Biblio

Found 156 results

Filters: Keyword is performance evaluation  [Clear All Filters]
2020-12-28
Antonioli, D., Tippenhauer, N. O., Rasmussen, K..  2020.  BIAS: Bluetooth Impersonation AttackS. 2020 IEEE Symposium on Security and Privacy (SP). :549—562.
Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authenticate to each other using a long term key. Those procedures are used during pairing and secure connection establishment to prevent impersonation attacks. In this paper, we show that the Bluetooth specification contains vulnerabilities enabling to perform impersonation attacks during secure connection establishment. Such vulnerabilities include the lack of mandatory mutual authentication, overly permissive role switching, and an authentication procedure downgrade. We describe each vulnerability in detail, and we exploit them to design, implement, and evaluate master and slave impersonation attacks on both the legacy authentication procedure and the secure authentication procedure. We refer to our attacks as Bluetooth Impersonation AttackS (BIAS).Our attacks are standard compliant, and are therefore effective against any standard compliant Bluetooth device regardless the Bluetooth version, the security mode (e.g., Secure Connections), the device manufacturer, and the implementation details. Our attacks are stealthy because the Bluetooth standard does not require to notify end users about the outcome of an authentication procedure, or the lack of mutual authentication. To confirm that the BIAS attacks are practical, we successfully conduct them against 31 Bluetooth devices (28 unique Bluetooth chips) from major hardware and software vendors, implementing all the major Bluetooth versions, including Apple, Qualcomm, Intel, Cypress, Broadcom, Samsung, and CSR.
2021-08-11
Hossain, Md. Sajjad, Bushra Islam, Fabliha, Ifeanyi Nwakanma, Cosmas, Min Lee, Jae, Kim, Dong-Seong.  2020.  Decentralized Latency-aware Edge Node Grouping with Fault Tolerance for Internet of Battlefield Things. 2020 International Conference on Information and Communication Technology Convergence (ICTC). :420–423.
In this paper, our objective is to focus on the recent trend of military fields where they brought Internet of Things (IoT) to have better impact on the battlefield by improving the effectiveness and this is called Internet of Battlefield Things(IoBT). Due to the requirements of high computing capability and minimum response time with minimum fault tolerance this paper proposed a decentralized IoBT architecture. The proposed method can increase the reliability in the battlefield environment by searching the reliable nodes among all the edge nodes in the environment, and by adding the fault tolerance in the edge nodes will increase the effectiveness of overall battlefield scenario. This suggested fault tolerance approach is worth for decentralized mode to handle the issue of latency requirements and maintaining the task reliability of the battlefield. Our experimental results ensure the effectiveness of the proposed approach as well as enjoy the requirements of latency-aware military field while ensuring the overall reliability of the network.
2021-05-25
Taha, Mohammad Bany, Chowdhury, Rasel.  2020.  GALB: Load Balancing Algorithm for CP-ABE Encryption Tasks in E-Health Environment. 2020 Fifth International Conference on Research in Computational Intelligence and Communication Networks (ICRCICN). :165–170.
Security of personal data in the e-healthcare has always been challenging issue. The embedded and wearable devices used to collect these personal and critical data of the patients and users are sensitive in nature. Attribute-Based Encryption is believed to provide access control along with data security for distributed data among multiple parties. These resources limited devices do have the capabilities to secure the data while sending to the cloud but instead it increases the overhead and latency of running the encryption algorithm. On the top of if confidentiality is required, which will add more latency. In order to reduce latency and overhead, we propose a new load balancing algorithm that will distribute the data to nearby devices with available resources to encrypt the data and send it to the cloud. In this article, we are proposing a load balancing algorithm for E-Health system called (GALB). Our algorithm is based on Genetic Algorithm (GA). Our algorithm (GALB) distribute the tasks that received to the main gateway between the devices on E-health environment. The distribution strategy is based on the available resources in the devices, the distance between the gateway and the those devices, and the complexity of the task (size) and CP-ABE encryption policy length. In order to evaluate our algorithm performance, we compare the near optimal solution proposed by GALB with the optimal solution proposed by LP.
