Visible to the public Biblio

Filters: First Letter Of Title is Q  [Clear All Filters]
2021-05-25
Alabadi, Montdher, Albayrak, Zafer.  2020.  Q-Learning for Securing Cyber-Physical Systems : A survey. 2020 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA). :1–13.
A cyber-physical system (CPS) is a term that implements mainly three parts, Physical elements, communication networks, and control systems. Currently, CPS includes the Internet of Things (IoT), Internet of Vehicles (IoV), and many other systems. These systems face many security challenges and different types of attacks, such as Jamming, DDoS.CPS attacks tend to be much smarter and more dynamic; thus, it needs defending strategies that can handle this level of intelligence and dynamicity. Last few years, many researchers use machine learning as a base solution to many CPS security issues. This paper provides a survey of the recent works that utilized the Q-Learning algorithm in terms of security enabling and privacy-preserving. Different adoption of Q-Learning for security and defending strategies are studied. The state-of-the-art of Q-learning and CPS systems are classified and analyzed according to their attacks, domain, supported techniques, and details of the Q-Learning algorithm. Finally, this work highlight The future research trends toward efficient utilization of Q-learning and deep Q-learning on CPS security.
2021-04-27
Zerrouki, F., Ouchani, S., Bouarfa, H..  2020.  Quantifying Security and Performance of Physical Unclonable Functions. 2020 7th International Conference on Internet of Things: Systems, Management and Security (IOTSMS). :1—4.

Physical Unclonable Function is an innovative hardware security primitives that exploit the physical characteristics of a physical object to generate a unique identifier, which play the role of the object's fingerprint. Silicon PUF, a popular type of PUFs, exploits the variation in the manufacturing process of integrated circuits (ICs). It needs an input called challenge to generate the response as an output. In addition, of classical attacks, PUFs are vulnerable to physical and modeling attacks. The performance of the PUFs is measured by several metrics like reliability, uniqueness and uniformity. So as an evidence, the main goal is to provide a complete tool that checks the strength and quantifies the performance of a given physical unconscionable function. This paper provides a tool and develops a set of metrics that can achieve safely the proposed goal.

Stanković, I., Brajović, M., Daković, M., Stanković, L., Ioana, C..  2020.  Quantization Effect in Nonuniform Nonsparse Signal Reconstruction. 2020 9th Mediterranean Conference on Embedded Computing (MECO). :1–4.
This paper examines the influence of quantization on the compressive sensing theory applied to the nonuniformly sampled nonsparse signals with reduced set of randomly positioned measurements. The error of the reconstruction will be generalized to exact expected squared error expression. The aim is to connect the generalized random sampling strategy with the quantization effect, finding the resulting error of the reconstruction. Small sampling deviations correspond to the imprecisions of the sampling strategy, while completely random sampling schemes causes large sampling deviations. Numerical examples provide an agreement between the statistical results and theoretical values.
2021-04-08
Wang, P., Zhang, J., Wang, S., Wu, D..  2020.  Quantitative Assessment on the Limitations of Code Randomization for Legacy Binaries. 2020 IEEE European Symposium on Security and Privacy (EuroS P). :1–16.
Software development and deployment are generally fast-pacing practices, yet to date there is still a significant amount of legacy software running in various critical industries with years or even decades of lifespans. As the source code of some legacy software became unavailable, it is difficult for maintainers to actively patch the vulnerabilities, leaving the outdated binaries appealing targets of advanced security attacks. One of the most powerful attacks today is code reuse, a technique that can circumvent most existing system-level security facilities. While there have been various countermeasures against code reuse, applying them to sourceless software appears to be exceptionally challenging. Fine-grained code randomization is considered to be an effective strategy to impede modern code-reuse attacks. To apply it to legacy software, a technique called binary rewriting is employed to directly reconstruct binaries without symbol or relocation information. However, we found that current rewriting-based randomization techniques, regardless of their designs and implementations, share a common security defect such that the randomized binaries may remain vulnerable in certain cases. Indeed, our finding does not invalidate fine-grained code randomization as a meaningful defense against code reuse attacks, for it significantly raises the bar for exploits to be successful. Nevertheless, it is critical for the maintainers of legacy software systems to be aware of this problem and obtain a quantitative assessment of the risks in adopting a potentially incomprehensive defense. In this paper, we conducted a systematic investigation into the effectiveness of randomization techniques designed for hardening outdated binaries. We studied various state-of-the-art, fine-grained randomization tools, confirming that all of them can leave a certain part of the retrofitted binary code still reusable. To quantify the risks, we proposed a set of concrete criteria to classify gadgets immune to rewriting-based randomization and investigated their availability and capability.
2021-03-09
Tikhomirov, S., Moreno-Sanchez, P., Maffei, M..  2020.  A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :387—396.

