Biblio

An emerging Internet business is residential proxy (RESIP) as a service, in which a provider utilizes the hosts within residential networks (in contrast to those running in a datacenter) to relay their customers' traffic, in an attempt to avoid server- side blocking and detection. With the prominent roles the services could play in the underground business world, little has been done to understand whether they are indeed involved in Cybercrimes and how they operate, due to the challenges in identifying their RESIPs, not to mention any in-depth analysis on them. In this paper, we report the first study on RESIPs, which sheds light on the behaviors and the ecosystem of these elusive gray services. Our research employed an infiltration framework, including our clients for RESIP services and the servers they visited, to detect 6 million RESIP IPs across 230+ countries and 52K+ ISPs. The observed addresses were analyzed and the hosts behind them were further fingerprinted using a new profiling system. Our effort led to several surprising findings about the RESIP services unknown before. Surprisingly, despite the providers' claim that the proxy hosts are willingly joined, many proxies run on likely compromised hosts including IoT devices. Through cross-matching the hosts we discovered and labeled PUP (potentially unwanted programs) logs provided by a leading IT company, we uncovered various illicit operations RESIP hosts performed, including illegal promotion, Fast fluxing, phishing, malware hosting, and others. We also reverse engi- neered RESIP services' internal infrastructures, uncovered their potential rebranding and reselling behaviors. Our research takes the first step toward understanding this new Internet service, contributing to the effective control of their security risks.

The core operation of all cryptosystems based on Elliptic Curve Cryptography is Elliptic Curve Point Multiplication. Depending on implementation it can be vulnerable to different Side Channel Analysis attacks exploiting information leakage, such as power consumption or execution time. Multiple countermeasures against these attacks have been developed over time, each having different impact on parameters of the cryptosystem. This paper summarizes popular countermeasures for simple and differential power analysis attacks on Elliptic Curve cryptosystems. Presented secure algorithms were implemented in Verilog hardware description language and synthesized to logic gates for power trace generation.

The benefits of data distribution to multiple storage platforms with different characteristics have been widely acknowledged. Such systems are more tolerant to outages and bottlenecks and allow for more flexible policies regarding cost reduction, security and workload diversity. To leverage platforms simultaneously additional orchestration steps are needed. Existing approaches either implement such steps in the application's source code, resulting to minimum reusability across applications, or handle them at the infrastructure level. The latter usually involves over-engineering to handle different application behaviors and binds the system to a specific infrastructure. In this paper we present a middle-ware that decouples the I/O path from the application's source code and performs in-transit processing before data lands on the storage platforms. Abstracting the I/O process as a graph of reusable components allows the developers to easily implement complex storage solutions without the burden of writing custom code. Similarly, the administrators can create their own graph that reflects the infrastructure setup and append it to the preceding graph, so that various policies and infrastructure-related changes can be performed transparently to the application. Users can also extend the graph chain to enhance the application's functionality by using plug-ins. Our approach eliminates the need for custom I/O management code and allows for the applications to evolve independently of the storage back-end. To evaluate our system we employed a secure web service scenario that was seamlessly adapted to the changes in its storage back-end.

This paper presents the effects of problem based learning project on a high-school student in Technology school “Electronic systems” associated with Technical University Sofia. The problem is creating an intrusion detection system for Apache HTTP Server with duration 6 months. The intrusion detection system is based on a recurrent neural network classifier namely long-short term memory units.

The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT based applications. In this paper, we present a security architecture for IoT networks by leveraging the underlying features supported by Software Defined Networks (SDN). Our security architecture restricts network access to authenticated IoT devices. We use fine granular policies to secure the flows in the IoT network infrastructure and provide a lightweight protocol to authenticate IoT devices. Such an integrated security approach involving authentication of IoT devices and enabling authorized flows can help to protect IoT networks from malicious IoT devices and attacks.

The H2020 European research project GHOST - Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control - aims to deploy a highly effective security framework for IoT smart home residents through a novel reference architecture for user-centric cyber security in smart homes providing an unobtrusive and user-comprehensible solution. The aforementioned security framework leads to a transparent cyber security environment by increasing the effectiveness of the existing cyber security services and enhancing system's self-defence through disruptive software-enabled network security solutions. In this paper, GHOST security framework for IoT-based smart homes is presented. It is aiming to address the security challenges posed by several types of attacks, such as network, device and software. The effective design of the overall multi-layered architecture is analysed, with particular emphasis given to the integration aspects through dynamic and re-configurable solutions and the features provided by each one of the architectural layers. Additionally, real-life trials and the associated use cases are described showcasing the competences and potential of the proposed framework.