2021-02-08
Saleh, A. H., Yousif, A. S., Ahmed, F. Y. H..  2020.  Information Hiding for Text Files by Adopting the Genetic Algorithm and DNA Coding. 2020 IEEE 10th Symposium on Computer Applications Industrial Electronics (ISCAIE). :220–223.
Hiding information is a process to hide data or include it in different digital media such as image, audio, video, and text. However, there are many techniques to achieve the process of hiding information in the image processing, in this paper, a new method has been proposed for hidden data mechanism (which is a text file), then a transposition cipher method has been employed for encryption completed. It can be used to build an encrypted text and also to increase security against possible attacks while sending it over the World Wide Web. A genetic algorithm has been affected in the adjustment of the encoded text and DNA in the creation of an encrypted text that is difficult to detect and then include in the image and that affected the image visual quality. The proposed method outperforms the state of arts in terms of efficiently retrieving the embedded messages. Performance evaluation has been recorded high visual quality scores for the (SNR (single to noise ratio), PSNR (peak single to noise ratio) and MSE (mean square error).
2021-08-17
Zhang, Yu-Yan, Chen, Xing-Xing, Zhang, Xu.  2020.  PCHA: A Fast Packet Classification Algorithm For IPv6 Based On Hash And AVL Tree. 2020 IEEE 13th International Conference on Cloud Computing (CLOUD). :397–404.
As the core infrastructure of cloud data operation, exchange and storage, data centerneeds to ensure its security and reliability, which are the important prerequisites for the development of cloud computing. Due to various illegal accesses, attacks, viruses and other security threats, it is necessary to protect the boundary of cloud data center through security gateway. Since the traffic growing up to gigabyte level, the secure gateway must ensure high transmission efficiency and different network services to support the cloud services. In addition, data center is gradually evolving from IPv4 to IPv6 due to excessive consumption of IP addresses. Packet classification algorithm, which can divide packets into different specific streams, is very important for QoS, real-time data stream application and firewall. Therefore, it is necessary to design a high performance IPv6 packet classification algorithm suitable for security gateway.AsIPv6 has a128-bitIP address and a different packet structure compared with IPv4, the traditional IPv4 packet classification algorithm is not suitable properly for IPv6 situations. This paper proposes a fast packet classification algorithm for IPv6 - PCHA (packet classification based on hash andAdelson-Velsky-Landis Tree). It adopts the three flow classification fields of source IPaddress(SA), destination IPaddress(DA) and flow label(FL) in the IPv6 packet defined by RFC3697 to implement fast three-tuple matching of IPv6 packet. It is through hash matching of variable length IPv6 address and tree matching of shorter flow label. Analysis and testing show that the algorithm has a time complexity close to O(1) in the acceptable range of space complexity, which meets the requirements of fast classification of IPv6 packetsand can adapt well to the changes in the size of rule sets, supporting fast preprocessing of rule sets. Our algorithm supports the storage of 500,000 3-tuple rules on the gateway device and can maintain 75% of the performance of throughput for small packets of 78 bytes.
2021-01-11
Tiwari, P., Skanda, C. S., Sanjana, U., Aruna, S., Honnavalli, P..  2020.  Secure Wipe Out in BYOD Environment. 2020 International Workshop on Big Data and Information Security (IWBIS). :109–114.
