Visible to the public Biblio

Found 699 results

Filters: First Letter Of Last Name is H  [Clear All Filters]
A B C D E F G [H] I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
Hyunki-Kim, Jinhyeok-Oh, Changuk-Jang, Okyeon-Yi, Juhong-Han, Hansaem-Wi, Chanil-Park.  2019.  Analysis of the Noise Source Entropy Used in OpenSSL’s Random Number Generation Mechanism. 2019 International Conference on Information and Communication Technology Convergence (ICTC). :59–62.
OpenSSL is an open source library that implements the Secure Socket Layer (SSL), a security protocol used by the TCP/IP layer. All cryptographic systems require random number generation for many reasons, such as cryptographic key generation and protocol challenge/response, OpenSSL is also the same. OpenSSL can be run on a variety of operating systems. especially when generating random numbers on Unix-like operating systems, it can use /dev /(u)random [6], as a seed to add randomness. In this paper, we analyze the process provided by OpenSSL when random number generation is required. We also provide considerations for application developers and OpenSSL users to use /dev/urandom and real-time clock (nanoseconds of timespec structure) as a seed to generate cryptographic random numbers in the Unix family.
Hyun, Yoonjin, Kim, Namgyu.  2016.  Detecting Blog Spam Hashtags Using Topic Modeling. Proceedings of the 18th Annual International Conference on Electronic Commerce: E-Commerce in Smart Connected World. :43:1–43:6.

Tremendous amounts of data are generated daily. Accordingly, unstructured text data that is distributed through news, blogs, and social media has gained much attention from many researchers as this data contains abundant information about various consumers' opinions. However, as the usefulness of text data is increasing, attempts to gain profits by distorting text data maliciously or non-maliciously are also increasing. In this sense, various types of spam detection techniques have been studied to prevent the side effects of spamming. The most representative studies include e-mail spam detection, web spam detection, and opinion spam detection. "Spam" is recognized on the basis of three characteristics and actions: (1) if a certain user is recognized as a spammer, then all content created by that user should be recognized as spam; (2) if certain content is exposed to other users (regardless of the users' intention), then content is recognized as spam; and (3) any content that contains malicious or non-malicious false information is recognized as spam. Many studies have been performed to solve type (1) and type (2) spamming by analyzing various metadata, such as user networks and spam words. In the case of type (3), however, relatively few studies have been conducted because it is difficult to determine the veracity of a certain word or information. In this study, we regard a hashtag that is irrelevant to the content of a blog post as spam and devise a methodology to detect such spam hashtags.

Hyun, D., Kim, J., Hong, D., Jeong, J. P..  2017.  SDN-based network security functions for effective DDoS attack mitigation. 2017 International Conference on Information and Communication Technology Convergence (ICTC). :834–839.

Distributed Denial of Service (DDoS) attack has been bringing serious security concerns on banks, finance incorporation, public institutions, and data centers. Also, the emerging wave of Internet of Things (IoT) raises new concerns on the smart devices. Software Defined Networking (SDN) and Network Functions Virtualization (NFV) have provided a new paradigm for network security. In this paper, we propose a new method to efficiently prevent DDoS attacks, based on a SDN/NFV framework. To resolve the problem that normal packets are blocked due to the inspection on suspicious packets, we developed a threshold-based method that provides a client with an efficient, fast DDoS attack mitigation. In addition, we use open source code to develop the security functions in order to implement our solution for SDN-based network security functions. The source code is based on NETCONF protocol [1] and YANG Data Model [2].

Hyun-Suk Chai, Jun-dong Cho, Jongpil Jeong.  2014.  On Security-Effective and Global Mobility Management for FPMIPv6 Networks. Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2014 Eighth International Conference on. :247-253.

