Biblio

We present NonDex, a tool for detecting and debugging wrong assumptions on Java APIs. Some APIs have underdetermined specifications to allow implementations to achieve different goals, e.g., to optimize performance. When clients of such APIs assume stronger-than-specified guarantees, the resulting client code can fail. For example, HashSet’s iteration order is underdetermined, and code assuming some implementation-specific iteration order can fail. NonDex helps to proactively detect and debug such wrong assumptions. NonDex performs detection by randomly exploring different behaviors of underdetermined APIs during test execution. When a test fails during exploration, NonDex searches for the invocation instance of the API that caused the failure. NonDex is open source, well-integrated with Maven, and also runs from the command line. During our experiments with the NonDex Maven plugin, we detected 21 new bugs in eight Java projects from GitHub, and, using the debugging feature of NonDex, we identified the underlying wrong assumptions for these 21 new bugs and 54 previously detected bugs. We opened 13 pull requests; developers already accepted 12, and one project changed the continuous-integration configuration to run NonDex on every push. The demo video is at: https://youtu.be/h3a9ONkC59c

As cyber threats continue to grow and expertise resources are limited, organisations need to find ways to evaluate their resilience efficiently and take proactive measures against an attack from a specific adversary before it occurs. Threat modelling is an excellent method of assessing the resilience of ICT systems, forming Attack (Defense) Graphs (ADGs) that illustrate an adversary’s attack vectors. Cyber Threat Intelligence (CTI) is information that helps understand the current cyber threats, but has little integration with ADGs. This paper contributes with an approach that resolves this problem by using CTI feeds of known threat actors to enrich ADGs under multiple reuse. This enables security analysts to take proactive measures and strengthen their ICT systems against current methods used by any threat actor that is believed to pose a threat to them.

Vehicular networks are susceptible to variety of attacks such as denial of service (DoS) attack, sybil attack and false alert generation attack. Different cryptographic methods have been proposed to protect vehicular networks from these kind of attacks. However, cryptographic methods have been found to be less effective to protect from insider attacks which are generated within the vehicular network system. Misbehavior detection system is found to be more effective to detect and prevent insider attacks. In this paper, we propose a machine learning based misbehavior detection system which is trained using datasets generated through extensive simulation based on realistic vehicular network environment. The simulation results demonstrate that our proposed scheme outperforms previous methods in terms of accurately identifying various misbehavior.

Summary form only given, as follows. The complete presentation was not made available for publication as part of the conference proceedings. Banking, defence applications and cryptosystems often demand security features, including cryptography, tamper resistance, stealth, and etc., by means of hardware approaches and/or software approaches to prevent data leakages. The hardware physical attacks or commonly known as side channel attacks have been employed to extract the secret keys of the encrypted algorithms implemented in hardware devices by analyzing their physical parameters such as power dissipation, electromagnetic interference and timing information. Altered functions or unauthorized modules may be added to the circuit design during the shipping and manufacturing process, bringing in security threats to the deployed systems. In this presentation, we will discuss hardware assurance from both device level and circuit level, and present how machine learning techniques can be utilized. At the device level, we will first provide an overview of the different cryptography algorithms and present the side channel attacks, particularly the powerful Correlation Power Analysis (CPA) and Correlation Electromagnetic Analysis (CEMA) with a leakage model that can be used to reveal the secret keys of the cryptosystems. We will then discuss several countermeasure techniques and present how highly secured microchips can be designed based on these techniques. At the circuit level, we will provide an overview of manufactured IC circuit analysis through invasive IC delayering and imaging. We then present several machine learning techniques that can be efficiently applied to the retrieval of circuit contact points and connections for further netlist/functional analysis.

Due to the proliferation of Internet-of-Things (IoT) environments, humans working with heterogeneous, smart objects in public IoT environments become more popular than ever before. This situation often requires to establish trust relationships between a user and a smart object for their secure interactions, but without the presence of prior interactions. In this work, we are interested in how a smart object can grant an access right to a human user in the absence of any prior knowledge in which some users may be malicious aiming to breach security goals of the IoT system. To solve this problem, we propose a trust-aware, role-based access control system, namely TARAS, which provides adaptive authorization to users based on dynamic trust estimation. In TARAS, for the initial trust establishment, we take a multidisciplinary approach by adopting the concept of I-sharing from psychology. The I-sharing follows the rationale that people with similar roles and traits are more likely to respond in a similar way. This theory provides a powerful tool to quickly establish trust between a smart object and a new user with no prior interactions. In addition, TARAS can adaptively filter malicious users out by revoking their access rights based on adaptive, dynamic trust estimation. Our experimental results show that the proposed TARAS mechanism can maximize system integrity in terms of correctly detecting malicious or benign users while maximizing service availability to users particularly when the system is fine-tuned based on the identified optimal setting in terms of an optimal trust threshold.