Payment channel networks have been introduced to mitigate the scalability issues inherent to permissionless decentralized cryptocurrencies such as Bitcoin. Launched in 2018, the Lightning Network (LN) has been gaining popularity and consists today of more than 5000 nodes and 35000 payment channels that jointly hold 965 bitcoins (9.2M USD as of June 2020). This adoption has motivated research from both academia and industryPayment channels suffer from security vulnerabilities, such as the wormhole attack [39], anonymity issues [38], and scalability limitations related to the upper bound on the number of concurrent payments per channel [28], which have been pointed out by the scientific community but never quantitatively analyzedIn this work, we first analyze the proneness of the LN to the wormhole attack and attacks against anonymity. We observe that an adversary needs to control only 2% of nodes to learn sensitive payment information (e.g., sender, receiver, and amount) or to carry out the wormhole attack. Second, we study the management of concurrent payments in the LN and quantify its negative effect on scalability. We observe that for micropayments, the forwarding capability of up to 50% of channels is restricted to a value smaller than the channel capacity. This phenomenon hinders scalability and opens the door for denial-of-service attacks: we estimate that a network-wide DoS attack costs within 1.6M USD, while isolating the biggest community costs only 238k USDOur findings should prompt the LN community to consider the issues studied in this work when educating users about path selection algorithms, as well as to adopt multi-hop payment protocols that provide stronger security, privacy and scalability guarantees.

2021-03-01
Zhang, Y., Groves, T., Cook, B., Wright, N. J., Coskun, A. K..  2020.  Quantifying the impact of network congestion on application performance and network metrics. 2020 IEEE International Conference on Cluster Computing (CLUSTER). :162–168.
In modern high-performance computing (HPC) systems, network congestion is an important factor that contributes to performance degradation. However, how network congestion impacts application performance is not fully understood. As Aries network, a recent HPC network architecture featuring a dragonfly topology, is equipped with network counters measuring packet transmission statistics on each router, these network metrics can potentially be utilized to understand network performance. In this work, by experiments on a large HPC system, we quantify the impact of network congestion on various applications' performance in terms of execution time, and we correlate application performance with network metrics. Our results demonstrate diverse impacts of network congestion: while applications with intensive MPI operations (such as HACC and MILC) suffer from more than 40% extension in their execution times under network congestion, applications with less intensive MPI operations (such as Graph500 and HPCG) are mostly not affected. We also demonstrate that a stall-to-flit ratio metric derived from Aries network counters is positively correlated with performance degradation and, thus, this metric can serve as an indicator of network congestion in HPC systems.
2021-02-08
Wang, H., Yao, G., Wang, B..  2020.  A Quantum Concurrent Signature Scheme Based on the Quantum Finite Automata Signature Scheme. 2020 IEEE 14th International Conference on Anti-counterfeiting, Security, and Identification (ASID). :125–129.
When using digital signatures, we need to deal with the problem of fairness of information exchange. To solve this problem, Chen, etc. introduced a new conception which is named concurrent signatures in Eurocrypt'04. Using concurrent signatures scheme, two entities in the scheme can generate two ambiguous signatures until one of the entities releases additional information which is called keystone. After the keystone is released, the two ambiguous signatures will be bound to their real signers at the same time. In order to provide a method to solve the fairness problem of quantum digital signatures, we propose a new quantum concurrent signature scheme. The scheme we proposed does not use a trusted third party in a quantum computing environment, and has such advantages as no need to conduct complex quantum operations and easy to implement by a quantum circuit. Quantum concurrent signature improves the theory of quantum cryptography, and it also provides broad prospects for the specific applications of quantum cryptography.
2021-02-01
Zhang, Y., Liu, J., Shang, T., Wu, W..  2020.  Quantum Homomorphic Encryption Based on Quantum Obfuscation. 2020 International Wireless Communications and Mobile Computing (IWCMC). :2010–2015.
Homomorphic encryption enables computation on encrypted data while maintaining secrecy. This leads to an important open question whether quantum computation can be delegated and verified in a non-interactive manner or not. In this paper, we affirmatively answer this question by constructing the quantum homomorphic encryption scheme with quantum obfuscation. It takes advantage of the interchangeability of the unitary operator, and exchanges the evaluation operator and the encryption operator by means of equivalent multiplication to complete homomorphic encryption. The correctness of the proposed scheme is proved theoretically. The evaluator does not know the decryption key and does not require a regular interaction with a user. Because of key transmission after quantum obfuscation, the encrypting party and the decrypting party can be different users. The output state has the property of complete mixture, which guarantees the scheme security. Moreover, the security level of the quantum homomorphic encryption scheme depends on quantum obfuscation and encryption operators.
2021-01-28
Pham, L. H., Albanese, M., Chadha, R., Chiang, C.-Y. J., Venkatesan, S., Kamhoua, C., Leslie, N..  2020.  A Quantitative Framework to Model Reconnaissance by Stealthy Attackers and Support Deception-Based Defenses. :1—9.

