Visible to the public Biblio

Filters: Keyword is Scalable Security  [Clear All Filters]
2021-05-05
Zelenbaba, Stefan, Löschenbrand, David, Hofer, Markus, Dakić, Anja, Rainer, Benjamin, Humer, Gerhard, Zemen, Thomas.  2020.  A Scalable Mobile Multi-Node Channel Sounder. 2020 IEEE Wireless Communications and Networking Conference (WCNC). :1—6.

The advantages of measuring multiple wireless links simultaneously has been gaining attention due to the growing complexity of wireless communication systems. Analyzing vehicular communication systems presents a particular challenge due to their rapid time-varying nature. Therefore multi-node channel sounding is crucial for such endeavors. In this paper, we present the architecture and practical implementation of a scalable mobile multi-node channel sounder, optimized for use in vehicular scenarios. We perform a measurement campaign with three moving nodes, which includes a line of sight (LoS) connection on two links and non LoS(NLoS) conditions on the third link. We present the results on the obtained channel delay and Doppler characteristics, followed by the assessment of the degree of correlation of the analyzed channels and time-variant channel rates, hence investigating the suitability of the channel's physical attributes for relaying. The results show low cross-correlation between the transfer functions of the direct and the relaying link, while a higher rate is calculated for the relaying link.

Pawar, Shrikant, Stanam, Aditya.  2020.  Scalable, Reliable and Robust Data Mining Infrastructures. 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4). :123—125.

Mining of data is used to analyze facts to discover formerly unknown patterns, classifying and grouping the records. There are several crucial scalable statistics mining platforms that have been developed in latest years. RapidMiner is a famous open source software which can be used for advanced analytics, Weka and Orange are important tools of machine learning for classifying patterns with techniques of clustering and regression, whilst Knime is often used for facts preprocessing like information extraction, transformation and loading. This article encapsulates the most important and robust platforms.

Nienhuis, Kyndylan, Joannou, Alexandre, Bauereiss, Thomas, Fox, Anthony, Roe, Michael, Campbell, Brian, Naylor, Matthew, Norton, Robert M., Moore, Simon W., Neumann, Peter G. et al..  2020.  Rigorous engineering for hardware security: Formal modelling and proof in the CHERI design and implementation process. 2020 IEEE Symposium on Security and Privacy (SP). :1003—1020.

The root causes of many security vulnerabilities include a pernicious combination of two problems, often regarded as inescapable aspects of computing. First, the protection mechanisms provided by the mainstream processor architecture and C/C++ language abstractions, dating back to the 1970s and before, provide only coarse-grain virtual-memory-based protection. Second, mainstream system engineering relies almost exclusively on test-and-debug methods, with (at best) prose specifications. These methods have historically sufficed commercially for much of the computer industry, but they fail to prevent large numbers of exploitable bugs, and the security problems that this causes are becoming ever more acute.In this paper we show how more rigorous engineering methods can be applied to the development of a new security-enhanced processor architecture, with its accompanying hardware implementation and software stack. We use formal models of the complete instruction-set architecture (ISA) at the heart of the design and engineering process, both in lightweight ways that support and improve normal engineering practice - as documentation, in emulators used as a test oracle for hardware and for running software, and for test generation - and for formal verification. We formalise key intended security properties of the design, and establish that these hold with mechanised proof. This is for the same complete ISA models (complete enough to boot operating systems), without idealisation.We do this for CHERI, an architecture with hardware capabilities that supports fine-grained memory protection and scalable secure compartmentalisation, while offering a smooth adoption path for existing software. CHERI is a maturing research architecture, developed since 2010, with work now underway on an Arm industrial prototype to explore its possible adoption in mass-market commercial processors. The rigorous engineering work described here has been an integral part of its development to date, enabling more rapid and confident experimentation, and boosting confidence in the design.

Tabiban, Azadeh, Jarraya, Yosr, Zhang, Mengyuan, Pourzandi, Makan, Wang, Lingyu, Debbabi, Mourad.  2020.  Catching Falling Dominoes: Cloud Management-Level Provenance Analysis with Application to OpenStack. 2020 IEEE Conference on Communications and Network Security (CNS). :1—9.

