Visible to the public Biblio

Found 203 results

Filters: First Letter Of Last Name is V  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U [V] W X Y Z   [Show ALL]
V
Valstar, Michel, Baur, Tobias, Cafaro, Angelo, Ghitulescu, Alexandru, Potard, Blaise, Wagner, Johannes, André, Elisabeth, Durieu, Laurent, Aylett, Matthew, Dermouche, Soumia et al..  2016.  Ask Alice: An Artificial Retrieval of Information Agent. Proceedings of the 18th ACM International Conference on Multimodal Interaction. :419–420.

We present a demonstration of the ARIA framework, a modular approach for rapid development of virtual humans for information retrieval that have linguistic, emotional, and social skills and a strong personality. We demonstrate the framework's capabilities in a scenario where `Alice in Wonderland', a popular English literature book, is embodied by a virtual human representing Alice. The user can engage in an information exchange dialogue, where Alice acts as the expert on the book, and the user as an interested novice. Besides speech recognition, sophisticated audio-visual behaviour analysis is used to inform the core agent dialogue module about the user's state and intentions, so that it can go beyond simple chat-bot dialogue. The behaviour generation module features a unique new capability of being able to deal gracefully with interruptions of the agent.

Vamsi, P.R., Kant, K..  2014.  Sybil attack detection using Sequential Hypothesis Testing in Wireless Sensor Networks. Signal Propagation and Computer Technology (ICSPCT), 2014 International Conference on. :698-702.

Sybil attack poses a serious threat to geographic routing. In this attack, a malicious node attempts to broadcast incorrect location information, identity and secret key information. A Sybil node can tamper its neighboring nodes for the purpose of converting them as malicious. As the amount of Sybil nodes increase in the network, the network traffic will seriously affect and the data packets will never reach to their destinations. To address this problem, researchers have proposed several schemes to detect Sybil attacks. However, most of these schemes assume costly setup such as the use of relay nodes or use of expensive devices and expensive encryption methods to verify the location information. In this paper, the authors present a method to detect Sybil attacks using Sequential Hypothesis Testing. The proposed method has been examined using a Greedy Perimeter Stateless Routing (GPSR) protocol with analysis and simulation. The simulation results demonstrate that the proposed method is robust against detecting Sybil attacks.

Vamsi, P.R., Kant, K..  2014.  Sybil attack detection using Sequential Hypothesis Testing in Wireless Sensor Networks. Signal Propagation and Computer Technology (ICSPCT), 2014 International Conference on. :698-702.

Sybil attack poses a serious threat to geographic routing. In this attack, a malicious node attempts to broadcast incorrect location information, identity and secret key information. A Sybil node can tamper its neighboring nodes for the purpose of converting them as malicious. As the amount of Sybil nodes increase in the network, the network traffic will seriously affect and the data packets will never reach to their destinations. To address this problem, researchers have proposed several schemes to detect Sybil attacks. However, most of these schemes assume costly setup such as the use of relay nodes or use of expensive devices and expensive encryption methods to verify the location information. In this paper, the authors present a method to detect Sybil attacks using Sequential Hypothesis Testing. The proposed method has been examined using a Greedy Perimeter Stateless Routing (GPSR) protocol with analysis and simulation. The simulation results demonstrate that the proposed method is robust against detecting Sybil attacks.

Van Acker, Steven, Hausknecht, Daniel, Sabelfeld, Andrei.  2016.  Data Exfiltration in the Face of CSP. Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. :853–864.

Cross-site scripting (XSS) attacks keep plaguing the Web. Supported by most modern browsers, Content Security Policy (CSP) prescribes the browser to restrict the features and communication capabilities of code on a web page, mitigating the effects of XSS.

This paper puts a spotlight on the problem of data exfiltration in the face of CSP. We bring attention to the unsettling discord in the security community about the very goals of CSP when it comes to preventing data leaks.

As consequences of this discord, we report on insecurities in the known protection mechanisms that are based on assumptions about CSP that turn out not to hold in practice.

To illustrate the practical impact of the discord, we perform a systematic case study of data exfiltration via DNS prefetching and resource prefetching in the face of CSP.

