Biblio

Although existing for decades, software tampering attack is still a main threat to systems, such as Android, and cyber physical systems. Many approaches have been proposed to thwart specific procedures of tampering, e.g., obfuscation and self-checksumming. However, none of them can achieve theoretically tamper-proof without the protection of hardware circuit. Rather than proposing new tricks against tampering attacks, we focus on impeding the replication of software tampering via program diversification, and thus pose a scalability barrier against the attacks. Our idea, namely N-version obfuscation (NVO), is to automatically generate and deliver same featured, but functionally nonequivalent software copies to different machines or users. In this paper, we investigate such an idea on Android platform. We carefully design a candidate NVO solution for networked apps, which leverages a Message Authentication Code (MAC) mechanism to generate the functionally nonequivalent diversities. Our evaluation result shows that the time required for breaking such a software system increases linearly with respect to the number of software versions. In this way, attackers would suffer great scalability issues, considering that an app can have millions of users. With minimal NVO costs, effective tamper-resistant security can therefore be established.

There is some uncertainty as to the applicability or accuracy of current theories for wave propagation in sediments. Numerical modelling of acoustic data has long been recognized to be a powerful method of understanding of complicated wave propagation and interaction. In this paper, we used the coupled two-dimensional PSM-BEM program to simulate the process of acoustic wave propagation in the seafloor with distributed multi-scale random media. The effects of fluid flow between the pores and the grains with multi-scale distribution were considered. The results show that the coupled PSM-BEM program can be directly applied to both high and low frequency seafloor acoustics. A given porous frame with the pore space saturated with fluid can greatly increase the magnitude of acoustic anisotropy. acoustic wave velocity dispersion and attenuation are significant over a frequency range which spans at least two orders of magnitude.

To promote InGaP solar cell efficiency toward the theoretical limit, one promising approach is to incorporate multiple quantum wells (MQWs) into the InGaP host and improve its open-circuit voltage by facilitating radiative carrier recombination owing to carrier confinement. In this research, we demonstrate numerically that a strain-balanced (SB) In1-xGaxP/In1-yGayP MQW enhances confined carrier density while degrades the effective carrier mobility. However, a smart design of the MQW structure is possible by considering quantitatively the trade-off between carrier confinement effect and carrier transport, and MQW can be advantageous over the InGaP bulk material for boosting photovoltaic efficiency.

The numerical analysis of transient quantum effects in heterostructure devices with conventional numerical methods tends to pose problems. To overcome these limitations, a novel numerical scheme for the transient non-equilibrium solution of the quantum Liouville equation utilizing a finite volume discretization technique is proposed. Additionally, the solution with regard to the stationary regime, which can serve as a reference solution, is inherently included within the discretization scheme for the transient regime. Resulting in a highly oscillating interference pattern of the statistical density matrix as well in the stationary as in the transient regime, the reflecting nature of the conventional boundary conditions can be an additional source of error. Avoiding these non-physical reflections, the concept of a complex absorbing potential used for the Schrödinger equation is utilized to redefine the drift operator in order to render open boundary conditions for quantum transport equations. Furthermore, the method allows the application of the commonly used concept of inflow boundary conditions.

In case of wildfire, particles generated in combustion are in complex law of motion under the influence of flame temperature, airflow and lots of electrons and ions. They would distort the space electric field, and lead to gap discharge. This paper develops a multi-physics coupling calculation model of fluid, temperature, electric field and particle movement by combining the rod-plate gap experiment that simulates the wildfire condition. It analyzes the motion state of ash particles in flames, studies the charged particles of different polarity separately, and explores the impact of particle properties on the electric field of gap space by combining the distribution of particles. Results have shown that there are differences in the motion state of charged particles of different polarity, and the electrode will absorb some particles with different charges, while charged particles with the same polarity as the electrode will move away from the electrode in random motion. Particles of different properties (particle size, relative dielectric constant) have different impacts on the electric field of gap space, but they all promote the discharge propagation.