The dynamicity and complexity of clouds highlight the importance of automated root cause analysis solutions for explaining what might have caused a security incident. Most existing works focus on either locating malfunctioning clouds components, e.g., switches, or tracing changes at lower abstraction levels, e.g., system calls. On the other hand, a management-level solution can provide a big picture about the root cause in a more scalable manner. In this paper, we propose DOMINOCATCHER, a novel provenance-based solution for explaining the root cause of security incidents in terms of management operations in clouds. Specifically, we first define our provenance model to capture the interdependencies between cloud management operations, virtual resources and inputs. Based on this model, we design a framework to intercept cloud management operations and to extract and prune provenance metadata. We implement DOMINOCATCHER on OpenStack platform as an attached middleware and validate its effectiveness using security incidents based on real-world attacks. We also evaluate the performance through experiments on our testbed, and the results demonstrate that DOMINOCATCHER incurs insignificant overhead and is scalable for clouds.

Samriya, Jitendra Kumar, Kumar, Narander.  2020.  Fuzzy Ant Bee Colony For Security And Resource Optimization In Cloud Computing. 2020 5th International Conference on Computing, Communication and Security (ICCCS). :1—5.

Cloud computing (CC) systems prevail to be the widespread computational paradigms for offering immense scalable and elastic services. Computing resources in cloud environment should be scheduled to facilitate the providers to utilize the resources moreover the users could get low cost applications. The most prominent need in job scheduling is to ensure Quality of service (QoS) to the user. In the boundary of the third party the scheduling takes place hence it is a significant condition for assuring its security. The main objective of our work is to offer QoS i.e. cost, makespan, minimized migration of task with security enforcement moreover the proposed algorithm guarantees that the admitted requests are executed without violating service level agreement (SLA). These objectives are attained by the proposed Fuzzy Ant Bee Colony algorithm. The experimental outcome confirms that secured job scheduling objective with assured QoS is attained by the proposed algorithm.

Ajayi, Oluwaseyi, Saadawi, Tarek.  2020.  Blockchain-Based Architecture for Secured Cyber-Attack Features Exchange. 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :100—107.

Despite the increased accuracy of intrusion detection systems (IDS) in identifying cyberattacks in computer networks and devices connected to the internet, distributed or coordinated attacks can still go undetected or not detected on time. The single vantage point limits the ability of these IDSs to detect such attacks. Due to this reason, there is a need for attack characteristics' exchange among different IDS nodes. Researchers proposed a cooperative intrusion detection system to share these attack characteristics effectively. This approach was useful; however, the security of the shared data cannot be guaranteed. More specifically, maintaining the integrity and consistency of shared data becomes a significant concern. In this paper, we propose a blockchain-based solution that ensures the integrity and consistency of attack characteristics shared in a cooperative intrusion detection system. The proposed architecture achieves this by detecting and preventing fake features injection and compromised IDS nodes. It also facilitates scalable attack features exchange among IDS nodes, ensures heterogeneous IDS nodes participation, and it is robust to public IDS nodes joining and leaving the network. We evaluate the security analysis and latency. The result shows that the proposed approach detects and prevents compromised IDS nodes, malicious features injection, manipulation, or deletion, and it is also scalable with low latency.

Bazari, Aditya Shyam, Singh, Aditya, Khan, Abdul Ahad, Jindal, Rajni.  2020.  Filter Based Scalable Blockchain for Domestic Internet of Things. 2020 5th International Conference on Communication and Electronics Systems (ICCES). :1051—1056.

With the advancements in technology, the ease of interconnectedness among devices has increased manifold, leading to the widespread usage of Internet of Things. Internet of Things has also reached our homes, often referred to as domestic Internet of Things. However, the security aspect of domestic Internet of Things has largely been under question as the increase in inter-device communication renders the system more vulnerable to adversaries. Largely popular blockchain technology is being extensively researched for integration into the Internet of Things framework in order to improve the security aspect of the framework. Blockchain, being a cryptographically linked set of data, has a few barriers which prevent it from being successfully integrated to Internet of Things. One of the major barrier is the high computational requirements and time latency associated with it. This work tries to address this research gap and proposes a novel scalable blockchain optimization for domestic Internet of Things. The proposed blockchain model uses a flow based filtering technique as an added security layer to facilitate the scenario. This work then evaluates the performance of the proposed model in various scenarios and compares it with that of traditional blockchain. The work presents a largely encompassing evaluation, explanation and assessment of the proposed model.

