Visible to the public Biblio

Found 4367 results

Filters: Keyword is Resiliency  [Clear All Filters]
2019-10-23
Szalachowski, Pawel.  2018.  (Short Paper) Towards More Reliable Bitcoin Timestamps. 2018 Crypto Valley Conference on Blockchain Technology (CVCBT). :101-104.

Bitcoin provides freshness properties by forming a blockchain where each block is associated with its timestamp and the previous block. Due to these properties, the Bitcoin protocol is being used as a decentralized, trusted, and secure timestamping service. Although Bitcoin participants which create new blocks cannot modify their order, they can manipulate timestamps almost undetected. This undermines the Bitcoin protocol as a reliable timestamping service. In particular, a newcomer that synchronizes the entire blockchain has a little guarantee about timestamps of all blocks. In this paper, we present a simple yet powerful mechanism that increases the reliability of Bitcoin timestamps. Our protocol can provide evidence that a block was created within a certain time range. The protocol is efficient, backward compatible, and surprisingly, currently deployed SSL/TLS servers can act as reference time sources. The protocol has many applications and can be used for detecting various attacks against the Bitcoin protocol.

Chen, Jing, Yao, Shixiong, Yuan, Quan, He, Kun, Ji, Shouling, Du, Ruiying.  2018.  CertChain: Public and Efficient Certificate Audit Based on Blockchain for TLS Connections. IEEE INFOCOM 2018 - IEEE Conference on Computer Communications. :2060-2068.

In recent years, real-world attacks against PKI take place frequently. For example, malicious domains' certificates issued by compromised CAs are widespread, and revoked certificates are still trusted by clients. In spite of a lot of research to improve the security of SSL/TLS connections, there are still some problems unsolved. On one hand, although log-based schemes provided certificate audit service to quickly detect CAs' misbehavior, the security and data consistency of log servers are ignored. On the other hand, revoked certificates checking is neglected due to the incomplete, insecure and inefficient certificate revocation mechanisms. Further, existing revoked certificates checking schemes are centralized which would bring safety bottlenecks. In this paper, we propose a blockchain-based public and efficient audit scheme for TLS connections, which is called Certchain. Specially, we propose a dependability-rank based consensus protocol in our blockchain system and a new data structure to support certificate forward traceability. Furthermore, we present a method that utilizes dual counting bloom filter (DCBF) with eliminating false positives to achieve economic space and efficient query for certificate revocation checking. The security analysis and experimental results demonstrate that CertChain is suitable in practice with moderate overhead.

Lee, Hojoon, Song, Chihyun, Kang, Brent Byunghoon.  2018.  Lord of the X86 Rings: A Portable User Mode Privilege Separation Architecture on X86. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :1441-1454.

Modern applications often involve processing of sensitive information. However, the lack of privilege separation within the user space leaves sensitive application secret such as cryptographic keys just as unprotected as a "hello world" string. Cutting-edge hardware-supported security features are being introduced. However, the features are often vendor-specific or lack compatibility with older generations of the processors. The situation leaves developers with no portable solution to incorporate protection for the sensitive application component. We propose LOTRx86, a fundamental and portable approach for user-space privilege separation. Our approach creates a more privileged user execution layer called PrivUser by harnessing the underused intermediate privilege levels on the x86 architecture. The PrivUser memory space, a set of pages within process address space that are inaccessible to user mode, is a safe place for application secrets and routines that access them. We implement the LOTRx86 ABI that exports the privcall interface to users to invoke secret handling routines in PrivUser. This way, sensitive application operations that involve the secrets are performed in a strictly controlled manner. The memory access control in our architecture is privilege-based, accessing the protected application secret only requires a change in the privilege, eliminating the need for costly remote procedure calls or change in address space. We evaluated our platform by developing a proof-of-concept LOTRx86-enabled web server that employs our architecture to securely access its private key during an SSL connection. We conducted a set of experiments including a performance measurement on the PoC on both Intel and AMD PCs, and confirmed that LOTRx86 incurs only a limited performance overhead.

Alshawish, Ali, Spielvogel, Korbinian, de Meer, Hermann.  2019.  A Model-Based Time-to-Compromise Estimator to Assess the Security Posture of Vulnerable Networks. 2019 International Conference on Networked Systems (NetSys). :1-3.

