Visible to the public Biblio

Found 4059 results

Filters: Keyword is Resiliency  [Clear All Filters]
2019-06-28
Shan-Shan, Jia, Ya-Bin, Xu.  2018.  The APT Detection Method Based on Attack Tree for SDN. Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy. :116-121.

SDN with centralized control is more vulnerable to suffer from APT than traditional network. To accurately detect the APT that the SDN may suffer from, this paper proposes the APT detection method based on attack tree for SDN. Firstly, after deeply analyzing the process of APT in SDN, we establish APT attack model based on attack tree. Then, correlation analysis of attack behavior that detected by multiple detection methods to get attack path. Finally, the attack path match the APT attack model to judge whether there is an APT in SDN. Experiment shows that the method is more accurate to detect APT in SDN, and less overhead.

Sahoo, Kshira Sagar, Tiwary, Mayank, Sahoo, Sampa, Nambiar, Rohit, Sahoo, Bibhudatta, Dash, Ratnakar.  2018.  A Learning Automata-Based DDoS Attack Defense Mechanism in Software Defined Networks. Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. :795-797.

The primary innovations behind Software Defined Networks (SDN)are the decoupling of the control plane from the data plane and centralizing the network management through a specialized application running on the controller. Despite all its capabilities, the introduction of various architectural entities of SDN poses many security threats and potential target. Especially, Distributed Denial of Services (DDoS) is a rapidly growing attack that poses a tremendous threat to both control plane and forwarding plane of SDN. Asthe control layer is vulnerable to DDoS attack, the goal of this paper is to provide a defense system which is based on Learning Automata (LA) concepts. It is a self-operating mechanism that responds to a sequence of actions in a certain way to achieve a specific goal. The simulation results show that this scheme effectively reduces the TCP connection setup delay due to DDoS attack.

Shi, Jiangyong, Zeng, Yingzhi, Wang, Wenhao, Yang, Yuexiang.  2018.  Feedback Based Sampling for Intrusion Detection in Software Defined Network. Proceedings of the 2Nd International Conference on Cryptography, Security and Privacy. :95-99.

Cloud computing is being deployed more and more widely. However, the difficulty of monitoring the huge east-west traffic is a great security concern. In this paper, we proposed FBSample, a sampling method which employs the central control feature of SDN and feedback information of IDS. Evaluation results show FBSample can largely reduce the amount of packets to be transferred while maintaining a relatively high detection precision.

Hamza, Ayyoob, Gharakheili, Hassan Habibi, Sivaraman, Vijay.  2018.  Combining MUD Policies with SDN for IoT Intrusion Detection. Proceedings of the 2018 Workshop on IoT Security and Privacy. :1-7.

The IETF's push towards standardizing the Manufacturer Usage Description (MUD) grammar and mechanism for specifying IoT device behavior is gaining increasing interest from industry. The ability to control inappropriate communication between devices in the form of access control lists (ACLs) is expected to limit the attack surface on IoT devices; however, little is known about how MUD policies will get enforced in operational networks, and how they will interact with current and future intrusion detection systems (IDS). We believe this paper is the first attempt to translate MUD policies into flow rules that can be enforced using SDN, and in relating exception behavior to attacks that can be detected via off-the-shelf IDS. Our first contribution develops and implements a system that translates MUD policies to flow rules that are proactively configured into network switches, as well as reactively inserted based on run-time bindings of DNS. We use traces of 28 consumer IoT devices taken over several months to evaluate the performance of our system in terms of switch flow-table size and fraction of exception traffic that needs software inspection. Our second contribution identifies the limitations of flow-rules derived from MUD in protecting IoT devices from internal and external network attacks, and we show how our system is able to detect such volumetric attacks (including port scanning, TCP/UDP/ICMP flooding, ARP spoofing, and TCP/SSDP/SNMP reflection) by sending only a very small fraction of exception packets to off-the-shelf IDS.

Röpke, Christian, Holz, Thosten.  2018.  Preventing Malicious SDN Applications From Hiding Adverse Network Manipulations. Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges. :40-45.

