Visible to the public Biblio

Filters: Keyword is security scalability  [Clear All Filters]
2020-02-17
Roukounaki, Aikaterini, Efremidis, Sofoklis, Soldatos, John, Neises, Juergen, Walloschke, Thomas, Kefalakis, Nikos.  2019.  Scalable and Configurable End-to-End Collection and Analysis of IoT Security Data : Towards End-to-End Security in IoT Systems. 2019 Global IoT Summit (GIoTS). :1–6.
In recent years, there is a surge of interest in approaches pertaining to security issues of Internet of Things deployments and applications that leverage machine learning and deep learning techniques. A key prerequisite for enabling such approaches is the development of scalable infrastructures for collecting and processing security-related datasets from IoT systems and devices. This paper introduces such a scalable and configurable data collection infrastructure for data-driven IoT security. It emphasizes the collection of (security) data from different elements of IoT systems, including individual devices and smart objects, edge nodes, IoT platforms, and entire clouds. The scalability of the introduced infrastructure stems from the integration of state of the art technologies for large scale data collection, streaming and storage, while its configurability relies on an extensible approach to modelling security data from a variety of IoT systems and devices. The approach enables the instantiation and deployment of security data collection systems over complex IoT deployments, which is a foundation for applying effective security analytics algorithms towards identifying threats, vulnerabilities and related attack patterns.
Nugroho, Yeremia Nikanor, Andika, Ferdi, Sari, Riri Fitri.  2019.  Scalability Evaluation of Aspen Tree and Fat Tree Using NS3. 2019 IEEE Conference on Application, Information and Network Security (AINS). :89–93.
When discussing data center networks (DCN), topology has a significant influence on the availability of data to the host. The performance of DCN is relative to the scale of the network. On a particular network scale, it can even cause a connection to the host to be disconnected due to the overhead of routing information. It takes a long time to get connected again so that the data packet that has been sent is lost. The length of time for updating routing information to all parts of the topology so that it can be reconnected or referred to as the time of convergence is the cause. Scalability of a network is proportional to the time of convergence. This article discusses Aspen Tree and Fat Tree, which is about the modification of multi-root trees that have been modified. In Fat Tree, a final set of hosts from a network can be disconnected from a network topology until there is an update of routing information that is disseminated to each switch on the network, due to a link failure. Aspen Tree is a reference topology because it is considered to reduce convergence time and control the overhead of network failure recovery. The DCN topology performance models are implemented using the open source NS-3 platform to support validation of performance evaluations.
Nouichi, Douae, Abdelsalam, Mohamed, Nasir, Qassim, Abbas, Sohail.  2019.  IoT Devices Security Using RF Fingerprinting. 2019 Advances in Science and Engineering Technology International Conferences (ASET). :1–7.
Internet of Things (IoT) devices industry is rapidly growing, with an accelerated increase in the list of manufacturers offering a wide range of smart devices selected to enhance end-users' standard of living. Security remains an after-thought in these devices resulting in vulnerabilities. While there exists a cryptographic protocol designed to solve such authentication problem, the computational complexity of cryptographic protocols and scalability problems make almost all cryptography-based authentication protocols impractical for IoT. Wireless RFF (Radio Frequency Fingerprinting) comes as a physical layer-based security authentication method that improves wireless security authentication, which is especially useful for the power and computing limited devices. As a proof-of-concept, this paper proposes a universal SDR (software defined Radio)-based inexpensive implementation intended to sense emitted wireless signals from IoT devices. Our approach is validated by extracting mobile phone signal bursts under different user-dedicated modes. The proposed setup is well adapted to accurately capture signals from different telecommunication standards. To ensure a unique identification of IoT devices, this paper also provides an optimum set of features useful to generate the device identity fingerprint.
Luntovskyy, Andriy, Globa, Larysa.  2019.  Performance, Reliability and Scalability for IoT. 2019 International Conference on Information and Digital Technologies (IDT). :316–321.
So-called IoT, based on use of enabling technologies like 5G, Wi-Fi, BT, NFC, RFID, IPv6 as well as being widely applied for sensor networks, robots, Wearable and Cyber-PHY, invades rapidly to our every day. There are a lot of apps and software platforms to IoT support. However, a most important problem of QoS optimization, which lays in Performance, Reliability and Scalability for IoT, is not yet solved. The extended Internet of the future needs these solutions based on the cooperation between fog and clouds with delegating of the analytics blocks via agents, adaptive interfaces and protocols. The next problem is as follows: IoT can generate large arrays of unmanaged, weakly-structured, and non-configured data of various types, known as "Big Data". The given papers deals with the both problems. A special problem is Security and Privacy in potentially "dangerous" IoTscenarios. Anyway, this subject needs as special discussion for risks evaluation and cooperative intrusion detection. Some advanced approaches for optimization of Performance, Reliability and Scalability for IoT-solutions are offered within the paper. The paper discusses the Best Practises and Case Studies aimed to solution of the established problems.