Hasan, Tooba, Adnan, Akhunzada, Giannetsos, Thanassis, Malik, Jahanzaib.  2020.  Orchestrating SDN Control Plane towards Enhanced IoT Security. 2020 6th IEEE Conference on Network Softwarization (NetSoft). :457—464.

The Internet of Things (IoT) is rapidly evolving, while introducing several new challenges regarding security, resilience and operational assurance. In the face of an increasing attack landscape, it is necessary to cater for the provision of efficient mechanisms to collectively detect sophisticated malware resulting in undesirable (run-time) device and network modifications. This is not an easy task considering the dynamic and heterogeneous nature of IoT environments; i.e., different operating systems, varied connected networks and a wide gamut of underlying protocols and devices. Malicious IoT nodes or gateways can potentially lead to the compromise of the whole IoT network infrastructure. On the other hand, the SDN control plane has the capability to be orchestrated towards providing enhanced security services to all layers of the IoT networking stack. In this paper, we propose an SDN-enabled control plane based orchestration that leverages emerging Long Short-Term Memory (LSTM) classification models; a Deep Learning (DL) based architecture to combat malicious IoT nodes. It is a first step towards a new line of security mechanisms that enables the provision of scalable AI-based intrusion detection focusing on the operational assurance of only those specific, critical infrastructure components,thus, allowing for a much more efficient security solution. The proposed mechanism has been evaluated with current state of the art datasets (i.e., N\_BaIoT 2018) using standard performance evaluation metrics. Our preliminary results show an outstanding detection accuracy (i.e., 99.9%) which significantly outperforms state-of-the-art approaches. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that security does not hinder the deployment of intelligent IoT-based computing systems.

Ulrich, Jacob, McJunkin, Timothy, Rieger, Craig, Runyon, Michael.  2020.  Scalable, Physical Effects Measurable Microgrid for Cyber Resilience Analysis (SPEMMCRA). 2020 Resilience Week (RWS). :194—201.

The ability to advance the state of the art in automated cybersecurity protections for industrial control systems (ICS) has as a prerequisite of understanding the trade-off space. That is, to enable a cyber feedback loop in a control system environment you must first consider both the security mitigation available, the benefits and the impacts to the control system functionality when the mitigation is used. More damaging impacts could be precipitated that the mitigation was intended to rectify. This paper details networked ICS that controls a simulation of the frequency response represented with the swing equation. The microgrid loads and base generation can be balanced through the control of an emulated battery and power inverter. The simulated plant, which is implemented in Raspberry Pi computers, provides an inexpensive platform to realize the physical effects of cyber attacks to show the trade-offs of available mitigating actions. This network design can include a commercial ICS controller and simple plant or emulated plant to introduce real world implementation of feedback controls, and provides a scalable, physical effects measurable microgrid for cyber resilience analysis (SPEMMCRA).

Zhang, Yunan, Xu, Aidong Xu, Jiang, Yixin.  2020.  Scalable and Accurate Binary Code Search Method Based on Simhash and Partial Trace. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :818—826.

Binary code search has received much attention recently due to its impactful applications, e.g., plagiarism detection, malware detection and software vulnerability auditing. However, developing an effective binary code search tool is challenging due to the gigantic syntax and structural differences in binaries resulted from different compilers, compiler options and malware family. In this paper, we propose a scalable and accurate binary search engine which performs syntactic matching by combining a set of key techniques to address the challenges above. The key contribution is binary code searching technique which combined function filtering and partial trace method to match the function code relatively quick and accurate. In addition, a simhash and basic information based function filtering is proposed to dramatically reduce the irrelevant target functions. Besides, we introduce a partial trace method for matching the shortlisted function accurately. The experimental results show that our method can find similar functions, even with the presence of program structure distortion, in a scalable manner.