Several operational and economic factors impact the patching decisions of critical infrastructures. The constraints imposed by such factors could prevent organizations from fully remedying all of the vulnerabilities that expose their (critical) assets to risk. Therefore, an involved decision maker (e.g. security officer) has to strategically decide on the allocation of possible remediation efforts towards minimizing the inherent security risk. This, however, involves the use of comparative judgments to prioritize risks and remediation actions. Throughout this work, the security risk is quantified using the security metric Time-To-Compromise (TTC). Our main contribution is to provide a generic TTC estimator to comparatively assess the security posture of computer networks taking into account interdependencies between the network components, different adversary skill levels, and characteristics of (known and zero-day) vulnerabilities. The presented estimator relies on a stochastic TTC model and Monte Carlo simulation (MCS) techniques to account for the input data variability and inherent prediction uncertainties.

Isaeva, N. A..  2018.  Choice of Control Parameters of Complex System on the Basis of Estimates of the Risks. 2018 Eleventh International Conference "Management of Large-Scale System Development" (MLSD. :1-4.

The method of choice the control parameters of a complex system based on estimates of the risks is proposed. The procedure of calculating the estimates of risks intended for a choice of rational managing directors of influences by an allocation of the group of the operating factors for the set criteria factor is considered. The purpose of choice of control parameters of the complex system is the minimization of an estimate of the risk of the functioning of the system by mean of a solution of a problem of search of an extremum of the function of many variables. The example of a choice of the operating factors in the sphere of intangible assets is given.

Zieger, Andrej, Freiling, Felix, Kossakowski, Klaus-Peter.  2018.  The $\beta$-Time-to-Compromise Metric for Practical Cyber Security Risk Estimation. 2018 11th International Conference on IT Security Incident Management IT Forensics (IMF). :115-133.

To manage cybersecurity risks in practice, a simple yet effective method to assess suchs risks for individual systems is needed. With time-to-compromise (TTC), McQueen et al. (2005) introduced such a metric that measures the expected time that a system remains uncompromised given a specific threat landscape. Unlike other approaches that require complex system modeling to proceed, TTC combines simplicity with expressiveness and therefore has evolved into one of the most successful cybersecurity metrics in practice. We revisit TTC and identify several mathematical and methodological shortcomings which we address by embedding all aspects of the metric into the continuous domain and the possibility to incorporate information about vulnerability characteristics and other cyber threat intelligence into the model. We propose $\beta$-TTC, a formal extension of TTC which includes information from CVSS vectors as well as a continuous attacker skill based on a $\beta$-distribution. We show that our new metric (1) remains simple enough for practical use and (2) gives more realistic predictions than the original TTC by using data from a modern and productively used vulnerability database of a national CERT.

Bahirat, Kanchan, Shah, Umang, Cardenas, Alvaro A., Prabhakaran, Balakrishnan.  2018.  ALERT: Adding a Secure Layer in Decision Support for Advanced Driver Assistance System (ADAS). Proceedings of the 26th ACM International Conference on Multimedia. :1984-1992.

With the ever-increasing popularity of LiDAR (Light Image Detection and Ranging) sensors, a wide range of applications such as vehicle automation and robot navigation are developed utilizing the 3D LiDAR data. Many of these applications involve remote guidance - either for safety or for the task performance - of these vehicles and robots. Research studies have exposed vulnerabilities of using LiDAR data by considering different security attack scenarios. Considering the security risks associated with the improper behavior of these applications, it has become crucial to authenticate the 3D LiDAR data that highly influence the decision making in such applications. In this paper, we propose a framework, ALERT (Authentication, Localization, and Estimation of Risks and Threats), as a secure layer in the decision support system used in the navigation control of vehicles and robots. To start with, ALERT tamper-proofs 3D LiDAR data by employing an innovative mechanism for creating and extracting a dynamic watermark. Next, when tampering is detected (because of the inability to verify the dynamic watermark), ALERT then carries out cross-modal authentication for localizing the tampered region. Finally, ALERT estimates the level of risk and threat based on the temporal and spatial nature of the attacks on LiDAR data. This estimation of risk and threats can then be incorporated into the decision support system used by ADAS (Advanced Driver Assistance System). We carried out several experiments to evaluate the efficacy of the proposed ALERT for ADAS and the experimental results demonstrate the effectiveness of the proposed approach.