In Software-Defined Networks (SDN), so called SDN controllers are responsible for managing the network devices building such a network. Once such a core component of the network has been infected with malicious software (e.g., by a malicious SDN application), an attacker typically has a strong interest in remaining undetected while compromising other devices in the network. Thus, hiding a malicious network state and corresponding network manipulations are important objectives for an adversary. To achieve this, rootkit techniques can be applied in order to manipulate the SDN controller's view of a network. As a consequence, monitoring capabilities of SDN controllers as well as SDN applications with a security focus can be fooled by hiding adverse network manipulations. To tackle this problem, we propose a novel approach capable of detecting and preventing hidden network manipulations before they can attack a network. In particular, our method is able to drop adverse network manipulations before they are applied on a network. We achieve this by comparing the actual network state, which includes both malicious and benign configurations, with the network state which is provided by a potentially compromised SDN controller. In case of an attack, the result of this comparison reveals network manipulations which are adversely removed from an SDN controller's view of a network. To demonstrate the capabilities of this approach, we implement a prototype and evaluate effectiveness as well as efficiency. The evaluation results indicate scalability and high performance of our system, while being able to protect major SDN controller platforms.

Gillani, Fida, Al-Shaer, Ehab, Duan, Qi.  2018.  In-Design Resilient SDN Control Plane and Elastic Forwarding Against Aggressive DDoS Attacks. Proceedings of the 5th ACM Workshop on Moving Target Defense. :80-89.

Using Software-defined Networks in wide area (SDN-WAN) has been strongly emerging in the past years. Due to scalability and economical reasons, SDN-WAN mostly uses an in-band control mechanism, which implies that control and data sharing the same critical physical links. However, the in-band control and centralized control architecture can be exploited by attackers to launch distributed denial of service (DDoS) on SDN control plane by flooding the shared links and/or the Open flow agents. Therefore, constructing a resilient software designed network requires dynamic isolation and distribution of the control flow to minimize damage and significantly increase attack cost. Existing solutions fall short to address this challenge because they require expensive extra dedicated resources or changes in OpenFlow protocol. In this paper, we propose a moving target technique called REsilient COntrol Network architecture (ReCON) that uses the same SDN network resources to defend SDN control plane dynamically against the DDoS attacks. ReCON essentially, (1) minimizes the sharing of critical resources among data and control traffic, and (2) elastically increases the limited capacity of the software control agents on-demand by dynamically using the under-utilized resources from within the same SDN network. To implement a practical solution, we formalize ReCON as a constraints satisfaction problem using Satisfiability Modulo Theory (SMT) to guarantee a correct-by-construction control plan placement that can handle dynamic network conditions.

Hao, Zheng, Lin, Zhaowen, Li, Ran.  2018.  A SDN/NFV Security Protection Architecture with a Function Composition Algorithm Based on Trie. Proceedings of the 2Nd International Conference on Computer Science and Application Engineering. :176:1-176:8.

Software1 Defined Network (SDN) is a new type of network architecture that has advantages over traditional network. For SDN, security is a basic issue. SDN controller has received considerable attention in the researches on SDN security. Researchers assign security tasks to SDN controllers generally, but it puts a heavy burden on the SDN controller and leads to a decrease in system stability. On the basis of previous work, we propose a new security protection architecture based on SDN/NFV. Meanwhile, a security function virtual machine pool is designed in infrastructure layer in architecture. It can create virtual machines and manage the ip addresses of the virtual machines automatically, which improves the flexibility and expandability of the architecture. Moreover, a function composition algorithm based on Trie (FCT) has been introduced. We deploy the security protection architecture on VMware cloud platform to validate the availability of the architecture and use experimental data to prove FCT algorithm has good performance.

Dixit, Vaibhav Hemant, Doupé, Adam, Shoshitaishvili, Yan, Zhao, Ziming, Ahn, Gail-Joon.  2018.  AIM-SDN: Attacking Information Mismanagement in SDN-Datastores. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :664-676.

Network Management is a critical process for an enterprise to configure and monitor the network devices using cost effective methods. It is imperative for it to be robust and free from adversarial or accidental security flaws. With the advent of cloud computing and increasing demands for centralized network control, conventional management protocols like SNMP appear inadequate and newer techniques like NMDA and NETCONF have been invented. However, unlike SNMP which underwent improvements concentrating on security, the new data management and storage techniques have not been scrutinized for the inherent security flaws. In this paper, we identify several vulnerabilities in the widely used critical infrastructures which leverage the Network Management Datastore Architecture design (NMDA). Software Defined Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. We base our research on the security challenges put forth by the existing datastore's design as implemented by the SDN controllers. The vulnerabilities identified in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using our threat detection methodology, we demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and confidentiality of the network. We finally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures.

