Visible to the public Biblio

Found 315 results

Filters: First Letter Of Last Name is F  [Clear All Filters]
A B C D E [F] G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
Futagami, Shota, Unoki, Tomoya, Kourai, Kenichi.  2018.  Secure Out-of-Band Remote Management of Virtual Machines with Transparent Passthrough. Proceedings of the 34th Annual Computer Security Applications Conference. :430–440.

Infrastructure-as-a-Service clouds provide out-of-band remote management for users to access their virtual machines (VMs). Out-of-band remote management is a method for indirectly accessing VMs via their virtual devices. While virtual devices running in the virtualized system are managed by cloud operators, not all cloud operators are always trusted in clouds. To prevent information leakage from virtual devices and tampering with their I/O data, several systems have been proposed by trusting the hypervisor in the virtualized system. However, they have various issues on security and management. This paper proposes VSBypass, which enables secure out-of-band remote management outside the virtualized system using a technique called transparent passthrough. VSBypass runs the entire virtualized system in an outer VM using nested virtualization. Then it intercepts I/O requests of out-of-band remote management and processes those requests in shadow devices, which run outside the virtualized system. We have implemented VSBypass in Xen for the virtual serial console and GUI remote access. We confirmed that information leakage was prevented and that the performance was comparable to that in traditional out-of-band remote management.

Furutani, S., Shibahara, T., Hato, K., Akiyama, M., Aida, M..  2020.  Sybil Detection as Graph Filtering. GLOBECOM 2020 - 2020 IEEE Global Communications Conference. :1–6.
Sybils are users created for carrying out nefarious actions in online social networks (OSNs) and threaten the security of OSNs. Therefore, Sybil detection is an urgent security task, and various detection methods have been proposed. Existing Sybil detection methods are based on the relationship (i.e., graph structure) of users in OSNs. Structure-based methods can be classified into two categories: Random Walk (RW)-based and Belief Propagation (BP)-based. However, although almost all methods have been experimentally evaluated in terms of their performance and robustness to noise, the theoretical understanding of them is insufficient. In this paper, we interpret the Sybil detection problem from the viewpoint of graph signal processing and provide a framework to formulate RW- and BPbased methods as low-pass filtering. This framework enables us to theoretically compare RW- and BP-based methods and explain why BP-based methods perform well for scale-free graphs, unlike RW-based methods. Furthermore, by this framework, we relate RW- and BP-based methods and Graph Neural Networks (GNNs) and discuss the difference among these methods. Finally, we evaluate the validity of this framework through numerical experiments.
Furtak, J., Zieliński, Z., Chudzikiewicz, J..  2019.  Security Domain for the Sensor Nodes with Strong Authentication. 2019 International Conference on Military Communications and Information Systems (ICMCIS). :1–6.
Nowadays interest in IoT solutions is growing. A significant barrier to the use of these solutions in military applications is to ensure the security of data transmission and authentication of data sources and recipients of the data. Developing an efficient solution to these problems requires finding a compromise between the facts that the sensors often are mobile, use wireless communication, usually have the small processing power and have little energy resources. The article presents the security domain designated for cooperating mobile sensor nodes. The domain has the following features: the strong authentication of each domain member, cryptographic protection of data exchange in the data link layer and protection of data stored in the sensor node resources. The domain is also prepared to perform diagnostic procedures and to exchange sensory data with other domains securely. At each node, the Trusted Platform Module (TPM) is used to support these procedures.
Furtak, J., Zieliński, Z., Chudzikiewicz, J..  2016.  Security techniques for the WSN link layer within military IoT. 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT). :233–238.

Ensuring security in the military applications of IoT is a big challenge. The main reasons for this state of affairs is that the sensor nodes of the network are usually mobile, use wireless links, have a small processing power and have a little energy resources. The paper presents the solution for cryptographic protection of transmission between sensor nodes in the data link layer and for cryptographic protection of data stored in the sensor node resources. For this purpose, the Trusted Platform Module (TPM) was used. The proposed solution makes it possible to build secure and fault tolerant sensor network. The following aspects were presented in the paper: the model of such a network, applied security solutions, analysis of the security in the network and selected investigation results of such a network were presented.