This paper considers methods of fingerprint protection in biometric authentication systems. Including methods of protecting fingerprint templates using zero digital watermarks and cryptography techniques. The paper considers a secure authentication model using cryptography and digital watermarks.

This paper designs a secure transmission and authorization management system which based on the principles of Public Key Infrastructure and Rose-Based Access Control. It can solve the problems of identity authentication, secure transmission and access control on internet. In the first place, according to PKI principles, certificate authority system is implemented. It can issue and revoke the server-side and client-side digital certificate. Data secure transmission is achieved through the combination of digital certificate and SSL protocol. In addition, this paper analyses access control mechanism and RBAC model. The structure of RBAC model has been improved. The principle of group authority is added into the model and the combination of centralized authority and distributed authority management is adopted, so the model becomes more flexible.
 

Recently, there has been great interest in the physical layer security technique which exploits the artificial noise (AN) to enlarge the channel condition between the legitimate receiver and the eavesdropper. However, in certain communication scenery, this strategy may suffer from some attacks in the signal processing perspective. In this paper, we consider speech signals and the scenario in which the eavesdropper has the similar channel performance compared to the legitimate receiver. We design the optimal artificial noise (AN) to resist the attack of the eavesdropper who uses the blind source separation (BSS) technology to reconstruct the secret information. The Optimal AN is obtained by making a tradeoff between results of direct eavesdropping and reconstruction. The simulation results show that the AN we proposed has better performance than that of the white Gaussian AN to resist the BSS attacks effectively.
 

Unmanned systems are increasing in number, while their manning requirements remain the same. To decrease manpower demands, machine learning techniques and autonomy are gaining traction and visibility. One barrier is human perception and understanding of autonomy. Machine learning techniques can result in “black box” algorithms that may yield high fitness, but poor comprehension by operators. However, Interactive Machine Learning (IML), a method to incorporate human input over the course of algorithm development by using neuro-evolutionary machine-learning techniques, may offer a solution. IML is evaluated here for its impact on developing autonomous team behaviors in an area search task. Initial findings show that IML-generated search plans were chosen over plans generated using a non-interactive ML technique, even though the participants trusted them slightly less. Further, participants discriminated each of the two types of plans from each other with a high degree of accuracy, suggesting the IML approach imparts behavioral characteristics into algorithms, making them more recognizable. Together the results lay the foundation for exploring how to team humans successfully with ML behavior.

Crowd simulation in visual effects and animation is a field where creativity is often bound by the scalability of its tools. High end animation systems like Autodesk Maya [Autodesk ] are tailored for scenes with at most tens of characters, whereas more scaleable VFX packages like SideFX's Houdini [SideFX] can lack the directability required by character animation. We present a suite of technologies built around Houdini that vastly improves both its scalability and directability for agent based crowd simulation. Dubbed MURE (Japanese for "crowd"), this system employs a new VEX context with lock-free, multithreaded KD-Tree construction/look-up, a procedural finite state machine for massive animation libraries, a suite of VEX nodes for fuzzy logic, and a fast GPU drawing plugin built upon the open source USD (Universal Scene Description) library [Pixar Animation Studios ]. MURE has proven its success on two feature films, The Good Dinosaur, and Finding Dory, with crowd spectacles including flocks of birds, swarms of fireflies, automobile traffic, and schools of fish. Pixar has a history with agent based crowd simulation using a custom Massive [Massive Software] based pipeline, first developed on Ratatouille [Ryu and Kanyuk 2007], and subsequently used on Wall-E, Up, and Cars 2. A re-write of the studio's proprietary animation software, Presto, deprecated this crowd pipeline. The crowds team on Brave and Monster's University replaced it with a new system for "non-simulated" crowds that sequenced geometry caches [Kanyuk et al. 2012] via finite state machines and sketch based tools [Arumugam et al. 2013]. However, the story reels for The Good Dinosaur called for large crowds with such complex inter-agent and environment interaction that simulated crowds were necessary. This creative need afforded Pixar's crowd team the opportunity of evaluate the pros and cons of our former agent based simulation pipeline and weigh which features would be part of its successor. Fuzzy logic brains and customizable navigation were indispensable, but our practice of approximating hero quality rigs with simulatable equivalents was fraught with problems. Creating the mappings was labor intensive, lossy, and even when mostly correct, animators found the synthesized animation splines so foreign that many would start from scratch rather than build upon a crowd simulation. The avoid this pitfall, we instead opted to start building our new pipeline around pre-cached clips of animation and thus always be able to deliver crowd animators clean splines. This reliance on caches also affords tremendous opportunities for interactivity at massive scales. Thus, rather than focusing on rigging/posing, the goals of our new system, MURE, became interactivity and directability.