Our study of the popular browsers demonstrates that it is often possible to exfiltrate data by both resource prefetching and DNS prefetching in the face of CSP. Further, we perform a crawl of the top 10,000 Alexa domains to report on the cohabitance of CSP and prefetching in practice. Finally, we discuss directions to control data exfiltration and, for the case study, propose measures ranging from immediate fixes for the clients to prefetching-aware extensions of CSP.

van Aubel, Pol, Poll, Erik, Rijneveld, Joost.  2019.  Non-Repudiation and End-to-End Security for Electric-Vehicle Charging. 2019 IEEE PES Innovative Smart Grid Technologies Europe (ISGT-Europe). :1–5.
In this paper we propose a cryptographic solution that provides non-repudiation and end-to-end security for the electric-vehicle-charging ecosystem as it exists in the Netherlands. It is designed to provide long-term non-repudiation, while allowing for data deletion in order to comply with the GDPR. To achieve this, we use signatures on hashes of individual data fields instead of on the combination of fields directly, and we use Merkle authentication trees to reduce the overhead involved.
Van Bulck, Jo, Piessens, Frank, Strackx, Raoul.  2018.  Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :178–195.
Recent research on transient execution vulnerabilities shows that current processors exceed our levels of understanding. The prominent Meltdown and Spectre attacks abruptly revealed fundamental design flaws in CPU pipeline behavior and exception handling logic, urging the research community to systematically study attack surface from microarchitectural interactions. We present Nemesis, a previously overlooked side-channel attack vector that abuses the CPU's interrupt mechanism to leak microarchitectural instruction timings from enclaved execution environments such as Intel SGX, Sancus, and TrustLite. At its core, Nemesis abuses the same subtle microarchitectural behavior that enables Meltdown, i.e., exceptions and interrupts are delayed until instruction retirement. We show that by measuring the latency of a carefully timed interrupt, an attacker controlling the system software is able to infer instruction-granular execution state from hardware-enforced enclaves. In contrast to speculative execution vulnerabilities, our novel attack vector is applicable to the whole computing spectrum, from small embedded sensor nodes to high-end commodity x86 hardware. We present practical interrupt timing attacks against the open-source Sancus embedded research processor, and we show that interrupt latency reveals microarchitectural instruction timings from off-the-shelf Intel SGX enclaves. Finally, we discuss challenges for mitigating Nemesis-type attacks at the hardware and software levels.
van den Berg, Eric, Robertson, Seth.  2019.  Game-Theoretic Planning to Counter DDoS in NEMESIS. MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM). :1–6.
NEMESIS provides powerful and cost-effective defenses against extreme Distributed Denial of Service (DDos) attacks through a number of network maneuvers. However, selection of which maneuvers to deploy when and with what parameters requires great care to achieve optimal outcomes in the face of overwhelming attack. Analytical wargaming allows game theoretic optimal Courses of Action (COA) to be created real-time during live operations, orders of magnitude faster than packet-level simulation and with equivalent outcomes to even expert human hand-crafted COAs.
van der Heijden, Rens W., Engelmann, Felix, Mödinger, David, Schönig, Franziska, Kargl, Frank.  2017.  Blackchain: Scalability for Resource-Constrained Accountable Vehicle-to-x Communication. Proceedings of the 1st Workshop on Scalable and Resilient Infrastructures for Distributed Ledgers. :4:1–4:5.

In this paper, we propose a new Blockchain-based message and revocation accountability system called Blackchain. Combining a distributed ledger with existing mechanisms for security in V2X communication systems, we design a distributed event data recorder (EDR) that satisfies traditional accountability requirements by providing a compressed global state. Unlike previous approaches, our distributed ledger solution provides an accountable revocation mechanism without requiring trust in a single misbehavior authority, instead allowing a collaborative and transparent decision making process through Blackchain. This makes Blackchain an attractive alternative to existing solutions for revocation in a Security Credential Management System (SCMS), which suffer from the traditional disadvantages of PKIs, notably including centralized trust. Our proposal becomes scalable through the use of hierarchical consensus: individual vehicles dynamically create clusters, which then provide their consensus decisions as input for road-side units (RSUs), which in turn publish their results to misbehavior authorities. This authority, which is traditionally a single entity in the SCMS, responsible for the integrity of the entire V2X network, is now a set of authorities that transparently perform a revocation, whose result is then published in a global Blackchain state. This state can be used to prevent the issuance of certificates to previously malicious users, and also prevents the authority from misbehaving through the transparency implied by a global system state.