In recent years, persistent cyber adversaries have developed increasingly sophisticated techniques to evade detection. Once adversaries have established a foothold within the target network, using seemingly-limited passive reconnaissance techniques, they can develop significant network reconnaissance capabilities. Cyber deception has been recognized as a critical capability to defend against such adversaries, but, without an accurate model of the adversary's reconnaissance behavior, current approaches are ineffective against advanced adversaries. To address this gap, we propose a novel model to capture how advanced, stealthy adversaries acquire knowledge about the target network and establish and expand their foothold within the system. This model quantifies the cost and reward, from the adversary's perspective, of compromising and maintaining control over target nodes. We evaluate our model through simulations in the CyberVAN testbed, and indicate how it can guide the development and deployment of future defensive capabilities, including high-interaction honeypots, so as to influence the behavior of adversaries and steer them away from critical resources.

2021-01-22
Sahabandu, D., Allen, J., Moothedath, S., Bushnell, L., Lee, W., Poovendran, R..  2020.  Quickest Detection of Advanced Persistent Threats: A Semi-Markov Game Approach. 2020 ACM/IEEE 11th International Conference on Cyber-Physical Systems (ICCPS). :9—19.
Advanced Persistent Threats (APTs) are stealthy, sophisticated, long-term, multi-stage attacks that threaten the security of sensitive information. Dynamic Information Flow Tracking (DIFT) has been proposed as a promising mechanism to detect and prevent various cyber attacks in computer systems. DIFT tracks suspicious information flows in the system and generates security analysis when anomalous behavior is detected. The number of information flows in a system is typically large and the amount of resources (such as memory, processing power and storage) required for analyzing different flows at different system locations varies. Hence, efficient use of resources is essential to maintain an acceptable level of system performance when using DIFT. On the other hand, the quickest detection of APTs is crucial as APTs are persistent and the damage caused to the system is more when the attacker spends more time in the system. We address the problem of detecting APTs and model the trade-off between resource efficiency and quickest detection of APTs. We propose a game model that captures the interaction of APT and a DIFT-based defender as a two-player, multi-stage, zero-sum, Stackelberg semi-Markov game. Our game considers the performance parameters such as false-negatives generated by DIFT and the time required for executing various operations in the system. We propose a two-time scale Q-learning algorithm that converges to a Stackelberg equilibrium under infinite horizon, limiting average payoff criteria. We validate our model and algorithm on a real-word attack dataset obtained using Refinable Attack INvestigation (RAIN) framework.
2020-12-01
Hendrawan, H., Sukarno, P., Nugroho, M. A..  2019.  Quality of Service (QoS) Comparison Analysis of Snort IDS and Bro IDS Application in Software Define Network (SDN) Architecture. 2019 7th International Conference on Information and Communication Technology (ICoICT). :1—7.

Intrusion Detection system (IDS) was an application which was aimed to monitor network activity or system and it could find if there was a dangerous operation. Implementation of IDS on Software Define Network architecture (SDN) has drawbacks. IDS on SDN architecture might decreasing network Quality of Service (QoS). So the network could not provide services to the existing network traffic. Throughput, delay and packet loss were important parameters of QoS measurement. Snort IDS and bro IDS were tools in the application of IDS on the network. Both had differences, one of which was found in the detection method. Snort IDS used a signature based detection method while bro IDS used an anomaly based detection method. The difference between them had effects in handling the network traffic through it. In this research, we compared both tools. This comparison are done with testing parameters such as throughput, delay, packet loss, CPU usage, and memory usage. From this test, it was found that bro outperform snort IDS for throughput, delay , and packet loss parameters. However, CPU usage and memory usage on bro requires higher resource than snort.