Fung, Carol, Pillai, Yadunandan.  2020.  A Privacy-Aware Collaborative DDoS Defence Network. NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium. :1—5.
Distributed denial of service (DDoS) attacks can bring tremendous damage to online services and ISPs. Existing adopted mitigation methods either require the victim to have a sufficient number of resources for traffic filtering or to pay a third party cloud service to filter the traffic. In our previous work we proposed CoFence, a collaborative network that allows member domains to help each other in terms of DDoS traffic handling. In that network, victim servers facing a DDoS attack can redirect excessive connection requests to other helping servers in different domains for filtering. Only filtered traffic will continue to interact with the victim server. However, sending traffic to third party servers brings up the issue of privacy: specifically leaked client source IP addresses. In this work we propose a privacy protection mechanism for defense so that the helping servers will not be able to see the IP address of the client traffic while it has minimum impact to the data filtering function. We implemented the design through a test bed to demonstrated the feasibility of the proposed design.
Fulton, Nathan.  2012.  Security Through Extensible Type Systems. Proceedings of the 3rd Annual Conference on Systems, Programming, and Applications: Software for Humanity. :107–108.
Researchers interested in security often wish to introduce new primitives into a language. Extensible languages hold promise in such scenarios, but only if the extension mechanism is sufficiently safe and expressive. This paper describes several modifications to an extensible language motivated by end-to-end security concerns.
Fukushima, Keishiro, Nakamura, Toru, Ikeda, Daisuke, Kiyomoto, Shinsaku.  2018.  Challenges in Classifying Privacy Policies by Machine Learning with Word-based Features. Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy. :62–66.

In this paper, we discuss challenges when we try to automatically classify privacy policies using machine learning with words as the features. Since it is difficult for general public to understand privacy policies, it is necessary to support them to do that. To this end, the authors believe that machine learning is one of the promising ways because users can grasp the meaning of policies through outputs by a machine learning algorithm. Our final goal is to develop a system which automatically translates privacy policies into privacy labels [1]. Toward this goal, we classify sentences in privacy policies with category labels, using popular machine learning algorithms, such as a naive Bayes classifier.We choose these algorithms because we could use trained classifiers to evaluate keywords appropriate for privacy labels. Therefore, we adopt words as the features of those algorithms. Experimental results show about 85% accuracy. We think that much higher accuracy is necessary to achieve our final goal. By changing learning settings, we identified one reason of low accuracies such that privacy policies include many sentences which are not direct description of information about categories. It seems that such sentences are redundant but maybe they are essential in case of legal documents in order to prevent misinterpreting. Thus, it is important for machine learning algorithms to handle these redundant sentences appropriately.

Fujiwara, Yasuhiro, Marumo, Naoki, Blondel, Mathieu, Takeuchi, Koh, Kim, Hideaki, Iwata, Tomoharu, Ueda, Naonori.  2017.  Scaling Locally Linear Embedding. Proceedings of the 2017 ACM International Conference on Management of Data. :1479–1492.
Locally Linear Embedding (LLE) is a popular approach to dimensionality reduction as it can effectively represent nonlinear structures of high-dimensional data. For dimensionality reduction, it computes a nearest neighbor graph from a given dataset where edge weights are obtained by applying the Lagrange multiplier method, and it then computes eigenvectors of the LLE kernel where the edge weights are used to obtain the kernel. Although LLE is used in many applications, its computation cost is significantly high. This is because, in obtaining edge weights, its computation cost is cubic in the number of edges to each data point. In addition, the computation cost in obtaining the eigenvectors of the LLE kernel is cubic in the number of data points. Our approach, Ripple, is based on two ideas: (1) it incrementally updates the edge weights by exploiting the Woodbury formula and (2) it efficiently computes eigenvectors of the LLE kernel by exploiting the LU decomposition-based inverse power method. Experiments show that Ripple is significantly faster than the original approach of LLE by guaranteeing the same results of dimensionality reduction.
Fujiwara, N., Shimasaki, K., Jiang, M., Takaki, T., Ishii, I..  2019.  A Real-time Drone Surveillance System Using Pixel-level Short-time Fourier Transform. 2019 IEEE International Symposium on Safety, Security, and Rescue Robotics (SSRR). :303—308.