van der Linden, Dirk, Rashid, Awais, Williams, Emma, Warinschi, Bogdan.  2018.  Safe Cryptography for All: Towards Visual Metaphor Driven Cryptography Building Blocks. Proceedings of the 1st International Workshop on Security Awareness from Design to Deployment. :41-44.

In this vision paper, we focus on a key aspect of the modern software developer's potential to write secure software: their (lack of) success in securely using cryptography APIs. In particular, we note that most ongoing research tends to focus on identifying concrete problems software developers experience, and providing workable solutions, but that such solutions still require developers to identify the appropriate API calls to make and, worse, to be familiar with and configure sometimes obscure parameters of such calls. In contrast, we envision identifying and employing targeted visual metaphors to allow developers to simply select the most appropriate cryptographic functionality they need.

van der Veen, Rosa, Hakkerainen, Viola, Peeters, Jeroen, Trotto, Ambra.  2018.  Understanding Transformations Through Design: Can Resilience Thinking Help? Proceedings of the Twelfth International Conference on Tangible, Embedded, and Embodied Interaction. :694–702.
The interaction design community increasingly addresses how digital technologies may contribute to societal transformations. This paper aims at understanding transformation ignited by a particular constructive design research project. This transformation will be discussed and analysed using resilience thinking, an established approach within sustainability science. By creating a common language between these two disciplines, we start to identify what kind of transformation took place, what factors played a role in the transformation, and which transformative qualities played a role in creating these factors. Our intention is to set out how the notion of resilience might provide a new perspective to understand how constructive design research may produce results that have a sustainable social impact. The findings point towards ways in which these two different perspectives on transformation the analytical perspective of resilience thinking and the generative perspective of constructive design research - may become complementary in both igniting and understanding transformations.
van der Veen, Victor, Andriesse, Dennis, Stamatogiannakis, Manolis, Chen, Xi, Bos, Herbert, Giuffrdia, Cristiano.  2017.  The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. :1675–1689.

In 2007, Shacham published a seminal paper on Return-Oriented Programming (ROP), the first systematic formulation of code reuse. The paper has been highly influential, profoundly shaping the way we still think about code reuse today: an attacker analyzes the "geometry" of victim binary code to locate gadgets and chains these to craft an exploit. This model has spurred much research, with a rapid progression of increasingly sophisticated code reuse attacks and defenses over time. After ten years, the common perception is that state-of-the-art code reuse defenses are effective in significantly raising the bar and making attacks exceedingly hard. In this paper, we challenge this perception and show that an attacker going beyond "geometry" (static analysis) and considering the "dynamics" (dynamic analysis) of a victim program can easily find function call gadgets even in the presence of state-of-the-art code-reuse defenses. To support our claims, we present Newton, a run-time gadget-discovery framework based on constraint-driven dynamic taint analysis. Newton can model a broad range of defenses by mapping their properties into simple, stackable, reusable constraints, and automatically generate gadgets that comply with these constraints. Using Newton, we systematically map and compare state-of-the-art defenses, demonstrating that even simple interactions with popular server programs are adequate for finding gadgets for all state-of-the-art code-reuse defenses. We conclude with an nginx case study, which shows that a Newton-enabled attacker can craft attacks which comply with the restrictions of advanced defenses, such as CPI and context-sensitive CFI.