Bring Your Own Device (BYOD) is a new trend where employees use their personal devices to connect to their organization networks to access sensitive information and work-related systems. One of the primary challenges in BYOD is to securely delete company data when an employee leaves an organization. In common BYOD programs, the personal device in use is completely wiped out. This may lead to the deletion of personal data during exit procedures. Due to performance and deletion latency, erasure of data in most file systems today results in unlinking the file location and marking data blocks as unused. This may suffice the need of a normal user trying to delete unwanted files but the file content is not erased from the data blocks and can be retrieved with the help of various data recovery and forensic tools. In this paper, we discuss: (1) existing work related to secure deletion, and (2) secure and selective deletion methods that delete only the required files or directories without tampering personal data. We present two per-file deletion methods: Overwriting data and Encryption based deletion which erase specific files securely. Our proposed per-file deletion methods reduce latency and performance overheads caused by overwriting an entire disk.
2021-04-08
Nasir, N. A., Jeong, S.-H..  2020.  Testbed-based Performance Evaluation of the Information-Centric Network. 2020 International Conference on Information and Communication Technology Convergence (ICTC). :166–169.
Proliferation of the Internet usage is rapidly increasing, and it is necessary to support the performance requirements for multimedia applications, including lower latency, improved security, faster content retrieval, and adjustability to the traffic load. Nevertheless, because the current Internet architecture is a host-oriented one, it often fails to support the necessary demands such as fast content delivery. A promising networking paradigm called Information-Centric Networking (ICN) focuses on the name of the content itself rather than the location of that content. A distinguished alternative to this ICN concept is Content-Centric Networking (CCN) that exploits more of the performance requirements by using in-network caching and outperforms the current Internet in terms of content transfer time, traffic load control, mobility support, and efficient network management. In this paper, instead of using the saturated method of validating a theory by simulation, we present a testbed-based performance evaluation of the ICN network. We used several new functions of the proposed testbed to improve the performance of the basic CCN. In this paper, we also show that the proposed testbed architecture performs better in terms of content delivery time compared to the basic CCN architecture through graphical results.
2021-05-13
Ahmed, Farooq, Li, Xudong, Niu, Yukun, Zhang, Chi, Wei, Lingbo, Gu, Chengjie.  2020.  UniRoam: An Anonymous and Accountable Authentication Scheme for Cross-Domain Access. 2020 International Conference on Networking and Network Applications (NaNA). :198—205.
In recent years, cross-domain roaming through Wi-Fi is ubiquitous, and the number of roaming users has increased dramatically. It is essential to authenticate users belonging to different institutes to ensure network privacy and security. Existing systems, such as eduroam, have centralized and hierarchical structure on indorse accounts that create privacy and security issues. We have proposed UniRoam, a blockchain-based cross-domain authentication scheme that provides accountability and anonymity without any trusted authority. Unlike traditional centralized approaches, UniRoam provides access authentication for its servers and users to provide anonymity and accountability without any privacy leakage issues efficiently. By using the sovrin identifier as an anonymous identity, we integrate our system with Hyperledger and Intel SGX to authenticate users that preserves both anonymity and trust when the user connects to the network. Therefore, UniRoam is highly “faulted-tolerant” to deal with different attacks and provides an effective solution that can be deployed easily in different environments.
2021-01-20
Zarazaga, P. P., Bäckström, T., Sigg, S..  2020.  Acoustic Fingerprints for Access Management in Ad-Hoc Sensor Networks. IEEE Access. 8:166083—166094.