In PMIPv6-based network, mobile nodes can be made smaller and lighter because the network nodes perform the mobility management-related functions on behalf of the mobile nodes. One of the protocols, Fast Handovers for Proxy Mobile IPv6 (FPMIPv6) [1] was studied by the Internet Engineering Task Force (IETF). Since FPMIPv6 adopts the entities and the concepts of Fast Handovers for Mobile IPv6 (FMIPv6) in Proxy Mobile IPv6 (PMIPv6), it reduces the packet loss. The conventional scheme has been proposed to cooperate with an Authentication, Authorization and Accounting (AAA) infrastructure for authentication of a mobile node in PMIPv6. Despite the fact that this approach resulted in the best efficiency, without beginning secured signaling messages, The PMIPv6 is vulnerable to various security threats and it does not support global mobility. In this paper, the authors analyzed the Kang-Park & ESS-FH scheme, and proposed an Enhanced Security scheme for FPMIPv6 (ESS-FP). Based on the CGA method and the public key Cryptography, ESS-FP provides a strong key exchange and key independence in addition to improving the weaknesses of FPMIPv6 and its handover latency was analyzed and compared with that of the Kang-Park scheme & ESS-FH.

Hynes, E., Flynn, R., Lee, B., Murray, N..  2020.  An Evaluation of Lower Facial Micro Expressions as an Implicit QoE Metric for an Augmented Reality Procedure Assistance Application. 2020 31st Irish Signals and Systems Conference (ISSC). :1–6.
Augmented reality (AR) has been identified as a key technology to enhance worker utility in the context of increasing automation of repeatable procedures. AR can achieve this by assisting the user in performing complex and frequently changing procedures. Crucial to the success of procedure assistance AR applications is user acceptability, which can be measured by user quality of experience (QoE). An active research topic in QoE is the identification of implicit metrics that can be used to continuously infer user QoE during a multimedia experience. A user's QoE is linked to their affective state. Affective state is reflected in facial expressions. Emotions shown in micro facial expressions resemble those expressed in normal expressions but are distinguished from them by their brief duration. The novelty of this work lies in the evaluation of micro facial expressions as a continuous QoE metric by means of correlation analysis to the more traditional and accepted post-experience self-reporting. In this work, an optimal Rubik's Cube solver AR application was used as a proof of concept for complex procedure assistance. This was compared with a paper-based procedure assistance control. QoE expressed by affect in normal and micro facial expressions was evaluated through correlation analysis with post-experience reports. The results show that the AR application yielded higher task success rates and shorter task durations. Micro facial expressions reflecting disgust correlated moderately to the questionnaire responses for instruction disinterest in the AR application.
Hynek, K., Čejka, T., Žádník, M., Kubátová, H..  2020.  Evaluating Bad Hosts Using Adaptive Blacklist Filter. 2020 9th Mediterranean Conference on Embedded Computing (MECO). :1—5.

Publicly available blacklists are popular tools to capture and spread information about misbehaving entities on the Internet. In some cases, their straight-forward utilization leads to many false positives. In this work, we propose a system that combines blacklists with network flow data while introducing automated evaluation techniques to avoid reporting unreliable alerts. The core of the system is formed by an Adaptive Filter together with an Evaluator module. The assessment of the system was performed on data obtained from a national backbone network. The results show the contribution of such a system to the reduction of unreliable alerts.

Hylamia, Sam, Yan, Wenqing, Rohner, Christian, Voigt, Thiemo.  2019.  Tiek: Two-tier Authentication and Key Distribution for Wearable Devices. 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). :1–6.
Wearable devices, such as implantable medical devices and smart wearables, are becoming increasingly popular with applications that vary from casual activity monitoring to critical medical uses. Unsurprisingly, numerous security vulnerabilities have been found in this class of devices. Yet, research on physical measurement-based authentication and key distribution assumes that body-worn devices are benign and uncompromised. Tiek is a novel authentication and key distribution protocol which addresses this issue. We utilize two sources of randomness to perform device authentication and key distribution simultaneously but through separate means. This creates a two-tier authorization scheme that enables devices to join the network while protecting them from each other. We describe Tiek and analyze its security.
Hyla, T., Pejaś, J..  2017.  A Hess-Like Signature Scheme Based on Implicit and Explicit Certificates. The Computer Journal. 60:457–475.