van Do, Thanh, Engelstad, Paal, Feng, Boning, Do, Van Thuan.  2017.  A Near Real Time SMS Grey Traffic Detection. Proceedings of the 6th International Conference on Software and Computer Applications. :244–249.
Lately, mobile operators experience threats from SMS grey routes which are used by fraudsters to evade SMS fees and to deny them millions in revenues. But more serious are the threats to the user's security and privacy and consequently the operator's reputation. Therefore, it is crucial for operators to have adequate solutions to protect both their network and their customers against this kind of fraud. Unfortunately, so far there is no sufficiently efficient countermeasure against grey routes. This paper proposes a near real time SMS grey traffic detection which makes use of Counting Bloom Filters combined with blacklist and whitelist to detect SMS grey traffic on the fly and to block them. The proposed detection has been implemented and proved to be quite efficient. The paper provides also comprehensive explanation of SMS grey routes and the challenges in their detection. The implementation and verification are also described thoroughly.
Van hamme, Tim, Preuveneers, Davy, Joosen, Wouter.  2017.  A Dynamic Decision Fusion Middleware for Trustworthy Context-aware IoT Applications. Proceedings of the 4th Workshop on Middleware and Applications for the Internet of Things. :1–6.

Internet of Things (IoT) devices offer new sources of contextual information, which can be leveraged by applications to make smart decisions. However, due to the decentralized and heterogeneous nature of such devices - each only having a partial view of their surroundings - there is an inherent risk of uncertain, unreliable and inconsistent observations. This is a serious concern for applications making security related decisions, such as context-aware authentication. We propose and evaluate a middleware for IoT that provides trustworthy context for a collaborative authentication use case. It abstracts a dynamic and distributed fusion scheme that extends the Chair-Varshney (CV) optimal decision fusion rule such that it can be used in a highly dynamic IoT environment. We compare performance and cost trade-offs against regular CV. Experimental evaluation demonstrates that our solution outperforms CV with 10% in a highly dynamic IoT environments, with the ability to detect and mitigate unreliable sensors.

van Kerkhoven, Jason, Charlebois, Nathaniel, Robertson, Alex, Gibson, Brydon, Ahmed, Arslan, Bouida, Zied, Ibnkahla, Mohamed.  2019.  IPv6-Based Smart Grid Communication over 6LoWPAN. 2019 IEEE Wireless Communications and Networking Conference (WCNC). :1–6.
Smart Grid is a major element of the Smart City concept that enables two-way communication of energy data between electric utilities and their consumers. These communication technologies are going through sharp modernization to meet future demand growth and to achieve reliability, security, and efficiency of the electric grid. In this paper, we implement an IPv6 based two-way communication system between the transformer agent (TA), installed at local electric transformer and various customer agents (CAs), connected to customer's smart meter. Various homes share their energy usage with the TA which in turn sends the utility's recommendations to the CAs. Raspberry Pi is used as hardware for all the CAs and the TA. We implement a self-healing mesh network between all nodes using OpenLab IEEE 802.15.4 chips and Routing Protocol for Low-Power and Lossy Networks (RPL), and the data is secured by RSA/AES keys. Several tests have been conducted in real environments, inside and outside of Carleton University, to test the performance of this communication network in various obstacle settings. In this paper, we highlight the details behind the implementation of this IPv6-based smart grid communication system, the related challenges, and the proposed solutions.
van Oorschot, Paul C..  2017.  Science, Security and Academic Literature: Can We Learn from History? Proceedings of the 2017 Workshop on Moving Target Defense. :1–2.
A recent paper (Oakland 2017) discussed science and security research in the context of the government-funded Science of Security movement, and the history and prospects of security as a scientific pursuit. It drew on literature from within the security research community, and mature history and philosophy of science literature. The paper sparked debate in numerous organizations and the security community. Here we consider some of the main ideas, provide a summary list of relevant literature, and encourage discussion within the Moving Target Defense (MTD) sub-community1.
van Rijswijk-Deij, R., Chung, T., Choffnes, D., Mislove, A., Toorop, W..  2017.  The Root Canary: Monitoring and Measuring the DNSSEC Root Key Rollover. Proceedings of the SIGCOMM Posters and Demos. :63–64.