Voice user interfaces can offer intuitive interaction with our devices, but the usability and audio quality could be further improved if multiple devices could collaborate to provide a distributed voice user interface. To ensure that users' voices are not shared with unauthorized devices, it is however necessary to design an access management system that adapts to the users' needs. Prior work has demonstrated that a combination of audio fingerprinting and fuzzy cryptography yields a robust pairing of devices without sharing the information that they record. However, the robustness of these systems is partially based on the extensive duration of the recordings that are required to obtain the fingerprint. This paper analyzes methods for robust generation of acoustic fingerprints in short periods of time to enable the responsive pairing of devices according to changes in the acoustic scenery and can be integrated into other typical speech processing tools.

2021-06-28
Imrith, Vashish N., Ranaweera, Pasika, Jugurnauth, Rameshwar A., Liyanage, Madhusanka.  2020.  Dynamic Orchestration of Security Services at Fog Nodes for 5G IoT. ICC 2020 - 2020 IEEE International Conference on Communications (ICC). :1–6.
Fog Computing is one of the edge computing paradigms that envisages being the proximate processing and storage infrastructure for a multitude of IoT appliances. With its dynamic deployability as a medium level cloud service, fog nodes are enabling heterogeneous service provisioning infrastructure that features scalability, interoperability, and adaptability. Out of the various 5G based services possible with the fog computing platforms, security services are imperative but minimally investigated direct live. Thus, in this research, we are focused on launching security services in a fog node with an architecture capable of provisioning on-demand service requests. As the fog nodes are constrained on resources, our intention is to integrate light-weight virtualization technology such as Docker for forming the service provisioning infrastructure. We managed to launch multiple security instances configured to be Intrusion Detection and Prevention Systems (IDPSs) on the fog infrastructure emulated via a Raspberry Pi-4 device. This environment was tested with multiple network flows to validate its feasibility. In our proposed architecture, orchestration strategies performed by the security orchestrator were stated as guidelines for achieving pragmatic, dynamic orchestration with fog in IoT deployments. The results of this research guarantee the possibility of developing an ambient security service model that facilitates IoT devices with enhanced security.
2020-10-30
Kang, Qiao, Lee, Sunwoo, Hou, Kaiyuan, Ross, Robert, Agrawal, Ankit, Choudhary, Alok, Liao, Wei-keng.  2020.  Improving MPI Collective I/O for High Volume Non-Contiguous Requests With Intra-Node Aggregation. IEEE Transactions on Parallel and Distributed Systems. 31:2682—2695.

Two-phase I/O is a well-known strategy for implementing collective MPI-IO functions. It redistributes I/O requests among the calling processes into a form that minimizes the file access costs. As modern parallel computers continue to grow into the exascale era, the communication cost of such request redistribution can quickly overwhelm collective I/O performance. This effect has been observed from parallel jobs that run on multiple compute nodes with a high count of MPI processes on each node. To reduce the communication cost, we present a new design for collective I/O by adding an extra communication layer that performs request aggregation among processes within the same compute nodes. This approach can significantly reduce inter-node communication contention when redistributing the I/O requests. We evaluate the performance and compare it with the original two-phase I/O on Cray XC40 parallel computers (Theta and Cori) with Intel KNL and Haswell processors. Using I/O patterns from two large-scale production applications and an I/O benchmark, we show our proposed method effectively reduces the communication cost and hence maintains the scalability for a large number of processes.

2020-12-14
Hadiansyah, R., Suryani, V., Wardana, A. A..  2020.  IoT Object Security towards the Sybil Attack Using the Trustworthiness Management. 2020 8th International Conference on Information and Communication Technology (ICoICT). :1–4.

Internet of Things (IoT), commonly referred to a physical object connected to network, refers to a paradigm in information technology integrating the advances in terms of sensing, computation and communication to improve the service in daily life. This physical object consists of sensors and actuators that are capable of changing the data to offer the improvement of service quality in daily life. When a data exchange occurs, the exchanged data become sensitive; making them vulnerable to any security attacks, one of which, for example, is Sybil attack. This paper aimed to propose a method of trustworthiness management based upon the authentication and trust value. Once performing the test on three scenarios, the system was found to be capable of detecting the Sybil attack rapidly and accurately. The average of time to detect the Sybil attacks was 9.3287 seconds and the average of time required to detect the intruder object in the system was 18.1029 seconds. The accuracy resulted in each scenario was found 100% indicating that the detection by the system to Sybil attack was 100% accurate.

2021-02-16
Mujib, M., Sari, R. F..  2020.  Performance Evaluation of Data Center Network with Network Micro-segmentation. 2020 12th International Conference on Information Technology and Electrical Engineering (ICITEE). :27—32.