Wide bandgap power semiconductors are key enablers for increasing the power density of switch-mode power supplies. However, they require new gate drive technologies. This paper examines and characterizes a fabricated gate-driver in a class-E resonant inverter. The gate-driver's total area of 1.2mm2 includes two high-voltage transistors for gate-driving, integrated complementary metal-oxide-semiconductor (CMOS) gate-drivers, high-speed floating level-shifter and reset circuitry. A prototype printed circuit board (PCB) was designed to assess the implications of an electrostatic discharge (ESD) diode, its parasitic capacitance and package bondwire connections. The parasitic capacitance was estimated using its discharge time from an initial voltage and the capacitance is 56.7 pF. Both bondwires and the diode's parasitic capacitance is neglegible. The gate-driver's functional behaviour is validated using a parallel LC resonant tank resembling a self-oscillating gate-drive. Measurements and simulations show the ESD diode clamps the output voltage to a minimum of -2V.

The class φ2 is a single transistor, fast transient inverter topology often associated with power conversion at very high frequency (VHF: 30MHz-300MHz). At VHF, gate drivers available on the market fail to provide the adequate transistor switching signal. Hence, there is a need for new power topologies that do no make use of gate drivers but are still suitable for power conversion at VHF. In This paper, we introduce a new class φ;2 topology that incorporates an oscillator, which takes the drain signal through a feedback circuit in order to force the transistor switching. A design methodology is provided and a 1MHz 20V input prototype is built in order to validate the topology behaviour.

Video surveillance system is an important application system on the ubiquitous SG-eIoT. A comparative analysis of the traditional video surveillance scheme and the unified video surveillance solution in the eIoT environment is made. Network load and service latency parameters under the two schemes are theoretically modeled and simulated. Combined with the simulation results, the corresponding suggestions for the access of video terminals in the ubiquitous eIoT are given.

Logic encryption is a powerful hardware protection technique that uses extra key inputs to lock a circuit from piracy or unauthorized use. The recent discovery of the SAT-based attack with Distinguishing Input Pattern (DIP) generation has rendered all traditional logic encryptions vulnerable, and thus the creation of new encryption methods. However, a critical question for any new encryption method is whether security against the DIP-generation attack means security against all other attacks. In this paper, a new high-level SAT-based attack called SigAttack has been discovered and thoroughly investigated. It is based on extracting a key-revealing signature in the encryption. A majority of all known SAT-resilient encryptions are shown to be vulnerable to SigAttack. By formulating the condition under which SigAttack is effective, the paper also provides guidance for the future logic encryption design.

The globalization of the integrated circuit supply chain has given rise to major security concerns ranging from intellectual property piracy to hardware Trojans. Logic encryption is a promising solution to tackle these threats. Recently, a Boolean satisfiability attack capable of unlocking existing logic encryption techniques was introduced. This attack initiated a paradigm shift in the design of logic encryption algorithms. However, recent approaches have been strongly focusing on low-cost countermeasures that unfortunately lead to low functional and structural corruption. In this paper, we show that a simple approach can offer provable security and more than 99% corruption if a higher area overhead is accepted. Our results strongly suggest that future proposals should consider higher overheads or more realistic circuit sizes for the evaluation of modern logic encryption algorithms.

With the development of technology, the massive malware become the major challenge to current computer security. In our work, we implemented a malware detection system using deep learning on API calls. By means of cuckoo sandbox, we extracted the API calls sequence of malicious programs. Through filtering and ordering the redundant API calls, we extracted the valid API sequences. Compared with GRU, BGRU, LSTM and SimpleRNN, we evaluated the BLSTM on the massive datasets including 21,378 samples. The experimental results demonstrate that BLSTM has the best performance for malware detection, reaching the accuracy of 97.85%.

In monolithic operating system (OS), any error of system software can be exploit to destroy the whole system. The situation becomes much more severe in cloud environment, when the kernel and the hypervisor share the same address space. The security of guest Virtual Machines (VMs), both sensitive data and vital code, can no longer be guaranteed, once the hypervisor is compromised. Therefore, it is essential to deploy some security approaches to secure VMs, regardless of the hypervisor is safe or not. Some approaches propose microhypervisor reducing attack surface, or a new software requiring a higher privilege level than hypervisor. In this paper, we propose a novel approach, named HyperPS, which separates the fundamental and crucial privilege into a new trusted environment in order to monitor hypervisor. A pivotal condition for HyperPS is that hypervisor must not be allowed to manipulate any security-sensitive system resources, such as page tables, system control registers, interaction between VM and hypervisor as well as VM memory mapping. Besides, HyperPS proposes a trusted environment which does not rely on any higher privilege than the hypervisor. We have implemented a prototype for KVM hypervisor on x86 platform with multiple VMs running Linux. KVM with HyperPS can be applied to current commercial cloud computing industry with portability. The security analysis shows that this approach can provide effective monitoring against attacks, and the performance evaluation confirms the efficiency of HyperPS.