The main goal of introducing an identity-based cryptosystem and certificateless cryptosystem was avoiding certificates' management costs. In turn, the goal of introducing a certificate-based cryptosystem was to solve the certificate revocation problem. In this paper, we propose a new digital Implicit and Explicit Certificates-Based Hess's Signature (IE-CBHS) scheme that combines the features of a standard public key infrastructure (PKI) and certificate-based cryptosystem. Our IE-CBHS scheme is an efficient certificates-based signature. The security analysis proves that the scheme is secure against two game attacks in the random oracle model. The security is closely related to the difficulty of solving the computational Diffie–Hellman and discrete logarithm problems. The IE-CBHS scheme, when compared with other signature schemes, has similar efficiency and is both more flexible and more useful in practice. It is possible to revoke the explicit certificate and use that fact during digital signature verification. Thus, our scheme is useful in applications where typical mechanisms of standard PKI are used. One of many important security features is resistance to denial of signature verification attack. Also, it is impossible for a trusted authority to recreate a partial private key, even with cooperation with the signer.

Hyesook Lim, Kyuhee Lim, Nara Lee, Kyong-Hye Park.  2014.  On Adding Bloom Filters to Longest Prefix Matching Algorithms. Computers, IEEE Transactions on. 63:411-423.

High-speed IP address lookup is essential to achieve wire-speed packet forwarding in Internet routers. Ternary content addressable memory (TCAM) technology has been adopted to solve the IP address lookup problem because of its ability to perform fast parallel matching. However, the applicability of TCAMs presents difficulties due to cost and power dissipation issues. Various algorithms and hardware architectures have been proposed to perform the IP address lookup using ordinary memories such as SRAMs or DRAMs without using TCAMs. Among the algorithms, we focus on two efficient algorithms providing high-speed IP address lookup: parallel multiple-hashing (PMH) algorithm and binary search on level algorithm. This paper shows how effectively an on-chip Bloom filter can improve those algorithms. A performance evaluation using actual backbone routing data with 15,000-220,000 prefixes shows that by adding a Bloom filter, the complicated hardware for parallel access is removed without search performance penalty in parallel-multiple hashing algorithm. Search speed has been improved by 30-40 percent by adding a Bloom filter in binary search on level algorithm.

Hyejung Moon, Hyun Suk Cho, Seo Hwa Jeong, Jangho Park.  2014.  Policy Design Based on Risk at Big Data Era: Case Study of Privacy Invasion in South Korea. Big Data (BigData Congress), 2014 IEEE International Congress on. :756-759.

This paper has conducted analyzing the accident case of data spill to study policy issues for ICT security from a social science perspective focusing on risk. The results from case analysis are as follows. First, ICT risk can be categorized 'severe, strong, intensive and individual' from the level of both probability and impact. Second, strategy of risk management can be designated 'avoid, transfer, mitigate, accept' by understanding their own culture type of relative group such as 'hierarchy, egalitarianism, fatalism and individualism'. Third, personal data has contained characteristics of big data such like 'volume, velocity, variety' for each risk situation. Therefore, government needs to establish a standing organization responsible for ICT risk policy and management in a new big data era. And the policy for ICT risk management needs to balance in considering 'technology, norms, laws, and market' in big data era.

Hwang, T..  2017.  NSF GENI cloud enabled architecture for distributed scientific computing. 2017 IEEE Aerospace Conference. :1–8.