Simulating quantum field theories on a quantum computer is one of the most exciting fundamental physics applications of quantum information science. Dynamical time evolution of quantum fields is a challenge that is beyond the capabilities of classical computing, but it can teach us important lessons about the fundamental fabric of space and time. Whether we may answer scientific questions of interest using near-term quantum computing hardware is an open question that requires a detailed simulation study of quantum noise. Here we present a large scale simulation study powered by a multi-node implementation of qsim using the Google Cloud Platform. We additionally employ newly-developed GPU capabilities in qsim and show how Tensor Processing Units — Application-specific Integrated Circuits (ASICs) specialized for Machine Learning — may be used to dramatically speed up the simulation of large quantum circuits. We demonstrate the use of high performance cloud computing for simulating ℤ2 quantum field theories on system sizes up to 36 qubits. We find this lattice size is not able to simulate our problem and observable combination with sufficient accuracy, implying more challenging observables of interest for this theory are likely beyond the reach of classical computation using exact circuit simulation.

Authenticating a person's identity has always been a challenge. While attempts are being made by government agencies to address this challenge, the citizens are being exposed to a new age problem of Identity management. The sharing of photocopies of identity cards in order to prove our identity is a common sight. From score-card to Aadhar-card, the details of our identity has reached many unauthorized hands during the years. In India the identity thefts accounts for 77% [1] of the fraud cases, and the threats are trending. Programs like e-Residency by Estonia[2], Bitnation using Ethereum[3] are being devised for an efficient Identity Management. Even the US Home Land Security is funding a research with an objective of “Design information security and privacy concepts on the Blockchain to support identity management capabilities that increase security and productivity while decreasing costs and security risks for the Homeland Security Enterprise (HSE).” [4] This paper will discuss the challenges specific to India around Identity Management, and the possible solution that the Distributed ledger, hashing algorithms and smart contracts can offer. The logic of hashing the personal data, and controlling the distribution of identity using public-private keys with Blockchain technology will be discussed in this paper.

Mobile Ad-hoc Network (MANET) is a prominent technology in the wireless networking field in which the movables nodes operates in distributed manner and collaborates with each other in order to provide the multi-hop communication between the source and destination nodes. Generally, the main assumption considered in the MANET is that each node is trusted node. However, in the real scenario, there are some unreliable nodes which perform black hole attack in which the misbehaving nodes attract all the traffic towards itself by giving false information of having the minimum path towards the destination with a very high destination sequence number and drops all the data packets. In the paper, we have presented different categories for black hole attack mitigation techniques and also presented the summary of various techniques along with its drawbacks that need to be considered while designing an efficient protocol.

In the field of smartphones a number of proposals suggest that sensing the ambient environment can act as an effective anti-relay mechanism. However, existing literature is not compliant with industry standards (e.g. EMV and ITSO) that require transactions to complete within a certain time-frame (e.g. 500ms in the case of EMV contactless payments). In previous work the generation of an artificial ambient environment (AAE), and especially the use of infrared light as an AAE actuator was shown to have high success rate in relay attacks detection. In this paper we investigate the application of infrared as a relay attack detection technique in various scenarios, namely, contactless transactions (mobile payments, transportation ticketing, and physical access control), and continuous Two-Factor Authentication. Operating requirements and architectures are proposed for each scenario, while taking into account industry imposed performance requirements, where applicable. Protocols for integrating the solution into the aforementioned scenarios are being proposed, and formally verified. The impact on the performance is assessed through practical implementation. Proposed protocols are verified using Scyther, a formal mechanical verification tool. Finally, additional scenarios, in which this technique can be applied to prevent relay or other types of attacks, are discussed.