Internet of Things(IoT) is an important part of the new generation of information technology and an important stage of development in the era of informatization. As a next generation network, Information Centric Network (ICN) has been introduced into the IoT, leading to the content independence of IC-IoT. To manage the changing network conditions and diagnose the cause of anomalies within it, network operators must obtain and analyze network status information from monitoring tools. However, traditional network supervision method will not be applicable to IC-IoT centered on content rather than IP. Moreover, the surge in information volume will also bring about insufficient information distribution, and the data location in the traditional management information base is fixed and cannot be added or deleted. To overcome these problems, we propose a name-based smart tracking system to store network state information in the IC-IoT. Firstly, we design a new structure of management information base that records various network state information and changes its naming format. Secondly, we use a tracking method to obtain the required network status information. When the manager issues a status request, each data block has a defined data tracking table to record past requests, the location of the status data required can be located according to it. Thirdly, we put forward an adaptive network data location replacement strategy based on the importance of stored data blocks, so that the information with higher importance will be closer to the management center for more efficient acquisition. Simulation results indicate the feasibility of the proposed scheme.

Internet of Things (IoT) development and the addition of billions of computationally limited devices prohibit the use of classical security measures such as Intrusion Detection Systems (IDS). In this paper, we study the influence of the implementation of different feed-forward type of Neural Networks (NNs) on the detection Rate of the Negative Selection Neural Network (NSNN) algorithm. Feed-forward and cascade forward NN structures with different number of neurons and different number of hidden layers are tested. For training and testing the NSNN algorithm the labeled KDD NSL dataset is applied. The detection rates provided by the algorithm with several NN structures to determine the optimal solution are calculated and compared. The results show how these different feed-forward based NN architectures impact the performance of the NSNN algorithm.

GENI (Global Environment for Network Innovations) is a National Science Foundation (NSF) funded program which provides a virtual laboratory for networking and distributed systems research and education. It is well suited for exploring networks at a scale, thereby promoting innovations in network science, security, services and applications. GENI allows researchers obtain compute resources from locations around the United States, connect compute resources using 100G Internet2 L2 service, install custom software or even custom operating systems on these compute resources, control how network switches in their experiment handle traffic flows, and run their own L3 and above protocols. GENI architecture incorporates cloud federation. With the federation, cloud resources can be federated and/or community of clouds can be formed. The heart of federation is user identity and an ability to “advertise” cloud resources into community including compute, storage, and networking. GENI administrators can carve out what resources are available to the community and hence a portion of GENI resources are reserved for internal consumption. GENI architecture also provides “stitching” of compute and storage resources researchers request. This provides L2 network domain over Internet2's 100G network. And researchers can run their Software Defined Networking (SDN) controllers on the provisioned L2 network domain for a complete control of networking traffic. This capability is useful for large science data transfer (bypassing security devices for high throughput). Renaissance Computing Institute (RENCI), a research institute in the state of North Carolina, has developed ORCA (Open Resource Control Architecture), a GENI control framework. ORCA is a distributed resource orchestration system to serve science experiments. ORCA provides compute resources as virtual machines and as well as baremetals. ORCA based GENI ra- k was designed to serve both High Throughput Computing (HTC) and High Performance Computing (HPC) type of computes. Although, GENI is primarily used in various universities and research entities today, GENI architecture can be leveraged in the commercial, aerospace and government settings. This paper will go over the architecture of GENI and discuss the GENI architecture for scientific computing experiments.

The promise of big data relies on the release and aggregation of data sets. When these data sets contain sensitive information about individuals, it has been scalable and convenient to protect the privacy of these individuals by de-identification. However, studies show that the combination of de-identified data sets with other data sets risks re-identification of some records. Some studies have shown how to measure this risk in specific contexts where certain types of public data sets (such as voter roles) are assumed to be available to attackers. To the extent that it can be accomplished, such analyses enable the threat of compromises to be balanced against the benefits of sharing data. For example, a study that might save lives by enabling medical research may be enabled in light of a sufficiently low probability of compromise from sharing de-identified data. In this paper, we introduce a general probabilistic re-identification framework that can be instantiated in specific contexts to estimate the probability of compromises based on explicit assumptions. We further propose a baseline of such assumptions that enable a first-cut estimate of risk for practical case studies. We refer to the framework with these assumptions as the Naive Re-identification Framework (NRF). As a case study, we show how we can apply NRF to analyze and quantify the risk of re-identification arising from releasing de-identified medical data in the context of publicly-available social media data. The results of this case study show that NRF can be used to obtain meaningful quantification of the re-identification risk, compare the risk of different social media, and assess risks of combinations of various demographic attributes and medical conditions that individuals may voluntarily disclose on social media.

