Security and Privacy in Communication Networks

To protect sensitive resources from unauthorized use, modern mobile systems, such as Android and iOS, design a permission-based access control model. However, current model could not enforce fine-grained control over the dynamic permission use contexts, causing two severe security problems. First, any code package in an application could use the granted permissions, inducing attackers to embed malicious payloads into benign apps. Second, the permissions granted to a benign application may be utilized by an attacker through vulnerable application interactions. Although ad hoc solutions have been proposed, none could systematically solve these two issues within a unified framework.This paper presents the first such framework to provide context-sensitive permission enforcement that regulates permission use policies according to system-wide application contexts, which cover both intra-application context and inter-application context. We build a prototype system on Android, named FineDroid, to track such context during the application execution. To flexibly regulate context-sensitive permission rules, FineDroid features a policy framework that could express generic application contexts. We demonstrate the benefits of FineDroid by instantiating several security extensions based on the policy framework, for two potential users: administrators and developers. Furthermore, FineDroid is showed to introduce a minor overhead.

With the popularity of Android devices, more and more Android malware are manufactured every year. How to filter out malicious app is a serious problem for app markets. In this paper, we propose DroidADDMiner, an efficient and precise system to detect, classify and characterize Android malware. DroidADDMiner is a machine learning based system that extracts features based on data dependency between sensitive APIs. It extracts API data dependence paths embedded in app to construct feature vectors for machine learning. While DroidSIFT [13] also attempts automated detection of Android applications according to data flow analysis, DroidADDMiner can not only reduce the run time but also characterize malware’s behaviors automatically. We implement DroidADDMiner based on FlowDroid [14] and evaluate it using 5648 malware samples and 14280 benign apps. Experiments show that, for malware detection, DroidADDMiner achieves a 98% detection rate, with a 0.3% false positive rate. For malware classification, the accuracy of classifying malicious apps under their proper family labels is 96%. Although performing data flow analysis, most of the experimental samples can be examined in 60 seconds.

Nowadays, many daily duties being of a private as well as of a business nature are handled with the help of online services. Due to migrating formerly local desktop applications into clouds (e.g., Microsoft Office Online, etc.), services become available by logging in into a user account through a web browser. But possibilities for authenticating a user in a web browser are limited and employing a username with a password is still de facto standard, disregarding open security or usability issues. Notwithstanding new developments on that subject, there is no sufficient alternative available. In this paper, we specify the requirements for a secure, easy-to-use, and third-party-independent authentication architecture. Moreover, we present KeyPocket, a user-centric approach aligned to these requirements with the help of the user’s smartphone. Subsequently, we present its state of implementation and discuss its individual capabilities and features.

We propose Dagger, a lightweight system to dynamically vet sensitive behaviors in Android apps. Dagger avoids costly instrumentation of virtual machines or modifications to the Android kernel. Instead, Dagger reconstructs the program semantics by tracking provenance relationships and observing apps’ runtime interactions with the phone platform. More specifically, Dagger uses three types of low-level execution information at runtime: system calls, Android Binder transactions, and app process details. System call collection is performed via Strace [7], a low-latency utility for Linux and other Unix-like systems. Binder transactions are recorded by accessing Binder module logs via sysfs [8]. App process details are extracted from the Android /proc file system [6]. A data provenance graph is then built to record the interactions between the app and the phone system based on these three types of information. Dagger identifies behaviors by matching the provenance graph with the behavior graph patterns that are previously extracted from the internal working logic of the Android framework. We evaluate Dagger on both a set of over 1200 known malicious Android apps, and a second set of 1000 apps randomly selected from a corpus of over 18,000 Google Play apps. Our evaluation shows that Dagger can effectively vet sensitive behaviors in apps, especially for those using complex obfuscation techniques. We measured the overhead based on a representative benchmark app, and found that both the memory and CPU overhead are less than 10%. The runtime overhead is less than 63%, which is significantly lower than that of existing approaches.

