Visible to the public Biblio

Filters: Keyword is Ubiquitous Computing Security  [Clear All Filters]
Mispan, M. S., Halak, B., Zwolinski, M..  2017.  Lightweight Obfuscation Techniques for Modeling Attacks Resistant PUFs. 2017 IEEE 2nd International Verification and Security Workshop (IVSW). :19–24.

Building lightweight security for low-cost pervasive devices is a major challenge considering the design requirements of a small footprint and low power consumption. Physical Unclonable Functions (PUFs) have emerged as a promising technology to provide a low-cost authentication for such devices. By exploiting intrinsic manufacturing process variations, PUFs are able to generate unique and apparently random chip identifiers. Strong-PUFs represent a variant of PUFs that have been suggested for lightweight authentication applications. Unfortunately, many of the Strong-PUFs have been shown to be susceptible to modelling attacks (i.e., using machine learning techniques) in which an adversary has access to challenge and response pairs. In this study, we propose an obfuscation technique during post-processing of Strong-PUF responses to increase the resilience against machine learning attacks. We conduct machine learning experiments using Support Vector Machines and Artificial Neural Networks on two Strong-PUFs: a 32-bit Arbiter-PUF and a 2-XOR 32-bit Arbiter-PUF. The predictability of the 32-bit Arbiter-PUF is reduced to $\approx$ 70% by using an obfuscation technique. Combining the obfuscation technique with 2-XOR 32-bit Arbiter-PUF helps to reduce the predictability to $\approx$ 64%. More reduction in predictability has been observed in an XOR Arbiter-PUF because this PUF architecture has a good uniformity. The area overhead with an obfuscation technique consumes only 788 and 1080 gate equivalents for the 32-bit Arbiter-PUF and 2-XOR 32-bit Arbiter-PUF, respectively.

Khan, M. F. F., Sakamura, K..  2017.  A Tamper-Resistant Digital Token-Based Rights Management System. 2017 International Carnahan Conference on Security Technology (ICCST). :1–6.

Use of digital token - which certifies the bearer's rights to some kind of products or services - is quite common nowadays for its convenience, ease of use and cost-effectiveness. Many of such digital tokens, however, are produced with software alone, making them vulnerable to forgery, including alteration and duplication. For a more secure safeguard for both token owner's right and service provider's accountability, digital tokens should be tamper-resistant as much as possible in order for them to withstand physical attacks as well. In this paper, we present a rights management system that leverages tamper-resistant digital tokens created by hardware-software collaboration in our eTRON architecture. The system features the complete life cycle of a digital token from generation to storage and redemption. Additionally, it provides a secure mechanism for transfer of rights in a peer-to-peer manner over the Internet. The proposed system specifies protocols for permissible manipulation on digital tokens, and subsequently provides a set of APIs for seamless application development. Access privileges to the tokens are strictly defined and state-of-the-art asymmetric cryptography is used for ensuring their confidentiality. Apart from the digital tokens being physically tamper-resistant, the protocols involved in the system are proven to be secure against attacks. Furthermore, an authentication mechanism is implemented that invariably precedes any operation involving the digital token in question. The proposed system presents clear security gains compared to existing systems that do not take tamper-resistance into account, and schemes that use symmetric key cryptography.

Sain, M., Bruce, N., Kim, K. H., Lee, H. J..  2017.  A Communication Security Protocol for Ubiquitous Sensor Networks. 2017 19th International Conference on Advanced Communication Technology (ICACT). :228–231.

The data accessibility anytime and anywhere is nowadays the key feature for information technology enabled by the ubiquitous network system for huge applications. However, security and privacy are perceived as primary obstacles to its wide adoption when it is applied to the end user application. When sharing sensitive information, personal s' data protection is the paramount requirement for the security and privacy to ensure the trustworthiness of the service provider. To this end, this paper proposes communication security protocol to achieve data protection when a user is sending his sensitive data to the network through gateway. We design a cipher content and key exchange computation process. Finally, the performance analysis of the proposed scheme ensure the honesty of the gateway service provider, since the user has the ability to control who has access to his data by issuing a cryptographic access credential to data users.