Redmiles, Elissa M., Mazurek, Michelle L., Dickerson, John P..  2018.  Dancing Pigs or Externalities?: Measuring the Rationality of Security Decisions Proceedings of the 2018 ACM Conference on Economics and Computation. :215-232.

Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct behavioral economics experiments to model the rationality of end-user security decision-making in a realistic online experimental system simulating a bank account. We ask participants to make a financially impactful security choice, in the face of transparent risks of account compromise and benefits offered by an optional security behavior (two-factor authentication). We measure the cost and utility of adopting the security behavior via measurements of time spent executing the behavior and estimates of the participant's wage. We find that more than 50% of our participants made rational (e.g., utility optimal) decisions, and we find that participants are more likely to behave rationally in the face of higher risk. Additionally, we find that users' decisions can be modeled well as a function of past behavior (anchoring effects), knowledge of costs, and to a lesser extent, users' awareness of risks and context (R2=0.61). We also find evidence of endowment effects, as seen in other areas of economic and psychological decision-science literature, in our digital-security setting. Finally, using our data, we show theoretically that a "one-size-fits-all" emphasis on security can lead to market losses, but that adoption by a subset of users with higher risks or lower costs can lead to market gains.

Dutta, Raj Gautam, Yu, Feng, Zhang, Teng, Hu, Yaodan, Jin, Yier.  2018.  Security for Safety: A Path Toward Building Trusted Autonomous Vehicles. Proceedings of the International Conference on Computer-Aided Design. :92:1-92:6.

Automotive systems have always been designed with safety in mind. In this regard, the functional safety standard, ISO 26262, was drafted with the intention of minimizing risk due to random hardware faults or systematic failure in design of electrical and electronic components of an automobile. However, growing complexity of a modern car has added another potential point of failure in the form of cyber or sensor attacks. Recently, researchers have demonstrated that vulnerability in vehicle's software or sensing units could enable them to remotely alter the intended operation of the vehicle. As such, in addition to safety, security should be considered as an important design goal. However, designing security solutions without the consideration of safety objectives could result in potential hazards. Consequently, in this paper we propose the notion of security for safety and show that by integrating safety conditions with our system-level security solution, which comprises of a modified Kalman filter and a Chi-squared detector, we can prevent potential hazards that could occur due to violation of safety objectives during an attack. Furthermore, with the help of a car-following case study, where the follower car is equipped with an adaptive-cruise control unit, we show that our proposed system-level security solution preserves the safety constraints and prevent collision between vehicle while under sensor attack.

Karmaker Santu, Shubhra Kanti, Bindschadler, Vincent, Zhai, ChengXiang, Gunter, Carl A..  2018.  NRF: A Naive Re-Identification Framework. Proceedings of the 2018 Workshop on Privacy in the Electronic Society. :121-132.

The promise of big data relies on the release and aggregation of data sets. When these data sets contain sensitive information about individuals, it has been scalable and convenient to protect the privacy of these individuals by de-identification. However, studies show that the combination of de-identified data sets with other data sets risks re-identification of some records. Some studies have shown how to measure this risk in specific contexts where certain types of public data sets (such as voter roles) are assumed to be available to attackers. To the extent that it can be accomplished, such analyses enable the threat of compromises to be balanced against the benefits of sharing data. For example, a study that might save lives by enabling medical research may be enabled in light of a sufficiently low probability of compromise from sharing de-identified data. In this paper, we introduce a general probabilistic re-identification framework that can be instantiated in specific contexts to estimate the probability of compromises based on explicit assumptions. We further propose a baseline of such assumptions that enable a first-cut estimate of risk for practical case studies. We refer to the framework with these assumptions as the Naive Re-identification Framework (NRF). As a case study, we show how we can apply NRF to analyze and quantify the risk of re-identification arising from releasing de-identified medical data in the context of publicly-available social media data. The results of this case study show that NRF can be used to obtain meaningful quantification of the re-identification risk, compare the risk of different social media, and assess risks of combinations of various demographic attributes and medical conditions that individuals may voluntarily disclose on social media.