Although many approaches have been proposed to protect mobile privacy through techniques such as isolated execution, existing mechanisms typically work at the app-level. As many apps themselves might contain vulnerability, it is desirable to split the execution of an app into normal components and sensitive components, such that the execution of sensitive components of an app can be isolated and their private data are protected from accesses by the normal components.This paper proposes SplitDroid, an OS-level virtualization technique to support the split-execution of an app in order to isolate the execution of sensitive components and protect its private data. SplitDroid is enabled by porting the Linux Container to the Android environment and the ability to split Android apps through programming and runtime support. We also introduce a secure network channel to allow communication between the isolated component and normal Android apps, such that non-privacy-related information can be interchanged to ensure its correct execution. Finally, we demonstrate the feasibility and effectiveness of SplitDroid through a case study.

In this paper we present a novel approach to ensure that no malicious code can be executed on resource constraint devices such as sensor nodes or embedded devices. The core idea is to encrypt the code and to decrypt it after reading it from the memory. Thus, if the code is not encrypted with the correct key it cannot be executed due the incorrect result of the decryption operation. A side effect of this is that the code is protected from being copied. In addition we propose to bind instructions to their predecessors by cryptographic approaches. This helps us to prevent attacks that reorder authorized code such as return-oriented programming attacks. We present a thorough security analysis of our approach as well as simulation results that prove the feasibility of our approach. The performance penalty as well as the area penalty depend mainly on the cipher algorithm used. The former can be as small as a single clock cycle if Prince a latency optimized block cipher is used, while the area overhead is 45 per cent for a commodity micro controller unit (MCU).

Kernel driver purification is a technique used for detecting and eliminating malicious code embedded in kernel drivers. Ideally, only the benign functionalities remain after purification. As many kernel drivers are distributed in binary format, a kernel driver purifier is effective against existing kernel rootkits. However, in this paper, we demonstrate that an attacker is able to defeat such purification mechanisms through two different approaches: (1) by exploiting self-checksummed code or (2) by avoiding calling kernel APIs. Both approaches would allow arbitrary code to be injected into a kernel driver. Based on the two proposed offensive schemes, we implement prototypes of both types of rootkits and validate their efficacy through real experiments. Our evaluation results show that the proposed rootkits can defeat the current purification techniques. Moreover, these rootkits retain the same functionalities as those of real world rootkits, and only incur negligible performance overhead.

Altering in-memory kernel data, attackers are able to manipulate the running behaviors of operating systems without injecting any malicious code. This type of attack is called kernel data attack. Intuitively, the security impact of such an attack seems minor, and thus, it has not yet drawn much attention from the security community. In this paper, we thoroughly investigate kernel data attack, showing that its damage could be as serious as kernel rootkits, and then propose countermeasures. More specifically, by tampering with kernel data, we first demonstrate that attackers can stealthily subvert various kernel security mechanisms. Then, we further develop a new keylogger called DLOGGER, which is more stealthy than existing keyloggers. Instead of injecting any malicious code, it only alters kernel data and leverages existing benign kernel code to build a covert channel, through which attackers can steal sensitive information. Therefore, existing defense mechanisms including those deployed at hypervisor level that search for hidden processes/hidden modules, or monitor kernel code integrity, will not be able to detect DLOGGER. To counter against kernel data attack, by classifying kernel data into different categories and handling them separately, we propose a defense mechanism and evaluate its efficacy with real experiments. Our experimental results show that our defense is effective in detecting kernel data attack with negligible performance overhead.