Kim, Joonsoo, Kim, Kyeongho, Jang, Moonsu.  2019.  Cyber-Physical Battlefield Platform for Large-Scale Cybersecurity Exercises. 2019 11th International Conference on Cyber Conflict (CyCon). 900:1–19.
In this study, we propose a platform upon which a cyber security exercise environment can be built efficiently for national critical infrastructure protection, i.e. a cyber-physical battlefield (CPB), to simulate actual ICS/SCADA systems in operation. Among various design considerations, this paper mainly discusses scalability, mobility, reality, extensibility, consideration of the domain or vendor specificities, and the visualization of physical facilities and their damage as caused by cyber attacks. The main purpose of the study was to develop a platform that can maximize the coverage that encompasses such design considerations. We discuss the construction of the platform through the final design choices. The features of the platform that we attempt to achieve are closely related to the target cyber exercise format. Design choices were made considering the construction of a realistic ICS/SCADA exercise environment that meets the goals and matches the characteristics of the Cyber Conflict Exercise (CCE), an annual national exercise organized by the National Security Research Institute (NSR) of South Korea. CCE is a real-time attack-defense battlefield drill between 10 red teams who try to penetrate a multi-level organization network and 16 blue teams who try to defend the network. The exercise platform provides scalability and a significant degree of freedom in the design of a very large-scale CCE environment. It also allowed us to fuse techniques such as 3D-printing and augmented reality (AR) to achieve the exercise goals. This CPB platform can also be utilized in various ways for different types of cybersecurity exercise. The successful application of this platform in Locked Shields 2018 (LS18) is strong evidence of this; it showed the great potential of this platform to integrate high-level strategic or operational exercises effectively with low-level technical exercises. This paper also discusses several possible improvements of the platform which could be made for better integration, as well as various exercise environments that can be constructed given the scalability and extensibility of the platform.
Jolfaei, Alireza, Kant, Krishna.  2019.  Privacy and Security of Connected Vehicles in Intelligent Transportation System. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks – Supplemental Volume (DSN-S). :9–10.
The paper considers data security and privacy issues in intelligent transportation systems which involve data streams coming out from individual vehicles to road side units. In this environment, there are issues in regards to the scalability of key management and computation limitations at the edge of the network. To address these issues, we suggest the formation of groups in the vehicular layer, where a group leader is assigned to communicate with group members and the road side unit. We propose a lightweight permutation mechanism for preserving the confidentiality and privacy of sensory data.
Halabi, Talal, Bellaiche, Martine.  2019.  Security Risk-Aware Resource Provisioning Scheme for Cloud Computing Infrastructures. 2019 IEEE Conference on Communications and Network Security (CNS). :1–9.
The last decade has witnessed a growing interest in exploiting the advantages of Cloud Computing technology. However, the full migration of services and data to the Cloud is still cautious due to the lack of security assurance. Cloud Service Providers (CSPs)are urged to exert the necessary efforts to boost their reputation and improve their trustworthiness. Nevertheless, the uniform implementation of advanced security solutions across all their data centers is not the ideal solution, since customers' security requirements are usually not monolithic. In this paper, we aim at integrating the Cloud security risk into the process of resource provisioning to increase the security of Cloud data centers. First, we propose a quantitative security risk evaluation approach based on the definition of distinct security metrics and configurations adapted to the Cloud Computing environment. Then, the evaluated security risk levels are incorporated into a resource provisioning model in an InterCloud setting. Finally, we adopt two different metaheuristics approaches from the family of evolutionary computation to solve the security risk-aware resource provisioning problem. Simulations show that our model reduces the security risk within the Cloud infrastructure and demonstrate the efficiency and scalability of proposed solutions.
Hadar, Ethan, Hassanzadeh, Amin.  2019.  Big Data Analytics on Cyber Attack Graphs for Prioritizing Agile Security Requirements. 2019 IEEE 27th International Requirements Engineering Conference (RE). :330–339.
