Biblio

Infrastructure-as-a-Service clouds provide out-of-band remote management for users to access their virtual machines (VMs). Out-of-band remote management is a method for indirectly accessing VMs via their virtual devices. While virtual devices running in the virtualized system are managed by cloud operators, not all cloud operators are always trusted in clouds. To prevent information leakage from virtual devices and tampering with their I/O data, several systems have been proposed by trusting the hypervisor in the virtualized system. However, they have various issues on security and management. This paper proposes VSBypass, which enables secure out-of-band remote management outside the virtualized system using a technique called transparent passthrough. VSBypass runs the entire virtualized system in an outer VM using nested virtualization. Then it intercepts I/O requests of out-of-band remote management and processes those requests in shadow devices, which run outside the virtualized system. We have implemented VSBypass in Xen for the virtual serial console and GUI remote access. We confirmed that information leakage was prevented and that the performance was comparable to that in traditional out-of-band remote management.

Sybils are users created for carrying out nefarious actions in online social networks (OSNs) and threaten the security of OSNs. Therefore, Sybil detection is an urgent security task, and various detection methods have been proposed. Existing Sybil detection methods are based on the relationship (i.e., graph structure) of users in OSNs. Structure-based methods can be classified into two categories: Random Walk (RW)-based and Belief Propagation (BP)-based. However, although almost all methods have been experimentally evaluated in terms of their performance and robustness to noise, the theoretical understanding of them is insufficient. In this paper, we interpret the Sybil detection problem from the viewpoint of graph signal processing and provide a framework to formulate RW- and BPbased methods as low-pass filtering. This framework enables us to theoretically compare RW- and BP-based methods and explain why BP-based methods perform well for scale-free graphs, unlike RW-based methods. Furthermore, by this framework, we relate RW- and BP-based methods and Graph Neural Networks (GNNs) and discuss the difference among these methods. Finally, we evaluate the validity of this framework through numerical experiments.

As it is easy to ensure the confidentiality of users on the Dark Web, malware and exploit kits are sold on the market, and attack methods are discussed in forums. Some services provide IoT Botnet to perform distributed denial-of-service (DDoS as a Service: DaaS), and it is speculated that the purchase of these services is made on the Dark Web. By crawling such information and storing it in a database, threat intelligence can be obtained that cannot otherwise be obtained from information on the Surface Web. However, crawling sites on the Dark Web present technical challenges. For this paper, we implemented a crawler that can solve these challenges. We also collected information on markets and forums on the Dark Web by operating the implemented crawler. Results confirmed that the dataset collected by crawling contains threat intelligence that is useful for analyzing cyber attacks, particularly those related to IoT Botnet and DaaS. Moreover, by uncovering the relationship with security reports, we demonstrated that the use of data collected from the Dark Web can provide more extensive threat intelligence than using information collected only on the Surface Web.

Nowadays interest in IoT solutions is growing. A significant barrier to the use of these solutions in military applications is to ensure the security of data transmission and authentication of data sources and recipients of the data. Developing an efficient solution to these problems requires finding a compromise between the facts that the sensors often are mobile, use wireless communication, usually have the small processing power and have little energy resources. The article presents the security domain designated for cooperating mobile sensor nodes. The domain has the following features: the strong authentication of each domain member, cryptographic protection of data exchange in the data link layer and protection of data stored in the sensor node resources. The domain is also prepared to perform diagnostic procedures and to exchange sensory data with other domains securely. At each node, the Trusted Platform Module (TPM) is used to support these procedures.

Ensuring security in the military applications of IoT is a big challenge. The main reasons for this state of affairs is that the sensor nodes of the network are usually mobile, use wireless links, have a small processing power and have a little energy resources. The paper presents the solution for cryptographic protection of transmission between sensor nodes in the data link layer and for cryptographic protection of data stored in the sensor node resources. For this purpose, the Trusted Platform Module (TPM) was used. The proposed solution makes it possible to build secure and fault tolerant sensor network. The following aspects were presented in the paper: the model of such a network, applied security solutions, analysis of the security in the network and selected investigation results of such a network were presented.

