server side in the signing procedure. Theoretical analysis and practical tests shows that SM2-CSA can provide better computation and communication efficiency compared with existing schemes without compromising the security.

There are problems in which the use of linear regression is not sufficiently justified. In these cases, fuzzy linear regression can be used as a modeling tool. The problem of constructing a fuzzy linear regression can usually be reduced to a linear programming problem. One of the features of the resulting linear programming problem is that it uses a relatively large number of constraints in the form of inequalities with a relatively small number of variables. It is known that the problem of constructing a fuzzy linear regression is reduced to the problem of linear programming. If the user does not have enough computing power the resulting problem can be transferred to the cloud server. Two approaches are used for the confidential transfer of the problem to the server: the approach based on cryptographic encryption, and the transformational approach. The paper describes a protocol based on the transformational approach that allows for secure outsourcing of fuzzy linear regression.

Current network assessment models often ignore the impact of attack-defense timing on network security, making it difficult to characterize the dynamic game of attack-defense effectively. To effectively manage the network security risks and reduce potential losses, in this article, we propose a selection strategy for network defense based on a time game model. By analyzing the attack-defense status by analogy with the SIR infectious disease model, construction of an optimal defense strategy model based on time game, and calculation of the Nash equilibrium of the the attacker and the defender under different strategies, we can determine an optimal defense strategy. With the Matlab simulation, this strategy is verified to be effective.

Compared with other virtualization technologies, container technology is widely used in edge computing because of its low cost, high reliability, high flexibility and fast portability. However, the use of container technology can alleviate the pressure of massive data, but also bring complex and diverse security problems. Reliable information security risk assessment method is the key to ensure the smooth application of container technology. According to the risk assessment theory, a security risk assessment method for edge computing containers based on dynamic game theory is proposed. Aiming at the complex container security attack and defense process, the container system's security model is constructed based on dynamic game theory. By combining the attack and defense matrix, the Nash equilibrium solution of the model is calculated, and the dynamic process of the mutual game between security defense and malicious attackers is analyzed. By solving the feedback Nash equilibrium solution of the model, the optimal strategies of the attackers are calculated. Finally, the simulation tool is used to solve the feedback Nash equilibrium solution of the two players in the proposed model, and the experimental environment verifies the usability of the risk assessment method.

Network security has always been the most important of enterprise informatization construction and development, and the security assessment of network system is the basis for enterprises to make effective security defense strategies. Aiming at the relevance of security factors and subjectivity of evaluation results in the process of enterprise network system security assessment, a security assessment method combining Analytic Network Process and evidence theory is proposed. Firstly, we built a complete security assessment index system and network analysis structure model for enterprise network, and determined the converged security index weights by calculating hypermatrix, limit hypermatrix and stable limit hypermatrix; then, we used the evidence theory on data fusion of the evaluation opinions of multiple experts to eliminate the conflict between evidences. Finally, according to the principle of maximum membership degree, we realized the assessment of enterprise network security level using weighted average. The example analysis showed that the model not only weighed the correlation influence among the security indicators, but also effectively reduced the subjectivity of expert evaluation and the fuzziness and uncertainty in qualitative analysis, which verified the effectiveness of the model and method, and provided an important basis for network security management.

The contemporary struggle that rests upon security risk assessment of Information Systems is its feasibility in the presence of an indeterminate environment when information is insufficient, conflicting, generic or ambiguous. But as pointed out by the security experts, most of the traditional approaches to risk assessment of information systems security are no longer practicable as they fail to deliver viable support on handling uncertainty. Therefore, to address this issue, we have anticipated a comprehensive risk assessment model based on Bayesian Belief Network (BBN) and Fuzzy Inference Scheme (FIS) process to function in an indeterminate environment. The proposed model is demonstrated and further comparisons are made on the test results to validate the reliability of the proposed model.

