Biblio

In this paper, we present the notion of recipient-revocable identity-based broadcast encryption scheme. In this notion, a content provider will produce encrypted content and send them to a third party (which is a broadcaster). This third party will be able to revoke some identities from the ciphertext. We present a security model to capture these requirements, as well as a concrete construction. The ciphertext consists of k+3 group elements, assuming that the maximum number of revocation identities is k. That is, the ciphertext size is linear in the maximal size of R, where R is the revocation identity set. However, we say that the additional elements compared to that from an IBBE scheme are only for the revocation but not for decryption. Therefore, the ciphertext sent to the users for decryption will be of constant size (i.e.,3 group elements). Finally, we present the proof of security of our construction.

In this paper, we propose a hierarchical identity-based encryption (HIBE) scheme in the random oracle (RO) model based on the learning with rounding (LWR) problem over small modulus \$q\$. Compared with the previous HIBE schemes based on the learning with errors (LWE) problem, the ciphertext expansion ratio of our scheme can be decreased to 1/2. Then, we utilize the HIBE scheme to construct a deterministic hierarchical identity-based encryption (D-HIBE) scheme based on the LWR problem over small modulus. Finally, with the technique of binary tree encryption (BTE) we can construct HIBE and D-HIBE schemes in the standard model based on the LWR problem over small modulus.

Proxy Re-Encryption (PRE) is a favorable primitive to realize a cryptographic cloud with secure and flexible data sharing mechanism. A number of PRE schemes with versatile capabilities have been proposed for different applications. The secure data sharing can be internally achieved in each PRE scheme. But no previous work can guarantee the secure data sharing among different PRE schemes in a general manner. Moreover, it is challenging to solve this problem due to huge differences among the existing PRE schemes in their algebraic systems and public-key types. To solve this problem more generally, this paper uniforms the definitions of the existing PRE and Public Key Encryption (PKE) schemes, and further uniforms their security definitions. Then taking any uniformly defined PRE scheme and any uniformly defined PKE scheme as two building blocks, this paper constructs a Generally Hybrid Proxy Re-Encryption (GHPRE) scheme with the idea of temporary public and private keys to achieve secure data sharing between these two underlying schemes. Since PKE is a more general definition than PRE, the proposed GHPRE scheme also is workable between any two PRE schemes. Moreover, the proposed GHPRE scheme can be transparently deployed even if the underlying PRE schemes are implementing.

With the emerging Science and Technology, network security has become a major concern. Researchers have proposed new theories and applications to eradicate the unethical access to the secret message. This paper presents a new algorithm on Symmetric Key Cryptography. The algorithm comprises of a bitwise shifting operation, folding logic along with simple mathematical operations. The fundamental security of the algorithm lies in the dual-layered encryption and decryption processes which divide the entire method into various phases. The algorithm implements a ciphered array key which itself hides the actual secret key to increase the integrity of the cryptosystem. The algorithm has been experimentally tested and the test results are promising.

The development of variable software, in general, and feature models, in particular, is an error-prone and time-consuming task. It gets increasingly more challenging with industrial-size models containing hundreds or thousands of features and constraints. Each change may lead to anomalies in the feature model such as making some features impossible to select. While the detection of anomalies is well-researched, giving explanations is still a challenge. Explanations must be as accurate and understandable as possible to support the developer in repairing the source of an error. We propose an efficient and generic algorithm for explaining different anomalies in feature models. Additionally, we achieve a benefit for the developer by computing short explanations expressed in a user-friendly manner and by emphasizing specific parts in explanations that are more likely to be the cause of an anomaly. We provide an open-source implementation in FeatureIDE and show its scalability for industrial-size feature models.

Active Cyber Defense (ACD) reconfigures cyber systems (networks and hosts) in timely manner in order to automatically respond to cyber incidents and mitigate potential risks or attacks. However, to launch a successful cyber defense, ACD strategies need to be proven effective in neutralizing the threats and enforceable under the current state and capabilities of the network. In this paper, we present a bounded model checking framework based on SMT to verify that the network can support the given ACD strategies accurately and safely without jeopardizing cyber mission invariants. We abstract the ACD strategies as sets of serializable reconfigurations and provide user interfaces to define cyber mission invariants as reachability, security, and QoS properties. We then verify the satisfaction of these invariants under the given strategies. We implemented this system on OpenFlow-based Software Defined Networks and we evaluated the time complexity for verifying ACD strategies on OpenFlow networks of over two thousand nodes and thousands of rules.

