Mobile, Secure, and Programmable Networking

Most widely-used protocols for end-to-end security, such as TLS and its datagram variant DTLS, are highly computation-intensive and introduce significant communication overheads, which makes them impractical for resource-restricted IoT devices. The recently-introduced Disco protocol framework provides a clean and well-documented basis for the design of strong end-to-end security with lower complexity than the (D)TLS protocol and no legacy baggage. Disco consists of two sub-protocols, namely Noise (known from e.g., WhatsApp) and Strobe, and is rather minimalist in terms of cryptography since it requires only an elliptic curve in Montgomery form and a cryptographic permutation as basic building blocks. In this paper, we present IoTDisco, an optimized implementation of the Disco protocol for 16-bit TI MSP430 microcontrollers. IoTDisco is based on David Wong’s EmbeddedDisco software and contains hand-written Assembly code for the prime-field arithmetic of Curve25519. However, we decided to replace the Keccak permutation of EmbeddedDisco by Xoodoo to reduce both the binary code size and RAM footprint. The experiments we conducted on a Zolertia Z1 device (equipped with a MSP430F2617 microcontroller) show that IoTDisco is able to perform the computational part of a full Noise NK handshake in 26.2 million clock cycles, i.e., 1.64 s when the MSP430 is clocked at 16 MHz. IoTDisco’s RAM footprint amounts to 1.4 kB, which is less than 17% of the overall RAM capacity (8 kB) of the Zolertia Z1.

Deep Learning (DL) techniques are effective for designing network intrusion detection systems (NIDS) but they lack leveraging IoT network topology. In the meanwhile, Graph Neural Networks (GNNs) consider both statistical properties and topological dependencies outperforming DL in complex IoT systems. However, three improvements are required: 1) Scalability as GNNs are more suitable for offline analysis with a static dependency graph. 2) Current GNNs focus on homogeneous graphs with topological dependencies; thus, including temporal aspects in heterogeneous graphs would improve the overall performance. 3) IoT time and resource constraints require optimized resource usage for efficient intrusion detection. To address these challenges, we propose StrucTemp-GNN a dynamic heterogeneous GNN-based NIDS for IoT networks. The method leverages both structural and temporal dependencies, giving rise to its name, Structural-Temporal GNN. Real-time intrusion detection is enabled by constructing a dynamic graph from incoming IoT data flows, incorporating structural and temporal information. The lightweight GNN model achieves fast and accurate intrusion detection. It has been evaluated on four new IoT datasets and has proven efficient in both binary and multiclass classification.

Fast and reliable identification of cyber attacks in network systems of smart cities is currently a critical and demanding task. Machine learning algorithms have been used for intrusion detection, but the existing data sets intended for their training are often imbalanced, which can reduce the effectiveness of the proposed model. Oversampling and undersampling techniques can solve the problem but have limitations, such as the risk of overfitting and information loss. Furthermore, network data logs are noisy and inconsistent, making it challenging to capture essential patterns in the data accurately. To address these issues, this study proposes using Generative Adversarial Networks to generate synthetic network traffic data. The results offer new insight into developing more effective intrusion detection systems, especially in the context of smart cities’ network infrastructure.

In urban environments, traffic networks are characterized by fixed distances between nodes, representing intersections or landmarks. Efficiently identifying the shortest path between any two nodes is crucial for various applications, such as route optimization for emergency services, ride-sharing algorithms, and general traffic management. Traditional methods like Dijkstra’s algorithm are computationally intensive, especially for large-scale networks. To address this challenge, we propose a novel approach that precomputes and stores the shortest paths in a dedicated database hosted on a server system. Our methodology leverages the RAO algorithm, an advanced optimization technique, to solve the shortest path problem. Unlike conventional methods, the RAO algorithm adapts to varying conditions and constraints, making it highly suitable for dynamic urban traffic networks. We construct a comprehensive database that contains pre-calculated shortest paths between any two nodes, thereby significantly reducing real-time computational load. To validate the effectiveness of our approach, we conducted experiments on networks of varying complexities: 6-node, 8-node, and 20-node configurations. These experiments serve to emulate different scales of urban traffic networks. We compared the performance of our RAO-based solution with the Particle Swarm Optimization (PSO) algorithm, using Dijkstra’s algorithm as a baseline for evaluation. Our results indicate a marked improvement in computational efficiency and accuracy when using the RAO algorithm. Specifically, the RAO-based solution outperformed the PSO algorithm across all test cases, thereby confirming its suitability for real-world applications. Our research introduces a scalable and efficient solution for precomputing shortest paths in urban traffic networks using the RAO algorithm.