Research on the design of data center infrastructure is increasing, both from academia and industry, due to the rapid development of cloud-based applications such as search engines, social networks, and large-scale computing. On a large scale, data centers can consist of hundreds to thousands of servers that require systems with high-performance requirements and low downtime. To meet the network's needs in a dynamic data center, infrastructure of applications and services are growing. It takes a process of designing a network topology so that it can guarantee availability and security. One way to surmount this is by implementing the zero trust security model based on micro-segmentation. Zero trust is a security idea based on the principle of "never trust, always verify" in which no concepts of trust and untrust in network traffic. The zero trust security model implemented network traffic in the form of untrust. Micro-segmentation is a way to achieve zero trust by dividing a network into smaller logical segments to restrict the traffic. In this research, data center network performance based on software-defined networking with zero trust security model using micro-segmentation has been evaluated using a testbed simulation of Cisco Application Centric Infrastructure by measuring the round trip time, jitter, and packet loss during experiments. Performance evaluation results show that micro-segmentation adds an average round trip time of 4 μs and jitter of 11 μs without packet loss so that the security can be improved without significantly affecting network performance on the data center.

2021-05-03
Zhu, Fangzhou, Liu, Liang, Meng, Weizhi, Lv, Ting, Hu, Simin, Ye, Renjun.  2020.  SCAFFISD: A Scalable Framework for Fine-Grained Identification and Security Detection of Wireless Routers. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1194–1199.

The security of wireless network devices has received widespread attention, but most existing schemes cannot achieve fine-grained device identification. In practice, the security vulnerabilities of a device are heavily depending on its model and firmware version. Motivated by this issue, we propose a universal, extensible and device-independent framework called SCAFFISD, which can provide fine-grained identification of wireless routers. It can generate access rules to extract effective information from the router admin page automatically and perform quick scans for known device vulnerabilities. Meanwhile, SCAFFISD can identify rogue access points (APs) in combination with existing detection methods, with the purpose of performing a comprehensive security assessment of wireless networks. We implement the prototype of SCAFFISD and verify its effectiveness through security scans of actual products.

2021-06-01
Hatti, Daneshwari I., Sutagundar, Ashok V..  2020.  Trust Induced Resource Provisioning (TIRP) Mechanism in IoT. 2020 4th International Conference on Computer, Communication and Signal Processing (ICCCSP). :1–5.
Due to increased number of devices with limited resources in Internet of Things (IoT) has to serve time sensitive applications including health monitoring, emergency response, industrial applications and smart city etc. This has incurred the problem of solving the provisioning of limited computational resources of the devices to fulfill the requirement with reduced latency. With rapid increase of devices and heterogeneity characteristic the resource provisioning is crucial and leads to conflict of trusting among the devices requests. Trust is essential component in any context for communicating or sharing the resources in the network. The proposed work comprises of trusting and provisioning based on deadline. Trust quantity is measured with concept of game theory and optimal strategy decision among provider and customer and provision resources within deadline to execute the tasks is done by finding Nash equilibrium. Nash equilibrium (NE) is estimated by constructing the payoff matrix with choice of two player strategies. NE is obtained in the proposed work for the Trust- Respond (TR) strategy. The latency aware approach for avoiding resource contention due to limited resources of the edge devices, fog computing leverages the cloud services in a distributed way at the edge of the devices. The communication is established between edge devices-fog-cloud and provision of resources is performed based on scalar chain and Gang Plank theory of management to reduce latency and increase trust quantity. To test the performance of proposed work performance parameter considered are latency and computational time.
2021-06-28
Chen, Yi-Fan, Huang, Ding-Hsiang, Huang, Cheng-Fu, Lin, Yi-Kuei.  2020.  Reliability Evaluation for a Cloud Computer Network with Fog Computing. 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C). :682–683.
The most recent and important developments in the field of computer networks are cloud and fog computing. In this study, modern cloud computer networks comprising computers, internet of things (IoT), fog servers, and cloud servers for data transmission, is investigated. A cloud computer networks can be modeled as a network with nodes and arcs, in which each arc represents a transmission line, and each node represents an IoT device, a fog server, or a cloud server. Each transmission line has several possible capacities and is regarded as a multistate. The network is termed a multi-state cloud computer network (MCCN). this study firstly constructs the mathematic model to elucidate the flow relationship among the IoT devices, edge servers, and cloud servers and subsequently develop an algorithm to evaluate the performance of the MCCN by calculating network reliability which is defined as the probability of the data being successfully processed by the MCCN.
2021-04-08
Yang, Z., Li, X., Wei, L., Zhang, C., Gu, C..  2020.  SGX-ICN: A Secure and Privacy-Preserving Information-Centric Networking with SGX Enclaves. 2020 3rd International Conference on Hot Information-Centric Networking (HotICN). :142–147.
As the next-generation network architecture, Information-Centric Networking (ICN) has emerged as a novel paradigm to cope with the increasing demand for content delivery on the Internet. In contrast to the conventional host-centric architectures, ICN focuses on content retrieval based on their name rather than their storage location. However, ICN is vulnerable to various security and privacy attacks due to the inherent attributes of the ICN architectures. For example, a curious ICN node can monitor the network traffic to reveal the sensitive data issued by specific users. Hence, further research on privacy protection for ICN is needed. This paper presents a practical approach to effectively enhancing the security and privacy of ICN by utilizing Intel SGX, a commodity trusted execution environment. The main idea is to leverage secure enclaves residing on ICN nodes to do computations on sensitive data. Performance evaluations on the real-world datasets demonstrate the efficiency of the proposed scheme. Moreover, our scheme outperforms the cryptography based method.
2021-03-09
Injadat, M., Moubayed, A., Shami, A..  2020.  Detecting Botnet Attacks in IoT Environments: An Optimized Machine Learning Approach. 2020 32nd International Conference on Microelectronics (ICM). :1—4.