It is standard practice in enterprises to analyze large amounts of logs to detect software failures and malicious behaviors. Mobile applications pose a major challenge to centralized monitoring as network and storage limitations prevent fine-grained logs to be stored and transferred for off-line analysis. In this paper we introduce EMMA, a framework for automatic anomaly detection that enables security analysis as well as in-the-field quality assurance for enterprise mobile applications, and incurs minimal overhead for data exchange with a back-end monitoring platform. EMMA instruments binary applications with a lightweight anomaly-detection layer that reveals failures and security threats directly on mobile devices, thus enabling corrective measures to be taken promptly even when the device is disconnected. In our empirical evaluation, EMMA detected failures in unmodified Android mobile applications.

As Industries and Data Center plan to implement Software Defined Networking (SDN), the main concern is the anxiety about security. The Industries and Data Centers are curious to know how a SDN product will support them that their data, supporting applications and built in infrastructure are not vulnerable to threats. The initiation of SDN, will demand new pathways for securing control plane traffic. The traditional networks usually trust switching intelligence to implement various defense mechanisms besides known attacks. Many attacks which distress traditional networks also affect SDNs, partially due to SDN architecture complexities and most prominent among them is DoS. This paper identifies the pathways of threats to SDN systems and discuss methods to ways to mitigate them.

The threat from insiders is an ever-growing concern for organisations, and in recent years the harm that insiders pose has been widely demonstrated. This paper describes our recent work into how we might support insider threat detection when actions are taken which can be immediately determined as of concern because they fall into one of two categories: they violate a policy which is specifically crafted to describe behaviours that are highly likely to be of concern if they are exhibited, or they exhibit behaviours which follow a pattern of a known insider threat attack. In particular, we view these concerning actions as something that we can design and implement tripwires within a system to detect. We then orchestrate these tripwires in conjunction with an anomaly detection system and present an approach to formalising tripwires of both categories. Our intention being that by having a single framework for describing them, alongside a library of existing tripwires in use, we can provide the community of practitioners and researchers with the basis to document and evolve this common understanding of tripwires.

Security Patterns and Architectural Tactics are two well-known techniques for designing secure software systems. There is little or no empirical evidence on their relative effectiveness for security threats mitigation. This study presents MUA (Misuse activities + Patterns), an extension of misuse activities that incorporates patterns, and reports on a controlled comparison of this method that incorporate these techniques for threat mitigation with regard to MAST (Methodology for Applying Security Tactics) which already incorporates tactics. A simple Tsunami Alert System design was analyzed and modified by 40 undergraduate students, and significant difference was found for security threats mitigation (averaging 3.0 for Patterns versus 1.9 for Tactics, in a 1-to-5 scale). This result is contrary to previous results with professional subjects, leading us to believe that novices benefit more of detailed advice than of high-level concepts.

Real-world problems are usually composed of two or more (potentially NP-Hard) problems that are interdependent on each other. Such problems have been recently identified as "multi-hard problems" and various strategies for solving them have been proposed. One of the most successful of the strategies is based on a decomposition approach, where each of the components of a multi-hard problem is solved separately (by state-of-the-art solver) and then a negotiation protocol between the sub-solutions is applied to mediate a global solution. Multi-hardness is, however, not the only crucial aspect of real-world problems. Many real-world problems operate in a dynamically-changing, uncertain environment. Special approaches such as risk analysis and minimization may be applied in cases when we know the possible variants of constraints and criteria, as well as their probabilities. On the other hand, adaptive algorithms may be used in the case of uncertainty about criteria variants or probabilities. While such approaches are not new, their application to multi-hard problems has not yet been studied systematically. In this paper we extend the benchmark problem for multi-hardness with the aspect of uncertainty. We adapt the decomposition-based approach to this new setting, and compare it against another promising heuristic (Monte-Carlo Tree Search) on a large publicly available dataset. Our comparisons show that the decomposition-based approach outperforms the other heuristic in most cases.