2020-11-20
Lardier, W., Varo, Q., Yan, J..  2019.  Quantum-Sim: An Open-Source Co-Simulation Platform for Quantum Key Distribution-Based Smart Grid Communications. 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). :1—6.
Grid modernization efforts with the latest information and communication technologies will significantly benefit smart grids in the coming years. More optical fibre communications between consumers and the control center will promise better demand response and customer engagement, yet the increasing attack surface and man-in-the-middle (MITM) threats can result in security and privacy challenges. Among the studies for more secure smart grid communications, quantum key distribution protocols (QKD) have emerged as a promising option. To bridge the theoretical advantages of quantum communication to its practical utilization, however, comprehensive investigations have to be conducted with realistic cyber-physical smart grid structures and scenarios. To facilitate research in this direction, this paper proposes an open-source, research-oriented co-simulation platform that orchestrates cyber and power simulators under the MOSAIK framework. The proposed platform allows flexible and realistic power flow-based co-simulation of quantum communications and electrical grids, where different cyber and power topologies, QKD protocols, and attack threats can be investigated. Using quantum-based communication under MITM attacks, the paper presented detailed case studies to demonstrate how the platform enables quick setup of a lowvoltage distribution grid, implementation of different protocols and cryptosystems, as well as evaluations of both communication efficiency and security against MITM attacks. The platform has been made available online to empower researchers in the modelling of quantum-based cyber-physical systems, pilot studies on quantum communications in smart grid, as well as improved attack resilience against malicious intruders.
2020-10-14
Xie, Kun, Li, Xiaocan, Wang, Xin, Xie, Gaogang, Xie, Dongliang, Li, Zhenyu, Wen, Jigang, Diao, Zulong.  2019.  Quick and Accurate False Data Detection in Mobile Crowd Sensing. IEEE INFOCOM 2019 - IEEE Conference on Computer Communications. :2215—2223.

With the proliferation of smartphones, a novel sensing paradigm called Mobile Crowd Sensing (MCS) has emerged very recently. However, the attacks and faults in MCS cause a serious false data problem. Observing the intrinsic low dimensionality of general monitoring data and the sparsity of false data, false data detection can be performed based on the separation of normal data and anomalies. Although the existing separation algorithm based on Direct Robust Matrix Factorization (DRMF) is proven to be effective, requiring iteratively performing Singular Value Decomposition (SVD) for low-rank matrix approximation would result in a prohibitively high accumulated computation cost when the data matrix is large. In this work, we observe the quick false data location feature from our empirical study of DRMF, based on which we propose an intelligent Light weight Low Rank and False Matrix Separation algorithm (LightLRFMS) that can reuse the previous result of the matrix decomposition to deduce the one for the current iteration step. Our algorithm can largely speed up the whole iteration process. From a theoretical perspective, we validate that LightLRFMS only requires one round of SVD computation and thus has very low computation cost. We have done extensive experiments using a PM 2.5 air condition trace and a road traffic trace. Our results demonstrate that LightLRFMS can achieve very good false data detection performance with the same highest detection accuracy as DRMF but with up to 10 times faster speed thanks to its lower computation cost.