Zhu, Zheng, Tian, Yingjie, Li, Fan, Yang, Hongshan, Ma, Zheng, Rong, Guoping.  2020.  Research on Edge Intelligence-based Security Analysis Method for Power Operation System. 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :258—263.

At present, the on-site safety problems of substations and critical power equipment are mainly through inspection methods. Still, manual inspection is difficult, time-consuming, and uninterrupted inspection is not possible. The current safety management is mainly guaranteed by rules and regulations and standardized operating procedures. In the on-site environment, it is very dependent on manual execution and confirmation, and the requirements for safety supervision and operating personnel are relatively high. However, the reliability, the continuity of control and patrol cannot be fully guaranteed, and it is easy to cause security vulnerabilities and cause security accidents due to personnel slackness. In response to this shortcoming, this paper uses edge computing and image processing techniques to discover security risks in time and designs a deep convolution attention mechanism network to perform image processing. Then the network is cropped and compressed so that it can be processed at the edge, and the results are aggregated to the cloud for unified management. A comprehensive security assessment module is designed in the cloud to conduct an overall risk assessment of the results reported by all edges, and give an alarm prompt. The experimental results in the real environment show the effectiveness of this method.

Zhu, Jianping, HOU, RUI, Wang, XiaoFeng, Wang, Wenhao, Cao, Jiangfeng, Zhao, Boyan, Wang, Zhongpu, Zhang, Yuhui, Ying, Jiameng, Zhang, Lixin et al..  2020.  Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment. 2020 IEEE Symposium on Security and Privacy (SP). :1450—1465.

With its huge real-world demands, large-scale confidential computing still cannot be supported by today's Trusted Execution Environment (TEE), due to the lack of scalable and effective protection of high-throughput accelerators like GPUs, FPGAs, and TPUs etc. Although attempts have been made recently to extend the CPU-like enclave to GPUs, these solutions require change to the CPU or GPU chips, may introduce new security risks due to the side-channel leaks in CPU-GPU communication and are still under the resource constraint of today's CPU TEE.To address these problems, we present the first Heterogeneous TEE design that can truly support large-scale compute or data intensive (CDI) computing, without any chip-level change. Our approach, called HETEE, is a device for centralized management of all computing units (e.g., GPUs and other accelerators) of a server rack. It is uniquely designed to work with today's data centres and clouds, leveraging modern resource pooling technologies to dynamically compartmentalize computing tasks, and enforce strong isolation and reduce TCB through hardware support. More specifically, HETEE utilizes the PCIe ExpressFabric to allocate its accelerators to the server node on the same rack for a non-sensitive CDI task, and move them back into a secure enclave in response to the demand for confidential computing. Our design runs a thin TCB stack for security management on a security controller (SC), while leaving a large set of software (e.g., AI runtime, GPU driver, etc.) to the integrated microservers that operate enclaves. An enclaves is physically isolated from others through hardware and verified by the SC at its inception. Its microserver and computing units are restored to a secure state upon termination.We implemented HETEE on a real hardware system, and evaluated it with popular neural network inference and training tasks. Our evaluations show that HETEE can easily support the CDI tasks on the real-world scale and incurred a maximal throughput overhead of 2.17% for inference and 0.95% for training on ResNet152.

2021-05-03
Zhu, Fangzhou, Liu, Liang, Meng, Weizhi, Lv, Ting, Hu, Simin, Ye, Renjun.  2020.  SCAFFISD: A Scalable Framework for Fine-Grained Identification and Security Detection of Wireless Routers. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1194–1199.

The security of wireless network devices has received widespread attention, but most existing schemes cannot achieve fine-grained device identification. In practice, the security vulnerabilities of a device are heavily depending on its model and firmware version. Motivated by this issue, we propose a universal, extensible and device-independent framework called SCAFFISD, which can provide fine-grained identification of wireless routers. It can generate access rules to extract effective information from the router admin page automatically and perform quick scans for known device vulnerabilities. Meanwhile, SCAFFISD can identify rogue access points (APs) in combination with existing detection methods, with the purpose of performing a comprehensive security assessment of wireless networks. We implement the prototype of SCAFFISD and verify its effectiveness through security scans of actual products.