This paper presents a new framework for SATCOM jamming resiliency in the presence of a smart adversary jammer that can prioritize specific channels to attack with a non-uniform probability of distribution. We first develop a model and a defense action strategy based on a Markov decision process (MDP). We propose a greedy algorithm for the MDP-based defense algorithm's policy to optimize the expected user's immediate and future discounted rewards. Next, we remove the assumption that the user has specific information about the attacker's pattern and model. We develop a Q-learning algorithm-a reinforcement learning (RL) approach-to optimize the user's policy. We show that the Q-learning method provides an attractive defense strategy solution without explicit knowledge of the jammer's strategy. Computer simulation results show that the MDP-based defense strategies are very efficient; they offer a significant data rate advantage over the simple random hopping approach. Also, the proposed Q-learning performance can achieve close to the MDP approach without explicit knowledge of the jammer's strategy or attacking model.

With the world moving towards digitalization, more applications and servers are online hosted on the internet, more number of vulnerabilities came out which directly affects an individual and an organization financially and in terms of reputation too. Out of those many vulnerabilities such as Injection, Deserialization, Cross site scripting and more. Injection stand top as the most critical vulnerability found in the web application. Injection itself is a broad vulnerability as it further consists of SQL Injection, Command injection, LDAP Injection, No-SQL Injection etc. In this paper we have reviewed SQL Injection, different types of SQL injection attacks, their causes and remediation to comprehend this attack.

Static security assessment is of great significance to ensure the stable transmission of electric power and steady operation of load. The scale of power system trends to expand due to the development of interconnected grid, and the security analysis of the entire network has become time-consuming. On the basis of synthesizing the efficiency and accuracy, a new method is developed. This method adopts a novel dynamic power flow (DPF) model considering the influence of governor deadband and amplitude-limit on the steady state quantitatively. In order to reduce the computation cost, a contingency screening algorithm based on binary search method is proposed. Static security assessment based on the proposed DPF models is applied to calculate the security margin constrained by severe contingencies. The ones with lower margin are chosen for further time-domain (TD) simulation analysis. The case study of a practical grid verifies the accuracy of the proposed model compared with the conventional one considering no governor nonlinearity. Moreover, the test of a practical grid in China, along with the TD simulation, demonstrates that the proposed method avoids massive simulations of all contingencies as well as provides detail information of severe ones, which is effective for security analysis of practical power grids.

Visual Question Answering (VQA) models have achieved significant success in recent times. Despite the success of VQA models, they are mostly black-box models providing no reasoning about the predicted answer, thus raising questions for their applicability in safety-critical such as autonomous systems and cyber-security. Current state of the art fail to better complex questions and thus are unable to exploit compositionality. To minimize the black-box effect of these models and also to make them better exploit compositionality, we propose a Dynamic Neural Network (DMN), which can understand a particular question and then dynamically assemble various relatively shallow deep learning modules from a pool of modules to form a network. We incorporate compositional temporal attention to these deep learning based modules to increase compositionality exploitation. This results in achieving better understanding of complex questions and also provides reasoning as to why the module predicts a particular answer. Experimental analysis on the two benchmark datasets, VQA2.0 and CLEVR, depicts that our model outperforms the previous approaches for Visual Question Answering task as well as provides better reasoning, thus making it reliable for mission critical applications like safety and security.

Fully Homomorphic Encryption (FHE) allows a third party to perform arbitrary computations on encrypted data, learning neither the inputs nor the computation results. Hence, it provides resilience in situations where computations are carried out by an untrusted or potentially compromised party. This powerful concept was first conceived by Rivest et al. in the 1970s. However, it remained unrealized until Craig Gentry presented the first feasible FHE scheme in 2009.The advent of the massive collection of sensitive data in cloud services, coupled with a plague of data breaches, moved highly regulated businesses to increasingly demand confidential and secure computing solutions. This demand, in turn, has led to a recent surge in the development of FHE tools. To understand the landscape of recent FHE tool developments, we conduct an extensive survey and experimental evaluation to explore the current state of the art and identify areas for future development.In this paper, we survey, evaluate, and systematize FHE tools and compilers. We perform experiments to evaluate these tools’ performance and usability aspects on a variety of applications. We conclude with recommendations for developers intending to develop FHE-based applications and a discussion on future directions for FHE tools development.