2020-09-18
Guo, Xiaolong, Dutta, Raj Gautam, He, Jiaji, Tehranipoor, Mark M., Jin, Yier.  2019.  QIF-Verilog: Quantitative Information-Flow based Hardware Description Languages for Pre-Silicon Security Assessment. 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :91—100.
Hardware vulnerabilities are often due to design mistakes because the designer does not sufficiently consider potential security vulnerabilities at the design stage. As a result, various security solutions have been developed to protect ICs, among which the language-based hardware security verification serves as a promising solution. The verification process will be performed while compiling the HDL of the design. However, similar to other formal verification methods, the language-based approach also suffers from scalability issue. Furthermore, existing solutions either lead to hardware overhead or are not designed for vulnerable or malicious logic detection. To alleviate these challenges, we propose a new language based framework, QIF-Verilog, to evaluate the trustworthiness of a hardware system at register transfer level (RTL). This framework introduces a quantified information flow (QIF) model and extends Verilog type systems to provide more expressiveness in presenting security rules; QIF is capable of checking the security rules given by the hardware designer. Secrets are labeled by the new type and then parsed to data flow, to which a QIF model will be applied. To demonstrate our approach, we design a compiler for QIF-Verilog and perform vulnerability analysis on benchmarks from Trust-Hub and OpenCore. We show that Trojans or design faults that leak information from circuit outputs can be detected automatically, and that our method evaluates the security of the design correctly.
2020-07-20
Pengcheng, Li, Yi, Jinfeng, Zhang, Lijun.  2018.  Query-Efficient Black-Box Attack by Active Learning. 2018 IEEE International Conference on Data Mining (ICDM). :1200–1205.
Deep neural network (DNN) as a popular machine learning model is found to be vulnerable to adversarial attack. This attack constructs adversarial examples by adding small perturbations to the raw input, while appearing unmodified to human eyes but will be misclassified by a well-trained classifier. In this paper, we focus on the black-box attack setting where attackers have almost no access to the underlying models. To conduct black-box attack, a popular approach aims to train a substitute model based on the information queried from the target DNN. The substitute model can then be attacked using existing white-box attack approaches, and the generated adversarial examples will be used to attack the target DNN. Despite its encouraging results, this approach suffers from poor query efficiency, i.e., attackers usually needs to query a huge amount of times to collect enough information for training an accurate substitute model. To this end, we first utilize state-of-the-art white-box attack methods to generate samples for querying, and then introduce an active learning strategy to significantly reduce the number of queries needed. Besides, we also propose a diversity criterion to avoid the sampling bias. Our extensive experimental results on MNIST and CIFAR-10 show that the proposed method can reduce more than 90% of queries while preserve attacking success rates and obtain an accurate substitute model which is more than 85% similar with the target oracle.
2020-07-10
Bradley, Cerys, Stringhini, Gianluca.  2019.  A Qualitative Evaluation of Two Different Law Enforcement Approaches on Dark Net Markets. 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :453—463.

This paper presents the results of a qualitative study on discussions about two major law enforcement interventions against Dark Net Market (DNM) users extracted from relevant Reddit forums. We assess the impact of Operation Hyperion and Operation Bayonet (combined with the closure of the site Hansa) by analyzing posts and comments made by users of two Reddit forums created for the discussion of Dark Net Markets. The operations are compared in terms of the size of the discussions, the consequences recorded, and the opinions shared by forum users. We find that Operation Bayonet generated a higher number of discussions on Reddit, and from the qualitative analysis of such discussions it appears that this operation also had a greater impact on the DNM ecosystem.

2020-06-19
Shapiro, Jeffrey H., Boroson, Don M., Dixon, P. Ben, Grein, Matthew E., Hamilton, Scott A..  2019.  Quantum Low Probability of Intercept. 2019 Conference on Lasers and Electro-Optics (CLEO). :1—2.

Quantum low probability of intercept transmits ciphertext in a way that prevents an eavesdropper possessing the decryption key from recovering the plaintext. It is capable of Gbps communication rates on optical fiber over metropolitan-area distances.

Michel, François, De Coninck, Quentin, Bonaventure, Olivier.  2019.  QUIC-FEC: Bringing the benefits of Forward Erasure Correction to QUIC. 2019 IFIP Networking Conference (IFIP Networking). :1—9.

Originally implemented by Google, QUIC gathers a growing interest by providing, on top of UDP, the same service as the classical TCP/TLS/HTTP/2 stack. The IETF will finalise the QUIC specification in 2019. A key feature of QUIC is that almost all its packets, including most of its headers, are fully encrypted. This prevents eavesdropping and interferences caused by middleboxes. Thanks to this feature and its clean design, QUIC is easier to extend than TCP. In this paper, we revisit the reliable transmission mechanisms that are included in QUIC. More specifically, we design, implement and evaluate Forward Erasure Correction (FEC) extensions to QUIC. These extensions are mainly intended for high-delays and lossy communications such as In-Flight Communications. Our design includes a generic FEC frame and our implementation supports the XOR, Reed-Solomon and Convolutional RLC error-correcting codes. We also conservatively avoid hindering the loss-based congestion signal by distinguishing the packets that have been received from the packets that have been recovered by the FEC. We evaluate its performance by applying an experimental design covering a wide range of delay and packet loss conditions with reproducible experiments. These confirm that our modular design allows the protocol to adapt to the network conditions. For long data transfers or when the loss rate and delay are small, the FEC overhead negatively impacts the download completion time. However, with high packet loss rates and long delays or smaller files, FEC allows drastically reducing the download completion time by avoiding costly retransmission timeouts. These results show that there is a need to use FEC adaptively to the network conditions.