Davari, Maryam, Bertino, Elisa.  2018.  Reactive Access Control Systems. Proceedings of the 23Nd ACM on Symposium on Access Control Models and Technologies. :205-207.

In context-aware applications, user's access privileges rely on both user's identity and context. Access control rules are usually statically defined while contexts and the system state can change dynamically. Changes in contexts can result in service disruptions. To address this issue, this poster proposes a reactive access control system that associates contingency plans with access control rules. Risk scores are also associated with actions part of the contingency plans. Such risks are estimated by using fuzzy inference. Our approach is cast into the XACML reference architecture.

Kontogeorgis, Dimitrios, Limniotis, Konstantinos, Kantzavelou, Ioanna.  2018.  An Evaluation of the HTTPS Adoption in Websites in Greece: Estimating the Users Awareness. Proceedings of the 22Nd Pan-Hellenic Conference on Informatics. :46-51.

The adoption of the HTTPS - i.e. HTTP over TLS - protocol by the Hellenic websites is studied in this work. Since this protocol constitutes a de-facto standard for secure communications in the web, our aim is to identify whether the underlying TLS protocol in popular websites in Greece is properly configured, so as to avoid known vulnerabilities. To this end, a systematic approach utilizing two well-known TLS scanner tools is adopted to evaluate 241 sites of high popularity. The results illustrate that only about half of the sites seem to be at a satisfactory level and, thus, there is still much room for improvement, mainly due to the fact that obsolete ciphers and/or protocol versions are still supported; there is also a small portion - i.e. about 3% of the sites - that do not implement the HTTPS at all, thus posing very high security risks for their users who provide their credentials via a totally insecure channel. We also examined, using an appropriate online questionnaire, whether the users are actually aware of what the HTTPS means and how they check the security of the websites. The outcome of this research shows that much work needs to be done to increase the knowledge and the security awareness of an average Internet user.

McNeil, Martha, Llansó, Thomas, Pearson, Dallas.  2018.  Application of Capability-Based Cyber Risk Assessment Methodology to a Space System. Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security. :7:1-7:10.

Despite more than a decade of heightened focus on cybersecurity, cyber threats remain an ongoing and growing concern [1]-[3]. Stakeholders often perform cyber risk assessments in order to understand potential mission impacts due to cyber threats. One common approach to cyber risk assessment is event-based analysis which usually considers adverse events, effects, and paths through a system, then estimates the effort/likelihood and mission impact of such attacks. When conducted manually, this type of approach is labor-intensive, subjective, and does not scale well to complex systems. As an alternative, we present an automated capability-based risk assessment approach, compare it to manual event-based analysis approaches, describe its application to a notional space system ground segment, and discuss the results.