In this study we propose a novel method for drone surveillance that can simultaneously analyze time-frequency responses in all pixels of a high-frame-rate video. The propellers of flying drones rotate at hundreds of Hz and their principal vibration frequency components are much higher than those of their background objects. To separate the pixels around a drone's propellers from its background, we utilize these time-series features for vibration source localization with pixel-level short-time Fourier transform (STFT). We verify the relationship between the number of taps in the STFT computation and the performance of our algorithm, including the execution time and the localization accuracy, by conducting experiments under various conditions, such as degraded appearance, weather, and defocused blur. The robustness of the proposed algorithm is also verified by localizing a flying multi-copter in real-time in an outdoor scenario.

Fujita, Yuki, Inomata, Atsuo, Kashiwazaki, Hiroki.  2019.  Implementation and Evaluation of a Multi-Factor Web Authentication System with Individual Number Card and WebUSB. 2019 20th Asia-Pacific Network Operations and Management Symposium (APNOMS). :1–4.
As the number of Internet users increases, their usage also diversifies, and it is important to prevent Identity on the Internet (Digital Identity) from being violated. Unauthorized authentication is one of the methods to infringe Digital Identity. Multi-factor authentication has been proposed as a method for preventing unauthorized authentication. However, the cryptographic authenticator required for multi-factor authentication is expensive both financially and UX-wise for the user. In this paper, we design, implement and evaluate multi-factor authentication using My Number Card provided by public personal identification service and WebUSB, which is being standardized.
Fujdiak, Radek, Blazek, Petr, Mlynek, Petr, Misurec, Jiri.  2019.  Developing Battery of Vulnerability Tests for Industrial Control Systems. 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS). :1–5.

Nowadays, the industrial control systems (ICS) face many challenges, where security is becoming one of the most crucial. This fact is caused by new connected environment, which brings among new possibilities also new vulnerabilities, threats, or possible attacks. The criminal acts in the ICS area increased over the past years exponentially, which caused the loss of billions of dollars. This also caused classical Intrusion Detection Systems and Intrusion Prevention Systems to evolve in order to protect among IT also ICS networks. However, these systems need sufficient data such as traffic logs, protocol information, attack patterns, anomaly behavior marks and many others. To provide such data, the requirements for the test environment are summarized in this paper. Moreover, we also introduce more than twenty common vulnerabilities across the ICS together with information about possible risk, attack vector (point), possible detection methods and communication layer occurrence. Therefore, the paper might be used as a base-ground for building sufficient data generator for machine learning and artificial intelligence algorithms often used in ICS/IDS systems.

Fuhry, Benny, Tighzert, Walter, Kerschbaum, Florian.  2016.  Encrypting Analytical Web Applications. Proceedings of the 2016 ACM on Cloud Computing Security Workshop. :35–46.