Salman, O., Kayssi, A., Chehab, A., Elhajj, I..  2017.  Multi-Level Security for the 5G/IoT Ubiquitous Network. 2017 Second International Conference on Fog and Mobile Edge Computing (FMEC). :188–193.

5G, the fifth generation of mobile communication networks, is considered as one of the main IoT enablers. Connecting billions of things, 5G/IoT will be dealing with trillions of GBytes of data. Securing such large amounts of data is a very challenging task. Collected data varies from simple temperature measurements to more critical transaction data. Thus, applying uniform security measures is a waste of resources (processing, memory, and network bandwidth). Alternatively, a multi-level security model needs to be applied according to the varying requirements. In this paper, we present a multi-level security scheme (BLP) applied originally in the information security domain. We review its application in the network domain, and propose a modified version of BLP for the 5G/IoT case. The proposed model is proven to be secure and compliant with the model rules.

Zhang, H., Wang, J., Chang, J..  2017.  A Multi-Level Security Access Control Framework for Cross-Domain Networks. 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). 2:316–319.

The increasing demand for secure interactions between network domains brings in new challenges to access control technologies. In this paper we design an access control framework which provides a multilevel mapping method between hierarchical access control structures for achieving multilevel security protection in cross-domain networks. Hierarchical access control structures ensure rigorous multilevel security in intra domains. And the mapping method based on subject attributes is proposed to determine the subject's security level in its target domain. Experimental results we obtained from simulations are also reported in this paper to verify the effectiveness of the proposed access control model.

Brunner, M., Sillaber, C., Breu, R..  2017.  Towards Automation in Information Security Management Systems. 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS). :160–167.

Establishing and operating an Information Security Management System (ISMS) to protect information values and information systems is in itself a challenge for larger enterprises and small and medium sized businesses alike. A high level of automation is required to reduce operational efforts to an acceptable level when implementing an ISMS. In this paper we present the ADAMANT framework to increase automation in information security management as a whole by establishing a continuous risk-driven and context-aware ISMS that not only automates security controls but considers all highly interconnected information security management tasks. We further illustrate how ADAMANT is suited to establish an ISO 27001 compliant ISMS for small and medium-sized enterprises and how not only the monitoring of security controls but a majority of ISMS related activities can be supported through automated process execution and workflow enactment.

Eidle, D., Ni, S. Y., DeCusatis, C., Sager, A..  2017.  Autonomic Security for Zero Trust Networks. 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON). :288–293.

There is a long-standing need for improved cybersecurity through automation of attack signature detection, classification, and response. In this paper, we present experimental test bed results from an implementation of autonomic control plane feedback based on the Observe, Orient, Decide, Act (OODA) framework. This test bed modeled the building blocks for a proposed zero trust cloud data center network. We present test results of trials in which identity management with automated threat response and packet-based authentication were combined with dynamic management of eight distinct network trust levels. The log parsing and orchestration software we created work alongside open source log management tools to coordinate and integrate threat response from firewalls, authentication gateways, and other network devices. Threat response times are measured and shown to be a significant improvement over conventional methods.

Berkowsky, J. A., Hayajneh, T..  2017.  Security Issues with Certificate Authorities. 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON). :449–455.

The current state of the internet relies heavily on SSL/TLS and the certificate authority model. This model has systematic problems, both in its design as well as its implementation. There are problems with certificate revocation, certificate authority governance, breaches, poor security practices, single points of failure and with root stores. This paper begins with a general introduction to SSL/TLS and a description of the role of certificates, certificate authorities and root stores in the current model. This paper will then explore problems with the current model and describe work being done to help mitigate these problems.

Chakraborty, N., Kalaimannan, E..  2017.  Minimum Cost Security Measurements for Attack Tree Based Threat Models in Smart Grid. 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON). :614–618.