Mobile Device Security is an important factor as all the user's sensitive information is stored on the mobile device. The problem of mobile devices getting lost or stolen has only been increasing. There are various systems which provide Online Mobile Device Security which require internet to perform their required functions. Our proposed system SMS Based Offline Mobile Device Security System provides mobile device users with a wide range of security features that help protect the mobile device from theft and also acts as an assistant that helps the users in any problems they may face in their day-to-day lives. The project aims to develop a mobile security system that will allow the user to manipulate his mobile device from any other device through SMS which can be used to get contact information from the user's mobile device remotely, help find the phone by maximizing the volume and playing a tone, trace the current location of the mobile device, get the IMEI No of the device, lock the device, send a message that will be converted to speech and played on the user's mobile device, call forwarding, message forwarding and various other features. It also has an additional security feature that will detect a sim card change and send the new SIM card mobile no to the recovery mobile numbers specified during initial setup automatically. Hence, the user will be able to manipulate his phone even after the SIM card has been changed. Therefore, the SMS-Based Offline Mobile Device Security System provides much more security for the mobile device than the existing online device security methods.

Attack surface detection for the complex software is needed to find targets for the fuzzing, because testing the whole system with many inputs is not realistic. Researchers that previously applied taint analysis for dealing with different security tasks in the virtual machines did not examined how to apply it for attack surface detection. I.e., getting the program modules and functions, that may be affected by input data. We propose using taint tracking within a virtual machine and virtual machine introspection to create a new approach that can detect the internal module interfaces that can be fuzz tested to assure that software is safe or find the vulnerabilities.

5G smart grid applications rely on its high-performance transmission and bearer network. With the help of complex network theory, this paper first analyzes the complex network characteristic parameters of 5G smart grid, and explains the necessity and supporting significance of network vulnerability analysis for efficient transmission of 5G network. Then the node importance analysis algorithm based on node degree and clustering coefficient (NIDCC) is proposed. According to the results of simulation analysis, the power network has smaller path length and higher clustering coefficient in terms of static parameters, which indicates that the speed and breadth of fault propagation are significantly higher than that of random network. It further shows the necessity of network vulnerability analysis. By comparing with the other two commonly used algorithms, we can see that NIDCC algorithm can more accurately estimate and analyze the weak links of the network. It is convenient to carry out the targeted transformation of the power grid and the prevention of blackout accidents.

Distributed denial of service (DDoS) attacks can bring tremendous damage to online services and ISPs. Existing adopted mitigation methods either require the victim to have a sufficient number of resources for traffic filtering or to pay a third party cloud service to filter the traffic. In our previous work we proposed CoFence, a collaborative network that allows member domains to help each other in terms of DDoS traffic handling. In that network, victim servers facing a DDoS attack can redirect excessive connection requests to other helping servers in different domains for filtering. Only filtered traffic will continue to interact with the victim server. However, sending traffic to third party servers brings up the issue of privacy: specifically leaked client source IP addresses. In this work we propose a privacy protection mechanism for defense so that the helping servers will not be able to see the IP address of the client traffic while it has minimum impact to the data filtering function. We implemented the design through a test bed to demonstrated the feasibility of the proposed design.

Researchers interested in security often wish to introduce new primitives into a language. Extensible languages hold promise in such scenarios, but only if the extension mechanism is sufficiently safe and expressive. This paper describes several modifications to an extensible language motivated by end-to-end security concerns.