Cybercrime caused by malware becomes a persistent and damaging threat which makes the trusted security solution urgently demanded, especially for resource-constrained ends. The existing industry and academic approaches provide available anti-malware systems based on different perspectives. However, it is hard to achieve high performance detection and data privacy protection simultaneously. This paper proposes a cloud-based anti-malware system, called RScam, which provides fast and trusted security service for the resource-constrained ends. In RScam, we present suspicious bucket filtering, a novel signature-based detection mechanism based on the reversible sketch structure, which provides retrospective and accurate orientations of malicious signature fragments. Then we design a lightweight client which utilizes the digest of signature fragments to sharply reduce detection range. Finally, we design balanced interaction mechanism, which transmits sketch coordinates of suspicious file fragments and transformation of malicious signature fragments between the client and cloud server to protect data privacy and reduce traffic volume. We evaluate the performance of RScam with campus suspicious traffic and normal files. The results demonstrate validity and veracity of the proposed mechanism. Our system can outperform other existing systems with less time and traffic consumption.

Today, various anomalies and large number of flows in a network make traffic anomaly detection a big challenge. In this paper, we propose DTE-FP (Dual qTsallis Entropy for flow Feature with Properties), a more efficient method for traffic anomaly detection. To handle huge amount of traffic, based on Hadoop, we implement a network traffic anomaly detection system named TADOOP, which supports semi-automatic training and both offline and online traffic anomaly detection. TADOOP with a cluster of five servers has been deployed in Tsinghua University Campus Network. Furthermore, we compare DTE-FP with Tsallis entropy, and the experimental results show that DTE-FP has much better detection capability than Tsallis entropy.

Recent years have seen many virtualization-based Isolated Execution Environments (IEE) proposed in the literature to protect a Piece of Application Logic (PAL) against attacks from an untrusted guest kernel. A prerequisite of these IEE system is that the PAL is small and self-contained. Therefore, a PAL is deprived of channels to interact with the external execution environment including the kernel and application libraries. As a result, the PAL can only perform limited tasks such as memory-resident computation with inflexible utilization of system resources. To protect more sophisticated tasks, the application developer has to segment it into numerous PALs satisfying the IEE prerequisite, which inevitably lead to development inefficiency and more erroneous code. In this paper, we propose SuperCall, a new function call interface for a PAL to safely and efficiently call external untrusted code in both the kernel and user spaces. It not only allows flexible interactions between a PAL and untrusted environments, but also improved the utilization of resources, without compromising the security of the PAL. We have implemented SuperCall on top of a tiny hypervisor. To demonstrate and evaluate SuperCall, we use it to build a PAL as part of a password checking program. The experiment results show that SuperCall improves the development efficiency and incurs insignificant performance overhead.

Cloud computing brings abundant benefits to our lives nowadays, including easy data access, flexible management, and cost saving. However, due to the concern for privacy, most of us are reluctant to use it. To protect privacy while making full use of cloud data, secure keyword search is proposed and attracts many researchers’ interests. However, all of the previous researches are based on a weak threat model, i.e., they all assume the cloud to be “curious but honest”. Different from the previous works, in this paper, we consider a more challenging model where the cloud server would probably be compromised. To achieve a privacy preserving and personalized multi-keyword search, we first formulate different users’ preference with a preference vector, and then adopt the secure k nearest neighbor (KNN) technique to find the most relevant files corresponding to the personalized search request. To verify the dynamic top-k search results, we design a novel Multi-Attribute Authentication Tree (MAAT). In particular, we propose an optimization scheme to reduce the size of verification objects so that the communication cost between the cloud and data users is tunable. Finally, by doing extensive experiments, we confirm that our proposed schemes can work efficiently.

On today’s online social networks (OSNs), users need to reveal their content and their sharing patterns to a central provider. Though there are proposals for decentralized OSNs to protect user privacy, they have paid scant attention to optimizing the cost borne by users or hiding their sharing patterns. In this paper, we present Hermes, a decentralized OSN architecture, designed explicitly with the goal of hiding sharing patterns while minimizing users’ costs. In doing so, Hermes tackles three key challenges: 1) it enables timely and consistent sharing of content, 2) it guarantees the confidentiality of posted private content, and 3) it hides sharing patterns from untrusted cloud service providers and users outside a private group. With extensive analyses of Hermes using traces of shared content on Facebook, we estimate that the cost borne per user will be less than $5 per month for over 90% of users. Our prototype implementation of Hermes demonstrates that it only adds minimal overhead to content sharing.