This article presents singularization, a new family of Moving Target Defense (MTD) strategy that we propose to strengthen the robustness of sensitive applets on SIMs without needing a full replacement of SIMs.

To address the increasing complexity of network management and the limitations of data repositories in handling the various network operational data, this paper proposes a novel repository design that uniformly represents network operational data while allowing for a multiple abstractions access to the information. This smart repository simplifies network management functions by enabling network verification directly within the repository. The data is organized in a knowledge graph compatible with any general-purpose graph database, offering a comprehensive and extensible network repository. Performance evaluations confirm the feasibility of the proposed design. The repository’s ability to natively support ‘what-if’ scenario evaluation is demonstrated by verifying Border Gateway Protocol (BGP) route policies and analyzing forwarding behavior with virtual Traceroute.

In recent years, there has been an alarming increase in cyberattacks targeting connected medical devices. Distributed denial of service (DDoS) and botnet attacks are particularly common, and many vulnerabilities in IoT systems make these devices particularly vulnerable. Traditional intrusion detection techniques often fall short in addressing these threats. To overcome this challenge, we propose a deep learning-based intrusion detection system (IDS) for connected medical devices that utilizes four different architectures: multi-layer perceptron (MLP), long short-term memory (LSTM), convolutional neural network (CNN), and hybrid CNN-LSTM. We evaluated our system on the UNSW-NB15 and Edge-IIoTset datasets, and achieved a classification accuracy of 99.8% for binary classification and 96% for multiclass classification, with a false alarm rate of less than 2%. Our results show that deep learning can be an effective tool for detecting fraud attacks in connected medical devices. This research aims to enhance the security posture of medical IoT systems and mitigate potential risks.

The domain of animal healthcare mandates robust mechanisms for maintaining the sanctity, reachability, and security of medical record. This paper delineates a cutting-edge methodology to overhaul traditional animal medical record handling by utilizing blockchain techniques. Through the strategic incorporation of Non-Fungible Tokens (NFTs), the InterPlanetary File System (IPFS), and Smart Contracts, we propose a versatile system that refines data retrieval and modification processes, bolstering both accountability and dependability. At the heart of our strategy lies a pioneering decentralized framework, empowering veterinary professionals with the tools to input, retrieve, and edit medical records, all the while being enveloped by rigorous access and identity validation measures. The inherent decentralized properties of IPFS furnish steadfast and immutable data retention capabilities, whilst the NFTs encapsulate the distinct medical trajectories of each animal. Through the symbiotic relationship of Smart Contracts, a fluid and unalterable lineage of medical logs is preserved. As a marked departure from traditional paradigms, our blueprint promises augmented safety, streamlined data operations, and unparalleled lucidity, marking the dawn of a transformative phase in animal healthcare.

In the rapidly evolving landscape of medical record management, the traditional methods often grapple with issues related to data security, integrity, and accessibility. This paper introduces a groundbreaking approach to pediatric medical data management by leveraging the robust capabilities of blockchain, Non-Fungible Tokens (NFTs), InterPlanetary File System (IPFS), and distributed ledgers. Our proposed model meticulously addresses the limitations of the conventional systems by ensuring data immutability, transparency, and decentralized control. Starting with the creation of a unique Global ID for children, we outline a detailed 10-step approach to data storage, query, and update, emphasizing the pivotal roles of smart contracts and NFTs in guaranteeing data authenticity and uniqueness. The implementation section delves deeper into the intricacies of transaction creation, data query, and update mechanisms, underscoring the importance of secure interfaces, rigorous verification processes, and seamless synchronization with decentralized storage solutions. With the confluence of these advanced technologies, our approach promises a transformative shift in pediatric healthcare, simplifying processes for healthcare professionals and ensuring data security and privacy for patients.