In this paper, we discuss challenges when we try to automatically classify privacy policies using machine learning with words as the features. Since it is difficult for general public to understand privacy policies, it is necessary to support them to do that. To this end, the authors believe that machine learning is one of the promising ways because users can grasp the meaning of policies through outputs by a machine learning algorithm. Our final goal is to develop a system which automatically translates privacy policies into privacy labels [1]. Toward this goal, we classify sentences in privacy policies with category labels, using popular machine learning algorithms, such as a naive Bayes classifier.We choose these algorithms because we could use trained classifiers to evaluate keywords appropriate for privacy labels. Therefore, we adopt words as the features of those algorithms. Experimental results show about 85% accuracy. We think that much higher accuracy is necessary to achieve our final goal. By changing learning settings, we identified one reason of low accuracies such that privacy policies include many sentences which are not direct description of information about categories. It seems that such sentences are redundant but maybe they are essential in case of legal documents in order to prevent misinterpreting. Thus, it is important for machine learning algorithms to handle these redundant sentences appropriately.

Locally Linear Embedding (LLE) is a popular approach to dimensionality reduction as it can effectively represent nonlinear structures of high-dimensional data. For dimensionality reduction, it computes a nearest neighbor graph from a given dataset where edge weights are obtained by applying the Lagrange multiplier method, and it then computes eigenvectors of the LLE kernel where the edge weights are used to obtain the kernel. Although LLE is used in many applications, its computation cost is significantly high. This is because, in obtaining edge weights, its computation cost is cubic in the number of edges to each data point. In addition, the computation cost in obtaining the eigenvectors of the LLE kernel is cubic in the number of data points. Our approach, Ripple, is based on two ideas: (1) it incrementally updates the edge weights by exploiting the Woodbury formula and (2) it efficiently computes eigenvectors of the LLE kernel by exploiting the LU decomposition-based inverse power method. Experiments show that Ripple is significantly faster than the original approach of LLE by guaranteeing the same results of dimensionality reduction.

In this study we propose a novel method for drone surveillance that can simultaneously analyze time-frequency responses in all pixels of a high-frame-rate video. The propellers of flying drones rotate at hundreds of Hz and their principal vibration frequency components are much higher than those of their background objects. To separate the pixels around a drone's propellers from its background, we utilize these time-series features for vibration source localization with pixel-level short-time Fourier transform (STFT). We verify the relationship between the number of taps in the STFT computation and the performance of our algorithm, including the execution time and the localization accuracy, by conducting experiments under various conditions, such as degraded appearance, weather, and defocused blur. The robustness of the proposed algorithm is also verified by localizing a flying multi-copter in real-time in an outdoor scenario.

As the number of Internet users increases, their usage also diversifies, and it is important to prevent Identity on the Internet (Digital Identity) from being violated. Unauthorized authentication is one of the methods to infringe Digital Identity. Multi-factor authentication has been proposed as a method for preventing unauthorized authentication. However, the cryptographic authenticator required for multi-factor authentication is expensive both financially and UX-wise for the user. In this paper, we design, implement and evaluate multi-factor authentication using My Number Card provided by public personal identification service and WebUSB, which is being standardized.

Many studies have been conducted to detect various malicious activities in cyberspace using classifiers built by machine learning. However, it is natural for any classifier to make mistakes, and hence, human verification is necessary. One method to address this issue is eXplainable AI (XAI), which provides a reason for the classification result. However, when the number of classification results to be verified is large, it is not realistic to check the output of the XAI for all cases. In addition, it is sometimes difficult to interpret the output of XAI. In this study, we propose a machine learning model called classification verifier that verifies the classification results by using the output of XAI as a feature and raises objections when there is doubt about the reliability of the classification results. The results of experiments on malicious website detection and malware detection show that the proposed classification verifier can efficiently identify misclassified malicious activities.