We present nQUIC, a variant of QUIC-TLS that uses the Noise protocol framework for its key exchange and basis of its packet protector with no semantic transport changes. nQUIC is designed for deployment in systems and for applications that assert trust in raw public keys rather than PKI-based certificate chains. It uses a fixed key exchange algorithm, compromising agility for implementation and verification ease. nQUIC provides mandatory server and optional client authentication, resistance to Key Compromise Impersonation attacks, and forward and future secrecy of traffic key derivation, which makes it favorable to QUIC-TLS for long-lived QUIC connections in comparable applications. We developed two interoperable prototype implementations written in Go and Rust. Experimental results show that nQUIC finishes its handshake in a comparable amount of time as QUIC-TLS.

This paper discusses two issues with multi-channel multi-radio Wireless Mesh Networks (WMN): gateway placement and gateway selection. To address these issues, a method will be proposed that places gateways at strategic locations to avoid congestion and adaptively learns to select a more efficient gateway for each wireless router by using learning automata. This method, called the N-queen Inspired Gateway Placement and Learning Automata-based Selection (NQ-GPLS), considers multiple metrics such as loss ratio, throughput, load at the gateways and delay. Simulation results from NS-2 simulator demonstrate that NQ-GPLS can significantly improve the overall network performance compared to a standard WMN.

The vast majority of nowadays remote code execution attacks target virtual function tables (vtables). Attackers hijack vtable pointers to change the control flow of a vulnerable program to their will, resulting in full control over the underlying system. In this paper, we present NoVT, a compiler-based defense against vtable hijacking. Instead of protecting vtables for virtual dispatch, our solution replaces them with switch-case constructs that are inherently control-flow safe, thus preserving control flow integrity of C++ virtual dispatch. NoVT extends Clang to perform a class hierarchy analysis on C++ source code. Instead of a vtable, each class gets unique identifier numbers which are used to dispatch the correct method implementation. Thereby, NoVT inherently protects all usages of a vtable, not just virtual dispatch. We evaluate NoVT on common benchmark applications and real-world programs including Chromium. Despite its strong security guarantees, NoVT improves runtime performance of most programs (mean overhead −0.5%, −3.7% min, 2% max). In addition, protected binaries are slightly smaller than unprotected ones. NoVT works on different CPU architectures and protects complex C++ programs against strong attacks like COOP and ShrinkWrap.

Hardware Trojans have become in the last decade a major threat in the Integrated Circuit industry. Many techniques have been proposed in the literature aiming at detecting such malicious modifications in fabricated ICs. For the most critical circuits, prevention methods are also of interest. The goal of such methods is to prevent the insertion of a Hardware Trojan thanks to ad-hoc design rules. In this paper, we present a novel prevention technique based on approximation. An approximate logic circuit is a circuit that performs a possibly different but closely related logic function, so that it can be used for error detection or error masking where it overlaps with the original circuit. We will show how this technique can successfully detect the presence of Hardware Trojans, with a solution that has a smaller impact than triplication.

The notion of trust is considered to be the cornerstone on patient-psychiatrist relationship. Thus, a trustfully background is fundamental requirement for provision of effective Ubiquitous Healthcare (UH) service. In this paper, the issue of Trust Evaluation of UH Providers when register UH environment is addressed. For that purpose a novel trust evaluation method is proposed, based on cloud theory, exploiting User Profile attributes. This theory mimics human thinking, regarding trust evaluation and captures fuzziness and randomness of this uncertain reasoning. Two case studies are investigated through simulation in MATLAB software, in order to verify the effectiveness of this novel method.

The transition effect ring oscillator (TERO) based true random number generator (TRNG) was proposed by Varchola and Drutarovsky in 2010. There were several stochastic models for this advanced TRNG based on ring oscillator. This paper proposed an improved TERO based TRNG and implements both on Altera Cyclone series FPGA platform and on a 0.13um CMOS ASIC process. FPGA experimental results show that this balanced TERO TRNG is in good performance as the experimental data results past the national institute of standards and technology (NIST) test in 1M bit/s. The TRNG is feasible for a security SoC.