Fully Homomorphic Encryption is a powerful tool for processing encrypted data and is particularly adapted to the type of programs that are common in machine learning (ML). On tabular data, tree-based ML models obtain state-of-the-art results, are more robust, and are easier to use and deploy than neural networks. We introduce an implementation of privacy-preserving decision tree evaluation based on the TFHE scheme, leveraging optimized representations for encrypted integer and TFHE’s powerful programmable bootstrapping mechanism. Our technique is applicable to decision trees, random forests, and gradient boosted trees. We demonstrate our approach on popular datasets and show that accuracy on encrypted data is very close the one obtained by the same models applied to clear data, while latency is competitive with the state of the art.

The field of Artificial Intelligence (AI) has a significant impact on the way computers and humans interact. The topic of (facial) emotion recognition has gained a lot of attention in recent years. Majority of research literature focuses on improvement of algorithms and Machine Learning (ML) models for single data sets. Despite the impressive results achieved, the impact of the (training) data quality with its potential biases and annotation discrepancies is often neglected. Therefore, this paper demonstrates an approach to detect and evaluate annotation label discrepancies between three separate (facial) emotion recognition databases by Transfer Testing with three ML architectures. The findings indicate Transfer Testing to be a new promising method to detect inconsistencies in data annotations of emotional states, implying label bias and/or ambiguity. Therefore, Transfer Testing is a method to verify the transferability of trained ML models. Such research is the foundation for developing more accurate AI-based emotion recognition systems, which are also robust in real-life scenarios.

A gait provides the characteristics of a person’s walking style and hence is classified as personal identifiable information. There have been several studies for personal identification using gait, including works using hardware such as depth sensors and studies using silhouette image sequences of gait. However, these methods were designed specialized for tracking a single walking person and the accuracy reduction when multiple people are simultaneously reflected in several angles of view is not clear yet. In addition, dependencies on hardware-based methods is not clarified yet. In this study, we focus on Kinect and OpenPose, the representative gait identification techniques with a function to detect multiple people simultaneously in real time. We investigate how many people can be identified for these devices and with the accuracy for tracking.

This study proposes an integrated approach to image similarity measurement by extending traditional methods that concentrate on local features to incorporate global information. Global information, including background, colors, spatial representation, and object relations, can leverage the ability to distinguish similarity based on the overall context of an image using natural process techniques. We employ Video-LLaMA model to extract textual descriptions of images through question prompts, and apply cosine similarity metrics, BERTScore, to quantify image similarities. We conduct experiments on images of the same and different topics using various pre-trained language model configurations. To validate the coherence of the generated text descriptions with the actual theme of the image, we generate images using DALL-E 2 and evaluate them using human judgement. Key findings demonstrate the effectiveness of pre-trained language models in distinguishing between images depicting similar and different topics with a clear gap in similarity.

Large-scale mainframe applications written in outdated languages such as COBOL still form the core of the enterprise IT in many organizations, even though their flexibility and maintainability declines continuously. Their manual re-implementation in modern languages like Java is usually economically not feasible. Automated code conversion of legacy programs usually produces poor quality code in the target language, even with recent AI tools such as ChatGPT. In addition, code conversion recovers dead or unnecessary code artifacts in the new language. Therefore, in this paper we explore a novel approach, which does not convert the legacy code, but instead uses the existing input/output data to generate program tokens through program synthesis. These tokens are subsequently translated into input tokens and submitted to ChatGPT to produce the target code. The approach is illustrated and evaluated by means of a semi-realistic example program. The obtained results look promising, but need to be further investigated.

Recent advances in Artificial Intelligence (AI) have accelerated the adoption of AI at a pace never seen before. Large Language Models (LLM) trained on tens of billions of parameters show the crucial importance of parallelizing models. Different techniques exist for distributing Deep Neural Networks but they are challenging to implement. The cost of training GPU-based architectures is also becoming prohibitive. In this document we present a distributed approach that is easier to implement where data and model are distributed in processing units hosted on a cluster of machines based on CPUs or GPUs. Communication is done by message passing. The model is distributed over the cluster and stored locally or on a datalake. We prototyped this approach using open sources libraries and we present the benefits this implementation can bring.