Mining, the process where multiple miners compete to add blocks to Proof-of-Work (PoW) blockchains, is of great importance to maintain the tamper-resistance feature of blockchains. In current blockchain networks, miners usually form groups, called mining pools, to improve their revenues. When multiple pools exist, a fundamental mining pool selection problem arises: which pool should each miner join to maximize its revenue? In addition, the existence of mining pools also leads to another critical issue, i.e., Block WithHolding (BWH) attack, where a pool sends some of its miners as spies to another pool to gain extra revenues without contributing to the mining of the infiltrated pool. This paper therefore aims to investigate the mining pool selection issue (i.e., the stable population distribution of miners in the pools) in the presence of BWH attack from the perspective of evolutionary game theory. We first derive the expected revenue density of each pool to determine the expected payoff of miners in that pool. Based on the expected payoffs, we formulate replicator dynamics to represent the growth rates of the populations in all pools. Using the replicator dynamics, we obtain the rest points of the growth rates and discuss their stability to identify the Evolutionarily Stable States (ESSs) (i.e., stable population distributions) of the game. Simulation and numerical results are also provided to corroborate our analysis and to illustrate the theoretical findings.

The attacker’s server plays an important role in sending attack orders and receiving stolen information, particularly in the more recent cyberattacks. Under these circumstances, it is important to use network-based signatures to block malicious communications in order to reduce the damage. However, in addition to blocking malicious communications, signatures are also required not to block benign communications during normal business operations. Therefore, the generation of signatures requires a high level of understanding of the business, and highly depends on individual skills. In addition, in actual operation, it is necessary to test whether the generated signatures do not interfere with benign communications, which results in high operational costs. In this paper, we propose SIGMA, a system that automatically generates signatures to block malicious communication without interfering with benign communication and then automatically evaluates the impact of the signatures. SIGMA automatically extracts the common parts of malware communication destinations by clustering them and generates multiple candidate signatures. After that, SIGMA automatically calculates the impact on normal communication based on business logs, etc., and presents the final signature to the analyst, which has the highest blockability of malicious communication and non-blockability of normal communication. Our objectives with this system are to reduce the human factor in generating the signatures, reduce the cost of the impact evaluation, and support the decision of whether to apply the signatures. In the preliminary evaluation, we showed that SIGMA can automatically generate a set of signatures that detect 100% of suspicious URLs with an over-detection rate of just 0.87%, using the results of 14,238 malware analyses and actual business logs. This result suggests that the cost for generation of signatures and the evaluation of their impact on business operations can be suppressed, which used to be a time-consuming and human-intensive process.

Nowadays, the industrial control systems (ICS) face many challenges, where security is becoming one of the most crucial. This fact is caused by new connected environment, which brings among new possibilities also new vulnerabilities, threats, or possible attacks. The criminal acts in the ICS area increased over the past years exponentially, which caused the loss of billions of dollars. This also caused classical Intrusion Detection Systems and Intrusion Prevention Systems to evolve in order to protect among IT also ICS networks. However, these systems need sufficient data such as traffic logs, protocol information, attack patterns, anomaly behavior marks and many others. To provide such data, the requirements for the test environment are summarized in this paper. Moreover, we also introduce more than twenty common vulnerabilities across the ICS together with information about possible risk, attack vector (point), possible detection methods and communication layer occurrence. Therefore, the paper might be used as a base-ground for building sufficient data generator for machine learning and artificial intelligence algorithms often used in ICS/IDS systems.

In this paper, we use selective laser melting (SLM) technology to fabricate AlNiCo magnetic materials, and the effects of laser processing parameters on the density and mechanical properties of AlNiCo magnetic materials were studied. We tested the magnetic properties of the heat-treated magnets. The results show that both laser power and scanning speed affect the forming. In this paper, the influence of laser power on the density of samples far exceeds the scanning speed. Through the experiment, we obtained the optimal range of process parameters: laser power (150 170W) and laser scanning speed (800 1000mm/s). Although the samples formed within this range have higher density, there are still many cracks, further research work should be done.