The software-as-a-service (SaaS) market is growing very fast, but still many clients are concerned about the confidentiality of their data in the cloud. Motivated hackers or malicious insiders could try to steal the clients' data. Encryption is a potential solution, but supporting the necessary functionality also in existing applications is difficult. In this paper, we examine encrypting analytical web applications that perform extensive number processing operations in the database. Existing solutions for encrypting data in web applications poorly support such encryption. We employ a proxy that adjusts the encryption to the level necessary for the client's usage and also supports additively homomorphic encryption. This proxy is deployed at the client and all encryption keys are stored and managed there, while the application is running in the cloud. Our proxy is stateless and we only need to modify the database driver of the application. We evaluate an instantiation of our architecture on an exemplary application. We only slightly increase page load time on average from 3.1 seconds to 4.7. However, roughly 40% of all data columns remain probabilistic encrypted. The client can set the desired security level for each column using our policy mechanism. Hence our proxy architecture offers a solution to increase the confidentiality of the data at the cloud provider at a moderate performance penalty.

Fuhry, B., Hirschoff, L., Koesnadi, S., Kerschbaum, F..  2020.  SeGShare: Secure Group File Sharing in the Cloud using Enclaves. 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :476—488.
File sharing applications using cloud storage are increasingly popular for personal and business use. Due to data protection concerns, end-to-end encryption is often a desired feature of these applications. Many attempts at designing cryptographic solutions fail to be adopted due to missing relevant features. We present SeGShare, a new architecture for end-to-end encrypted, group-based file sharing using trusted execution environments (TEE), e.g., Intel SGX. SeGShare is the first solution to protect the confidentiality and integrity of all data and management files; enforce immediate permission and membership revocations; support deduplication; and mitigate rollback attacks. Next to authentication, authorization and file system management, our implementation features an optimized TLS layer that enables high throughput and low latency. The encryption overhead of our implementation is extremely small in computation and storage resources. Our enclave code comprises less than 8500 lines of code enabling efficient mitigation of common pitfalls in deploying code to TEEs.
Fugkeaw, Somchart, Sato, Hiroyuki.  2018.  Enabling Dynamic and Efficient Data Access Control in Cloud Computing Based on Attribute Certificate Management and CP-ABE. 2018 26th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP). :454—461.
In this paper, we propose an access control model featured with the efficient key update function in data outsourcing environment. Our access control is based on the combination of Ciphertext Policy - Attribute-based Encryption (CP-ABE) and Role-based Access Control (RBAC). The proposed scheme aims to improve the attribute and key update management of the original CP-ABE. In our scheme, a user's key is incorporated into the attribute certificate (AC) which will be used to decrypt the ciphertext encrypted with CP-ABE policy. If there is any change (update or revoke) of the attributes appearing in the key, the key in the AC will be updated upon the access request. This significantly reduces the overheads in updating and distributing keys of all users simultaneously compared to the existing CP-ABE based schemes. Finally, we conduct the experiment to evaluate the performance of our proposed scheme to show the efficiency of our proposed scheme.
Fuchs, Caro, Spolaor, Simone, Nobile, Marco S., Kaymak, Uzay.  2019.  A Swarm Intelligence Approach to Avoid Local Optima in Fuzzy C-Means Clustering. 2019 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). :1–6.
Clustering analysis is an important computational task that has applications in many domains. One of the most popular algorithms to solve the clustering problem is fuzzy c-means, which exploits notions from fuzzy logic to provide a smooth partitioning of the data into classes, allowing the possibility of multiple membership for each data sample. The fuzzy c-means algorithm is based on the optimization of a partitioning function, which minimizes inter-cluster similarity. This optimization problem is known to be NP-hard and it is generally tackled using a hill climbing method, a local optimizer that provides acceptable but sub-optimal solutions, since it is sensitive to initialization and tends to get stuck in local optima. In this work we propose an alternative approach based on the swarm intelligence global optimization method Fuzzy Self-Tuning Particle Swarm Optimization (FST-PSO). We solve the fuzzy clustering task by optimizing fuzzy c-means' partitioning function using FST-PSO. We show that this population-based metaheuristics is more effective than hill climbing, providing high quality solutions with the cost of an additional computational complexity. It is noteworthy that, since this particle swarm optimization algorithm is self-tuning, the user does not have to specify additional hyperparameters for the optimization process.
Fu, Zhe, Liu, Zhi, Li, Jun.  2016.  ParaRegex: Towards Fast Regular Expression Matching in Parallel. Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems. :113–114.