2020-03-16
Sandor, Hunor, Genge, Bela, Haller, Piroska, Bica, Andrei.  2019.  A Security-Enhanced Interoperability Middleware for the Internet of Things. 2019 7th International Symposium on Digital Forensics and Security (ISDFS). :1–6.
This paper documents an Internet of Things (IoT) middleware specially tailored to address the security, and operational requirements expected from an effective IoT platform. In essence, the middleware exposes a diverse palette of features, including authentication, authorization, auditing, confidentiality and integrity of data. Besides these aspects, the middleware encapsulates an IoT object abstraction layer that builds a generic object model that is independent from the device type (i.e., hardware, software, vendor). Furthermore, it builds on standards and specifications to accomplish a highly resilient and scalable solution. The approach is tested on several hardware platforms. A use case scenario is presented to demonstrate its main features. The middleware represents a key component in the context of the “GHOST - Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control” project.
de Matos Patrocínio dos Santos, Bernardo, Dzogovic, Bruno, Feng, Boning, Do, Van Thuan, Jacot, Niels, van Do, Thanh.  2019.  Towards Achieving a Secure Authentication Mechanism for IoT Devices in 5G Networks. 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :130–135.

Upon the new paradigm of Cellular Internet of Things, through the usage of technologies such as Narrowband IoT (NB-IoT), a massive amount of IoT devices will be able to use the mobile network infrastructure to perform their communications. However, it would be beneficial for these devices to use the same security mechanisms that are present in the cellular network architecture, so that their connections to the application layer could see an increase on security. As a way to approach this, an identity management and provisioning mechanism, as well as an identity federation between an IoT platform and the cellular network is proposed as a way to make an IoT device deemed worthy of using the cellular network and perform its actions.

Ullah, Faheem, Ali Babar, M..  2019.  QuickAdapt: Scalable Adaptation for Big Data Cyber Security Analytics. 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS). :81–86.
Big Data Cyber Security Analytics (BDCA) leverages big data technologies for collecting, storing, and analyzing a large volume of security events data to detect cyber-attacks. Accuracy and response time, being the most important quality concerns for BDCA, are impacted by changes in security events data. Whilst it is promising to adapt a BDCA system's architecture to the changes in security events data for optimizing accuracy and response time, it is important to consider large search space of architectural configurations. Searching a large space of configurations for potential adaptation incurs an overwhelming adaptation time, which may cancel the benefits of adaptation. We present an adaptation approach, QuickAdapt, to enable quick adaptation of a BDCA system. QuickAdapt uses descriptive statistics (e.g., mean and variance) of security events data and fuzzy rules to (re) compose a system with a set of components to ensure optimal accuracy and response time. We have evaluated QuickAdapt for a distributed BDCA system using four datasets. Our evaluation shows that on average QuickAdapt reduces adaptation time by 105× with a competitive adaptation accuracy of 70% as compared to an existing solution.
Koning, Ralph, Polevoy, Gleb, Meijer, Lydia, de Laat, Cees, Grosso, Paola.  2019.  Approaches for Collaborative Security Defences in Multi Network Environments. 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :113–123.
Resolving distributed attacks benefits from collaboration between networks. We present three approaches for the same multi-domain defensive action that can be applied in such an alliance: 1) Counteract Everywhere, 2) Minimize Countermeasures, and 3) Minimize Propagation. First, we provide a formula to compute efficiency of a defense; then we use this formula to compute the efficiency of the approaches under various circumstances. Finally, we discuss how task execution order and timing influence defense efficiency. Our results show that the Minimize Propagation approach is the most efficient method when defending against the chosen attack.
Zhang, Gang, Qiu, Xiaofeng, Gao, Yang.  2019.  Software Defined Security Architecture with Deep Learning-Based Network Anomaly Detection Module. 2019 IEEE 11th International Conference on Communication Software and Networks (ICCSN). :784–788.

