Visible to the public Biblio

Found 1544 results

Filters: First Letter Of Last Name is D  [Clear All Filters]
2021-06-02
Zegers, Federico M., Hale, Matthew T., Shea, John M., Dixon, Warren E..  2020.  Reputation-Based Event-Triggered Formation Control and Leader Tracking with Resilience to Byzantine Adversaries. 2020 American Control Conference (ACC). :761—766.
A distributed event-triggered controller is developed for formation control and leader tracking (FCLT) with robustness to adversarial Byzantine agents for a class of heterogeneous multi-agent systems (MASs). A reputation-based strategy is developed for each agent to detect Byzantine agent behaviors within their neighbor set and then selectively disregard Byzantine state information. Selectively ignoring Byzantine agents results in time-varying discontinuous changes to the network topology. Nonsmooth dynamics also result from the use of the event-triggered strategy enabling intermittent communication. Nonsmooth Lyapunov methods are used to prove stability and FCLT of the MAS consisting of the remaining cooperative agents.
Scarabaggio, Paolo, Carli, Raffaele, Dotoli, Mariagrazia.  2020.  A game-theoretic control approach for the optimal energy storage under power flow constraints in distribution networks. 2020 IEEE 16th International Conference on Automation Science and Engineering (CASE). :1281—1286.
Traditionally, the management of power distribution networks relies on the centralized implementation of the optimal power flow and, in particular, the minimization of the generation cost and transmission losses. Nevertheless, the increasing penetration of both renewable energy sources and independent players such as ancillary service providers in modern networks have made this centralized framework inadequate. Against this background, we propose a noncooperative game-theoretic framework for optimally controlling energy storage systems (ESSs) in power distribution networks. Specifically, in this paper we address a power grid model that comprehends traditional loads, distributed generation sources and several independent energy storage providers, each owning an individual ESS. Through a rolling-horizon approach, the latter participate in the grid optimization process, aiming both at increasing the penetration of distributed generation and leveling the power injection from the transmission grid. Our framework incorporates not only economic factors but also grid stability aspects, including the power flow constraints. The paper fully describes the distribution grid model as well as the underlying market hypotheses and policies needed to force the energy storage providers to find a feasible equilibrium for the network. Numerical experiments based on the IEEE 33-bus system confirm the effectiveness and resiliency of the proposed framework.
Das, Sima, Panda, Ganapati.  2020.  An Initiative Towards Privacy Risk Mitigation Over IoT Enabled Smart Grid Architecture. 2020 International Conference on Renewable Energy Integration into Smart Grids: A Multidisciplinary Approach to Technology Modelling and Simulation (ICREISG). :168—173.
The Internet of Things (IoT) has transformed many application domains with realtime, continuous, automated control and information transmission. The smart grid is one such futuristic application domain in execution, with a large-scale IoT network as its backbone. By leveraging the functionalities and characteristics of IoT, the smart grid infrastructure benefits not only consumers, but also service providers and power generation organizations. The confluence of IoT and smart grid comes with its own set of challenges. The underlying cyberspace of IoT, though facilitates communication (information propagation) among devices of smart grid infrastructure, it undermines the privacy at the same time. In this paper we propose a new measure for quantifying the probability of privacy leakage based on the behaviors of the devices involved in the communication process. We construct a privacy stochastic game model based on the information shared by the device, and the access to the compromised device. The existence of Nash Equilibrium strategy of the game is proved theoretically. We experimentally validate the effectiveness of the privacy stochastic game model.
Anbumani, P., Dhanapal, R..  2020.  Review on Privacy Preservation Methods in Data Mining Based on Fuzzy Based Techniques. 2020 2nd International Conference on Advances in Computing, Communication Control and Networking (ICACCCN). :689—694.
The most significant motivation behind calculations in data mining will play out excavation on incomprehensible past examples since the extremely large data size. During late occasions there are numerous phenomenal improvements in data assembling because of the advancement in the field of data innovation. Lately, Privacy issues in data Preservation didn't get a lot of consideration in the process mining network; nonetheless, a few protection safeguarding procedures in data change strategies have been proposed in the data mining network. There are more normal distinction between data mining and cycle mining exist yet there are key contrasts that make protection safeguarding data mining methods inadmissible to mysterious cycle data. Results dependent on the data mining calculation can be utilized in different regions, for example, Showcasing, climate estimating and Picture Examination. It is likewise uncovered that some delicate data has a result of the mining calculation. Here we can safeguard the Privacy by utilizing PPT (Privacy Preservation Techniques) strategies. Important Concept in data mining is privacy preservation Techniques (PPT) because data exchanged between different persons needs security, so that other persons didn't know what actual data transferred between the actual persons. Preservation in data mining deals that not showing the output information / data in the data mining by using various methods while the output data is precious. There are two techniques used for privacy preservation techniques. One is to alter the input information / data and another one is to alter the output information / data. The method is proposed for protection safeguarding in data base environmental factors is data change. This capacity has fuzzy three-sided participation with this strategy for data change to change the first data collection.