As mobile devices and location-based services become increasingly ubiquitous, the privacy of mobile users' location traces continues to be a major concern. Traditional privacy solutions rely on perturbing each position in a user's trace and replacing it with a fake location. However, recent studies have shown that such point-based perturbation of locations is susceptible to inference attacks and suffers from serious utility losses, because it disregards the moving trajectory and continuity in full location traces. In this paper, we argue that privacy-preserving synthesis of complete location traces can be an effective solution to this problem. We present AdaTrace, a scalable location trace synthesizer with three novel features: provable statistical privacy, deterministic attack resilience, and strong utility preservation. AdaTrace builds a generative model from a given set of real traces through a four-phase synthesis process consisting of feature extraction, synopsis learning, privacy and utility preserving noise injection, and generation of differentially private synthetic location traces. The output traces crafted by AdaTrace preserve utility-critical information existing in real traces, and are robust against known location trace attacks. We validate the effectiveness of AdaTrace by comparing it with three state of the art approaches (ngram, DPT, and SGLT) using real location trace datasets (Geolife and Taxi) as well as a simulated dataset of 50,000 vehicles in Oldenburg, Germany. AdaTrace offers up to 3-fold improvement in trajectory utility, and is orders of magnitude faster than previous work, while preserving differential privacy and attack resilience.

Differentially private location trace synthesis (DPLTS) has recently emerged as a solution to protect mobile users' privacy while enabling the analysis and sharing of their location traces. A key challenge in DPLTS is to best preserve the utility in location trace datasets, which is non-trivial considering the high dimensionality, complexity and heterogeneity of datasets, as well as the diverse types and notions of utility. In this paper, we present OptaTrace: a utility-optimized and targeted approach to DPLTS. Given a real trace dataset D, the differential privacy parameter ε controlling the strength of privacy protection, and the utility/error metric Err of interest; OptaTrace uses Bayesian optimization to optimize DPLTS such that the output error (measured in terms of given metric Err) is minimized while ε-differential privacy is satisfied. In addition, OptaTrace introduces a utility module that contains several built-in error metrics for utility benchmarking and for choosing Err, as well as a front-end web interface for accessible and interactive DPLTS service. Experiments show that OptaTrace's optimized output can yield substantial utility improvement and error reduction compared to previous work.

With increasing popularity of cloud computing, the data owners are motivated to outsource their sensitive data to cloud servers for flexibility and reduced cost in data management. However, privacy is a big concern for outsourcing data to the cloud. The data owners typically encrypt documents before outsourcing for privacy-preserving. As the volume of data is increasing at a dramatic rate, it is essential to develop an efficient and reliable ciphertext search techniques, so that data owners can easily access and update cloud data. In this paper, we propose a privacy preserving multi-keyword ranked search scheme over encrypted data in cloud along with data integrity using a new authenticated data structure MIR-tree. The MIR-tree based index with including the combination of widely used vector space model and TF×IDF model in the index construction and query generation. We use inverted file index for storing word-digest, which provides efficient and fast relevance between the query and cloud data. Design an authentication set(AS) for authenticating the queries, for verifying top-k search results. Because of tree based index, our scheme achieves optimal search efficiency and reduces communication overhead for verifying the search results. The analysis shows security and efficiency of our scheme.

A browser extension, also known as a plugin or an addon, is a small software application that adds functionality to a web browser. However, security threats are always linked with such software where data can be compromised and ultimately trust is broken. The proposed research work jas developed a security model named WebSecAsst, which is a chrome plugin relying on the Machine Learning model XGBoost and VirusTotal to detect malicious websites visited by the user and to detect whether the files downloaded from the internet are Malicious or Safe. During this detection, the proposed model preserves the privacy of the user's data to a greater extent than the existing commercial chrome extensions.

The demand of highly functioning storage systems has led to the evolution of the filesystems which are capable of successfully and effectively carrying out the data management, configures the new storage hardware, proper backup and recovery as well. The research paper aims to find out which file system can serve better in backup storage (e.g. NAS storage) and compute-intensive systems (e.g. database consolidation in cloud computing). We compare such two most potential opensource filesystem ZFS and BTRFS based on their file I/O performance on a storage pool of flash drives, which are made available over iSCSI (internet) for different record sizes. This paper found that ZFS performed better than BTRFS in this arrangement.

This paper introduces a new type of attack on isolated, air-gapped workstations. Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band. The Serial ATA (SATA) is a bus interface widely used in modern computers and connects the host bus to mass storage devices such as hard disk drives, optical drives, and solid-state drives. The prevalence of the SATA interface makes this attack highly available to attackers in a wide range of computer systems and IT environments. We discuss related work on this topic and provide technical background. We show the design of the transmitter and receiver and present the implementation of these components. We also demonstrate the attack on different computers and provide the evaluation. The results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver. Furthermore, we show that the attack can operate from user mode, is effective even from inside a Virtual Machine (VM), and can successfully work with other running workloads in the background. Finally, we discuss defense and mitigation techniques for this new air-gap attack.