The increased reliance on the Internet and the corresponding surge in connectivity demand has led to a significant growth in Internet-of-Things (IoT) devices. The continued deployment of IoT devices has in turn led to an increase in network attacks due to the larger number of potential attack surfaces as illustrated by the recent reports that IoT malware attacks increased by 215.7% from 10.3 million in 2017 to 32.7 million in 2018. This illustrates the increased vulnerability and susceptibility of IoT devices and networks. Therefore, there is a need for proper effective and efficient attack detection and mitigation techniques in such environments. Machine learning (ML) has emerged as one potential solution due to the abundance of data generated and available for IoT devices and networks. Hence, they have significant potential to be adopted for intrusion detection for IoT environments. To that end, this paper proposes an optimized ML-based framework consisting of a combination of Bayesian optimization Gaussian Process (BO-GP) algorithm and decision tree (DT) classification model to detect attacks on IoT devices in an effective and efficient manner. The performance of the proposed framework is evaluated using the Bot-IoT-2018 dataset. Experimental results show that the proposed optimized framework has a high detection accuracy, precision, recall, and F-score, highlighting its effectiveness and robustness for the detection of botnet attacks in IoT environments.

2021-05-13
Arias, Orlando, Sullivan, Dean, Shan, Haoqi, Jin, Yier.  2020.  LAHEL: Lightweight Attestation Hardening Embedded Devices using Macrocells. 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :305—315.

In recent years, we have seen an advent in software attestation defenses targeting embedded systems which aim to detect tampering with a device's running program. With a persistent threat of an increasingly powerful attacker with physical access to the device, attestation approaches have become more rooted into the device's hardware with some approaches even changing the underlying microarchitecture. These drastic changes to the hardware make the proposed defenses hard to apply to new systems. In this paper, we present and evaluate LAHEL as the means to study the implementation and pitfalls of a hardware-based attestation mechanism. We limit LAHEL to utilize existing technologies without demanding any hardware changes. We implement LAHEL as a hardware IP core which interfaces with the CoreSight Debug Architecture available in modern ARM cores. We show how LAHEL can be integrated to system on chip designs allowing for microcontroller vendors to easily add our defense into their products. We present and test our prototype on a Zynq-7000 SoC, evaluating the security of LAHEL against powerful time-of-check-time-of-use (TOCTOU) attacks, while demonstrating improved performance over existing attestation schemes.