With the development of the Internet, the network attack technology has undergone tremendous changes. The forms of network attack and defense have also changed, which are features in attacks are becoming more diverse, attacks are more widespread and traditional security protection methods are invalid. In recent years, with the development of software defined security, network anomaly detection technology and big data technology, these challenges have been effectively addressed. This paper proposes a data-driven software defined security architecture with core features including data-driven orchestration engine, scalable network anomaly detection module and security data platform. Based on the construction of the analysis layer in the security data platform, real-time online detection of network data can be realized by integrating network anomaly detection module and security data platform under software defined security architecture. Then, data-driven security business orchestration can be realized to achieve efficient, real-time and dynamic response to detected anomalies. Meanwhile, this paper designs a deep learning-based HTTP anomaly detection algorithm module and integrates it with data-driven software defined security architecture so that demonstrating the flow of the whole system.

Hasavari, Shirin, Song, Yeong Tae.  2019.  A Secure and Scalable Data Source for Emergency Medical Care using Blockchain Technology. 2019 IEEE 17th International Conference on Software Engineering Research, Management and Applications (SERA). :71–75.
Emergency medical services universally get regarded as the essential part of the health care delivery system [1]. A relationship exists between the emergency patient death rate and factors such as the failure to access a patient's critical data and the time it takes to arrive at hospitals. Nearly thirty million Americans do not live within an hour of trauma care, so this poor access to trauma centers links to higher pre-hospital death rates in more than half of the United States [2]. So, we need to address the problem. In a patient care-cycle, loads of medical data items are born in different healthcare settings using a disparate system of records during patient visits. The ability for medical care providers to access a patient's complete picture of emergency-relevant medical data is critical and can significantly reduce the annual mortality rate. Today, the problem exists with a continuous recording system of the patient data between healthcare providers. In this paper, we've introduced a combination of secure file transfer methods/tools and blockchain technology as a solution to record patient Emergency relevant medical data as patient walk through from one clinic/medical facility to another, creating a continuous footprint of patient as a secure and scalable data source. So, ambulance crews can access and use it to provide high quality pre-hospital care. All concerns of medical record sharing and accessing like authentication, privacy, security, scalability and audibility, confidentiality has been considered in this approach.
Kholidy, Hisham A..  2019.  Towards A Scalable Symmetric Key Cryptographic Scheme: Performance Evaluation and Security Analysis. 2019 2nd International Conference on Computer Applications Information Security (ICCAIS). :1–6.
In most applications, security attributes are pretty difficult to meet but it becomes even a bigger challenge when talking about Grid Computing. To secure data passes in Grid Systems, we need a professional scheme that does not affect the overall performance of the grid system. Therefore, we previously developed a new security scheme “ULTRA GRIDSEC” that is used to accelerate the performance of the symmetric key encryption algorithms for both stream and block cipher encryption algorithms. The scheme is used to accelerate the security of data pass between elements of our newly developed pure peer-to-peer desktop grid framework, “HIMAN”. It also enhances the security of the encrypted data resulted from the scheme and prevents the problem of weak keys of the encryption algorithms. This paper covers the analysis and evaluation of this scheme showing the different factors affecting the scheme performance, and covers the efficiency of the scheme from the security prospective. The experimental results are highlighted for two types of encryption algorithms, TDES as an example for the block cipher algorithms, and RC4 as an example for the stream cipher algorithms. The scheme speeds up the former algorithm by 202.12% and the latter one by 439.7%. These accelerations are also based on the running machine's capabilities.
Rosa, Taras, Kaidan, Mykola, Gazda, Juraj, Bykovyy, Pavlo, Sapozhnyk, Grygoriy, Maksymyuk, Taras.  2019.  Scalable QAM Modulation for Physical Layer Security of Wireless Networks. 2019 10th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). 2:1095–1098.
The rapid growth of the connected devices driven by Internet of Things (IoT) concept requires a complete rethinking of the conventional approaches for the network design. One of the key constraints of the IoT devices are their low capabilities in order to optimize energy consumption. On the other hand, many IoT applications require high level of data protection and privacy, which can be provided only by advanced cryptographic algorithms, which are not feasible for IoT devices. In this paper, we propose a scalable quadrature modulation aiming to solve the problem of secure communications at the physical layer. The key idea of the proposed approach is to transmit only part of information in way that allows target receiver to retrieve the complete information. Such approach allows to ensure the security of wireless channel, while reducing the overhead of advanced cryptographic algorithms.
2020-02-17
Roukounaki, Aikaterini, Efremidis, Sofoklis, Soldatos, John, Neises, Juergen, Walloschke, Thomas, Kefalakis, Nikos.  2019.  Scalable and Configurable End-to-End Collection and Analysis of IoT Security Data : Towards End-to-End Security in IoT Systems. 2019 Global IoT Summit (GIoTS). :1–6.