We present a controller synthesis algorithm for a reach-avoid problem in the presence of adversaries. Our model of the adversary abstractly captures typical malicious attacks envisioned on cyber-physical systems such as sensor spoofing, controller corruption, and actuator intrusion. After formulating the problem in a general setting, we present a sound and complete algorithm for the case with linear dynamics and an adversary with a budget on the total L2-norm of its actions. The algorithm relies on a result from linear control theory that enables us to decompose and compute the reachable states of the system in terms of a symbolic simulation of the adversary-free dynamics and the total uncertainty induced by the adversary. With this decomposition, the synthesis problem eliminates the universal quantifier on the adversary's choices and the symbolic controller actions can be effectively solved using an SMT solver. The constraints induced by the adversary are computed by solving second-order cone programmings. The algorithm is later extended to synthesize state-dependent controller and to generate attacks for the adversary. We present preliminary experimental results that show the effectiveness of this approach on several example problems.

Phishing is one of the major issues in cyber security. In phishing, attackers steal sensitive information from users by impersonation of legitimate websites. This information captured by phisher is used for variety of scenarios such as buying goods using online transaction illegally or sometime may sell the collected user data to illegal sources. Till date, various detection techniques are proposed by different researchers but still phishing detection remains a challenging problem. While phishing remains to be a threat for all users, persons with visual impairments fall under the soft target category, as they primarily depend on the non-visual web access mode. The persons with visual impairments solely depends on the audio generated by the screen readers to identify and comprehend a web page. This weak-link shall be harnessed by attackers in creating impersonate sites that produces same audio output but are visually different. This paper proposes a model titled "MASPHID" (Model for Assisting Screenreader users to Phishing Detection) to assist persons with visual impairments in detecting phishing sites which are aurally similar but visually dissimilar. The proposed technique is designed in such a manner that phishing detection shall be carried out without burdening the users with technical details. This model works against zeroday phishing attack and evaluate high accuracy.

NDN is a promising protocol that can help to reduce congestion at Internet scale by putting content at the center of communications instead of hosts, and by providing each node with a caching capability. NDN can also natively authenticate transmitted content with a mechanism similar to website certificates that allows clients to assess the original provider. But this security feature comes at a high cost, as it relies heavily on asymmetric cryptography which affects server performance when NDN Data are generated. This is particularly critical for many services dealing with real-time data (VOIP, live streaming, etc.), but current tools are not adapted for a realistic server-side performance evaluation of NDN traffic generation when digital signature is used. We propose a new tool, NDNperf, to perform this evaluation and show that creating NDN packets is a major bottleneck of application performances. On our testbed, 14 server cores only generate \textbackslashtextasciitilde400 Mbps of new NDN Data with default packet settings. We propose and evaluate practical solutions to improve the performance of server-side NDN Data generation leading to significant gains.

Mobile platforms are increasingly using Heterogeneous Multi-Processor Systems-on-Chip (HMPSoCs) with differentiated processing cores and GPUs to achieve high performance for graphics-intensive applications such as mobile games. Traditionally, separate CPU and GPU governors are deployed in order to achieve energy efficiency through Dynamic Voltage Frequency Scaling (DVFS), but miss opportunities for further energy savings through coordinated system-level application of DVFS. We present Co-Cap, a cooperative CPU-GPU DVFS strategy that orchestrates energy-efficient CPU and GPU DVFS through coordinated CPU and GPU frequency capping to avoid frequency over-provisioning while maintaining desired performance. Unlike traditional approaches that target a narrow set of mobile games, our Co-Cap approach is applicable across a wide range of mobile games. Our methodology deploys a training phase followed by a deployment phase, allowing not only deployment across a wide range of mobile games with varying graphics workloads, but also across new mobile architectural platforms. Our experimental results across a large set of over 70 mobile games show that Co-Cap improves energy per frame by 10.6% and 10.0% (23.1% and 19.1% in CPU dominant applications) on average and achieves minimal frames per second (FPS) loss by 0.5% and 0.7% (1.3% and 1.7% in CPU dominant applications) on average in training- and deployment sets, respectively, compared to the default CPU and GPU governors, with negligible overhead in execution time and power consumption on the ODROID-XU3 platform.