Self-timed circuits can be modeled in a link-joint style using a formally defined hardware description language. It has previously been shown how functional properties of these models can be formally verified with the ACL2 theorem prover using a scalable, hierarchical method. Here we extend that method to parameterized circuit families that may have loops and non-deterministic outputs. We illustrate this extension with iterative self-timed circuits that calculate the greatest common divisor of two natural numbers, with circuits that perform arbitrated merges non-deterministically, and with circuits that combine both of these.

We present two novel sound and complete netlist transformations, which substantially improve verification scalability while enabling very efficient trace reconstruction. First, we present a 2QBF variant of input reparameterization, capable of eliminating inputs without introducing new logic and without complete range computation. While weaker in reduction potential, it yields up to 4 orders of magnitude speedup to trace reconstruction when used as a fast-and-lossy preprocess to traditional reparameterization. Second, we present a novel scalable approach to leverage sequential unateness to merge selective inputs, in cases greatly reducing netlist size and verification complexity. Extensive benchmarking demonstrates the utility of these techniques. Connectivity verification particularly benefits from these reductions, up to 99.8%.

Due to the importance of securing electronic transactions, many cryptographic protocols have been employed, that mainly depend on distributed keys between the intended parties. In classical computers, the security of these protocols depends on the mathematical complexity of the encoding functions and on the length of the key. However, the existing classical algorithms 100% breakable with enough computational power, which can be provided by quantum machines. Moving to quantum computation, the field of security shifts into a new area of cryptographic solutions which is now the field of quantum cryptography. The era of quantum computers is at its beginning. There are few practical implementations and evaluations of quantum protocols. Therefore, the paper defines a well-known quantum key distribution protocol which is BB84 then provides a practical implementation of it on IBM QX software. The practical implementations showed that there were differences between BB84 theoretical expected results and the practical implementation results. Due to this, the paper provides a statistical analysis of the experiments by comparing the standard deviation of the results. Using the BB84 protocol the existence of a third-party eavesdropper can be detected. Thus, calculations of the probability of detecting/not detecting a third-party eavesdropping have been provided. These values are again compared to the theoretical expectation. The calculations showed that with the greater number of qubits, the percentage of detecting eavesdropper will be higher.

A method to increase the resiliency of in-cone logic locking against the SAT attack is described in this paper. Current logic locking techniques provide protection through the addition of circuitry outside of the original logic cone. While the additional circuitry provides provable security against the SAT attack, other attacks, such as the removal attack, limit the efficacy of such techniques. Traditional in-cone logic locking is not prone to removal attacks, but is less secure against the SAT attack. The focus of this paper is, therefore, the analysis of in-cone logic locking to increase the security against the SAT attack, which provides a comparison between in-cone techniques and newly developed methodologies. A novel algorithm is developed that utilizes maximum fanout free cones (MFFC). The application of the algorithm limits the fanout of incorrect key information. The MFFC based algorithm resulted in an average increase of 61.8% in the minimum number of iterations required to complete the SAT attack across 1,000 different variable orderings of the circuit netlist while restricted to a 5% overhead in area.

Hardware Trojans are malicious modifications on integrated circuits (IC), which pose a grave threat to the security of modern military and commercial systems. Existing methods of detecting hardware Trojans are plagued by the inability of detecting all Trojans, reliance on golden chip that might not be available, high time cost, and low accuracy. In this paper, we present Golden Gates, a novel detection method designed to achieve a comparable level of accuracy to full reverse engineering, yet paying only a fraction of its cost in time. The proposed method inserts golden gate circuits (GGC) to achieve superlative accuracy in the classification of all existing gate footprints using rapid scanning electron microscopy (SEM) and backside ultra thinning. Possible attacks against GGC as well as malicious modifications on interconnect layers are discussed and addressed with secure built-in exhaustive test infrastructure. Evaluation with real SEM images demonstrate high classification accuracy and resistance to attacks of the proposed technique.

Nowadays due to economic reasons most of the semiconductor companies prefer to outsource the manufacturing part of their designs to third fabrication foundries, the so-called fabs. Untrustworthy fabs can extract circuit blocks, the called intellectual properties (IPs), from the layouts and then pirate them. Such fabs are suspected of hardware Trojan (HT) threat in which malicious circuits are added to the layouts for sabotage objectives. HTs lead up to increase power consumption in HT-infected circuits. However, due to process variations, the power of HTs including few gates in million-gate circuits is not detectable in power consumption analysis (PCA). Thus, such circuits should be considered as a collection of small sub-circuits, and PCA must be individually performed for each one of them. In this article, we introduce an approach facilitating PCA-based HT detection methods. Concerning this approach, we propose a new logic locking method and algorithm. Logic locking methods and algorithm are usually employed against IP piracy. They modify circuits such that they do not correctly work without applying a correct key to. Our experiments at the gate level and post-synthesis show that the proposed locking method and algorithm increase the proportion of HT activity and consequently HT power to circuit power.