GENI (Global Environment for Network Innovations) is a National Science Foundation (NSF) funded program which provides a virtual laboratory for networking and distributed systems research and education. It is well suited for exploring networks at a scale, thereby promoting innovations in network science, security, services and applications. GENI allows researchers obtain compute resources from locations around the United States, connect compute resources using 100G Internet2 L2 service, install custom software or even custom operating systems on these compute resources, control how network switches in their experiment handle traffic flows, and run their own L3 and above protocols. GENI architecture incorporates cloud federation. With the federation, cloud resources can be federated and/or community of clouds can be formed. The heart of federation is user identity and an ability to “advertise” cloud resources into community including compute, storage, and networking. GENI administrators can carve out what resources are available to the community and hence a portion of GENI resources are reserved for internal consumption. GENI architecture also provides “stitching” of compute and storage resources researchers request. This provides L2 network domain over Internet2's 100G network. And researchers can run their Software Defined Networking (SDN) controllers on the provisioned L2 network domain for a complete control of networking traffic. This capability is useful for large science data transfer (bypassing security devices for high throughput). Renaissance Computing Institute (RENCI), a research institute in the state of North Carolina, has developed ORCA (Open Resource Control Architecture), a GENI control framework. ORCA is a distributed resource orchestration system to serve science experiments. ORCA provides compute resources as virtual machines and as well as baremetals. ORCA based GENI ra- k was designed to serve both High Throughput Computing (HTC) and High Performance Computing (HPC) type of computes. Although, GENI is primarily used in various universities and research entities today, GENI architecture can be leveraged in the commercial, aerospace and government settings. This paper will go over the architecture of GENI and discuss the GENI architecture for scientific computing experiments.

Hwang, S., Ryu, S..  2020.  Gap between Theory and Practice: An Empirical Study of Security Patches in Solidity. 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE). :542–553.
Ethereum, one of the most popular blockchain platforms, provides financial transactions like payments and auctions through smart contracts. Due to the immense interest in smart contracts in academia, the research community of smart contract security has made a significant improvement recently. Researchers have reported various security vulnerabilities in smart contracts, and developed static analysis tools and verification frameworks to detect them. However, it is unclear whether such great efforts from academia has indeed enhanced the security of smart contracts in reality. To understand the security level of smart contracts in the wild, we empirically studied 55,046 real-world Ethereum smart contracts written in Solidity, the most popular programming language used by Ethereum smart contract developers. We first examined how many well-known vulnerabilities the Solidity compiler has patched, and how frequently the Solidity team publishes compiler releases. Unfortunately, we observed that many known vulnerabilities are not yet patched, and some patches are not even sufficient to avoid their target vulnerabilities. Subsequently, we investigated whether smart contract developers use the most recent compiler with vulnerabilities patched. We reported that developers of more than 98% of real-world Solidity contracts still use older compilers without vulnerability patches, and more than 25% of the contracts are potentially vulnerable due to the missing security patches. To understand actual impacts of the missing patches, we manually investigated potentially vulnerable contracts that are detected by our static analyzer and identified common mistakes by Solidity developers, which may cause serious security issues such as financial loss. We detected hundreds of vulnerable contracts and about one fourth of the vulnerable contracts are used by thousands of people. We recommend the Solidity team to make patches that resolve known vulnerabilities correctly, and developers to use the latest Solidity compiler to avoid missing security patches.
Hwang, JeeHyun, Williams, Laurie, Vouk, Mladen.  2014.  Access Control Policy Evolution: An Empirical Study. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security. :28:1–28:2.

Access Control Policies (ACPs) evolve. Understanding the trends and evolution patterns of ACPs could provide guidance about the reliability and maintenance of ACPs. Our research goal is to help policy authors improve the quality of ACP evolution based on the understanding of trends and evolution patterns in ACPs We performed an empirical study by analyzing the ACP changes over time for two systems: Security Enhanced Linux (SELinux), and an open-source virtual computing platform (VCL). We measured trends in terms of the number of policy lines and lines of code (LOC), respectively. We observed evolution patterns. For example, an evolution pattern st1 → st2 says that st1 (e.g., "read") evolves into st2 (e.g., "read" and "write"). This pattern indicates that policy authors add "write" permission in addition to existing "read" permission. We found that some of evolution patterns appear to occur more frequently.