In enterprise environments, the amount of managed assets and vulnerabilities that can be exploited is staggering. Hackers' lateral movements between such assets generate a complex big data graph, that contains potential hacking paths. In this vision paper, we enumerate risk-reduction security requirements in large scale environments, then present the Agile Security methodology and technologies for detection, modeling, and constant prioritization of security requirements, agile style. Agile Security models different types of security requirements into the context of an attack graph, containing business process targets and critical assets identification, configuration items, and possible impacts of cyber-attacks. By simulating and analyzing virtual adversary attack paths toward cardinal assets, Agile Security examines the business impact on business processes and prioritizes surgical requirements. Thus, handling these requirements backlog that are constantly evaluated as an outcome of employing Agile Security, gradually increases system hardening, reduces business risks and informs the IT service desk or Security Operation Center what remediation action to perform next. Once remediated, Agile Security constantly recomputes residual risk, assessing risk increase by threat intelligence or infrastructure changes versus defender's remediation actions in order to drive overall attack surface reduction.
Arshad, Akashah, Hanapi, Zurina Mohd, Subramaniam, Shamala K., Latip, Rohaya.  2019.  Performance Evaluation of the Geographic Routing Protocols Scalability. 2019 International Conference on Information Networking (ICOIN). :396–398.
Scalability is an important design factor for evaluating the performance of routing protocols as the network size or traffic load increases. One of the most appropriate design methods is to use geographic routing approach to ensure scalability. This paper describes a scalability study comparing Secure Region Based Geographic Routing (SRBGR) and Dynamic Window Secure Implicit Geographic Forwarding (DWSIGF) protocols in various network density scenarios based on an end-to-end delay performance metric. The simulation studies were conducted in MATLAB 2106b where the network densities were varied according to the network topology size with increasing traffic rates. The results showed that DWSIGF has a lower end-to-end delay as compared to SRBGR for both sparse (15.4%) and high density (63.3%) network scenarios.Despite SRBGR having good security features, there is a need to improve the performance of its end-to-end delay to fulfil the application requirements.
2019-06-17
Van Rompay, Cédric, Molva, Refik, Önen, Melek.  2018.  Secure and Scalable Multi-User Searchable Encryption. Proceedings of the 6th International Workshop on Security in Cloud Computing. :15–25.
By allowing a large number of users to behave as readers or writers, Multi-User Searchable Encryption (MUSE) raises new security and performance challenges beyond the typical requirements of Symmetric Searchable Encryption (SSE). In this paper we identify two core mandatory requirements of MUSE protocols being privacy in face of users colluding with the CSP and low complexity for the users, pointing that no existing MUSE protocol satisfies these two requirements at the same time. We then come up with the first MUSE protocol that satisfies both of them. The design of the protocol also includes new constructions for a secure variant of Bloom Filters (BFs) and multi-query Oblivious Transfer (OT).
Yang, Lishan, Cherkasova, Ludmila, Badgujar, Rajeev, Blancaflor, Jack, Konde, Rahul, Mills, Jason, Smirni, Evgenia.  2018.  Evaluating Scalability and Performance of a Security Management Solution in Large Virtualized Environments. Proceedings of the 2018 ACM/SPEC International Conference on Performance Engineering. :168–175.
Virtualized infrastructure is a key capability of modern enterprise data centers and cloud computing, enabling a more agile and dynamic IT infrastructure with fast IT provisioning, simplified, automated management, and flexible resource allocation to handle a broad set of workloads. However, at the same time, virtualization introduces new challenges, since securing virtual servers is more difficult than physical machines. HyTrust Inc. has developed an innovative security solution, called HyTrust Cloud Control (HTCC), to mitigate risks associated with virtualization and cloud technologies. HTCC is a virtual appliance deployed as a transparent proxy in front of a VMware-based virtualized environment. Since HTCC serves as a gateway to a customer virtualized environment, it is important to carefully assess its performance and scalability as well as provide its accurate resource sizing. In this work, we introduce a novel approach for accomplishing this goal. First, we describe a special framework, based on a nested virtualization technique, which enables the creation and deployment of a large scale virtualized environment (with 30,000 VMs) using a limited number of physical servers (4 servers in our experiments). Second, we introduce a design and implementation of a novel, extensible benchmark, called HT-vmbench, that allows to mimic the session-based activities of different system administrators and users in virtualized environments. The benchmark is implemented using VMware Web Service SDK. By executing HT-vmbench in the emulated large-scale virtualized environments, we can support an efficient performance assessment of management and security solutions (such as HTCC), their overhead, and provide capacity planning rules and resource sizing recommendations.
Gu, R., Zhang, X., Yu, L., Zhang, J..  2018.  Enhancing Security and Scalability in Software Defined LTE Core Networks. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :837–842.