In recent years, there is a surge of interest in approaches pertaining to security issues of Internet of Things deployments and applications that leverage machine learning and deep learning techniques. A key prerequisite for enabling such approaches is the development of scalable infrastructures for collecting and processing security-related datasets from IoT systems and devices. This paper introduces such a scalable and configurable data collection infrastructure for data-driven IoT security. It emphasizes the collection of (security) data from different elements of IoT systems, including individual devices and smart objects, edge nodes, IoT platforms, and entire clouds. The scalability of the introduced infrastructure stems from the integration of state of the art technologies for large scale data collection, streaming and storage, while its configurability relies on an extensible approach to modelling security data from a variety of IoT systems and devices. The approach enables the instantiation and deployment of security data collection systems over complex IoT deployments, which is a foundation for applying effective security analytics algorithms towards identifying threats, vulnerabilities and related attack patterns.

2020-02-10
Auer, Lukas, Skubich, Christian, Hiller, Matthias.  2019.  A Security Architecture for RISC-V based IoT Devices. 2019 Design, Automation Test in Europe Conference Exhibition (DATE). :1154–1159.

New IoT applications are demanding for more and more performance in embedded devices while their deployment and operation poses strict power constraints. We present the security concept for a customizable Internet of Things (IoT) platform based on the RISC-V ISA and developed by several Fraunhofer Institutes. It integrates a range of peripherals with a scalable computing subsystem as a three dimensional System-in-Package (3D-SiP). The security features aim for a medium security level and target the requirements of the IoT market. Our security architecture extends given implementations to enable secure deployment, operation, and update. Core security features are secure boot, an authenticated watchdog timer, and key management. The Universal Sensor Platform (USeP) SoC is developed for GLOBALFOUNDRIES' 22FDX technology and aims to provide a platform for Small and Medium-sized Enterprises (SMEs) that typically do not have access to advanced microelectronics and integration know-how, and are therefore limited to Commercial Off-The-Shelf (COTS) products.

2018-01-23
Li, Wenting, Sforzin, Alessandro, Fedorov, Sergey, Karame, Ghassan O..  2017.  Towards Scalable and Private Industrial Blockchains. Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts. :9–14.

The blockchain emerges as an innovative tool that has the potential to positively impact the way we design a number of online applications today. In many ways, the blockchain technology is, however, still not mature enough to cater for industrial standards. Namely, existing Byzantine tolerant permission-based blockchain deployments can only scale to a limited number of nodes. These systems typically require that all transactions (and their order of execution) are publicly available to all nodes in the system, which comes at odds with common data sharing practices in the industry, and prevents a centralized regulator from overseeing the full blockchain system. In this paper, we propose a novel blockchain architecture devised specifically to meet industrial standards. Our proposal leverages the notion of satellite chains that can privately run different consensus protocols in parallel - thereby considerably boosting the scalability premises of the system. Our solution also accounts for a hands-off regulator that oversees the entire network, enforces specific policies by means of smart contracts, etc. We implemented our solution and integrated it with Hyperledger Fabric v0.6.

Zhu, Ruiyu, Huang, Yan, Cassel, Darion.  2017.  Pool: Scalable On-Demand Secure Computation Service Against Malicious Adversaries. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. :245–257.

This paper considers the problem of running a long-term on-demand service for executing actively-secure computations. We examined state-of-the-art tools and implementations for actively-secure computation and identified a set of key features indispensable to offer meaningful service like this. Since no satisfactory tools exist for the purpose, we developed Pool, a new tool for building and executing actively-secure computation protocols at extreme scales with nearly zero offline delay. With Pool, we are able to obliviously execute, for the first time, reactive computations like ORAM in the malicious threat model. Many technical benefits of Pool can be attributed to the concept of pool-based cut-and-choose. We show with experiments that this idea has significantly improved the scalability and usability of JIMU, a state-of-the-art LEGO protocol.