Hwang, D., Shin, J., Choi, Y..  2018.  Authentication Protocol for Wearable Devices Using Mobile Authentication Proxy. 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN). :700–702.
The data transmitted from the wearable device commonly includes sensitive data. So, application service using the data collected from the unauthorized wearable devices can cause serious problems. Also, it is important to authenticate any wearable device and then, protect the transmitted data between the wearable devices and the application server. In this paper, we propose an authentication protocol, which is designed by using the Transport Layer Security (TLS) handshake protocol combined with a mobile authentication proxy. By using the proposed authentication protocol, we can authenticate the wearable device. And we can secure data transmission since session key is shared between the wearable device and the application server. In addition, the proposed authentication protocol is secure even when the mobile authentication proxy is unreliable.
Huyn, Joojay.  2017.  A Scalable Real-Time Framework for DDoS Traffic Monitoring and Characterization. Proceedings of the Fourth IEEE/ACM International Conference on Big Data Computing, Applications and Technologies. :265–266.

Volumetric DDoS attacks continue to inflict serious damage. Many proposed defenses for mitigating such attacks assume that a monitoring system has already detected the attack. However, many proposed DDoS monitoring systems do not focus on efficiently analyzing high volume network traffic to provide important characterizations of the attack in real-time to downstream traffic filtering systems. We propose a scalable real-time framework for an effective volumetric DDoS monitoring system that leverages modern big data technologies for streaming analytics of high volume network traffic to accurately detect and characterize attacks.

Huyck, P..  2019.  Safe and Secure Data Fusion — Use of MILS Multicore Architecture to Reduce Cyber Threats. 2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC). :1–9.
Data fusion, as a means to improve aircraft and air traffic safety, is a recent focus of some researchers and system developers. Increases in data volume and processing needs necessitate more powerful hardware and more flexible software architectures to satisfy these needs. Such improvements in processed data also mean the overall system becomes more complex and correspondingly, resulting in a potentially significantly larger cyber-attack space. Today's multicore processors are one means of satisfying the increased computational needs of data fusion-based systems. When coupled with a real-time operating system (RTOS) capable of flexible core and application scheduling, large cabinets of (power hungry) single-core processors may be avoided. The functional and assurance capabilities of such an RTOS can be critical elements in providing application isolation, constrained data flows, and restricted hardware access (including covert channel prevention) necessary to reduce the overall cyber-attack space. This paper examines fundamental considerations of a multiple independent levels of security (MILS) architecture when supported by a multicore-based real-time operating system. The paper draws upon assurance activities and functional properties associated with a previous Common Criteria evaluation assurance level (EAL) 6+ / High-Robustness Separation Kernel certification effort and contrast those with activities performed as part of a MILS multicore related project. The paper discusses key characteristics and functional capabilities necessary to achieve overall system security and safety. The paper defines architectural considerations essential for scheduling applications on a multicore processor to reduce security risks. For civil aircraft systems, the paper discusses the applicability of the security assurance and architecture configurations to system providers looking to increase their resilience to cyber threats.
Hutton, W. J., Dang, Z., Cui, C..  2017.  Killing the password, part 1: An exploratory analysis of walking signatures. 2017 Computing Conference. :808–813.
For over 50 years, the password has been a frequently used, yet relatively ineffective security mechanism for user authentication. The ubiquitous smartphone is a compact suite of sensors, computation, and network connectivity that corporations are beginning to embrace under BYOD (bring your own device). In this paper, we hypothesize that each of us has a unique “walking signature” that a smartphone can recognize and use to provide passive, continuous authentication. This paper describes the exploratory data analysis of a small, cross-sectional, empirical study of users' walking signatures as observed by a smartphone. We then describe an identity management system that could use a walking signature as a means to passively and continuously authenticate a user and manage complex passwords to improve security.
Hussien, Zainab Waleed, Qawasmeh, Doaa Sami, Shurman, Mohammad.  2020.  MSCLP: Multi-Sinks Cluster-Based Location Privacy Protection scheme in WSNs for IoT. 2020 32nd International Conference on Microelectronics (ICM). :1—4.
One of the most important information in Wireless Sensor Networks (WSNs) is the location of each sensor node. This kind of information is very attractive to attackers for real position exposure of nodes making the whole network vulnerable to different kinds of attacks. According to WSNs privacy, there are two types of threats affect the network: Contextual and Content privacy. In this work, we study contextual privacy, where an eavesdropper tries to find the location of the source or sink node. We propose a Multi-Sinks Cluster-Based Location Privacy Protection (MSCLP) scheme in WSNs that divides the WSN into clusters, each cluster managed by one cluster head (CH). Each CH sends random fake packets in a loop then sends the real packet to the neighbor's CHs using a dynamic routing method to confuse the attacker from tracing back the real packet to reveal the actual location of the source node, we are taking in our consideration two important metrics: the energy consumption, and the delay.
Hussein, A., Salman, O., Chehab, A., Elhajj, I., Kayssi, A..  2019.  Machine Learning for Network Resiliency and Consistency. 2019 Sixth International Conference on Software Defined Systems (SDS). :146–153.