The rapid development of mobile networks has revolutionized the way of accessing the Internet. The exponential growth of mobile subscribers, devices and various applications frequently brings about excessive traffic in mobile networks. The demand for higher data rates, lower latency and seamless handover further drive the demand for the improved mobile network design. However, traditional methods can no longer offer cost-efficient solutions for better user quality of experience with fast time-to-market. Recent work adopts SDN in LTE core networks to meet the requirement. In these software defined LTE core networks, scalability and security become important design issues that must be considered seriously. In this paper, we propose a scalable channel security scheme for the software defined LTE core network. It applies the VxLAN for scalable tunnel establishment and MACsec for security enhancement. According to our evaluation, the proposed scheme not only enhances the security of the channel communication between different network components, but also improves the flexibility and scalability of the core network with little performance penalty. Moreover, it can also shed light on the design of the next generation cellular network.

Shif, L., Wang, F., Lung, C..  2018.  Improvement of security and scalability for IoT network using SD-VPN. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. :1–5.

The growing interest in the smart device/home/city has resulted in increasing popularity of Internet of Things (IoT) deployment. However, due to the open and heterogeneous nature of IoT networks, there are various challenges to deploy an IoT network, among which security and scalability are the top two to be addressed. To improve the security and scalability for IoT networks, we propose a Software-Defined Virtual Private Network (SD-VPN) solution, in which each IoT application is allocated with its own overlay VPN. The VPN tunnels used in this paper are VxLAN based tunnels and we propose to use the SDN controller to push the flow table of each VPN to the related OpenvSwitch via the OpenFlow protocol. The SD-VPN solution can improve the security of an IoT network by separating the VPN traffic and utilizing service chaining. Meanwhile, it also improves the scalability by its overlay VPN nature and the VxLAN technology.

Blanc, Gregory, Kheir, Nizar, Ayed, Dhouha, Lefebvre, Vincent, de Oca, Edgardo Montes, Bisson, Pascal.  2018.  Towards a 5G Security Architecture: Articulating Software-Defined Security and Security As a Service. Proceedings of the 13th International Conference on Availability, Reliability and Security. :47:1–47:8.

5G is envisioned as a transformation of the communications architecture towards multi-tenant, scalable and flexible infrastructure, which heavily relies on virtualised network functions and programmable networks. In particular, orchestration will advance one step further in blending both compute and data resources, usually dedicated to virtualisation technologies, and network resources into so-called slices. Although 5G security is being developed in current working groups, slice security is seldom addressed. In this work, we propose to integrate security in the slice life cycle, impacting its management and orchestration that relies on the virtualization/softwarisation infrastructure. The proposed security architecture connects the demands specified by the tenants through as-a-service mechanisms with built-in security functions relying on the ability to combine enforcement and monitoring functions within the software-defined network infrastructure. The architecture exhibits desirable properties such as isolating slices down to the hardware resources or monitoring service-level performance.