Park, Younghee, Hu, Hongxin, Yuan, Xiaohong, Li, Hongda.  2018.  Enhancing Security Education Through Designing SDN Security Labs in CloudLab. Proceedings of the 49th ACM Technical Symposium on Computer Science Education. :185-190.

Software-Defined Networking (SDN) represents a major shift from ossified hardware-based networks to programmable software-based networks. It introduces significant granularity, visibility, and flexibility into networking, but at the same time brings new security challenges. Although the research community is making progress in addressing both the opportunities in SDN and the accompanying security challenges, very few educational materials have been designed to incorporate the latest research results and engage students in learning about SDN security. In this paper, we presents our newly designed SDN security education materials, which can be used to meet the ever-increasing demand for high quality cybersecurity professionals with expertise in SDN security. The designed security education materials incorporate the latest research results in SDN security and are integrated into CloudLab, an open cloud platform, for effective hands-on learning. Through a user study, we demonstrate that students have a better understanding of SDN security after participating in these well-designed CloudLab-based security labs, and they also acquired strong research interests in SDN security.

Park, Taejune, Xu, Zhaoyan, Shin, Seungwon.  2018.  HEX Switch: Hardware-Assisted Security Extensions of OpenFlow. Proceedings of the 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges. :33-39.

Software-defined networking (SDN) and Network Function Virtualization (NFV) have inspired security researchers to devise new security applications for these new network technology. However, since SDN and NFV are basically faithful to operating a network, they only focus on providing features related to network control. Therefore, it is challenging to implement complex security functions such as packet payload inspection. Several studies have addressed this challenge through an SDN data plane extension, but there were problems with performance and control interfaces. In this paper, we introduce a new data plane architecture, HEX which leverages existing data plane architectures for SDN to enable network security applications in an SDN environment efficiently and effectively. HEX provides security services as a set of OpenFlow actions ensuring high performance and a function of handling multiple SDN actions with a simple control command. We implemented a DoS detector and Deep Packet Inspection (DPI) as the prototype features of HEX using the NetFPGA-1G-CML, and our evaluation results demonstrate that HEX can provide security services as a line-rate performance.

Gulzar, Muhammad Ali.  2018.  Interactive and Automated Debugging for Big Data Analytics. Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings. :509-511.

An abundance of data in many disciplines of science, engineering, national security, health care, and business has led to the emerging field of Big Data Analytics that run in a cloud computing environment. To process massive quantities of data in the cloud, developers leverage Data-Intensive Scalable Computing (DISC) systems such as Google's MapReduce, Hadoop, and Spark. Currently, developers do not have easy means to debug DISC applications. The use of cloud computing makes application development feel more like batch jobs and the nature of debugging is therefore post-mortem. Developers of big data applications write code that implements a data processing pipeline and test it on their local workstation with a small sample data, downloaded from a TB-scale data warehouse. They cross fingers and hope that the program works in the expensive production cloud. When a job fails or they get a suspicious result, data scientists spend hours guessing at the source of the error, digging through post-mortem logs. In such cases, the data scientists may want to pinpoint the root cause of errors by investigating a subset of corresponding input records. The vision of my work is to provide interactive, real-time and automated debugging services for big data processing programs in modern DISC systems with minimum performance impact. My work investigates the following research questions in the context of big data analytics: (1) What are the necessary debugging primitives for interactive big data processing? (2) What scalable fault localization algorithms are needed to help the user to localize and characterize the root causes of errors? (3) How can we improve testing efficiency during iterative development of DISC applications by reasoning the semantics of dataflow operators and user-defined functions used inside dataflow operators in tandem? To answer these questions, we synthesize and innovate ideas from software engineering, big data systems, and program analysis, and coordinate innovations across the software stack from the user-facing API all the way down to the systems infrastructure.

Hazari, S. S., Mahmoud, Q. H..  2019.  A Parallel Proof of Work to Improve Transaction Speed and Scalability in Blockchain Systems. 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). :0916-0921.