Being able to describe a specific network as consistent is a large step towards resiliency. Next to the importance of security lies the necessity of consistency verification. Attackers are currently focusing on targeting small and crutial goals such as network configurations or flow tables. These types of attacks would defy the whole purpose of a security system when built on top of an inconsistent network. Advances in Artificial Intelligence (AI) are playing a key role in ensuring a fast responce to the large number of evolving threats. Software Defined Networking (SDN), being centralized by design, offers a global overview of the network. Robustness and adaptability are part of a package offered by programmable networking, which drove us to consider the integration between both AI and SDN. The general goal of our series is to achieve an Artificial Intelligence Resiliency System (ARS). The aim of this paper is to propose a new AI-based consistency verification system, which will be part of ARS in our future work. The comparison of different deep learning architectures shows that Convolutional Neural Networks (CNN) give the best results with an accuracy of 99.39% on our dataset and 96% on our consistency test scenario.

Hussein, A., Elhajj, I. H., Chehab, A., Kayssi, A..  2016.  SDN Security Plane: An Architecture for Resilient Security Services. 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW). :54–59.

Software Defined Networking (SDN) is the new promise towards an easily configured and remotely controlled network. Based on Centralized control, SDN technology has proved its positive impact on the world of network communications from different aspects. Security in SDN, as in traditional networks, is an essential feature that every communication system should possess. In this paper, we propose an SDN security design approach, which strikes a good balance between network performance and security features. We show how such an approach can be used to prevent DDoS attacks targeting either the controller or the different hosts in the network, and how to trace back the source of the attack. The solution lies in introducing a third plane, the security plane, in addition to the data plane, which is responsible for forwarding data packets between SDN switches, and parallel to the control plane, which is responsible for rule and data exchange between the switches and the SDN controller. The security plane is designed to exchange security-related data between a third party agent on the switch and a third party software module alongside the controller. Our evaluation shows the capability of the proposed system to enforce different levels of real-time user-defined security with low overhead and minimal configuration.

Hussein, A., Elhajj, I. H., Chehab, A., Kayssi, A..  2017.  SDN VANETs in 5G: An architecture for resilient security services. 2017 Fourth International Conference on Software Defined Systems (SDS). :67–74.

Vehicular ad-Hoc Networks (VANETs) have been promoted as a key technology that can provide a wide variety of services such as traffic management, passenger safety, as well as travel convenience and comfort. VANETs are now proposed to be part of the upcoming Fifth Generation (5G) technology, integrated with Software Defined Networking (SDN), as key enabler of 5G. The technology of fog computing in 5G turned out to be an adequate solution for faster processing in delay sensitive application, such as VANETs, being a hybrid solution between fully centralized and fully distributed networks. In this paper, we propose a three-way integration between VANETs, SDN, and 5G for a resilient VANET security design approach, which strikes a good balance between network, mobility, performance and security features. We show how such an approach can secure VANETs from different types of attacks such as Distributed Denial of Service (DDoS) targeting either the controllers or the vehicles in the network, and how to trace back the source of the attack. Our evaluation shows the capability of the proposed system to enforce different levels of real-time user-defined security, while maintaining low overhead and minimal configuration.

Hussein Sibai, University of Illinois at Urbana-Champaign, Sayan Mitra, University of Illinois at Urbana-Champaign.  2017.  Optimal Data Rate for State Estimation of Switched Nonlinear Systems. 20th ACM International Conference on Hybrid Systems: Computation and Control (HSCC 2017).