2021-06-01
Maswood, Mirza Mohd Shahriar, Uddin, Md Ashif, Dey, Uzzwal Kumar, Islam Mamun, Md Mainul, Akter, Moriom, Sonia, Shamima Sultana, Alharbi, Abdullah G..  2020.  A Novel Sensor Design to Sense Liquid Chemical Mixtures using Photonic Crystal Fiber to Achieve High Sensitivity and Low Confinement Losses. 2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON). :0686—0691.
Chemical sensing is an important issue in food, water, environment, biomedical, and pharmaceutical field. Conventional methods used in laboratory for sensing the chemical are costly, time consuming, and sometimes wastes significant amount of sample. Photonic Crystal Fiber (PCF) offers high compactness and design flexibility and it can be used as biosensor, chemical sensor, liquid sensor, temperature sensor, mechanical sensor, gas sensor, and so on. In this work, we designed PCF to sense different concentrations of different liquids by one PCF structure. We designed different structure for silica cladding hexagonal PCF to sense different concentrations of benzene-toluene and ethanol-water mixer. Core diameter, air hole diameter, and air hole diameter to lattice pitch ratio are varied to get the optimal result as well to explore the effect of core size, air hole size and the pitch on liquid chemical sensing. Performance of the chemical sensors was examined based on confinement loss and sensitivity. The performance of the sensor varied a lot and basically it depends not only on refractive index of the liquid but also on sensing wavelengths. Our designed sensor can provide comparatively high sensitivity and low confinement loss.
Materzynska, Joanna, Xiao, Tete, Herzig, Roei, Xu, Huijuan, Wang, Xiaolong, Darrell, Trevor.  2020.  Something-Else: Compositional Action Recognition With Spatial-Temporal Interaction Networks. 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). :1046–1056.
Human action is naturally compositional: humans can easily recognize and perform actions with objects that are different from those used in training demonstrations. In this paper, we study the compositionality of action by looking into the dynamics of subject-object interactions. We propose a novel model which can explicitly reason about the geometric relations between constituent objects and an agent performing an action. To train our model, we collect dense object box annotations on the Something-Something dataset. We propose a novel compositional action recognition task where the training combinations of verbs and nouns do not overlap with the test set. The novel aspects of our model are applicable to activities with prominent object interaction dynamics and to objects which can be tracked using state-of-the-art approaches; for activities without clearly defined spatial object-agent interactions, we rely on baseline scene-level spatio-temporal representations. We show the effectiveness of our approach not only on the proposed compositional action recognition task but also in a few-shot compositional setting which requires the model to generalize across both object appearance and action category.
Zhang, Zichao, de Amorim, Arthur Azevedo, Jia, Limin, Pasareanu, Corina S..  2020.  Automating Compositional Analysis of Authentication Protocols. 2020 Formal Methods in Computer Aided Design (FMCAD). :113–118.
Modern verifiers for cryptographic protocols can analyze sophisticated designs automatically, but require the entire code of the protocol to operate. Compositional techniques, by contrast, allow us to verify each system component separately, against its own guarantees and assumptions about other components and the environment. Compositionality helps protocol design because it explains how the design can evolve and when it can run safely along other protocols and programs. For example, it might say that it is safe to add some functionality to a server without having to patch the client. Unfortunately, while compositional frameworks for protocol verification do exist, they require non-trivial human effort to identify specifications for the components of the system, thus hindering their adoption. To address these shortcomings, we investigate techniques for automated, compositional analysis of authentication protocols, using automata-learning techniques to synthesize assumptions for protocol components. We report preliminary results on the Needham-Schroeder-Lowe protocol, where our synthesized assumption was capable of lowering verification time while also allowing us to verify protocol variants compositionally.
2021-05-26
Moslemi, Ramin, Davoodi, Mohammadreza, Velni, Javad Mohammadpour.  2020.  A Distributed Approach for Estimation of Information Matrix in Smart Grids and its Application for Anomaly Detection. 2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). :1—7.