In this paper, we propose ParaRegex, a novel approach for fast parallel regular expression matching. ParaRegex is a framework that implements data-parallel regular expression matching for deterministic finite automaton based methods. Experimental evaluation shows that ParaRegex produces a fast matching engine with speeds of up to 6 times compared to sequential implementations on a commodity 8-thread workstation.

Fu, Yulong, Li, Guoquan, Mohammed, Atiquzzaman, Yan, Zheng, Cao, Jin, Li, Hui.  2019.  A Study and Enhancement to the Security of MANET AODV Protocol Against Black Hole Attacks. 2019 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). :1431–1436.
Mobile AdHoc Networks (MANET) can be fast implemented, and it is very popular in many specific network requirements, such as UAV (Unmanned Aerial Unit), Disaster Recovery and IoT (Internet of Things) etc. However, MANET is also vulnerable. AODV (Ad hoc On-Demand Distance Vector Routing) protocol is one type of MANET routing protocol and many attacks can be implemented to break the connections on AODV based AdHoc networks. In this article, aim of protecting the MANET security, we modeled the AODV protocol with one type of Automata and analyzed the security vulnerabilities of it; then based on the analyzing results, we proposed an enhancement to AODV protocol to against the Black Hole Attacks. We also implemented the proposed enhancement in NS3 simulator and verified the correctness, usability and efficiency.
Fu, Y., Tong, S., Guo, X., Cheng, L., Zhang, Y., Feng, D..  2020.  Improving the Effectiveness of Grey-box Fuzzing By Extracting Program Information. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :434–441.
Fuzzing has been widely adopted as an effective techniques to detect vulnerabilities in softwares. However, existing fuzzers suffer from the problems of generating excessive test inputs that either cannot pass input validation or are ineffective in exploring unvisited regions in the program under test (PUT). To tackle these problems, we propose a greybox fuzzer called MuFuzzer based on AFL, which incorporates two heuristics that optimize seed selection and automatically extract input formatting information from the PUT to increase the chance of generating valid test inputs, respectively. In particular, the first heuristic collects the branch coverage and execution information during a fuzz session, and utilizes such information to guide fuzzing tools in selecting seeds that are fast to execute, small in size, and more importantly, more likely to explore new behaviors of the PUT for subsequent fuzzing activities. The second heuristic automatically identifies string comparison operations that the PUT uses for input validation, and establishes a dictionary with string constants from these operations to help fuzzers generate test inputs that have higher chances to pass input validation. We have evaluated the performance of MuFuzzer, in terms of code coverage and bug detection, using a set of realistic programs and the LAVA-M test bench. Experiment results demonstrate that MuFuzzer is able to achieve higher code coverage and better or comparative bug detection performance than state-of-the-art fuzzers.
Fu, Tian, Lu, Yiqin, Zhen, Wang.  2019.  APT Attack Situation Assessment Model Based on optimized BP Neural Network. 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). :2108—2111.
In this paper, it first analyzed the characteristics of Advanced Persistent Threat (APT). according to APT attack, this paper established an BP neural network optimized by improved adaptive genetic algorithm to predict the security risk of nodes in the network. and calculated the path of APT attacks with the maximum possible attack. Finally, experiments verify the effectiveness and correctness of the algorithm by simulating attacks. Experiments show that this model can effectively evaluate the security situation in the network, For the defenders to adopt effective measures defend against APT attacks, thus improving the security of the network.
Fu, T., Zhen, W., Qian, X. Z..  2020.  A Study of Evaluation Methods of WEB Security Threats Based on Multi-stage Attack. 2020 IEEE International Conference on Information Technology,Big Data and Artificial Intelligence (ICIBA). 1:1457—1461.
Web application services have gradually become an important support of Internet services, but are also facing increasingly serious security problems. It is extremely necessary to evaluate the security of Web application services to deal with attacks against them effectively. In this paper, in view of the characteristics of the current attack of Web application services, a Web security analysis model based on the kill chain is established, and the possible attacks against Web application services are analyzed in depth from the perspective of the kill chain. Then, the security of Web application services is evaluated in a quantitative manner. In this way, it can make up the defects of insufficient inspection by the existing security vulnerability model and the security specification of the tracking of Web application services, so as to realize the objective and scientific evaluation of the security state of Web application services.
Fu, Shaojing, Yu, Yunpeng, Xu, Ming.  2017.  A Secure Algorithm for Outsourcing Matrix Multiplication Computation in the Cloud. Proceedings of the Fifth ACM International Workshop on Security in Cloud Computing. :27–33.
Matrix multiplication computation (MMC) is a common scientific and engineering computational task. But such computation involves enormous computing resources for large matrices, which is burdensome for the resource-limited clients. Cloud computing enables computational resource-limited clients to economically outsource such problems to the cloud server. However, outsourcing matrix multiplication to the cloud brings great security concerns and challenges since the matrices and their products often usually contains sensitive information. In a previous work, Lei et al. [1] proposed an algorithm for secure outsourcing MMC by using permutation matrix and the authors argued that it can achieve data privacy. In this paper, we first review the design of Lei's scheme and find a security vulnerability in their algorithm that it reveals the number of zero element in the input matrix to cloud server. Then we present a new verifiable, efficient, and privacy preserving algorithm for outsourcing MMC, which can protect the number privacy of zero elements in original matrices. Our algorithm builds on a series of carefully-designed pseudorandom matrices and well-designed privacy-preserving matrix transformation. Security analysis shows that our algorithm is practically-secure, and offers a higher level of privacy protection than the state-of-the-art algorithm.
Fu, Rao, Grinberg, Ilya, Gogolyuk, Petro.  2019.  Electric Power Distribution System Fault Recovery Based on Visual Computation. 2019 IEEE 20th International Conference on Computational Problems of Electrical Engineering (CPEE). :1–4.