Mobile devices are becoming increasingly popular. One reason for their popularity is the availability of a wide range of third-party applications, which enrich the environment and increase usability. There are however privacy concerns centered around these applications – users do not know what private data is leaked by the applications. Previous works to detect privacy leakages are either not accurate enough or require operating system changes, which may not be possible due to users’ lack of skills or locked devices. We present Uranine (Uranine is a dye, which finds applications as a flow tracer in medicine and environmental studies.), a system that instruments Android applications to detect privacy leakages in real-time. Uranine does not require any platform modification nor does it need the application source code. We designed several mechanisms to overcome the challenges of tracking information flow across framework code, handling callback functions, and expressing all information-flow tracking at the bytecode level. Our evaluation of Uranine shows that it is accurate at detecting privacy leaks and has acceptable performance overhead.

We explore practicality of using power consumption as a non-destructive non-interrupting method to check integrity of software in a microcontroller. We explore whether or not instructions can lead to consistently distinguishable side-channel information, and if so, how the side-channel characteristics differ. Our experiments show that data dependencies rather than instruction operation dependencies are dominant, and can be utilized to provide practical side-channel-based methods for software integrity checking. For a subset of the instruction set, we further show that the discovered data dependencies can guarantee transformation of a given input into a unique output, so that any tampering with the program by a side-channel-aware attacker can either be detected from power measurements, or lead to the same unique set of input and output.

A hardware trojan (HT) is produced through the malicious tampering of an integrated circuit design. Depending on its placement and purpose, an HT may cause data leakage or corruption, computational errors, reduced system performance, and temporary or permanent denial-of-service through the disabling or destruction of the chip. The varied geographic locales involved in designing, fabricating, and testing a design allow an attacker ample opportunity to insert an HT. In this paper we propose a method to enable the remote activation of HT, via a covert temperature channel, across a network. Through experimentation, our activation method is shown to be feasible on modern computers. In addition, its design is tolerant of process variation to ensure that it can be reliably fabricated. The design was validated using industry standard STMicroelectronics 65 nm technology and shown to be undetectable against present detection techniques. We discuss the major challenges associated with such HT and future research needs to address them.

Route leaks have become an important security problem of inter-domain routing. Operators increasingly suffer from large-scale or small-scale route leak incidents in recent years. Route leaks can redirect traffic to unintended networks, which puts the traffic at risk of Man-in-the-Middle attack. Unlike other security threats such as prefix hijacking that advertises bogus BGP route, route leaks announce routes which are true but in violation of routing policies to BGP neighbors. Since the routing policies are usually kept confidential, detecting route leaks in the Internet is a challenging problem. In this paper, we reveal a link between routing loops and route leaks. We find that some route leaks may cause routing loops. Hence detecting routing loops is expected to be able to identify route leaks. We provide theoretical analysis to confirm the expectation, and further propose a detection mechanism which can identify the leaked route as well as the perpetrator AS. Our mechanism does not require information about routing policies. It passively monitors BGP routes to detect route leaks and hence it is lightweight and easy to deploy. The evaluation results show that our mechanism can detect a lot of route leaks that occur in the Internet per day.

The security of network services and their protocols critically depends on minimizing their attack surface. A single flaw in an implementation can suffice to compromise a service and expose sensitive data to an attacker. The discovery of vulnerabilities in protocol implementations, however, is a challenging task: While for standard protocols this process can be conducted with regular techniques for auditing, the situation becomes difficult for proprietary protocols if neither the program code nor the specification of the protocol are easily accessible. As a result, vulnerabilities in closed-source implementations can often remain undiscovered for a longer period of time. In this paper, we present Pulsar, a method for stateful black-box fuzzing of proprietary network protocols. Our method combines concepts from fuzz testing with techniques for automatic protocol reverse engineering and simulation. It proceeds by observing the traffic of a proprietary protocol and inferring a generative model for message formats and protocol states that can not only analyze but also simulate communication. During fuzzing this simulation can effectively explore the protocol state space and thereby enables uncovering vulnerabilities deep inside the protocol implementation. We demonstrate the efficacy of Pulsar in two case studies, where it identifies known as well as unknown vulnerabilities.