Statistical structure learning (SSL)-based approaches have been employed in the recent years to detect different types of anomalies in a variety of cyber-physical systems (CPS). Although these approaches outperform conventional methods in the literature, their computational complexity, need for large number of measurements and centralized computations have limited their applicability to large-scale networks. In this work, we propose a distributed, multi-agent maximum likelihood (ML) approach to detect anomalies in smart grid applications aiming at reducing computational complexity, as well as preserving data privacy among different players in the network. The proposed multi-agent detector breaks the original ML problem into several local (smaller) ML optimization problems coupled by the alternating direction method of multipliers (ADMM). Then, these local ML problems are solved by their corresponding agents, eventually resulting in the construction of the global solution (network's information matrix). The numerical results obtained from two IEEE test (power transmission) systems confirm the accuracy and efficiency of the proposed approach for anomaly detection.

Yang, Wenti, Wang, Ruimiao, Guan, Zhitao, Wu, Longfei, Du, Xiaojiang, Guizani, Mohsen.  2020.  A Lightweight Attribute Based Encryption Scheme with Constant Size Ciphertext for Internet of Things. ICC 2020 - 2020 IEEE International Conference on Communications (ICC). :1—6.

The Internet of Things technology has been used in a wide range of fields, ranging from industrial applications to individual lives. As a result, a massive amount of sensitive data is generated and transmitted by IoT devices. Those data may be accessed by a large number of complex users. Therefore, it is necessary to adopt an encryption scheme with access control to achieve more flexible and secure access to sensitive data. The Ciphertext Policy Attribute-Based Encryption (CP-ABE) can achieve access control while encrypting data can match the requirements mentioned above. However, the long ciphertext and the slow decryption operation makes it difficult to be used in most IoT devices which have limited memory size and computing capability. This paper proposes a modified CP-ABE scheme, which can implement the full security (adaptive security) under the access structure of AND gate. Moreover, the decryption overhead and the length of ciphertext are constant. Finally, the analysis and experiments prove the feasibility of our scheme.