Huo, Dongdong, Wang, Yu, Liu, Chao, Li, Mingxuan, Wang, Yazhe, Xu, Zhen.  2020.  LAPE: A Lightweight Attestation of Program Execution Scheme for Bare-Metal Systems. 2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :78—86.

Unlike traditional processors, Internet of Things (IoT) devices are short of resources to incorporate mature protections (e.g. MMU, TrustZone) against modern control-flow attacks. Remote (control-flow) attestation is fast becoming a key instrument in securing such devices as it has proven the effectiveness on not only detecting runtime malware infestation of a remote device, but also saving the computing resources by moving the costly verification process away. However, few control-flow attestation schemes have been able to draw on any systematic research into the software specificity of bare-metal systems, which are widely deployed on resource-constrained IoT devices. To our knowledge, the unique design patterns of the system limit implementations of such expositions. In this paper, we present the design and proof-of-concept implementation of LAPE, a lightweight attestation of program execution scheme that enables detecting control-flow attacks for bare-metal systems without requiring hardware modification. With rudimentary memory protection support found in modern IoT-class microcontrollers, LAPE leverages software instrumentation to compartmentalize the firmware functions into several ”attestation compartments”. It then continuously tracks the control-flow events of each compartment and periodically reports them to the verifier. The PoC of the scheme is incorporated into an LLVM-based compiler to generate the LAPE-enabled firmware. By taking experiments with several real-world IoT firmware, the results show both the efficiency and practicality of LAPE.

2021-08-31
Amjath, M.I.M., Senthooran, V..  2020.  Secure Communication Using Steganography in IoT Environment. 2020 2nd International Conference on Advancements in Computing (ICAC). 1:114—119.
IoT is an emerging technology in modern world of communication. As the usage of IoT devices is increasing in day to day life, the secure data communication in IoT environment is the major challenge. Especially, small sized Single-Board Computers (SBCs) or Microcontrollers devices are widely used to transfer data with another in IoT. Due to the less processing power and storage capabilities, the data acquired from these devices must be transferred very securely in order to avoid some ethical issues. There are many cryptography approaches are applied to transfer data between IoT devices, but there are obvious chances to suspect encrypted messages by eavesdroppers. To add more secure data transfer, steganography mechanism is used to avoid the chances of suspicion as another layer of security. Based on the capabilities of IoT devices, low complexity images are used to hide the data with different hiding algorithms. In this research study, the secret data is encoded through QR code and embedded in low complexity cover images by applying image to image hiding fashion. The encoded image is sent to the receiving device via the network. The receiving device extracts the QR code from image using secret key then decoded the original data. The performance measure of the system is evaluated by the image quality parameters mainly Peak Signal to Noise Ratio (PSNR), Normalized Coefficient (NC) and Security with maintaining the quality of contemporary IoT system. Thus, the proposed method hides the precious information within an image using the properties of QR code and sending it without any suspicion to attacker and competes with the existing methods in terms of providing more secure communication between Microcontroller devices in IoT environment.
2021-05-13
Dave, Avani, Banerjee, Nilanjan, Patel, Chintan.  2020.  SRACARE: Secure Remote Attestation with Code Authentication and Resilience Engine. 2020 IEEE International Conference on Embedded Software and Systems (ICESS). :1—8.