A blockchain is a distributed ledger forming a distributed consensus on a history of transactions, and is the underlying technology for the Bitcoin cryptocurrency. However, its applications are far beyond the financial sector. The transaction verification process for cryptocurrencies is much slower than traditional digital transaction systems. One approach to increase transaction speed and scalability is to identify a solution that offers faster Proof of Work. In this paper, we propose a method for accelerating the process of Proof of Work based on parallel mining rather than solo mining. The goal is to ensure that no more than two or more miners put the same effort into solving a specific block. The proposed method includes a process for selection of a manager, distribution of work and a reward system. This method has been implemented in a test environment that contains all the characteristics needed to perform Proof of Work for Bitcoin and has been tested, using a variety of case scenarios, by varying the difficulty level and number of validators. Preliminary results show improvement in the scalability of Proof of Work up to 34% compared to the current system.

Kulik, T., Tran-Jørgensen, P. W. V., Boudjadar, J., Schultz, C..  2018.  A Framework for Threat-Driven Cyber Security Verification of IoT Systems. 2018 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW). :89-97.

Industrial control systems are changing from monolithic to distributed and interconnected architectures, entering the era of industrial IoT. One fundamental issue is that security properties of such distributed control systems are typically only verified empirically, during development and after system deployment. We propose a novel modelling framework for the security verification of distributed industrial control systems, with the goal of moving towards early design stage formal verification. In our framework we model industrial IoT infrastructures, attack patterns, and mitigation strategies for countering attacks. We conduct model checking-based formal analysis of system security through scenario execution, where the analysed system is exposed to attacks and implement mitigation strategies. We study the applicability of our framework for large systems using a scalability analysis.

Plasencia-Balabarca, F., Mitacc-Meza, E., Raffo-Jara, M., Silva-Cárdenas, C..  2018.  Robust Functional Verification Framework Based in UVM Applied to an AES Encryption Module. 2018 New Generation of CAS (NGCAS). :194-197.

This Since the past century, the digital design industry has performed an outstanding role in the development of electronics. Hence, a great variety of designs are developed daily, these designs must be submitted to high standards of verification in order to ensure the 100% of reliability and the achievement of all design requirements. The Universal Verification Methodology (UVM) is the current standard at the industry for the verification process due to its reusability, scalability, time-efficiency and feasibility of handling high-level designs. This research proposes a functional verification framework using UVM for an AES encryption module based on a very detailed and robust verification plan. This document describes the complete verification process as done in the industry for a popular module used in information-security applications in the field of cryptography, defining the basis for future projects. The overall results show the achievement of the high verification standards required in industry applications and highlight the advantages of UVM against System Verilog-based functional verification and direct verification methodologies previously developed for the AES module.

Chen, G., Wang, D., Li, T., Zhang, C., Gu, M., Sun, J..  2018.  Scalable Verification Framework for C Program. 2018 25th Asia-Pacific Software Engineering Conference (APSEC). :129-138.

Software verification has been well applied in safety critical areas and has shown the ability to provide better quality assurance for modern software. However, as lines of code and complexity of software systems increase, the scalability of verification becomes a challenge. In this paper, we present an automatic software verification framework TSV to address the scalability issues: (i) the extended structural abstraction and property-guided program slicing to solve large-scale program verification problem, saving time and memory without losing accuracy; (ii) automatically select different verification methods according to the program and property context to improve the verification efficiency. For evaluation, we compare TSV's different configurations with existing C program verifiers based on open benchmarks. We found that TSV with auto-selection performs better than with bounded model checking only or with extended structural abstraction only. Compared to existing tools such as CMBC and CPAChecker, it acquires 10%-20% improvement of accuracy and 50%-90% improvement of memory consumption.

Miranda, Breno, Cruciani, Emilio, Verdecchia, Roberto, Bertolino, Antonia.  2018.  FAST Approaches to Scalable Similarity-Based Test Case Prioritization. Proceedings of the 40th International Conference on Software Engineering. :222-232.

Many test case prioritization criteria have been proposed for speeding up fault detection. Among them, similarity-based approaches give priority to the test cases that are the most dissimilar from those already selected. However, the proposed criteria do not scale up to handle the many thousands or even some millions test suite sizes of modern industrial systems and simple heuristics are used instead. We introduce the FAST family of test case prioritization techniques that radically changes this landscape by borrowing algorithms commonly exploited in the big data domain to find similar items. FAST techniques provide scalable similarity-based test case prioritization in both white-box and black-box fashion. The results from experimentation on real world C and Java subjects show that the fastest members of the family outperform other black-box approaches in efficiency with no significant impact on effectiveness, and also outperform white-box approaches, including greedy ones, if preparation time is not counted. A simulation study of scalability shows that one FAST technique can prioritize a million test cases in less than 20 minutes.