2021-05-25
Nazemi, Mostafa, Dehghanian, Payman, Alhazmi, Mohannad, Wang, Fei.  2020.  Multivariate Uncertainty Characterization for Resilience Planning in Electric Power Systems. 2020 IEEE/IAS 56th Industrial and Commercial Power Systems Technical Conference (I CPS). :1—8.
Following substantial advancements in stochastic classes of decision-making optimization problems, scenario-based stochastic optimization, robust\textbackslashtextbackslash distributionally robust optimization, and chance-constrained optimization have recently gained an increasing attention. Despite the remarkable developments in probabilistic forecast of uncertainties (e.g., in renewable energies), most approaches are still being employed in a univariate framework which fails to unlock a full understanding on the underlying interdependence among uncertain variables of interest. In order to yield cost-optimal solutions with predefined probabilistic guarantees, conditional and dynamic interdependence in uncertainty forecasts should be accommodated in power systems decision-making. This becomes even more important during the emergencies where high-impact low-probability (HILP) disasters result in remarkable fluctuations in the uncertain variables. In order to model the interdependence correlation structure between different sources of uncertainty in power systems during both normal and emergency operating conditions, this paper aims to bridge the gap between the probabilistic forecasting methods and advanced optimization paradigms; in particular, perdition regions are generated in the form of ellipsoids with probabilistic guarantees. We employ a modified Khachiyan's algorithm to compute the minimum volume enclosing ellipsoids (MVEE). Application results based on two datasets on wind and photovoltaic power are used to verify the efficiency of the proposed framework.
Barbeau, Michel, Cuppens, Frédéric, Cuppens, Nora, Dagnas, Romain, Garcia-Alfaro, Joaquin.  2020.  Metrics to Enhance the Resilience of Cyber-Physical Systems. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1167—1172.
We focus on resilience towards covert attacks on Cyber-Physical Systems (CPS). We define the new k-steerability and l-monitorability control-theoretic concepts. k-steerability reflects the ability to act on every individual plant state variable with at least k different groups of functionally diverse input signals. l-monitorability indicates the ability to monitor every individual plant state variable with £ different groups of functionally diverse output signals. A CPS with k-steerability and l-monitorability is said to be (k, l)-resilient. k and l, when both greater than one, provide the capability to mitigate the impact of covert attacks when some signals, but not all, are compromised. We analyze the influence of k and l on the resilience of a system and the ability to recover its state when attacks are perpetrated. We argue that the values of k and l can be augmented by combining redundancy and diversity in hardware and software techniques that apply the moving target paradigm.
Bosio, Alberto, Canal, Ramon, Di Carlo, Stefano, Gizopoulos, Dimitris, Savino, Alessandro.  2020.  Cross-Layer Soft-Error Resilience Analysis of Computing Systems. 2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S). :79—79.
In a world with computation at the epicenter of every activity, computing systems must be highly resilient to errors even if miniaturization makes the underlying hardware unreliable. Techniques able to guarantee high reliability are associated to high costs. Early resilience analysis has the potential to support informed design decisions to maximize system-level reliability while minimizing the associated costs. This tutorial focuses on early cross-layer (hardware and software) resilience analysis considering the full computing continuum (from IoT/CPS to HPC applications) with emphasis on soft errors.
Dodson, Michael, Beresford, Alastair R., Richardson, Alexander, Clarke, Jessica, Watson, Robert N. M..  2020.  CHERI Macaroons: Efficient, host-based access control for cyber-physical systems. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :688–693.
Cyber-Physical Systems (CPS) often rely on network boundary defence as a primary means of access control; therefore, the compromise of one device threatens the security of all devices within the boundary. Resource and real-time constraints, tight hardware/software coupling, and decades-long service lifetimes complicate efforts for more robust, host-based access control mechanisms. Distributed capability systems provide opportunities for restoring access control to resource-owning devices; however, such a protection model requires a capability-based architecture for CPS devices as well as task compartmentalisation to be effective.This paper demonstrates hardware enforcement of network bearer tokens using an efficient translation between CHERI (Capability Hardware Enhanced RISC Instructions) architectural capabilities and Macaroon network tokens. While this method appears to generalise to any network-based access control problem, we specifically consider CPS, as our method is well-suited for controlling resources in the physical domain. We demonstrate the method in a distributed robotics application and in a hierarchical industrial control application, and discuss our plans to evaluate and extend the method.
Susilo, Willy, Duong, Dung Hoang, Le, Huy Quoc.  2020.  Efficient Post-quantum Identity-based Encryption with Equality Test. 2020 IEEE 26th International Conference on Parallel and Distributed Systems (ICPADS). :633—640.
Public key encryption with equality test (PKEET) enables the testing whether two ciphertexts encrypt the same message. Identity-based encryption with equality test (IBEET) simplify the certificate management of PKEET, which leads to many potential applications such as in smart city applications or Wireless Body Area Networks. Lee et al. (ePrint 2016) proposed a generic construction of IBEET scheme in the standard model utilising a 3-level hierachy IBE together with a one-time signature scheme, which can be instantiated in lattice setting. Duong et al. (ProvSec 2019) proposed the first direct construction of IBEET in standard model from lattices. However, their scheme achieve CPA security only. In this paper, we improve the Duong et al.'s construction by proposing an IBEET in standard model which achieves CCA2 security and with smaller ciphertext and public key size.
AKCENGİZ, Ziya, Aslan, Melis, Karabayır, Özgür, Doğanaksoy, Ali, Uğuz, Muhiddin, Sulak, Fatih.  2020.  Statistical Randomness Tests of Long Sequences by Dynamic Partitioning. 2020 International Conference on Information Security and Cryptology (ISCTURKEY). :68—74.
Random numbers have a wide usage in the area of cryptography. In practice, pseudo random number generators are used in place of true random number generators, as regeneration of them may be required. Therefore because of generation methods of pseudo random number sequences, statistical randomness tests have a vital importance. In this paper, a randomness test suite is specified for long binary sequences. In literature, there are many randomness tests and test suites. However, in most of them, to apply randomness test, long sequences are partitioned into a certain fixed length and the collection of short sequences obtained is evaluated instead. In this paper, instead of partitioning a long sequence into fixed length subsequences, a concept of dynamic partitioning is introduced in accordance with the random variable in consideration. Then statistical methods are applied. The suggested suite, containing four statistical tests: Collision Tests, Weight Test, Linear Complexity Test and Index Coincidence Test, all of them work with the idea of dynamic partitioning. Besides the adaptation of this approach to randomness tests, the index coincidence test is another contribution of this work. The distribution function and the application of all tests are given in the paper.
Diao, Yiqing, Ye, Ayong, Cheng, Baorong, Zhang, Jiaomei, Zhang, Qiang.  2020.  A Dummy-Based Privacy Protection Scheme for Location-Based Services under Spatiotemporal Correlation. 2020 International Conference on Networking and Network Applications (NaNA). :443—447.
The dummy-based method has been commonly used to protect the users location privacy in location-based services, since it can provide precise results and generally do not rely on a third party or key sharing. However, the close spatiotemporal correlation between the consecutively reported locations enables the adversary to identify some dummies, which lead to the existing dummy-based schemes fail to protect the users location privacy completely. To address this limit, this paper proposes a new algorithm to produce dummy location by generating dummy trajectory, which naturally takes into account of the spatiotemporal correlation all round. Firstly, the historical trajectories similar to the user's travel route are chosen as the dummy trajectories which depend on the distance between two trajectories with the help of home gateway. Then, the dummy is generated from the dummy trajectory by taking into account of time reachability, historical query similarity and the computation of in-degree/out-degree. Security analysis shows that the proposed scheme successfully perturbs the spatiotemporal correlation between neighboring location sets, therefore, it is infeasible for the adversary to distinguish the users real location from the dummies. Furthermore, extensive experiments indicate that the proposal is able to protect the users location privacy effectively and efficiently.
Qian, Kai, Dan Lo, Chia-Tien, Guo, Minzhe, Bhattacharya, Prabir, Yang, Li.  2012.  Mobile security labware with smart devices for cybersecurity education. IEEE 2nd Integrated STEM Education Conference. :1—3.