State estimation is a fundamental problem for monitoring and controlling systems. Engineering systems interconnect sensing and computing devices over a shared bandwidth-limited channels, and therefore, estimation algorithms should strive to use bandwidth optimally. We present a notion of entropy for state estimation of switched nonlinear dynamical systems, an upper bound for it and a state estimation algorithm for the case when the switching signal is unobservable. Our approach relies on the notion of topological entropy and uses techniques from the theory for control under limited information. We show that the average bit rate used is optimal in the sense that, the efficiency gap of the algorithm is within an additive constant of the gap between estimation entropy of the system and its known upper-bound. We apply the algorithm to two system models and discuss the performance implications of the number of tracked modes.

Hussein Sibai, University of Illinois at Urbana-Champaign, Sayan Mitra, University of Illinois at Urbana-Champaign.  2017.  Optimal Data Rate for Estimation and Mode Detection of Switched Nonlinear Systems. 20th ACM International Conference on Hybrid Systems: Computation and Control (HSCC 2017).

State estimation is a fundamental problem for monitoring and controlling systems. Engineering systems interconnect sensing and computing devices over a shared bandwidth-limited channels, and therefore, estimation algorithms should strive to use bandwidth optimally. We present a notion of entropy for state estimation of switched nonlinear dynamical systems, an upper bound for it and a state estimation algorithm for the case when the switching signal is unobservable. Our approach relies on the notion of topological entropy and uses techniques from the theory for control under limited information. We show that the average bit rate used is optimal in the sense that, the eciency gap of the algorithm is within an additive constant of the gap between estimation entropy of the system and its known upper-bound. We apply the algorithm to two system models and discuss the performance implications of the number of tracked modes.

Hussain, Syed Saiq, Sohail Ibrahim, Muhammad, Mir, Syed Zain, Yasin, Sajid, Majeed, Muhammad Kashif, Ghani, Azfar.  2018.  Efficient Video Encryption Using Lightweight Cryptography Algorithm. 2018 3rd International Conference on Emerging Trends in Engineering, Sciences and Technology (ICEEST). :1-6.

The natural redundancy in video data due to its spatio-temporal correlation of neighbouring pixels require highly complex encryption process to successfully cipher the data. Conventional encryption methods are based on lengthy keys and higher number of rounds which are inefficient for low powered, small battery operated devices. Motivated by the success of lightweight encryption methods specially designed for IoT environment, herein an efficient method for video encryption is proposed. The proposed technique is based on a recently proposed encryption algorithm named Secure IoT (SIT), which utilizes P and Q functions of the KHAZAD cipher to achieve high encryption at low computation cost. Extensive simulations are performed to evaluate the efficacy of the proposed method and results are compared with Secure Force (SF-64) cipher. Under all conditions the proposed method achieved significantly improved results.

Hussain, Syed Rafiul, Mehnaz, Shagufta, Nirjon, Shahriar, Bertino, Elisa.  2017.  Seamless and Secure Bluetooth LE Connection Migration. Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. :147–149.
At present, Bluetooth Low Energy (BLE) is dominantly used in commercially available Internet of Things (IoT) devices – such as smart watches, fitness trackers, and smart appliances. Compared to classic Bluetooth, BLE has been simplified in many ways that include its connection establishment, data exchange, and encryption processes. Unfortunately, this simplification comes at a cost. For example, only a star topology is supported in BLE environments and a peripheral (an IoT device) can communicate with only one gateway (e.g. a smartphone, or a BLE hub) at a set time. When a peripheral goes out of range, it loses connectivity to a gateway, and cannot connect and seamlessly communicate with another gateway without user interventions. In other words, BLE connections do not get automatically migrated or handed-off to another gateway. In this paper, we propose a system which brings seamless connectivity to BLE-capable mobile IoT devices in an environment that consists of a network of gateways. Our framework ensures that unmodified, commercial off-the-shelf BLE devices seamlessly and securely connect to a nearby gateway without any user intervention.