2020-05-29
Khelifi, Hakima, Luo, Senlin, Nour, Boubakr, Moungla, Hassine.  2019.  A QoS-Aware Cache Replacement Policy for Vehicular Named Data Networks. 2019 IEEE Global Communications Conference (GLOBECOM). :1—6.

Vehicular Named Data Network (VNDN) uses Named Data Network (NDN) as a communication enabler. The communication is achieved using the content name instead of the host address. NDN integrates content caching at the network level rather than the application level. Hence, the network becomes aware of content caching and delivering. The content caching is a fundamental element in VNDN communication. However, due to the limitations of the cache store, only the most used content should be cached while the less used should be evicted. Traditional caching replacement policies may not work efficiently in VNDN due to the large and diverse exchanged content. To solve this issue, we propose an efficient cache replacement policy that takes the quality of service into consideration. The idea consists of classifying the traffic into different classes, and split the cache store into a set of sub-cache stores according to the defined traffic classes with different storage capacities according to the network requirements. Each content is assigned a popularity-density value that balances the content popularity with its size. Content with the highest popularity-density value is cached while the lowest is evicted. Simulation results prove the efficiency of the proposed solution to enhance the overall network quality of service.

2020-05-15
Wang, Shaolei, Zhou, Ying, Li, Yaowei, Guo, Ronghua, Du, Jiawei.  2018.  Quantitative Analysis of Network Address Randomization's Security Effectiveness. 2018 IEEE 18th International Conference on Communication Technology (ICCT). :906—910.

The quantitative security effectiveness analysis is a difficult problem for the research of network address randomization techniques. In this paper, a system model and an attack model are proposed based on general attacks' attack processes and network address randomization's technical principle. Based on the models, the network address randomization's security effectiveness is quantitatively analyzed from the perspective of the attacker's attack time and attack cost in both static network address and network address randomization cases. The results of the analysis show that the security effectiveness of network address randomization is determined by the randomization frequency, the randomization space, the states of hosts in the target network, and the capabilities of the attacker.