Smart mobile devices such as smartphones and tablets have become an integral part of our society. However, it also becomes a prime target for attackers with malicious intents. There have been a number of efforts on developing innovative courseware to promote cybersecurity education and to improve student learning; however, hands-on labs are not well developed for smart mobile devices and for mobile security topics. In this paper, we propose to design and develop a mobile security labware with smart mobile devices to promote the cybersecurity education. The integration of mobile computing technologies and smart devices into cybersecurity education will connect the education to leading-edge information technologies, motivate and engage students in security learning, fill in the gap with IT industry need, and help faculties build expertise on mobile computing. In addition, the hands-on experience with mobile app development will promote student learning and supply them with a better understanding of security knowledge not only in classical security domains but also in the emerging mobile security areas.

Santos, Bernardo, Dzogovic, Bruno, Feng, Boning, Jacot, Niels, Do, Van Thuan, Do, Thanh Van.  2020.  Improving Cellular IoT Security with Identity Federation and Anomaly Detection. 2020 5th International Conference on Computer and Communication Systems (ICCCS). :776—780.

As we notice the increasing adoption of Cellular IoT solutions (smart-home, e-health, among others), there are still some security aspects that can be improved as these devices can suffer various types of attacks that can have a high-impact over our daily lives. In order to avoid this, we present a multi-front security solution that consists on a federated cross-layered authentication mechanism, as well as a machine learning platform with anomaly detection techniques for data traffic analysis as a way to study devices' behavior so it can preemptively detect attacks and minimize their impact. In this paper, we also present a proof-of-concept to illustrate the proposed solution and showcase its feasibility, as well as the discussion of future iterations that will occur for this work.

2021-05-20
Dua, Amit, Barpanda, Siddharth Sekhar, Kumar, Neeraj, Tanwar, Sudeep.  2020.  Trustful: A Decentralized Public Key Infrastructure and Identity Management System. 2020 IEEE Globecom Workshops GC Wkshps. :1—6.