Noroozi, Hamid, Khodaei, Mohammad, Papadimitratos, Panos.  2018.  VPKIaaS: A Highly-Available and Dynamically-Scalable Vehicular Public-Key Infrastructure. Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. :302–304.
The central building block of secure and privacy-preserving Vehicular Communication (VC) systems is a Vehicular Public-Key Infrastructure (VPKI), which provides vehicles with multiple anonymized credentials, termed pseudonyms. These pseudonyms are used to ensure message authenticity and integrity while preserving vehicle (and thus passenger) privacy. In the light of emerging large-scale multi-domain VC environments, the efficiency of the VPKI and, more broadly, its scalability are paramount. In this extended abstract, we leverage the state-of-the-art VPKI system and enhance its functionality towards a highly-available and dynamically-scalable design; this ensures that the system remains operational in the presence of benign failures or any resource depletion attack, and that it dynamically scales out, or possibly scales in, according to the requests' arrival rate. Our full-blown implementation on the Google Cloud Platform shows that deploying a VPKI for a large-scale scenario can be cost-effective, while efficiently issuing pseudonyms for the requesters.
Cao, Gang, Chen, Chen, Jiang, Min.  2018.  A Scalable and Flexible Multi-User Semi-Quantum Secret Sharing. Proceedings of the 2Nd International Conference on Telecommunications and Communication Engineering. :28–32.

In this letter, we proposed a novel scheme for the realization of scalable and flexible semi-quantum secret sharing between a boss and multiple dynamic agent groups. In our scheme, the boss Alice can not only distribute her secret messages to multiple users, but also can dynamically adjust the number of users and user groups based on the actual situation. Furthermore, security analysis demonstrates that our protocol is secure against both external attack and participant attack. Compared with previous schemes, our protocol is more flexible and practical. In addition, since our protocol involving only single qubit measurement that greatly weakens the hardware requirements of each user.

Rouhani, Bita Darvish, Riazi, M. Sadegh, Koushanfar, Farinaz.  2018.  Deepsecure: Scalable Provably-secure Deep Learning. Proceedings of the 55th Annual Design Automation Conference. :2:1–2:6.
This paper presents DeepSecure, the an scalable and provably secure Deep Learning (DL) framework that is built upon automated design, efficient logic synthesis, and optimization methodologies. DeepSecure targets scenarios in which neither of the involved parties including the cloud servers that hold the DL model parameters or the delegating clients who own the data is willing to reveal their information. Our framework is the first to empower accurate and scalable DL analysis of data generated by distributed clients without sacrificing the security to maintain efficiency. The secure DL computation in DeepSecure is performed using Yao's Garbled Circuit (GC) protocol. We devise GC-optimized realization of various components used in DL. Our optimized implementation achieves up to 58-fold higher throughput per sample compared with the best prior solution. In addition to the optimized GC realization, we introduce a set of novel low-overhead pre-processing techniques which further reduce the GC overall runtime in the context of DL. Our extensive evaluations demonstrate up to two orders-of-magnitude additional runtime improvement achieved as a result of our pre-processing methodology.
Kuhnle, Alan, Crawford, Victoria G., Thai, My T..  2018.  Network Resilience and the Length-Bounded Multicut Problem: Reaching the Dynamic Billion-Scale with Guarantees. Abstracts of the 2018 ACM International Conference on Measurement and Modeling of Computer Systems. :81–83.