2019-10-15
Alzahrani, A. A. K., Alfosail, M. K., Aldossary, M. M., Almuhaidib, M. M., Alqahtani, S. T., Saqib, N. A., Alissa, K. A., Almubairik, N. A..  2018.  Secure Sign: Signing Document Online. 2018 21st Saudi Computer Society National Computer Conference (NCC). :1–3.
The use of technology is increasing nowadays. On the other hand, most governments and legal offices still do not use technology to implement simple things such as signing a document because they still rely on face-to-face to ensure the authenticity of the signatory. Several challenges may come while signing documents online such as, how to authenticate the signing parties and how to ensure that signing parties will not deny their signatures in future? These challenges are addressed by SecureSign system that attach the signatories' identity with their fingerprints. SecureSign was implemented in C\# and Microsoft SQL Server Management Studio, with integrating fingerprint reader and electronic signature tablet. The SecureSign system achieves the main security goals which are confidentiality, authentication, non-repudiation and integrity. It will have an impact on society and business environments positively as it will reduce fraud and forgery, and help in controlling the process of signing either in contracts or confidential papers. SecureSign have Successfully achieved confidentiality by encrypting data using AES algorithm, authentication by using user fingerprint, nonrepudiation by associating the user ID with his fingerprint, and integrity by embedding QR barcode within the document and hashing its content.
Vyakaranal, S., Kengond, S..  2018.  Performance Analysis of Symmetric Key Cryptographic Algorithms. 2018 International Conference on Communication and Signal Processing (ICCSP). :0411–0415.
Data's security being important aspect of the today's internet is gaining more importance day by day. With the increase in online data exchange, transactions and payments; secure payment and secure data transfers have become an area of concern. Cryptography makes the data transmission over the internet secure by various methods, algorithms. Cryptography helps in avoiding the unauthorized people accessing the data by authentication, confidentiality, integrity and non-repudiation. In order to securely transmit the data many cryptographic algorithms are present, but the algorithm to be used should be robust, efficient, cost effective, high performance and easily deployable. Choosing an algorithm which suits the customer's requirement is an utmost important task. The proposed work discusses different symmetric key cryptographic algorithms like DES, 3DES, AES and Blowfish by considering encryption time, decryption time, entropy, memory usage, throughput, avalanche effect and energy consumption by practical implementation using java. Practical implementation of algorithms has been highlighted in proposed work considering tradeoff performance in terms of cost of various parameters rather than mere theoretical concepts. Battery consumption and avalanche effect of algorithms has been discussed. It reveals that AES performs very well in overall performance analysis among considered algorithms.
Aublin, Pierre-Louis, Kelbert, Florian, O'Keeffe, Dan, Muthukumaran, Divya, Priebe, Christian, Lind, Joshua, Krahn, Robert, Fetzer, Christof, Eyers, David, Pietzuch, Peter.  2018.  LibSEAL: Revealing Service Integrity Violations Using Trusted Execution. Proceedings of the Thirteenth EuroSys Conference. :24:1–24:15.
Users of online services such as messaging, code hosting and collaborative document editing expect the services to uphold the integrity of their data. Despite providers' best efforts, data corruption still occurs, but at present service integrity violations are excluded from SLAs. For providers to include such violations as part of SLAs, the competing requirements of clients and providers must be satisfied. Clients need the ability to independently identify and prove service integrity violations to claim compensation. At the same time, providers must be able to refute spurious claims. We describe LibSEAL, a SEcure Audit Library for Internet services that creates a non-repudiable audit log of service operations and checks invariants to discover violations of service integrity. LibSEAL is a drop-in replacement for TLS libraries used by services, and thus observes and logs all service requests and responses. It runs inside a trusted execution environment, such as Intel SGX, to protect the integrity of the audit log. Logs are stored using an embedded relational database, permitting service invariant violations to be discovered using simple SQL queries. We evaluate LibSEAL with three popular online services (Git, ownCloud and Dropbox) and demonstrate that it is effective in discovering integrity violations, while reducing throughput by at most 14%.
Jeong, Jun Woo, Kim, Bo Youn, Jang, Ju Wook.  2018.  Security and Device Control Method for Fog Computer Using Blockchain. Proceedings of the 2018 International Conference on Information Science and System. :234–238.
Fog computing has emerged due to the problem that it becomes difficult to store every data to the cloud system as the number of Internet of Things increases. In this fog computing, a vast amount of data generated from the Internet of Things is transmitted to the cloud system located at a remote place, and is processed by a fog computer such as a sensor or a router located nearby, so that only the necessary data is transmitted to the cloud system. However, the above-mentioned fog computer has some drawbacks like being shut down due to an attack by a malicious user in advance, and a method of processing when a fog computer is down or restored. In this paper we describe a fog computing with blockchain that enables fog computers to share transaction generated by processing transaction information of a device controlled by a blockchain method to a security and device control method of a fog computer utilizing the technology. Furthemore by using security properties of blockchain such as authentication, non-repudiation and data integrity, fog computing using blockchain has advantage of security comparing to previous Cloud and fog computing system using centralized database or P2P networks.
Liang, Danwei, An, Jian, Cheng, Jindong, Yang, He, Gui, Ruowei.  2018.  The Quality Control in Crowdsensing Based on Twice Consensuses of Blockchain. Proceedings of the 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers. :630–635.
In most crowdsensing systems, the quality of the collected data is varied and difficult to evaluate while the existing crowdsensing quality control methods are mostly based on a central platform, which is not completely trusted in reality and results in fraud and other problems. To solve these questions, a novel crowdsensing quality control model is proposed in this paper. First, the idea of blockchain is introduced into this model. The credit-based verifier selection mechanism and twice consensuses are proposed to realize the non-repudiation and non-tampering of information in crowdsensing. Then, the quality grading evaluation (QGE) is put forward, in which the method of truth discovery and the idea of fuzzy theories are combined to evaluate the quality of sensing data, and the garbled circuit is used to ensure that evaluation criteria can not be leaked. Finally, the Experiments show that our model is feasible in time and effective in quality evaluation.
Janjua, K., Ali, W..  2018.  Enhanced Secure Mechanism for Virtual Machine Migration in Clouds. 2018 International Conference on Frontiers of Information Technology (FIT). :135–140.
Live VM migration is the most vulnerable process in cloud federations for DDOS attacks, loss of data integrity, confidentiality, unauthorized access and injection of malicious viruses on VM disk images. We have scrutinized following set of crucial security features which are; authorization, confidentiality, replay protection (accountability), integrity, mutual authentication and source non-repudiation (availability) to cater different threats and vulnerabilities during live VM migration. The investigated threats and vulnerabilities are catered and implemented in a proposed solution, presented in this paper. Six security features-authorization, confidentiality, replay protection, integrity, mutual authentication and source non-repudiation are focused and modular implementation has been done. Solution is validated in AVISPA tool in modules for threats for all the notorious security requirements and no outbreak were seen.
Toradmalle, D., Singh, R., Shastri, H., Naik, N., Panchidi, V..  2018.  Prominence Of ECDSA Over RSA Digital Signature Algorithm. 2018 2nd International Conference on 2018 2nd International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC). :253–257.