Tsankov, Petar, Dan, Andrei, Drachsler-Cohen, Dana, Gervais, Arthur, Bünzli, Florian, Vechev, Martin.  2018.  Securify: Practical Security Analysis of Smart Contracts. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :67-82.

Permissionless blockchains allow the execution of arbitrary programs (called smart contracts), enabling mutually untrusted entities to interact without relying on trusted third parties. Despite their potential, repeated security concerns have shaken the trust in handling billions of USD by smart contracts. To address this problem, we present Securify, a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property. Securify's analysis consists of two steps. First, it symbolically analyzes the contract's dependency graph to extract precise semantic information from the code. Then, it checks compliance and violation patterns that capture sufficient conditions for proving if a property holds or not. To enable extensibility, all patterns are specified in a designated domain-specific language. Securify is publicly released, it has analyzed 18K contracts submitted by its users, and is regularly used to conduct security audits by experts. We present an extensive evaluation of Securify over real-world Ethereum smart contracts and demonstrate that it can effectively prove the correctness of smart contracts and discover critical violations.

Park, Daejun, Zhang, Yi, Saxena, Manasvi, Daian, Philip, Ro\c su, Grigore.  2018.  A Formal Verification Tool for Ethereum VM Bytecode. Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. :912-915.

In this paper, we present a formal verification tool for the Ethereum Virtual Machine (EVM) bytecode. To precisely reason about all possible behaviors of the EVM bytecode, we adopted KEVM, a complete formal semantics of the EVM, and instantiated the K-framework's reachability logic theorem prover to generate a correct-by-construction deductive verifier for the EVM. We further optimized the verifier by introducing EVM-specific abstractions and lemmas to improve its scalability. Our EVM verifier has been used to verify various high-profile smart contracts including the ERC20 token, Ethereum Casper, and DappHub MakerDAO contracts.

Liu, Jed, Hallahan, William, Schlesinger, Cole, Sharif, Milad, Lee, Jeongkeun, Soulé, Robert, Wang, Han, Ca\c scaval, C\u alin, McKeown, Nick, Foster, Nate.  2018.  P4V: Practical Verification for Programmable Data Planes. Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication. :490-503.

We present the design and implementation of p4v, a practical tool for verifying data planes described using the P4 programming language. The design of p4v is based on classic verification techniques but adds several key innovations including a novel mechanism for incorporating assumptions about the control plane and domain-specific optimizations which are needed to scale to large programs. We present case studies showing that p4v verifies important properties and finds bugs in real-world programs. We conduct experiments to quantify the scalability of p4v on a wide range of additional examples. We show that with just a few hundred lines of control-plane annotations, p4v is able to verify critical safety properties for switch.p4, a program that implements the functionality of on a modern data center switch, in under three minutes.

Xing, Yue, Huang, Bo-Yuan, Gupta, Aarti, Malik, Sharad.  2018.  A Formal Instruction-Level GPU Model for Scalable Verification. Proceedings of the International Conference on Computer-Aided Design. :130:1-130:8.

GPUs have been widely used to accelerate big-data inference applications and scientific computing through their parallelized hardware resources and programming model. Their extreme parallelism increases the possibility of bugs such as data races and un-coalesced memory accesses, and thus verifying program correctness is critical. State-of-the-art GPU program verification efforts mainly focus on analyzing application-level programs, e.g., in C, and suffer from the following limitations: (1) high false-positive rate due to coarse-grained abstraction of synchronization primitives, (2) high complexity of reasoning about pointer arithmetic, and (3) keeping up with an evolving API for developing application-level programs. In this paper, we address these limitations by modeling GPUs and reasoning about programs at the instruction level. We formally model the Nvidia GPU at the parallel execution thread (PTX) level using the recently proposed Instruction-Level Abstraction (ILA) model for accelerators. PTX is analogous to the Instruction-Set Architecture (ISA) of a general-purpose processor. Our formal ILA model of the GPU includes non-synchronization instructions as well as all synchronization primitives, enabling us to verify multithreaded programs. We demonstrate the applicability of our ILA model in scalable GPU program verification of data-race checking. The evaluation shows that our checker outperforms state-of-the-art GPU data race checkers with fewer false-positives and improved scalability.

2019-06-24
Kim, Gihoon, Choi, Chang, Choi, Junho.  2018.  Ontology Modeling for APT Attack Detection in an IoT-based Power System. Proceedings of the 2018 Conference on Research in Adaptive and Convergent Systems. :160–164.