2020-04-13
Phan, Trung V., Islam, Syed Tasnimul, Nguyen, Tri Gia, Bauschert, Thomas.  2019.  Q-DATA: Enhanced Traffic Flow Monitoring in Software-Defined Networks applying Q-learning. 2019 15th International Conference on Network and Service Management (CNSM). :1–9.
Software-Defined Networking (SDN) introduces a centralized network control and management by separating the data plane from the control plane which facilitates traffic flow monitoring, security analysis and policy formulation. However, it is challenging to choose a proper degree of traffic flow handling granularity while proactively protecting forwarding devices from getting overloaded. In this paper, we propose a novel traffic flow matching control framework called Q-DATA that applies reinforcement learning in order to enhance the traffic flow monitoring performance in SDN based networks and prevent traffic forwarding performance degradation. We first describe and analyse an SDN-based traffic flow matching control system that applies a reinforcement learning approach based on Q-learning algorithm in order to maximize the traffic flow granularity. It also considers the forwarding performance status of the SDN switches derived from a Support Vector Machine based algorithm. Next, we outline the Q-DATA framework that incorporates the optimal traffic flow matching policy derived from the traffic flow matching control system to efficiently provide the most detailed traffic flow information that other mechanisms require. Our novel approach is realized as a REST SDN application and evaluated in an SDN environment. Through comprehensive experiments, the results show that-compared to the default behavior of common SDN controllers and to our previous DATA mechanism-the new Q-DATA framework yields a remarkable improvement in terms of traffic forwarding performance degradation protection of SDN switches while still providing the most detailed traffic flow information on demand.
2020-03-30
Brito, J. P., López, D. R., Aguado, A., Abellán, C., López, V., Pastor-Perales, A., la Iglesia, F. de, Martín, V..  2019.  Quantum Services Architecture in Softwarized Infrastructures. 2019 21st International Conference on Transparent Optical Networks (ICTON). :1–4.
Quantum computing is posing new threats on our security infrastructure. This has triggered a new research field on quantum-safe methods, and those that rely on the application of quantum principles are commonly referred as quantum cryptography. The most mature development in the field of quantum cryptography is called Quantum Key Distribution (QKD). QKD is a key exchange primitive that can replace existing mechanisms that can become obsolete in the near future. Although QKD has reached a high level of maturity, there is still a long path for a mass market implementation. QKD shall overcome issues such as miniaturization, network integration and the reduction of production costs to make the technology affordable. In this direction, we foresee that QKD systems will evolve following the same path as other networking technologies, where systems will run on specific network cards, integrable in commodity chassis. This work describes part of our activity in the EU H2020 project CiViQ in which quantum technologies, as QKD systems or quantum random number generators (QRNG), will become a single network element that we define as Quantum Switch. This allows for quantum resources (keys or random numbers) to be provided as a service, while the different components are integrated to cooperate for providing the most random and secure bit streams. Furthermore, with the purpose of making our proposal closer to current networking technology, this work also proposes an abstraction logic for making our Quantum Switch suitable to become part of software-defined networking (SDN) architectures. The model fits in the architecture of the SDN quantum node architecture, that is being under standardization by the European Telecommunications Standards Institute. It permits to operate an entire quantum network using a logically centralized SDN controller, and quantum switches to generate and to forward key material and random numbers across the entire network. This scheme, demonstrated for the first time at the Madrid Quantum Network, will allow for a faster and seamless integration of quantum technologies in the telecommunications infrastructure.
Mao, Huajian, Chi, Chenyang, Yu, Jinghui, Yang, Peixiang, Qian, Cheng, Zhao, Dongsheng.  2019.  QRStream: A Secure and Convenient Method for Text Healthcare Data Transferring. 2019 41st Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC). :3458–3462.
With the increasing of health awareness, the users become more and more interested in their daily health information and healthcare activities results from healthcare organizations. They always try to collect them together for better usage. Traditionally, the healthcare data is always delivered by paper format from the healthcare organizations, and it is not easy and convenient for data usage and management. They would have to translate these data on paper to digital version which would probably introduce mistakes into the data. It would be necessary if there is a secure and convenient method for electronic health data transferring between the users and the healthcare organizations. However, for the security and privacy problems, almost no healthcare organization provides a stable and full service for health data delivery. In this paper, we propose a secure and convenient method, QRStream, which splits original health data and loads them onto QR code frame streaming for the data transferring. The results shows that QRStream can transfer text health data smoothly with an acceptable performance, for example, transferring 10K data in 10 seconds.
2020-03-16
Ablaev, Farid, Andrianov, Sergey, Soloviev, Aleksey.  2019.  Quantum Electronic Generator of Random Numbers for Information Security in Automatic Control Systems. 2019 International Russian Automation Conference (RusAutoCon). :1–5.

The problems of random numbers application to the information security of data, communication lines, computer units and automated driving systems are considered. The possibilities for making up quantum generators of random numbers and existing solutions for acquiring of sufficiently random sequences are analyzed. The authors found out the method for the creation of quantum generators on the basis of semiconductor electronic components. The electron-quantum generator based on electrons tunneling is experimentally demonstrated. It is shown that it is able to create random sequences of high security level and satisfying known NIST statistical tests (P-Value\textbackslashtextgreater0.9). The generator created can be used for formation of both closed and open cryptographic keys in computer systems and other platforms and has great potential for realization of random walks and probabilistic computing on the basis of neural nets and other IT problems.

Ullah, Faheem, Ali Babar, M..  2019.  QuickAdapt: Scalable Adaptation for Big Data Cyber Security Analytics. 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS). :81–86.
Big Data Cyber Security Analytics (BDCA) leverages big data technologies for collecting, storing, and analyzing a large volume of security events data to detect cyber-attacks. Accuracy and response time, being the most important quality concerns for BDCA, are impacted by changes in security events data. Whilst it is promising to adapt a BDCA system's architecture to the changes in security events data for optimizing accuracy and response time, it is important to consider large search space of architectural configurations. Searching a large space of configurations for potential adaptation incurs an overwhelming adaptation time, which may cancel the benefits of adaptation. We present an adaptation approach, QuickAdapt, to enable quick adaptation of a BDCA system. QuickAdapt uses descriptive statistics (e.g., mean and variance) of security events data and fuzzy rules to (re) compose a system with a set of components to ensure optimal accuracy and response time. We have evaluated QuickAdapt for a distributed BDCA system using four datasets. Our evaluation shows that on average QuickAdapt reduces adaptation time by 105× with a competitive adaptation accuracy of 70% as compared to an existing solution.