An efficient quantum circuit (program) compiler aims to minimize the gate-count - through efficient instruction translation, routing, gate, and cancellation - to improve run-time and noise. Therefore, a high-efficiency compiler is paramount to enable the game-changing promises of quantum computers. To date, the quantum computing hardware providers are offering a software stack supporting their hardware. However, several third-party software toolchains, including compilers, are emerging. They support hardware from different vendors and potentially offer better efficiency. As the quantum computing ecosystem becomes more popular and practical, it is only prudent to assume that more companies will start offering software-as-a-service for quantum computers, including high-performance compilers. With the emergence of third-party compilers, the security and privacy issues of quantum intellectual properties (IPs) will follow. A quantum circuit can include sensitive information such as critical financial analysis and proprietary algorithms. Therefore, submitting quantum circuits to untrusted compilers creates opportunities for adversaries to steal IPs. In this paper, we present a split compilation methodology to secure IPs from untrusted compilers while taking advantage of their optimizations. In this methodology, a quantum circuit is split into multiple parts that are sent to a single compiler at different times or to multiple compilers. In this way, the adversary has access to partial information. With analysis of over 152 circuits on three IBM hardware architectures, we demonstrate the split compilation methodology can completely secure IPs (when multiple compilers are used) or can introduce factorial time reconstruction complexity while incurring a modest overhead ( 3% to 6% on average).

Modern SoC applications include a variety of sensitive modules in which data must be protected against malicious access. Security vulnerabilities, when exercised during the SoC operation, lead to denial of service or disclosure of protected data. Hence, it is essential to undertake security validation before and after SoC fabrication and make provisions for continuous security assessment during operation. This paper presents a methodology for optimized post-deployment monitoring of SoC's security properties by migrating pre-fab design security assertions to post-fab run-time security monitors. We show that the method is scalable for large systems and complex properties by optimizing the hardware monitors and applying it to a large SoC design based on a OpenRISC-1200 SoC. About 40 security assertions were specified in System Verilog Assertions (SVA). Following formal verification, the assertions were synthesized into finite state machines and cross optimized. Following code generation in Verilog, commercial logic and layout synthesis tools were used to generate hardware monitors which were then integrated with the SoC design ready for fabrication.

We propose and experimentally demonstrate a compressive sensing scheme based on optical coherent receiver that recovers sparse optical arbitrary signals with an analog bandwidth up to 25GHz. The proposed scheme uses 16x lower sampling rate than the Nyquist theorem and spectral resolution of 24.4MHz.

Compressive Covariance Sampling (CCS) is a strategy used to recover the covariance matrix (CM) directly from compressive measurements. Several works have proven the advantages of CSS in Compressive Spectral Imaging (CSI) but most of these algorithms require multiple random projections of the scene to obtain good reconstructions. However, several low-resolution copies of the scene can be captured in a single snapshot through a lenslet array. For this reason, this paper proposes a sensing protocol and a single snapshot CCS optical architecture using a lenslet array based on the Dual Dispersive Aperture Spectral Imager(DD-CASSI) that allows the recovery of the covariance matrix with a single snapshot. In this architecture uses the lenslet array allows to obtain different projections of the image in a shot due to the special coded aperture. In order to validate the proposed approach, simulations evaluated the quality of the recovered CM and the performance recovering the spectral signatures against traditional methods. Results show that the image reconstructions using CM have PSNR values about 30 dB, and reconstructed spectrum has a spectral angle mapper (SAM) error less than 15° compared to the original spectral signatures.

Compressive beamforming has been successfully applied to the estimation of the direction of arrival (DOA) of array signals, and has higher angular resolution than traditional high-resolution beamforming methods. However, most of the existing compressive beamforming methods are based on narrow signal models. Wideband signal processing using these existing compressive beamforming methods is to divide the frequency band into several narrow-bands and add up the beamforming results of each narrow-band. However, for sonar application, signals usually consist of continuous spectrum and line spectrum, and the line spectrum is usually more than 10dB higher than the continuous spectrum. Due to the large difference of signal-to-noise ratio (SNR) of each narrow-band, different regularization parameters should be used, otherwise it is difficult to get an ideal result, which makes compressive beamforming highly complicated. In this paper, a compressive beamforming method based on spatial resampling for uniform linear arrays is proposed. The signals are converted into narrow-band signals by spatial resampling technique, and compressive beamforming is then performed to estimate the DOA of the sound source. Experimental results show the superiority of the proposed method, which avoids the problem of using different parameters in the existing compressive beamforming methods, and the resolution is comparable to the existing methods using different parameters for wideband models. The spatial-resampling compressive beamforming has a better robustness when the regularization parameter is fixed, and exhibits lower levels of background interference than the existing methods.