Remote authentication via biometric features has received much attention recently, hence the security of biometric data is of great importance. Here a crypto-steganography method applied for the protection of biometric data is implemented. It include semantic segmentation, chaotic encryption, data hiding and fingerprint recognition to avoid the risk of spoofing attacks. Semantically segmented image of the person to be authenticated is used as the cover image and chaotic encrypted fingerprint image is used as secret image here. Chaotic encrypted fingerprint image is embedded into the cover image using Integer Wavelet Transform (IWT). Extracted fingerprint image is then compared with the fingerprints in database to authenticate the person. Qualified Significant Wavelet Trees (QSWT`s) of the cover image act as the target coefficients to insert the secret image. IWT provide both invisibility and resistance against the lossy transmissions. Experimental result shows that the semantic segmentation reduces the bandwidth efficiently. In addition, chaotic encryption and IWT based data hiding increases the security of the transmitted biometric data.

SQL Injection and Cross-Site Scripting are the two most common attacks in database-based web applications. In this paper we propose a system to detect different types of SQL injection and XSS attacks associated with a web application, without the existence of any firewall, while significantly reducing the network overhead. We use properly modifications of the Nginx Reverse Proxy protocols and Suricata NIDS/ IPS rules. Pure work has been done from other researchers based on the capabilities of Nginx and Suricata and our approach with the experimental results provided in the paper demonstrate the efficiency of our system.

The importance of peer-to-peer (P2P) network overlays produced enormous interest in the research community due to their robustness, scalability, and increase of data availability. P2P networks are overlays of logically connected hosts and other nodes including servers. P2P networks allow users to share their files without the need for any centralized servers. Since P2P networks are largely constructed of end-hosts, they are susceptible to abuse and malicious activity, such as sybil attacks. Impostors perform sybil attacks by assigning nodes multiple addresses, as opposed to a single address, with the goal of degrading network quality. Sybil nodes will spread malicious data and provide bogus responses to requests. To prevent sybil attacks from occurring, a novel defense mechanism is proposed. In the proposed scheme, the DHT key-space is divided and treated in a similar manner to radio frequency allocation incensing. An overlay of trusted nodes is used to detect and handle sybil nodes with the aid of source-destination pairs reporting on each other. The simulation results show that the proposed scheme detects sybil nodes in large sized networks with thousands of interactions.

Cooperative Intelligent Transport Systems (C-ITS) are expected to play an important role in our lives. They will improve the traffic safety and bring about a revolution on the driving experience. However, these benefits are counterbalanced by possible attacks that threaten not only the vehicle's security, but also passengers' lives. One of the most common attacks is the Sybil attack, which is even more dangerous than others because it could be the starting point of many other attacks in C-ITS. This paper proposes a distributed approach allowing the detection of Sybil attacks by using the traffic flow theory. The key idea here is that each vehicle will monitor its neighbourhood in order to detect an eventual Sybil attack. This is achieved by a comparison between the real accurate speed of the vehicle and the one estimated using the V2V communications with vehicles in the vicinity. The estimated speed is derived by using the traffic flow fundamental diagram of the road's portion where the vehicles are moving. This detection algorithm is validated through some extensive simulations conducted using the well-known NS3 network simulator with SUMO traffic simulator.

Security is the main concern for wireless sensor nodes and exposed against malicious attacks. To secure the communication between sensor nodes several key managing arrangements are already implemented. The key managing method for any protected application must minimally deliver safety facilities such as truthfulness. Diffie–Hellman key exchange in the absence of authentication is exposed to MITM (man-in-the-middle) attacks due to which the attacker node can easily interrupt the communication, by appearing as a valid node in the network. In wireless sensor networks, single path routing is very common but it suffers with the two problems i:e link failure which results in data loss and if any node in single path is compromised, there is no alternative to send the data to the destination securely. To overcome this problem, multipath routing protocol is used which provides both availability and consistency of data. AOMDV (Ad-hoc On-demand Multipath Distance Vector Routing Protocol) is used in a proposed algorithm which provides alternative paths to reach the data packets to the destination. This paper presents an algorithm DH-SAM (Diffie-Hellman- Sybil Attack Mitigation) to spot and mitigate Sybil nodes and make the network trusted with the objective of solving the issue of MITM attack in the network. After node authentication, secure keys are established between two communicating nodes for data transmission using the Diffie-Hellman algorithm. Performance evaluation of DH-SAM is done by using different metrics such as detection rate, PDR, throughput, and average end to end (AE2E) delay.