Digital signatures are replacing paper-based work to make life easier for customers and employees in various industries. We rigorously use RSA and Elliptic Curve Cryptography (ECC) for public key cryptographic algorithms. Nowadays ECDSA (Elliptical Curve Digital Signature Algorithm) gaining more popularity than the RSA algorithm because of the better performance of ECDSA over RSA. The main advantage of ECC over RSA is ECC provides the same level of security with less key size and overhead than RSA. This paper focuses on a brief review of the performance of ECDSA and RSA in various aspects like time, security and power. This review tells us about why ECC has become the latest trend in the present cryptographic scenario.

Saleh, Z., Mashhour, A..  2018.  Using Keystroke Authentication Typing Errors Pattern as Non-Repudiation in Computing Forensics. 2018 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT). :1–6.
Access to information and data is becoming an essential part of nearly every aspect of modern business operation. Unfortunately, accessing information systems comes with increased chances of intrusion and unauthorized access. Acquiring and maintaining evidence from a computer or networks in the current high-tech world is essential in any comprehensive forensic investigation. Software and hardware tools are used to easily manage the evidence and view all relevant files. In an effort to enhance computer access security, keystroke authentication, is one of the biometric solutions that were proposed as a solution for enhancing users' identification. This research proposes using user's keystroke errors to determine guilt during forensics investigations, where it was found that individuals keystroke patters are repeatable and variant from those of others, and that keystroke patterns are impossible to steal or imitate. So, in this paper, we investigate the effectiveness of relying on ``user's mistakes'' as another behavioral biometric keystroke dynamic.
Detken, K., Jahnke, M., Humann, M., Rollgen, B..  2018.  Integrity and Non-Repudiation of VoIP Streams with TPM2.0 over Wi-Fi Networks. 2018 IEEE 4th International Symposium on Wireless Systems within the International Conferences on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS-SWS). :82–87.
The complete digitization of telecommunications allows new attack scenarios, which have not been possible with legacy phone technologies before. The reason is that physical access to legacy phone technologies was necessary. Regarding internet-based communication like voice over the internet protocol (VoIP), which can be established between random nodes, eavesdropping can happen everywhere and much easier. Additionally, injection of undesirable communication like SPAM or SPIT in digital networks is simpler, too. Encryption is not sufficient because it is also necessary to know which participants are talking to each other. For that reason, the research project INTEGER has been started with the main goals of providing secure authentication and integrity of a VoIP communication by using a digital signature. The basis of this approach is the Trusted Platform Module (TPM) of the Trusted Computing Group (TCG) which works as a hardware-based trusted anchor. The TPM will be used inside of wireless IP devices with VoIP softphones. The question is if it is possible to fulfill the main goals of the project in wireless scenarios with Wi-Fi technologies. That is what this contribution aims to clarify.
Pan, Y., He, F., Yu, H..  2018.  An Adaptive Method to Learn Directive Trust Strength for Trust-Aware Recommender Systems. 2018 IEEE 22nd International Conference on Computer Supported Cooperative Work in Design ((CSCWD)). :10–16.