The Domain Name System (DNS) is part of the core of the Internet. Over the past decade, much-needed security features were added to this protocol, with the introduction of the DNS Security Extensions. DNSSEC adds authenticity and integrity to the protocol using digital signatures, and turns the DNS into a public key infrastructure (PKI). At the top of this PKI is a single key, the so-called Key Signing Key (KSK) for the DNS root. The current Root KSK was introduced in 2010, and has not changed since. This year, the Root KSK will be replaced for the first time ever. This event potentially has a major impact on the Internet. Thousands of DNS resolvers worldwide rely on this key to validate DNSSEC signatures, and must start using the new key, either through an automated process, or manual intervention. Failure to pick up the new key will result in resolvers becoming completely unavailable to end users. This work presents the "Root Canary", a system to monitor and measure this event from the perspective of validating DNS resolvers for its entire nine-month duration. The system combines three active measurement platforms to have the broadest possible coverage of validating resolvers. Results will be presented in near real-time, to allow the global DNS community to act if problems arise. Furthermore, after the Root KSK rollover concludes in March 2018, we will use the recorded datasets for an in-depth analysis, from which the Internet community can draw lessons for future key rollovers.

Van Rompay, Cédric, Molva, Refik, Önen, Melek.  2018.  Secure and Scalable Multi-User Searchable Encryption. Proceedings of the 6th International Workshop on Security in Cloud Computing. :15–25.
By allowing a large number of users to behave as readers or writers, Multi-User Searchable Encryption (MUSE) raises new security and performance challenges beyond the typical requirements of Symmetric Searchable Encryption (SSE). In this paper we identify two core mandatory requirements of MUSE protocols being privacy in face of users colluding with the CSP and low complexity for the users, pointing that no existing MUSE protocol satisfies these two requirements at the same time. We then come up with the first MUSE protocol that satisfies both of them. The design of the protocol also includes new constructions for a secure variant of Bloom Filters (BFs) and multi-query Oblivious Transfer (OT).
van Thuan, D., Butkus, P., van Thanh, D..  2014.  A User Centric Identity Management for Internet of Things. IT Convergence and Security (ICITCS), 2014 International Conference on. :1-4.

In the future Internet of Things, it is envisioned that things are collaborating to serve people. Unfortunately, this vision could not be realised without relations between things and people. To solve the problem this paper proposes a user centric identity management system that incorporates user identity, device identity and the relations between them. The proposed IDM system is user centric and allows device authentication and authorization based on the user identity. A typical compelling use case of the proposed solution is also given.

Van Vaerenbergh, S., González, O., Vía, J., Santamaría, I..  2014.  Physical layer authentication based on channel response tracking using Gaussian processes. Acoustics, Speech and Signal Processing (ICASSP), 2014 IEEE International Conference on. :2410-2414.

Physical-layer authentication techniques exploit the unique properties of the wireless medium to enhance traditional higher-level authentication procedures. We propose to reduce the higher-level authentication overhead by using a state-of-the-art multi-target tracking technique based on Gaussian processes. The proposed technique has the additional advantage that it is capable of automatically learning the dynamics of the trusted user's channel response and the time-frequency fingerprint of intruders. Numerical simulations show very low intrusion rates, and an experimental validation using a wireless test bed with programmable radios demonstrates the technique's effectiveness.

Van Vaerenbergh, S., González, O., Vía, J., Santamaría, I..  2014.  Physical layer authentication based on channel response tracking using Gaussian processes. Acoustics, Speech and Signal Processing (ICASSP), 2014 IEEE International Conference on. :2410-2414.

Physical-layer authentication techniques exploit the unique properties of the wireless medium to enhance traditional higher-level authentication procedures. We propose to reduce the higher-level authentication overhead by using a state-of-the-art multi-target tracking technique based on Gaussian processes. The proposed technique has the additional advantage that it is capable of automatically learning the dynamics of the trusted user's channel response and the time-frequency fingerprint of intruders. Numerical simulations show very low intrusion rates, and an experimental validation using a wireless test bed with programmable radios demonstrates the technique's effectiveness.