Modern Internet TCP uses Secure Sockets Layers (SSL)/Transport Layer Security (TLS) for secure communication, which relies on Public Key Infrastructure (PKIs) to authenticate public keys. Conventional PKI is done by Certification Authorities (CAs), issuing and storing Digital Certificates, which are public keys of users with the users identity. This leads to centralization of authority with the CAs and the storage of CAs being vulnerable and imposes a security concern. There have been instances in the past where CAs have issued rogue certificates or the CAs have been hacked to issue malicious certificates. Motivated from these facts, in this paper, we propose a method (named as Trustful), which aims to build a decentralized PKI using blockchain. Blockchains provide immutable storage in a decentralized manner and allows us to write smart contracts. Ethereum blockchain can be used to build a web of trust model where users can publish attributes, validate attributes about other users by signing them and creating a trust store of users that they trust. Trustful works on the Web-of-Trust (WoT) model and allows for any entity on the network to verify attributes about any other entity through a trusted network. This provides an alternative to the conventional CA-based identity verification model. The proposed model has been implemented and tested for efficacy and known major security attacks.

Almogbil, Atheer, Alghofaili, Abdullah, Deane, Chelsea, Leschke, Timothy, Almogbil, Atheer, Alghofaili, Abdullah.  2020.  The Accuracy of GPS-Enabled Fitbit Activities as Evidence: A Digital Forensics Study. 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :186—189.

Technology is advancing rapidly and with this advancement, it has become apparent that it is nearly impossible to not leave a digital trace when committing a crime. As evidenced by multiple cases handled by law enforcement, Fitbit data has proved to be useful when determining the validity of alibis and in piecing together the timeline of a crime scene. In our paper, experiments testing the accuracy and reliability of GPS-tracked activities logged by the Fitbit Alta tracker and Ionic smartwatch are conducted. Potential indicators of manipulated or altered GPS-tracked activities are identified to help guide digital forensic investigators when handling such Fitbit data as evidence.

Narwal, Bhawna, Ojha, Arushi, Goel, Nimisha, Dhawan, Sudipti.  2020.  A Yoking-Proof Based Remote Authentication Scheme for Cloud-Aided Wearable Devices (YPACW). 2020 IEEE International Conference for Innovation in Technology (INOCON). :1—5.

The developments made in IoT applications have made wearable devices a popular choice for collecting user data to monitor this information and provide intelligent service support. Since wearable devices are continuously collecting and transporting a user's sensitive data over the network, there exist increased security challenges. Moreover, wearable devices lack the computation capabilities in comparison to traditional short-range communication devices. In this paper, authors propounded a Yoking Proof based remote Authentication scheme for Cloud-aided Wearable devices (YPACW) which takes PUF and cryptographic functions and joins them to achieve mutual authentication between the wearable devices and smartphone via a cloud server, by performing the simultaneous verification of these devices, using the established yoking-proofs. Relative to Liu et al.'s scheme, YPACW provides better results with the reduction of communication and processing cost significantly.