We address the problem of recovering signals from compressed measurements based on generative priors. Recently, generative-model based compressive sensing (GMCS) methods have shown superior performance over traditional compressive sensing (CS) techniques in recovering signals from fewer measurements. However, it is possible to further improve the performance of GMCS by introducing controlled sparsity in the latent-space. We propose a proximal meta-learning (PML) algorithm to enforce sparsity in the latent-space while training the generator. Enforcing sparsity naturally leads to a union-of-submanifolds model in the solution space. The overall framework is named as sparsity driven latent space sampling (SDLSS). In addition, we derive the sample complexity bounds for the proposed model. Furthermore, we demonstrate the efficacy of the proposed framework over the state-of-the-art techniques with application to CS on standard datasets such as MNIST and CIFAR-10. In particular, we evaluate the performance of the proposed method as a function of the number of measurements and sparsity factor in the latent space using standard objective measures. Our findings show that the sparsity driven latent space sampling approach improves the accuracy and aids in faster recovery of the signal in GMCS.

Human Resource (HR) Analytics has been increasingly attracted attention for a past decade. This is because the study field is adopted data-driven approaches to be processed and interpreted for meaningful insights in human resources. The field is involved in HR decision making helping to understand why people, organization, or other business performance behaved the way they do. Embracing the available tools for decision making and learning in the field of computational intelligence (CI) and Artificial Intelligence (AI) to the field of HR, this creates tremendous opportunities for HR Analytics in practical aspects. However, there are still inadequate applications in this area. This paper serves as a survey of using the tools and their applications in HR involving recruitment, retention, reward and retirement. An example of using CI and AI for career development and training in the era of disruption is conceptually proposed.

With the increasing application of micro-nano satellite network, it is extremely vulnerable to the influence of internal malicious nodes in the practical application process. However, currently micro-nano satellite network still lacks effective means of routing security protection. In order to solve this problem, combining with the characteristics of limited energy and computing capacity of micro-nano satellite nodes, this research proposes a secure routing algorithm based on trust value. First, the trust value of the computing node is synthesized, and then the routing path is generated by combining the trust value of the node with the AODV routing algorithm. Simulation results show that the proposed MNS-AODV routing algorithm can effectively resist the influence of internal malicious nodes on data transmission, and it can reduce the packet loss rate and average energy consumption.

Summary form only given, as follows. The complete presentation was not made available for publication as part of the conference proceedings. What is “hardware” security? The network designer relies on the security of the router box. The software developer relies on the TPM (Trusted Platform Module). The circuit designer worries about side-channel attacks. At the same time, electronics shrink: sensor nodes, IOT devices, smart devices are becoming more and more available. Adding security and cryptography to these often very resource constraint devices is a challenge. This presentation will focus on Physically Unclonable Functions and True Random Number Generators, two roots of trust, and their security testing.

Trusted Platform Modules (TPM) have grown to be crucial safeguards from the number of software-based strikes. By giving a restricted range of cryptographic providers by way of a well-defined user interface, divided as a result of the program itself, TPM and Infrastructure as a service (IaaS) can function as a root of loyalty so when a foundation aimed at advanced equal protection methods. This information studies the works aimed at uses on TPM within the cloud computing atmosphere, by journal times composed somewhere among 2013 as well as 2020. It identifies the present fashion as well as goals from these technologies within the cloud, as well as the kind of risks that it mitigates. The primary investigation is being focused on the TPM's association to the IaaS security based on the authorization and the enabling schema for integrity. Since integrity measurement is among the key uses of TPM and IaaS, particular focus is given towards the evaluation of operating period phases as well as S/W levels it's put on to. Finally, the deep survey on recent schemes can be applied on Cloud Environment.