Air-gapped computers are hermetically isolated from the Internet to eliminate any means of information leakage. In this paper we present HOTSPOT - a new type of airgap crossing technique. Signals can be sent secretly from air-gapped computers to nearby smartphones and then on to the Internet - in the form of thermal pings. The thermal signals are generated by the CPUs and GPUs and intercepted by a nearby smartphone. We examine this covert channel and discuss other work in the field of air-gap covert communication channels. We present technical background and describe thermal sensing in modern smartphones. We implement a transmitter on the computer side and a receiver Android App on the smartphone side, and discuss the implementation details. We evaluate the covert channel and tested it in a typical work place. Our results show that it possible to send covert signals from air-gapped PCs to the attacker on the Internet through the thermal pings. We also propose countermeasures for this type of covert channel which has thus far been overlooked.

In this paper we present LANTENNA - a new type of an electromagnetic attack allowing adversaries to leak sensitive data from isolated, air-gapped networks. Malicious code in air-gapped computers gathers sensitive data and then encodes it over radio waves emanated from Ethernet cables. A nearby receiving device can intercept the signals wirelessly, decodes the data and sends it to the attacker. We discuss the exiltration techniques, examine the covert channel characteristics, and provide implementation details. Notably, the malicious code can run in an ordinary user mode process, and can successfully operates from within a virtual machine. We evaluate the covert channel in different scenarios and present a set of of countermeasures. Our experiments show that with the LANTENNA attack, data can be exfiltrated from air-gapped computers to a distance of several meters away.

Highly secure devices are often isolated from the Internet or other public networks due to the confidential information they process. This level of isolation is referred to as an ’air-gap .’In this paper, we present a new technique named ETHERLED, allowing attackers to leak data from air-gapped networked devices such as PCs, printers, network cameras, embedded controllers, and servers. Networked devices have an integrated network interface controller (NIC) that includes status and activity indicator LEDs. We show that malware installed on the device can control the status LEDs by blinking and alternating colors, using documented methods or undocumented firmware commands. Information can be encoded via simple encoding such as Morse code and modulated over these optical signals. An attacker can intercept and decode these signals from tens to hundreds of meters away. We show an evaluation and discuss defensive and preventive countermeasures for this exfiltration attack.

Air-gapped computers are systems that are kept isolated from the Internet since they store or process sensitive information. In this paper, we introduce an optical covert channel in which an attacker can leak (or, exfiltlrate) sensitive information from air-gapped computers through manipulations on the screen brightness. This covert channel is invisible and it works even while the user is working on the computer. Malware on a compromised computer can obtain sensitive data (e.g., files, images, encryption keys and passwords), and modulate it within the screen brightness, invisible to users. The small changes in the brightness are invisible to humans but can be recovered from video streams taken by cameras such as a local security camera, smartphone camera or a webcam. We present related work and discuss the technical and scientific background of this covert channel. We examined the channel's boundaries under various parameters, with different types of computer and TV screens, and at several distances. We also tested different types of camera receivers to demonstrate the covert channel. Lastly, we present relevant countermeasures to this type of attack.

Using the keyboard LEDs to send data optically was proposed in 2002 by Loughry and Umphress [1] (Appendix A). In this paper we extensively explore this threat in the context of a modern cyber-attack with current hardware and optical equipment. In this type of attack, an advanced persistent threat (APT) uses the keyboard LEDs (Caps-Lock, Num-Lock and Scroll-Lock) to encode information and exfiltrate data from airgapped computers optically. Notably, this exfiltration channel is not monitored by existing data leakage prevention (DLP) systems. We examine this attack and its boundaries for today's keyboards with USB controllers and sensitive optical sensors. We also introduce smartphone and smartwatch cameras as components of malicious insider and 'evil maid' attacks. We provide the necessary scientific background on optical communication and the characteristics of modern USB keyboards at the hardware and software level, and present a transmission protocol and modulation schemes. We implement the exfiltration malware, discuss its design and implementation issues, and evaluate it with different types of keyboards. We also test various receivers, including light sensors, remote cameras, 'extreme' cameras, security cameras, and smartphone cameras. Our experiment shows that data can be leaked from air-gapped computers via the keyboard LEDs at a maximum bit rate of 3000 bit/sec per LED given a light sensor as a receiver, and more than 120 bit/sec if smartphones are used. The attack doesn't require any modification of the keyboard at hardware or firmware levels.