Motivated by networked systems in which the functionality of the network depends on vertices in the network being within a bounded distance T of each other, we study the length-bounded multicut problem: given a set of pairs, find a minimum-size set of edges whose removal ensures the distance between each pair exceeds T . We introduce the first algorithms for this problem capable of scaling to massive networks with billions of edges and nodes: three highly scalable algorithms with worst-case performance ratios. Furthermore, one of our algorithms is fully dynamic, capable of updating its solution upon incremental vertex / edge additions or removals from the network while maintaining its performance ratio. Finally, we show that unless NP ⊆ BPP, there is no polynomial-time, approximation algorithm with performance ratio better than Omega (T), which matches the ratio of our dynamic algorithm up to a constant factor.

Sasan, Avesta, Zu, Qi, Wamg, Yanzhi, Seo, Jae-sun, Mohsenin, Tinoosh.  2018.  Low Power and Trusted Machine Learning. Proceedings of the 2018 on Great Lakes Symposium on VLSI. :515–515.

In this special discussion session on machine learning, the panel members discuss various issues related to building secure and low power neuromorphic systems. The security of neuromorphic systems may be discussed in term of the reliability of the model, trust in the model, and security of the underlying hardware. The low power aspect of neuromorphic computing systems may be discussed in terms of adaptation of new devices and technologies, the adaptation of new computational models, development of heterogeneous computing frameworks, or dedicated engines for processing neuromorphic models. This session may include discussion on the design space of such supporting hardware, exploring tradeoffs between power/energy, security, scalability, hardware area, performance, and accuracy.

2017-12-28
Shih, M. H., Chang, J. M..  2017.  Design and analysis of high performance crypt-NoSQL. 2017 IEEE Conference on Dependable and Secure Computing. :52–59.

NoSQL databases have become popular with enterprises due to their scalable and flexible storage management of big data. Nevertheless, their popularity also brings up security concerns. Most NoSQL databases lacked secure data encryption, relying on developers to implement cryptographic methods at application level or middleware layer as a wrapper around the database. While this approach protects the integrity of data, it increases the difficulty of executing queries. We were motivated to design a system that not only provides NoSQL databases with the necessary data security, but also supports the execution of query over encrypted data. Furthermore, how to exploit the distributed fashion of NoSQL databases to deliver high performance and scalability with massive client accesses is another important challenge. In this research, we introduce Crypt-NoSQL, the first prototype to support execution of query over encrypted data on NoSQL databases with high performance. Three different models of Crypt-NoSQL were proposed and performance was evaluated with Yahoo! Cloud Service Benchmark (YCSB) considering an enormous number of clients. Our experimental results show that Crypt-NoSQL can process queries over encrypted data with high performance and scalability. A guidance of establishing service level agreement (SLA) for Crypt-NoSQL as a cloud service is also proposed.

Farris, I., Bernabe, J. B., Toumi, N., Garcia-Carrillo, D., Taleb, T., Skarmeta, A., Sahlin, B..  2017.  Towards provisioning of SDN/NFV-based security enablers for integrated protection of IoT systems. 2017 IEEE Conference on Standards for Communications and Networking (CSCN). :169–174.

Nowadays the adoption of IoT solutions is gaining high momentum in several fields, including energy, home and environment monitoring, transportation, and manufacturing. However, cybersecurity attacks to low-cost end-user devices can severely undermine the expected deployment of IoT solutions in a broad range of scenarios. To face these challenges, emerging software-based networking features can introduce new security enablers, providing further scalability and flexibility required to cope with massive IoT. In this paper, we present a novel framework aiming to exploit SDN/NFV-based security features and devise new efficient integration with existing IoT security approaches. The potential benefits of the proposed framework is validated in two case studies. Finally, a feasibility study is presented, accounting for potential interactions with open-source SDN/NFV projects and relevant standardization activities.

Imine, Y., Lounis, A., Bouabdallah, A..  2017.  Immediate Attribute Revocation in Decentralized Attribute-Based Encryption Access Control. 2017 IEEE Trustcom/BigDataSE/ICESS. :33–40.