In this paper, we focus on the security issues and challenges in smart grid. Smart grid security features must address not only the expected deliberate attacks, but also inadvertent compromises of the information infrastructure due to user errors, equipment failures, and natural disasters. An important component of smart grid is the advanced metering infrastructure which is critical to support two-way communication of real time information for better electricity generation, distribution and consumption. These reasons makes security a prominent factor of importance to AMI. In recent times, attacks on smart grid have been modelled using attack tree. Attack tree has been extensively used as an efficient and effective tool to model security threats and vulnerabilities in systems where the ultimate goal of an attacker can be divided into a set of multiple concrete or atomic sub-goals. The sub-goals are related to each other as either AND-siblings or OR-siblings, which essentially depicts whether some or all of the sub-goals must be attained for the attacker to reach the goal. On the other hand, as a security professional one needs to find out the most effective way to address the security issues in the system under consideration. It is imperative to assume that each attack prevention strategy incurs some cost and the utility company would always look to minimize the same. We present a cost-effective mechanism to identify minimum number of potential atomic attacks in an attack tree.

Bhattacharya, S., Kumar, C. R. S..  2017.  Ransomware: The CryptoVirus Subverting Cloud Security. 2017 International Conference on Algorithms, Methodology, Models and Applications in Emerging Technologies (ICAMMAET). :1–6.

Cloud computing presents unlimited prospects for Information Technology (IT) industry and business enterprises alike. Rapid advancement brings a dark underbelly of new vulnerabilities and challenges unfolding with alarming regularity. Although cloud technology provides a ubiquitous environment facilitating business enterprises to conduct business across disparate locations, security effectiveness of this platform interspersed with threats which can bring everything that subscribes to the cloud, to a halt raises questions. However advantages of cloud platforms far outweighs drawbacks and study of new challenges helps overcome drawbacks of this technology. One such emerging security threat is of ransomware attack on the cloud which threatens to hold systems and data on cloud network to ransom with widespread damaging implications. This provides huge scope for IT security specialists to sharpen their skillset to overcome this new challenge. This paper covers the broad cloud architecture, current inherent cloud threat mechanisms, ransomware vulnerabilities posed and suggested methods to mitigate it.

Lim, K., Tuladhar, K. M., Wang, X., Liu, W..  2017.  A scalable and secure key distribution scheme for group signature based authentication in VANET. 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON). :478–483.

Security issues in vehicular communication have become a huge concern to safeguard increasing applications. A group signature is one of the popular authentication approaches for VANETs (Vehicular ad hoc networks) which can be implemented to secure the vehicular communication. However, securely distributing group keys to fast-moving vehicular nodes is still a challenging problem. In this paper, we propose an efficient key management protocol for group signature based authentication, where a group is extended to a domain with multiple road side units. Our scheme not only provides a secure way to deliver group keys to vehicular nodes, but also ensures security features. The experiment results show that our key distribution scheme is a scalable, efficient and secure solution to vehicular networking.

Krupp, B., Jesenseky, D., Szampias, A..  2017.  SPEProxy: Enforcing fine grained security and privacy controls on unmodified mobile devices. 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON). :520–526.

Mobile applications have grown from knowing basic personal information to knowing intimate details of consumer's lives. The explosion of knowledge that applications contain and share can be contributed to many factors. Mobile devices are equipped with advanced sensors including GPS and cameras, while storing large amounts of personal information including photos and contacts. With millions of applications available to install, personal data is at constant risk of being misused. While mobile operating systems provide basic security and privacy controls, they are insufficient, leaving the consumer unaware of how applications are using permissions that were granted. In this paper, we propose a solution that aims to provide consumers awareness of applications misusing data and policies that can protect their data. From this investigation we present SPEProxy. SPEProxy utilizes a knowledge based approach to provide consumer's an ability to understand how applications are using permissions beyond their stated intent. Additionally, SPEProxy provides an awareness of fine grained policies that would allow the user to protect their data. SPEProxy is device and mobile operating system agnostic, meaning it does not require a specific device or operating system nor modification to the operating system or applications. This approach allows consumers to utilize the solution without requiring a high degree of technical expertise. We evaluated SPEProxy across 817 of the most popular applications in the iOS App Store and Google Play. In our evaluation, SPEProxy was highly effective across 86.55% applications where several well known applications exhibited misusing granted permissions.