A study case of electric power distribution system fault recovery has been introduced in this article. With proper connections, network reconfiguration should be considered an effective solution to the system fault condition. Considering the radial structure of the distribution system, appropriate observation on visualized outcome of the voltage profile can lead the system operator to obtain the best switching line effectively. Contour plots are applied for visualizing the voltage profiles of a modified IEEE 13-node test feeder model.

Fu, Bo, Xiao, Yang.  2017.  An Intrusion Detection Scheme in TCP/IP Networks Based on Flow-Net and Fingerprint. Proceedings of the SouthEast Conference. :13–17.
Based on our previous work for a novel logging methodology, called flow-net, we propose an Intrusion Detection System (IDS) using Flow-Net Based Fingerprint (IDS-FF) in this paper. We apply the IDS-FF scheme in TCP/IP (Transmission Control Protocol/Internet Protocol) networks for intrusion detection. Experimental results show good performance of the proposed scheme.
Frumento, Enrico, Freschi, Federica, Andreoletti, Davide, Consoli, Angelo.  2017.  Victim Communication Stack (VCS): A Flexible Model to Select the Human Attack Vector. Proceedings of the 12th International Conference on Availability, Reliability and Security. :50:1–50:6.
Information security has rapidly grown to meet the requirements of today services. A solid discipline has been developed as far as technical security is concerned. However, the human layer plays an increasingly decisive role in the managing of Information Technology (IT) systems. The research field that studies the vulnerabilities of the human layer is referred to as Social Engineering, and has not received the same attention of its technical counterpart. We try to partially fill this gap by studying the selection of the Human Attack Vector (HAV), i.e., the path or the means that the attacker uses to compromise the human layer. To this aim, we propose a multilayer model, named Victim Communication Stack (VCS), that provides the key elements to facilitate the choice of the HAV. This work has been carried out under the DOGANA European project.