Smart Grids require extensive communication to enable safe and stable energy supply in the age of decentralized and dynamic energy production and consumption. To protect the communication in this critical infrastructure, public authorities mandate smart meter gateways (SMGWs) to be in control of the communication security. To this end, the SMGW intercepts all inbound and outbound communication of its premise, e.g., a factory or smart home, and forwards it on secure channels that the SMGW established itself. However, using the SMGW as proxy, local devices can neither review the security of these remote connections established by the SMGW nor enforce higher security guarantees than established by the all in one configuration of the SMGW which does not allow for use case-specific security settings. We present mechanisms that enable local devices to regain this insight and control over the full connection, i.e., up to the final receiver, while retaining the SMGW's ability to ensure a suitable security level. Our evaluation shows modest computation and transmission overheads for this increased security in the critical smart grid infrastructure.

In this paper, we focuses on an access control issue in the Internet of Things (IoT). Generally, we firstly propose a decentralized IoT system based on blockchain. Then we establish a secure fine-grained access control strategies for users, devices, data, and implement the strategies with smart contract. To trigger the smart contract, we design different transactions. Finally, we use the multi-index table struct for the access right's establishment, and store the access right into Key-Value database to improve the scalability of the decentralized IoT system. In addition, to improve the security of the system we also store the access records on the blockchain and database.

The Internet has gradually penetrated into the national economy, politics, culture, military, education and other fields. Due to its openness, interconnectivity and other characteristics, the Internet is vulnerable to all kinds of malicious attacks. The research uses a honeynet to collect attacker information, and proposes a network penetration recognition technology based on interactive behavior analysis. Using Sebek technology to capture the attacker's keystroke record, time series modeling of the keystroke sequences of the interaction behavior is proposed, using a Recurrent Neural Network. The attack recognition method is constructed by using Long Short-Term Memory that solves the problem of gradient disappearance, gradient explosion and long-term memory shortage in ordinary Recurrent Neural Network. Finally, the experiment verifies that the short-short time memory network has a high accuracy rate for the recognition of penetration attacks.

Today's rapid progress in the physical implementation of quantum computers demands scalable synthesis methods to map practical logic designs to quantum architectures. There exist many quantum algorithms which use classical functions with superposition of states. Motivated by recent trends, in this paper, we show the design of quantum circuit to perform modular exponentiation functions using two different approaches. In the design phase, first we generate quantum circuit from a verilog implementation of exponentiation functions using synthesis tools and then apply two different Quantum Error Correction techniques. Finally the circuit is further optimized using the Linear Nearest Neighbor (LNN) Property. We demonstrate the effectiveness of our approach by generating a set of networks for the reversible modular exponentiation function for a set of input values. At the end of the work, we have summarized the obtained results, where a cost analysis over our developed approaches has been made. Experimental results show that depending on the choice of different QECC methods the performance figures can vary by up to 11%, 10%, 8% in T-count, number of qubits, number of gates respectively.

Series-connected IGBTs, when properly controlled, operate similarly to a single device with a much higher voltage capacity. Integrating series IGBTs into a Modular Multilevel Converter (MMC) can reduce its complexity without compromising the voltage capacity. This paper presents the circuit design on the sub-modular level of a MMC in which all the switching devices are series-connected IGBTs. The voltage sharing among the series IGBTs are regulated in a self-balancing manner. Therefore, no central series IGBT controller is needed, which greatly reduces the sensing and communication complexities, increasing the flexibility and expandability. Hardware experiment results demonstrate that the series IGBTs are able to self-regulate the voltage sharing in a fast and accurate manner and the system can operate similarly to a sub-module in a MMC.

Industrial production plants traditionally include sensors for monitoring or documenting processes, and actuators for enabling corrective actions in cases of misconfigurations, failures, or dangerous events. With the advent of the IoT, embedded controllers link these `things' to local networks that often are of low power wireless kind, and are interconnected via gateways to some cloud from the global Internet. Inter-networked sensors and actuators in the industrial IoT form a critical subsystem while frequently operating under harsh conditions. It is currently under debate how to approach inter-networking of critical industrial components in a safe and secure manner.In this paper, we analyze the potentials of ICN for providing a secure and robust networking solution for constrained controllers in industrial safety systems. We showcase hazardous gas sensing in widespread industrial environments, such as refineries, and compare with IP-based approaches such as CoAP and MQTT. Our findings indicate that the content-centric security model, as well as enhanced DoS resistance are important arguments for deploying Information Centric Networking in a safety-critical industrial IoT. Evaluation of the crypto efforts on the RIOT operating system for content security reveal its feasibility for common deployment scenarios.