Recent technological advancements have enabled proliferated use of small embedded and IoT devices for collecting, processing, and transferring the security-critical information and user data. This exponential use has acted as a catalyst in the recent growth of sophisticated attacks such as the replay, man-in-the-middle, and malicious code modification to slink, leak, tweak or exploit the security-critical information in malevolent activities. Therefore, secure communication and software state assurance (at run-time and boot-time) of the device has emerged as open security problems. Furthermore, these devices need to have an appropriate recovery mechanism to bring them back to the known-good operational state. Previous researchers have demonstrated independent methods for attack detection and safeguard. However, the majority of them lack in providing onboard system recovery and secure communication techniques. To bridge this gap, this manuscript proposes SRACARE - a framework that utilizes the custom lightweight, secure communication protocol that performs remote/local attestation, and secure boot with an onboard resilience recovery mechanism to protect the devices from the above-mentioned attacks. The prototype employs an efficient lightweight, low-power 32-bit RISC-V processor, secure communication protocol, code authentication, and resilience engine running on the Artix 7 Field Programmable Gate Array (FPGA) board. This work presents the performance evaluation and state-of-the-art comparison results, which shows promising resilience to attacks and demonstrate the novel protection mechanism with onboard recovery. The framework achieves these with only 8% performance overhead and a very small increase in hardware-software footprint.

2021-07-27
Yin, Changchun, Wang, Hao, Zhou, Lu, Fang, Liming.  2020.  Ciphertext-Policy Attribute-Based Encryption with Multi-keyword Search over Medical Cloud Data. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :277—284.
Over the years, public health has faced a large number of challenges like COVID-19. Medical cloud computing is a promising method since it can make healthcare costs lower. The computation of health data is outsourced to the cloud server. If the encrypted medical data is not decrypted, it is difficult to search for those data. Many researchers have worked on searchable encryption schemes that allow executing searches on encrypted data. However, many existing works support single-keyword search. In this article, we propose a patient-centered fine-grained attribute-based encryption scheme with multi-keyword search (CP-ABEMKS) for medical cloud computing. First, we leverage the ciphertext-policy attribute-based technique to construct trapdoors. Then, we give a security analysis. Besides, we provide a performance evaluation, and the experiments demonstrate the efficiency and practicality of the proposed CP-ABEMKS.
Ye, Yunxiu, Cao, Zhenfu, Shen, Jiachen.  2020.  Unbounded Key-Policy Attribute-Based Encryption with Black-Box Traceability. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1655—1663.
Attribute-based encryption received widespread attention as soon as it was proposed. However, due to its specific characteristics, some restrictions on attribute set are not flexible enough in actual operation. In addition, since access authorities are determined according to users' attributes, users sharing the same attributes are difficult to be distinguished. Once a malicious user makes illicit gains by their decryption authorities, it is difficult to track down specific user. This paper follows practical demands to propose a more flexible key-policy attribute-based encryption scheme with black-box traceability. The scheme has a constant size of public parameters which can be utilized to construct attribute-related parameters flexibly, and the method of traitor tracing in broadcast encryption is introduced to achieve effective malicious user tracing. In addition, the security and feasibility can be proved by the security proofs and performance evaluation in this paper.
2021-08-17
Liu, Jian, Chen, Yingying, Dong, Yudi, Wang, Yan, Zhao, Tiannming, Yao, Yu-Dong.  2020.  Continuous User Verification via Respiratory Biometrics. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :1—10.
The ever-growing security issues in various mobile applications and smart devices create an urgent demand for a reliable and convenient user verification method. Traditional verification methods request users to provide their secrets (e.g., entering passwords and collecting fingerprints). We envision that the essential trend of user verification is to free users from active participation in the verification process. Toward this end, we propose a continuous user verification system, which re-uses the widely deployed WiFi infrastructure to capture the unique physiological characteristics rooted in user's respiratory motions. Different from the existing continuous verification approaches, posing dependency on restricted scenarios/user behaviors (e.g., keystrokes and gaits), our system can be easily integrated into any WiFi infrastructure to provide non-intrusive continuous verification. Specifically, we extract the respiration-related signals from the channel state information (CSI) of WiFi. We then derive the user-specific respiratory features based on the waveform morphology analysis and fuzzy wavelet transformation of the respiration signals. Additionally, a deep learning based user verification scheme is developed to identify legitimate users accurately and detect the existence of spoofing attacks. Extensive experiments involving 20 participants demonstrate that the proposed system can robustly verify/identify users and detect spoofers under various types of attacks.