Trust Relationships have shown great potential to improve recommendation quality, especially for cold start and sparse users. Since each user trust their friends in different degrees, there are numbers of works been proposed to take Trust Strength into account for recommender systems. However, these methods ignore the information of trust directions between users. In this paper, we propose a novel method to adaptively learn directive trust strength to improve trust-aware recommender systems. Advancing previous works, we propose to establish direction of trust strength by modeling the implicit relationships between users with roles of trusters and trustees. Specially, under new trust strength with directions, how to compute the directive trust strength is becoming a new challenge. Therefore, we present a novel method to adaptively learn directive trust strengths in a unified framework by enforcing the trust strength into range of [0, 1] through a mapping function. Our experiments on Epinions and Ciao datasets demonstrate that the proposed algorithm can effectively outperform several state-of-art algorithms on both MAE and RMSE metrics.

Coleman, M. S., Doody, D. P., Shields, M. A..  2018.  Machine Learning for Real-Time Data-Driven Security Practices. 2018 29th Irish Signals and Systems Conference (ISSC). :1–6.

The risk of cyber-attacks exploiting vulnerable organisations has increased significantly over the past several years. These attacks may combine to exploit a vulnerability breach within a system's protection strategy, which has the potential for loss, damage or destruction of assets. Consequently, every vulnerability has an accompanying risk, which is defined as the "intersection of assets, threats, and vulnerabilities" [1]. This research project aims to experimentally compare the similarity-based ranking of cyber security information utilising a recommendation environment. The Memory-Based Collaborative Filtering technique was employed, specifically the User-Based and Item-Based approaches. These systems utilised information from the National Vulnerability Database, specifically for the identification and similarity-based ranking of cyber-security vulnerability information, relating to hardware and software applications. Experiments were performed using the Item-Based technique, to identify the optimum system parameters, evaluated through the AUC evaluation metric. Once identified, the Item-Based technique was compared with the User-Based technique which utilised the parameters identified from the previous experiments. During these experiments, the Pearson's Correlation Coefficient and the Cosine similarity measure was used. From these experiments, it was identified that utilised the Item-Based technique which employed the Cosine similarity measure, an AUC evaluation metric of 0.80225 was achieved.

Qi, L. T., Huang, H. P., Wang, P., Wang, R. C..  2018.  Abnormal Item Detection Based on Time Window Merging for Recommender Systems. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :252–259.

CFRS (Collaborative Filtering Recommendation System) is one of the most widely used individualized recommendation systems. However, CFRS is susceptible to shilling attacks based on profile injection. The current research on shilling attack mainly focuses on the recognition of false user profiles, but these methods depend on the specific attack models and the computational cost is huge. From the view of item, some abnormal item detection methods are proposed which are independent of attack models and overcome the defects of user profiles model, but its detection rate, false alarm rate and time overhead need to be further improved. In order to solve these problems, it proposes an abnormal item detection method based on time window merging. This method first uses the small window to partition rating time series, and determine whether the window is suspicious in terms of the number of abnormal ratings within it. Then, the suspicious small windows are merged to form suspicious intervals. We use the rating distribution characteristics RAR (Ratio of Abnormal Rating), ATIAR (Average Time Interval of Abnormal Rating), DAR(Deviation of Abnormal Rating) and DTIAR (Deviation of Time Interval of Abnormal Rating) in the suspicious intervals to determine whether the item is subject to attacks. Experiment results on the MovieLens 100K data set show that the method has a high detection rate and a low false alarm rate.