For the increasing use of internet, it is equally important to protect the intellectual property. And for the protection of copyright, a blind digital watermark algorithm with SVD and OSELM in the IWT domain has been proposed. During the embedding process, SVD has been applied to the coefficient blocks to get the singular values in the IWT domain. Singular values are modulated to embed the watermark in the host image. Online sequential extreme learning machine is trained to learn the relationship between the original coefficient and the corresponding watermarked version. During the extraction process, this trained OSELM is used to extract the embedded watermark logo blindly as no original host image is required during this process. The watermarked image is altered using various attacks like blurring, noise, sharpening, rotation and cropping. The experimental results show that the proposed watermarking scheme is robust against various attacks. The extracted watermark has very much similarity with the original watermark and works good to prove the ownership.

Missing data problem often occurs in data analysis. The most common way to solve this problem is imputation. But imputation methods are only suitable for dealing with a low proportion of missing data, when assuming that missing data satisfies MCAR (Missing Completely at Random) or MAR (Missing at Random). In this paper, considering the reasons for missing data, we propose a novel support vector machine method using a new kernel function to solve the problem with a relatively large proportion of missing data. This method makes full use of observed data to reduce the error caused by filling a large number of missing values. We validate our method on 4 data sets from UCI Repository of Machine Learning. The accuracy, F-score, Kappa statistics and recall are used to evaluate the performance. Experimental results show that our method achieve significant improvement in terms of classification results compared with common imputation methods, even when the proportion of missing data is high.

The increased power capacity and networking requirements in Extremely Fast Charging (XFC) systems for battery electric vehicles (BEVs) and the resulting increase in the adversarial attack surface call for security measures to be taken in the involved cyber-physical system (CPS). Within this system, the security of the BEV's battery management system (BMS) is of critical importance as the BMS is the first line of defense between the vehicle and the charge station. This study proposes an optimal control and moving-target defense (MTD) based novel approach for the security of the vehicle BMS) focusing on the charging process, during which a compromised vehicle may contaminate the XFC station and the whole grid. This paper is part of our ongoing research, which is one of the few, if not the first, reported studies in the literature on security-hardened BMS, aiming to increase the security and performance of operations between the charging station, the BMS and the battery system of electric vehicles. The developed MTD based switching strategy makes use of redundancies in the controller and feedback design. The performed simulations demonstrate an increased unpredictability and acceptable charging performance under adversarial attacks.

With the rapid development of the Internet, preserving the security of confidential data has become a challenging issue. An effective method to this end is to apply steganography techniques. In this paper, we propose an efficient steganography algorithm which applies edge detection and MPC algorithm for data concealment in digital images. The proposed edge detection scheme partitions the given image, namely cover image, into blocks. Next, it identifies the edge blocks based on the variance of their corner pixels. Embedding the confidential data in sharp edges causes less distortion in comparison to the smooth areas. To diminish the imposed distortion by data embedding in edge blocks, we employ LSB and MPC algorithms. In the proposed scheme, the blocks are split into some groups firstly. Next, a full tree is constructed per group using the LSBs of its pixels. This tree is converted into another full tree in some rounds. The resultant tree is used to modify the considered LSBs. After the accomplishment of the data embedding process, the final image, which is called stego image, is derived. According to the experimental results, the proposed algorithm improves PSNR with at least 5.4 compared to the previous schemes.

With the growing use of the Robot Operating System (ROS), it can be argued that it has become a de-facto framework for developing robotic solutions. ROS is used to build robotic applications for industrial automation, home automation, medical and even automatic robotic surveillance. However, whenever ROS is utilized, security is one of the main concerns that needs to be addressed in order to ensure a secure network communication of robots. Cyber-attacks may hinder evolution and adaptation of most ROS-enabled robotic systems for real-world use over the Internet. Thus, it is important to address and prevent security threats associated with the use of ROS-enabled applications. In this paper, we propose a novel approach for securing ROS-enabled robotic system by integrating ROS with the Message Queuing Telemetry Transport (MQTT) protocol. We manage to secure robots' network communications by providing authentication and data encryption, therefore preventing man-in-the-middle and hijacking attacks. We also perform real-world experiments to assess how the performance of a ROS-enabled robotic surveillance system is affected by the proposed approach.