Smart grid technology is the core technology for the next-generation power grid system with enhanced energy efficiency through decision-making communication between suppliers and consumers enabled by integrating the IoT into the existing grid. This open architecture allowing bilateral information exchange makes it vulnerable to various types of cyberattack. APT attacks, one of the most common cyberattacks, are highly tricky and sophisticated attacks that can circumvent the existing detection technology and attack the targeted system after a certain latent period after intrusion. This paper proposes an ontology-based attack detection system capable of early detection of and response to APT attacks by analyzing their attacking patterns.

Diamond, Lisa, Schrammel, Johann, Fröhlich, Peter, Regal, Georg, Tscheligi, Manfred.  2018.  Privacy in the Smart Grid: End-user Concerns and Requirements. Proceedings of the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services Adjunct. :189–196.

Mobile interfaces will be central in connecting end-users to the smart grid and enabling their active participation. Services and features supporting this participation do, however, rely on high-frequency collection and transmission of energy usage data by smart meters which is privacy-sensitive. The successful communication of privacy to end-users via consumer interfaces will therefore be crucial to ensure smart meter acceptance and consequently enable participation. Current understanding of user privacy concerns in this context is not very differentiated, and user privacy requirements have received little attention. A preliminary user questionnaire study was conducted to gain a more detailed understanding of the differing perceptions of various privacy risks and the relative importance of different privacy-ensuring measures. The results underline the significance of open communication, restraint in data collection and usage, user control, transparency, communication of security measures, and a good customer relationship.

Cao, H., Liu, S., Guan, Z., Wu, L., Deng, H., Du, X..  2018.  An Efficient Privacy-Preserving Algorithm Based on Randomized Response in IoT-Based Smart Grid. 2018 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). :881–886.

In this paper, we propose a new randomized response algorithm that can achieve differential-privacy and utility guarantees for consumer's behaviors, and process a batch of data at each time. Firstly, differing from traditional differential private approach-es, we add randomized response noise into the behavior signa-tures matrix to achieve an acceptable utility-privacy tradeoff. Secondly, a behavior signature modeling method based on sparse coding is proposed. After some lightweight trainings us-ing the energy consumption data, the dictionary will be associat-ed with the behavior characteristics of the electric appliances. At last, through the experimental results verification, we find that our Algorithm can preserve consumer's privacy without comprising utility.

You, Y., Li, Z., Oechtering, T. J..  2018.  Optimal Privacy-Enhancing And Cost-Efficient Energy Management Strategies For Smart Grid Consumers. 2018 IEEE Statistical Signal Processing Workshop (SSP). :826–830.

The design of optimal energy management strategies that trade-off consumers' privacy and expected energy cost by using an energy storage is studied. The Kullback-Leibler divergence rate is used to assess the privacy risk of the unauthorized testing on consumers' behavior. We further show how this design problem can be formulated as a belief state Markov decision process problem so that standard tools of the Markov decision process framework can be utilized, and the optimal solution can be obtained by using Bellman dynamic programming. Finally, we illustrate the privacy-enhancement and cost-saving by numerical examples.

Okay, F. Y., Ozdemir, S..  2018.  A secure data aggregation protocol for fog computing based smart grids. 2018 IEEE 12th International Conference on Compatibility, Power Electronics and Power Engineering (CPE-POWERENG 2018). :1–6.

In Smart Grids (SGs), data aggregation process is essential in terms of limiting packet size, data transmission amount and data storage requirements. This paper presents a novel Domingo-Ferrer additive privacy based Secure Data Aggregation (SDA) scheme for Fog Computing based SGs (FCSG). The proposed protocol achieves end-to-end confidentiality while ensuring low communication and storage overhead. Data aggregation is performed at fog layer to reduce the amount of data to be processed and stored at cloud servers. As a result, the proposed protocol achieves better response time and less computational overhead compared to existing solutions. Moreover, due to hierarchical architecture of FCSG and additive homomorphic encryption consumer privacy is protected from third parties. Theoretical analysis evaluates the effects of packet size and number of packets on transmission overhead and the amount of data stored in cloud server. In parallel with the theoretical analysis, our performance evaluation results show that there is a significant improvement in terms of data transmission and storage efficiency. Moreover, security analysis proves that the proposed scheme successfully ensures the privacy of collected data.