The software-as-a-service (SaaS) market is growing very fast, but still many clients are concerned about the confidentiality of their data in the cloud. Motivated hackers or malicious insiders could try to steal the clients' data. Encryption is a potential solution, but supporting the necessary functionality also in existing applications is difficult. In this paper, we examine encrypting analytical web applications that perform extensive number processing operations in the database. Existing solutions for encrypting data in web applications poorly support such encryption. We employ a proxy that adjusts the encryption to the level necessary for the client's usage and also supports additively homomorphic encryption. This proxy is deployed at the client and all encryption keys are stored and managed there, while the application is running in the cloud. Our proxy is stateless and we only need to modify the database driver of the application. We evaluate an instantiation of our architecture on an exemplary application. We only slightly increase page load time on average from 3.1 seconds to 4.7. However, roughly 40% of all data columns remain probabilistic encrypted. The client can set the desired security level for each column using our policy mechanism. Hence our proxy architecture offers a solution to increase the confidentiality of the data at the cloud provider at a moderate performance penalty.

Data confidentiality is an important requirement for clients when outsourcing databases to the cloud. Trusted execution environments, such as Intel SGX, offer an efficient solution to this confidentiality problem. However, existing TEE-based solutions are not optimized for column-oriented, in-memory databases and pose impractical memory requirements on the enclave. We present EncDBDB, a novel approach for client-controlled encryption of a column-oriented, in-memory databases allowing range searches using an enclave. EncDBDB offers nine encrypted dictionaries, which provide different security, performance, and storage efficiency tradeoffs for the data. It is especially suited for complex, read-oriented, analytic queries as present, e.g., in data warehouses. The computational overhead compared to plaintext processing is within a millisecond even for databases with millions of entries and the leakage is limited. Compressed encrypted data requires less space than a corresponding plaintext column. Furthermore, EncDBDB's enclave is very small reducing the potential for security-relevant implementation errors and side-channel leakages.

File sharing applications using cloud storage are increasingly popular for personal and business use. Due to data protection concerns, end-to-end encryption is often a desired feature of these applications. Many attempts at designing cryptographic solutions fail to be adopted due to missing relevant features. We present SeGShare, a new architecture for end-to-end encrypted, group-based file sharing using trusted execution environments (TEE), e.g., Intel SGX. SeGShare is the first solution to protect the confidentiality and integrity of all data and management files; enforce immediate permission and membership revocations; support deduplication; and mitigate rollback attacks. Next to authentication, authorization and file system management, our implementation features an optimized TLS layer that enables high throughput and low latency. The encryption overhead of our implementation is extremely small in computation and storage resources. Our enclave code comprises less than 8500 lines of code enabling efficient mitigation of common pitfalls in deploying code to TEEs.

This paper proposes a lightweight digital signing scheme for supporting document signing on mobile devices connected to cloud computing. We employ elliptic curve (ECC) digital signature algorithm (ECDSA) for key pair generation done at mobile device and introduce outsourced proxy (OSP) to decrypt the encrypted file and compute hash value of the files stored in the cloud system. In our model, a mobile client invokes fixed-sized message digests to be signed with a private key stored in the device and produces the digital signature. Then, the signature is returned to the proxy for embedding it onto the original file. To this end, the trust between proxy and mobile devices is guaranteed by PKI technique. Based on the lightweight property of ECC and the modular design of our OSP, our scheme delivers the practical solution that allows mobile users to create their own digital signatures onto documents in a secure and efficient way. We also present the implementation details including system development and experimental evaluation to demonstrate the efficiency of our proposed system.

In this paper, we propose an access control model featured with the efficient key update function in data outsourcing environment. Our access control is based on the combination of Ciphertext Policy - Attribute-based Encryption (CP-ABE) and Role-based Access Control (RBAC). The proposed scheme aims to improve the attribute and key update management of the original CP-ABE. In our scheme, a user's key is incorporated into the attribute certificate (AC) which will be used to decrypt the ciphertext encrypted with CP-ABE policy. If there is any change (update or revoke) of the attributes appearing in the key, the key in the AC will be updated upon the access request. This significantly reduces the overheads in updating and distributing keys of all users simultaneously compared to the existing CP-ABE based schemes. Finally, we conduct the experiment to evaluate the performance of our proposed scheme to show the efficiency of our proposed scheme.