Van, Hao, Nguyen, Huyen N., Hewett, Rattikorn, Dang, Tommy.  2019.  HackerNets: Visualizing Media Conversations on Internet of Things, Big Data, and Cybersecurity. 2019 IEEE International Conference on Big Data (Big Data). :3293–3302.
The giant network of Internet of Things establishes connections between smart devices and people, with protocols to collect and share data. While the data is expanding at a fast pace in this era of Big Data, there are growing concerns about security and privacy policies. In the current Internet of Things ecosystems, at the intersection of the Internet of Things, Big Data, and Cybersecurity lies the subject that attracts the most attention. In aiding users in getting an adequate understanding, this paper introduces HackerNets, an interactive visualization for emerging topics in the crossing of IoT, Big Data, and Cybersecurity over time. To demonstrate the effectiveness and usefulness of HackerNets, we apply and evaluate the technique on the dataset from the social media platform.
Van, Hoang Thien, Van Vu, Giang, Le, Thai Hoang.  2016.  Fingerprint Enhancement for Direct Grayscale Minutiae Extraction by Combining MFRAT and Gabor Filters. Proceedings of the Seventh Symposium on Information and Communication Technology. :360–367.
Minutiae are important features in the fingerprints matching. The effective of minutiae extraction depends greatly on the results of fingerprint enhancement. This paper proposes a novel fingerprint enhancement method for direct gray scale extracting minutiae based on combining Gabor filters with the Adaptive Modified Finite Radon Transform (AMFRAT) filters. First, the proposed method uses Gabor filters as band-pass filters for deleting the noise and clarifying ridges. Next, AMFRAT filters are applied for connecting broken ridges together, filling the created holes and clarifying linear symmetry of ridges quickly. AMFRAT is the MFRAT filter, the window size of which is adaptively adjusted according to the coherence values. The small window size is for high curvature ridge areas (small coherence value), and vice versa. As the result, the ridges are the linear symmetry areas, and more suitable for direct gray scale minutiae extraction. Finally, linear symmetry filter is only used for locating minutiae in an inverse model, as "lack of linear symmetry" occurs at minutiae points. Experimental results on FVC2004 databases DB4 (set A) shows that the proposed method is capable of improving the goodness index (GI).
Van, L. X., Dung, L. H., Hoa, D. V..  2020.  Developing Root Problem Aims to Create a Secure Digital Signature Scheme in Data Transfer. 2020 International Conference on Green and Human Information Technology (ICGHIT). :25–30.
This paper presents the proposed method of building a digital signature algorithm which is based on the difficulty of solving root problem and some expanded root problems on Zp. The expanded root problem is a new form of difficult problem without the solution, also originally proposed and applied to build digital signature algorithms. This proposed method enable to build a high-security digital signature platform for practical applications.
Van, Luu Xuan, Hong Dung, Luu.  2019.  Constructing a Digital Signature Algorithm Based on the Difficulty of Some Expanded Root Problems. 2019 6th NAFOSTED Conference on Information and Computer Science (NICS). :190–195.
This paper presents the proposed method of building a digital signature algorithm which is based on the difficulty of solving root problem and some expanded root problems on Zp. The expanded root problem is a new form of difficult problem without the solution, also originally proposed and applied to build digital signature algorithms. This proposed method enable to build a high-security digital signature platform for practical applications.
Van, Nguyen Thanh, Bao, Ho, Thinh, Tran Ngoc.  2016.  An Anomaly-based Intrusion Detection Architecture Integrated on OpenFlow Switch. Proceedings of the 6th International Conference on Communication and Network Security. :99–103.

Recently, Internet-based systems need to be changed their configuration dynamically. Traditional networks have very limited ability to cope up with such frequent changes and hinder innovations management and configuration procedures. To address this issue, Software Defined Networking (SDN) has been emerging as a new network architecture that allows for more flexibility through software-enabled network control. However, the dynamism of programmable networks also faces new security challenges that demand innovative solutions. Among the widespread mechanisms of SDN security control applications, anomaly-based IDS is an extremely effective technique in detecting both known and unknown (new) attack types. In this paper, we propose an anomaly-based Intrusion Detection architecture integrated on OpenFlow Switch. The proposed system can detect and prevent a network from many attack types, especially new attack types using anomaly detection. We implement the proposed system on the FPGA technology using a Xilinx Virtex-5 xc5vtx240t device. In this FPGA-based prototype, we integrate an anomaly-based intrusion detection technique to be able to defend against many attack types and anomalous on the network traffic. The experimental results show that our system achieves a detection rate exceeding 91.81% with a 0.55% false alarms rate at maximum.