Access control is one of the most challenging issues in Cloud environment, it must ensure data confidentiality through enforced and flexible access policies. The revocation is an important task of the access control process, generally it consists on banishing some roles from the users. Attribute-based encryption is a promising cryptographic method which provides the fine-grained access, which makes it very useful in case of group sharing applications. This solution has initially been developed on a central authority model. Later, it has been extended to a multi-authority model which is more convenient and more reliable. However, the revocation problem is still the major challenge of this approach. There have been few proposed revocation solutions for the Multi-authority scheme and these solutions suffer from the lack of efficiency. In this paper, we propose an access control mechanism on a multi-authority architecture with an immediate and efficient attributes' or users' revocation. The proposed scheme uses decentralized CP-ABE to provide flexible and fine-grained access. Our solution provides collusion resistance, prevents security degradations, supports scalability and does not require keys' redistribution.

Panetta, J., Filho, P. R. P. S., Laranjeira, L. A. F., Teixeira, C. A..  2017.  Scalability of CPU and GPU Solutions of the Prime Elliptic Curve Discrete Logarithm Problem. 2017 29th International Symposium on Computer Architecture and High Performance Computing (SBAC-PAD). :33–40.

Elliptic curve asymmetric cryptography has achieved increased popularity due to its capability of providing comparable levels of security as other existing cryptographic systems while requiring less computational work. Pollard Rho and Parallel Collision Search, the fastest known sequential and parallel algorithms for breaking this cryptographic system, have been successfully applied over time to break ever-increasing bit-length system instances using implementations heavily optimized for the available hardware. This work presents portable, general implementations of a Parallel Collision Search based solution for prime elliptic curve asymmetric cryptographic systems that use publicly available big integer libraries and make no assumption on prime curve properties. It investigates which bit-length keys can be broken in reasonable time by a user that has access to a state of the art, public HPC equipment with CPUs and GPUs. The final implementation breaks a 79-bit system in about two hours using 80 GPUs and 94-bits system in about 15 hours using 256 GPUs. Extensive experimentation investigates scalability of CPU, GPU and CPU+GPU runs. The discussed results indicate that speed-up is not a good metric for parallel scalability. This paper proposes and evaluates a new metric that is better suited for this task.

Cheng, X., Zhou, M., Song, X., Gu, M., Sun, J..  2017.  IntPTI: Automatic integer error repair with proper-type inference. 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE). :996–1001.

Integer errors in C/C++ are caused by arithmetic operations yielding results which are unrepresentable in certain type. They can lead to serious safety and security issues. Due to the complicated semantics of C/C++ integers, integer errors are widely harbored in real-world programs and it is error-prone to repair them even for experts. An automatic tool is desired to 1) automatically generate fixes which assist developers to correct the buggy code, and 2) provide sufficient hints to help developers review the generated fixes and better understand integer types in C/C++. In this paper, we present a tool IntPTI that implements the desired functionalities for C programs. IntPTI infers appropriate types for variables and expressions to eliminate representation issues, and then utilizes the derived types with fix patterns codified from the successful human-written patches. IntPTI provides a user-friendly web interface which allows users to review and manage the fixes. We evaluate IntPTI on 7 real-world projects and the results show its competitive repair accuracy and its scalability on large code bases. The demo video for IntPTI is available at: https://youtu.be/9Tgd4A\_FgZM.

Chen, L., Dai, W., Qiu, M., Jiang, N..  2017.  A Design for Scalable and Secure Key-Value Stores. 2017 IEEE International Conference on Smart Cloud (SmartCloud). :216–221.

Reliable and scalable storage systems are key to cloud-based applications. In cloud storage, users store their data on remote servers rather than their local computers. Secure storage is used to ensure the safety of data in clouds. As more and more users rely on third-party cloud vendors to store their data, concerns have arisen among users and cloud providers. Encryption-based approaches are commonly used in secure storage systems. Data are encrypted and stored on persistent storage like disks and flash memories. When data are needed by the users, they are decrypted and accessed by the users. This way of managing data hurts the scalability and throughput of cloud systems. In the meantime, cloud systems have to perform fault-tolerance strategies on data, which also brings performance deduction. The combination of these issues cause a high price for data security in cloud systems. Aware of such issues. we propose methods to reduce the overhead of secure storage while guaranteeing the safeness of data.