As a common practice in software development, program obfuscation aims at deterring reverse engineering and malicious attacks on released source or binary code. Owning ample obfuscation techniques, we have relatively little knowledge on how to most effectively use them. The biggest challenge lies in identifying the most useful combination of these techniques. We propose a unified framework to automatically generate and optimize obfuscation based on an obscurity language model and a Monte Carlo Markov Chain (MCMC) based search algorithm. We further instantiate it for JavaScript programs and developed the Closure* tool. Compared to the well-known Google Closure Compiler, Closure* outperforms its default setting by 26%. For programs which have already been well obfuscated, Closure* can still outperform by 22%.

Software-defined Networking (SDN) enables advanced network applications by separating a network into a data plane that forwards packets and a control plane that computes and installs forwarding rules into the data plane. Many SDN applications rely on dynamic rule installation, where the control plane processes the first few packets of each traffic flow and then installs a dynamically computed rule into the data plane to forward the remaining packets. Control plane processing adds delay, as the switch must forward each packet and meta-information to a (often centralized) control server and wait for a response specifying how to handle the packet. The amount of delay the control plane imposes depends on its load, and the applications and protocols it runs. In this work, we develop a non- intrusive timing attack that exploits this property to learn about a SDN network's configuration. The attack analyzes the amount of delay added to timing pings that are specially crafted to invoke the control plane, while transmitting other packets that may invoke the control plane, depending on the network's configuration. We show, in a testbed with physical OpenFlow switches and controllers, that an attacker can probe the network at a low rate for short periods of time to learn a bevy of sensitive information about networks with \textbackslashtextgreater 99% accuracy, including host communication patterns, ACL entries, and network monitoring settings. We also implement and test a practical defense: a timeout proxy, which normalizes control plane delay by providing configurable default responses to control plane requests that take too long. The proxy can be deployed on unmodified OpenFlow switches. It reduced the attack accuracy to below 50% in experiments, and can be configured to have minimal impact on non-attack traffic.

Domain Name System (DNS) had been recognized as an indispensable and fundamental infrastructure of current Internet. However, due to the original design philosophy and easy access principle, one can conveniently wiretap the DNS requests and responses. Such phenomenon is a serious threat for user privacy protection especially when an inside hacking takes place. Motivated by such circumstances, we proposed a ports distribution management solution to relieve the potential information leakage inside local DNS. Users will be able to utilize pre-assigned port numbers instead of default port 53. Selection method of port numbers at the server side and interactive process with corresponding end host are investigated. The necessary implementation steps, including modifications of destination port field, extension option usage, etc., are also discussed. A mathematical model is presented to further evaluate the performance. Both the possible blocking probability and port utilization are illustrated. We expect that this solution will be beneficial not only for the users in security enhancement, but also for the DNS servers in resources optimization.

The emphasis on exhaustive passive capturing of images using wearable cameras like Autographer, which is often known as lifelogging has brought into foreground the challenge of preserving privacy, in addition to presenting the vast amount of images in a meaningful way. In this paper, we present a user-study to understand the importance of an array of factors that are likely to influence the lifeloggers to share their lifelog images in their online circle. The findings are a step forward in the emerging area intersecting HCI, and privacy, to help in exploring design directions for privacy mediating techniques in lifelogging applications.

Among the various types of Role-based access control (RBAC) policies proposed in the literature, contextual policies take into account the user's location and the time at which she requests an access. The precise characterization of the context in such policies and the definition of an access decision procedure for them are non-trivial ntasks, since they have to take into account the various facets of the temporal and spatial expressions occurring in these policies. Existing approaches for modeling contextual policies do not support all the various spatio-temporal concepts and often do not provide an access decision procedure. In this paper, we propose a model-driven approach to representing and checking RBAC contextual policies. We introduce GemRBAC+CTX, an extension of a generalized conceptual model for RBAC, which contains all the concepts required to model contextual policies. We formalize these policies as constraints, using the Object Constraint Language (OCL), on the GemRBAC+CTX model, as a way to operationalize the access decision for user's requests using model-driven technologies. We show the application of GemRBAC+CTX to model the RBAC contextual policies of an application developed by HITEC Luxembourg, a provider of situational-aware information management systems for emergency scenarios. The use of GemRBAC+CTX has allowed the engineers of HITEC to define several new types of contextual policies, with a fine-grained, precise description of contexts. The preliminary experimental results show the feasibility of applying our model-driven approach for making access decisions in real systems.