Almogbil, Atheer, Alghofaili, Abdullah, Deane, Chelsea, Leschke, Timothy, Almogbil, Atheer, Alghofaili, Abdullah.  2020.  Digital Forensic Analysis of Fitbit Wearable Technology: An Investigator’s Guide. 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :44—49.
Wearable technology, such as Fitbit devices, log a user's daily activities, heart rate, calories burned, step count, and sleep activity. This information is valuable to digital forensic investigators as it may serve as evidence to a crime, to either support a suspect's innocence or guilt. It is important for an investigator to find and analyze every piece of data for accuracy and integrity; however, there is no standard for conducting a forensic investigation for wearable technology. In this paper, we conduct a forensic analysis of two different Fitbit devices using open-source tools. It is the responsibility of the investigator to show how the data was obtained and to ensure that the data was not modified during the analysis. This paper will guide investigators in understanding what data is collected by a Fitbit device (specifically the Ionic smartwatch and Alta tracker), how to handle Fitbit devices, and how to extract and forensically analyze said devices using open-source tools, Autopsy Sleuth Kit and Bulk Extractor Viewer.
Kim, Brian, Sagduyu, Yalin E., Davaslioglu, Kemal, Erpek, Tugba, Ulukus, Sennur.  2020.  Over-the-Air Adversarial Attacks on Deep Learning Based Modulation Classifier over Wireless Channels. 2020 54th Annual Conference on Information Sciences and Systems (CISS). :1—6.
We consider a wireless communication system that consists of a transmitter, a receiver, and an adversary. The transmitter transmits signals with different modulation types, while the receiver classifies its received signals to modulation types using a deep learning-based classifier. In the meantime, the adversary makes over-the-air transmissions that are received as superimposed with the transmitter's signals to fool the classifier at the receiver into making errors. While this evasion attack has received growing interest recently, the channel effects from the adversary to the receiver have been ignored so far such that the previous attack mechanisms cannot be applied under realistic channel effects. In this paper, we present how to launch a realistic evasion attack by considering channels from the adversary to the receiver. Our results show that modulation classification is vulnerable to an adversarial attack over a wireless channel that is modeled as Rayleigh fading with path loss and shadowing. We present various adversarial attacks with respect to availability of information about channel, transmitter input, and classifier architecture. First, we present two types of adversarial attacks, namely a targeted attack (with minimum power) and non-targeted attack that aims to change the classification to a target label or to any other label other than the true label, respectively. Both are white-box attacks that are transmitter input-specific and use channel information. Then we introduce an algorithm to generate adversarial attacks using limited channel information where the adversary only knows the channel distribution. Finally, we present a black-box universal adversarial perturbation (UAP) attack where the adversary has limited knowledge about both channel and transmitter input. By accounting for different levels of information availability, we show the vulnerability of modulation classifier to over-the-air adversarial attacks.
Das, Debayan, Nath, Mayukh, Ghosh, Santosh, Sen, Shreyas.  2020.  Killing EM Side-Channel Leakage at its Source. 2020 IEEE 63rd International Midwest Symposium on Circuits and Systems (MWSCAS). :1108—1111.
Side-channel analysis (SCA) is a big threat to the security of connected embedded devices. Over the last few years, physical non-invasive SCA attacks utilizing the electromagnetic (EM) radiation (EM side-channel `leakage') from a crypto IC has gained huge momentum owing to the availability of the low-cost EM probes and development of the deep-learning (DL) based profiling attacks. In this paper, our goal is to understand the source of the EM leakage by analyzing a white-box modeling of the EM leakage from the crypto IC, leading towards a low-overhead generic countermeasure. To kill this EM leakage from its source, the solution utilizes a signature attenuation hardware (SAH) encapsulating the crypto core locally within the lower metal layers such that the critical correlated crypto current signature is significantly attenuated before it passes through the higher metal layers to connect to the external pin. The protection circuit utilizing AES256 as the crypto core is fabricated in 65nm process and shows for the first time the effects of metal routing on the EM leakage. The \textbackslashtextgreater 350× signature attenuation of the SAH together with the local lower metal routing ensured that the protected AES remains secure even after 1B measurements for both EM and power SCA, which is an 100× improvement over the state-of-the-art with comparable overheads. Overall, with the combination of the 2 techniques - signature suppression and local lower metal routing, we are able to kill the EM side-channel leakage at its source such that the correlated signature is not passed through the top-level metals, MIM capacitors, or on-board inductors, which are the primary sources of EM leakage, thereby preventing EM SCA attacks.
2021-05-18
Zeng, Jingxiang, Nie, Xiaofan, Chen, Liwei, Li, Jinfeng, Du, Gewangzi, Shi, Gang.  2020.  An Efficient Vulnerability Extrapolation Using Similarity of Graph Kernel of PDGs. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1664–1671.
Discovering the potential vulnerabilities in software plays a crucial role in ensuring the security of computer system. This paper proposes a method that can assist security auditors with the analysis of source code. When security auditors identify new vulnerabilities, our method can be adopted to make a list of recommendations that may have the same vulnerabilities for the security auditors. Our method relies on graph representation to automatically extract the mode of PDG(program dependence graph, a structure composed of control dependence and data dependence). Besides, it can be applied to the vulnerability extrapolation scenario, thus reducing the amount of audit code. We worked on an open-source vulnerability test set called Juliet. According to the evaluation results, the clustering effect produced is satisfactory, so that the feature vectors extracted by the Graph2Vec model are applied to labeling and supervised learning indicators are adopted to assess the model for its ability to extract features. On a total of 12,000 small data sets, the training score of the model can reach up to 99.2%, and the test score can reach a maximum of 85.2%. Finally, the recommendation effect of our work is verified as satisfactory.