Location data can be extremely useful to study commuting patterns and disruptions, as well as to predict real-time traffic volumes. At the same time, however, the fine-grained collection of user locations raises serious privacy concerns, as this can reveal sensitive information about the users, such as, life style, political and religious inclinations, or even identities. In this paper, we study the feasibility of crowd-sourced mobility analytics over aggregate location information: users periodically report their location, using a privacy-preserving aggregation protocol, so that the server can only recover aggregates - i.e., how many, but not which, users are in a region at a given time. We experiment with real-world mobility datasets obtained from the Transport For London authority and the San Francisco Cabs network, and present a novel methodology based on time series modeling that is geared to forecast traffic volumes in regions of interest and to detect mobility anomalies in them. In the presence of anomalies, we also make enhanced traffic volume predictions by feeding our model with additional information from correlated regions. Finally, we present and evaluate a mobile app prototype, called Mobility Data Donors (MDD), in terms of computation, communication, and energy overhead, demonstrating the real-world deployability of our techniques.

Machine-based tracking is a type of behavior that extracts information on a user's machine, which can then be used for fingerprinting, tracking, or profiling purposes. In this paper, we focus on JavaScript-oriented machine-based tracking as JavaScript is widely accessible in all browsers. We find that coarse features related to JavaScript access, cookie access, and URL length subdomain information can perform well in creating a classifier that can identify these machine-based trackers with 97.7% accuracy. We then use the classifier on real-world datasets based on 30-minute website crawls of different types of websites – including websites that target children and websites that target a popular audience – and find 85%+ of all websites utilize machine-based tracking, even when they target a regulated group (children) as their primary audience.

The Internet of Things (IoT) systems are designed and developed either as standalone applications from the ground-up or with the help of IoT middleware platforms. They are designed to support different kinds of scenarios, such as smart homes and smart cities. Thus far, privacy concerns have not been explicitly considered by IoT applications and middleware platforms. This is partly due to the lack of systematic methods for designing privacy that can guide the software development process in IoT. In this paper, we propose a set of guidelines, a privacy by-design framework, that can be used to assess privacy capabilities and gaps of existing IoT applications as well as middleware platforms. We have evaluated two open source IoT middleware platforms, namely OpenIoT and Eclipse SmartHome, to demonstrate how our framework can be used in this way.

Mobile Devices are part of our lives and we store a lot of private information on it as well as use services that handle sensitive information (e.g. mobile health apps). Whenever users install an application on their smartphones they have to decide whether to trust the applications and share private and sensitive data with at least the developer-owned services. But almost all modern apps not only transmit data to the developer owned servers but also send information to advertising-, analyzing and tracking partners. This paper presents an approach for a "privacy- proxy" which enables to filter unwanted data traffic to third party services without installing additional applications on the smartphone. It is based on a firewall using a black list of tracking- and analyzing networks which is automatically updated on a daily basis. The proof of concept has been implemented with open source components on a Raspberry Pi.

The lifelogging activity enables a user, the lifelogger, to passively capture multimodal records from a first-person perspective and ultimately create a visual diary encompassing every possible aspect of her life with unprecedented details. In recent years it has gained popularity among different groups of users. However, the possibility of ubiquitous presence of lifelogging devices especially in private spheres has raised serious concerns with respect to personal privacy. Different practitioners and active researchers in the field of lifelogging have analysed the issue of privacy in lifelogging and proposed different mitigation strategies. However, none of the existing works has considered a well-defined privacy threat model in the domain of lifelogging. Without a proper threat model, any analysis and discussion of privacy threats in lifelogging remains incomplete. In this paper we aim to fill in this gap by introducing a first-ever privacy threat model identifying several threats with respect to lifelogging. We believe that the introduced threat model will be an essential tool and will act as the basis for any further research within this domain.