As the Domain Name System (DNS) plays an indispensable role in a large number of network applications including those used for malicious purposes, collecting and sharing DNS traffic from real networks are highly desired for a variety of purposes such as measurements and system evaluation. However, information leakage through the collected network traffic raises significant privacy concerns and DNS traffic is not an exception. In this paper, we study a new privacy risk introduced by passively collected DNS traffic. We intend to derive behavioral fingerprints from DNS traces, where each behavioral fingerprint targets at uniquely identifying its corresponding user and being immune to the change of time. We have proposed a set of new patterns, which collectively form behavioral fingerprints by characterizing a user’s DNS activities through three different perspectives including the domain name, the inter-domain relationship, and domains’ temporal behavior. We have also built a distributed system, namely DNSMiner, to automatically derive DNS-based behavioral fingerprints from a massive amount of DNS traces. We have performed extensive evaluation based on a large volume of DNS queries collected from a large campus network across two weeks. The evaluation results have demonstrated that a significant percentage of network users with persistent DNS activities are likely to have DNS behavioral fingerprints.

Hidden service is a very important feature of Tor, which supports server operators to provide a variety of Internet services without revealing their locations. A large number of users rely on Tor hidden services to protect their anonymity. Around 30,000 servers are running hidden services every day [21]. However, hidden services are particularly vulnerable to traffic analysis attacks especially when the entry guard of a hidden server is compromised by an adversary. In this paper, we propose a multipath routing scheme for Tor hidden servers (mTorHS) to defend against traffic analysis attacks. By transferring data through multiple circuits between the hidden server and a special server rendezvous point (SRP), mTorHS is able to exploit flow splitting and flow merging to eliminate inter-cell correlations of the original flow. Experiments on the Shadow simulator [11] show that our scheme can effectively mitigate the risk of traffic analysis even when robust watermarking techniques are used.

Network scans, a form of network attacker reconnaissance, often preface dangerous attacks. While many anomaly-based network scan detection methods are available, they are rarely implemented in real networks due to high false positive rates and a lack of justification for the chosen attribute sets and machine learning algorithms. In this paper, we propose a new method of scan detection by selecting and testing combinations of attribute sets, machine learning algorithms, and lower bounded data to find a Local Optimal Model.

This paper considers exploiting browsers for attacking Web servers. We demonstrate the generation of HTTP traffic to third-party domains without the user’s knowledge, that can be used e.g. for Denial of Service attacks.Our attack is primarily possible since Cross Origin Resource Sharing does not restrict WebSocket communications. We show an HTTP-based DoS attack with a proof of concept implementation, analyse its impact against Apache and Nginx, and compare the effectiveness of our attack to two common attack tools.In the course of our work we identified two new vulnerabilities in Chrome and Safari, i.e. two thirds of all browsers in use, that turn these browsers into attack tools comparable to known DoS applications like LOIC.

We consider a special type of multicast communications existing in many emerging applications such as smart grids, social networks, and body area networks, in which the multicast destinations are specified by an access structure defined by the data source based on a set of attributes and carried by the multicast message. A challenging issue is to secure these multicast communications to address the prevalent security and privacy concerns, i.e., to provide access control, data encryption, and authentication to ensure message integrity and confidentiality. To achieve this objective, we present a signcryption scheme called CP_ABSC based on Ciphertext-Policy Attribute Based Encryption (CP_ABE) [2] in this paper. CP_ABSC provides algorithms for key management, signcryption, and designcryption. It can be used to signcrypt a message/data based on the access rights specified by the message/data itself. A multicast destination can designcrypt a ciphertext if and only if it possesses the attributes required by the access structure of the data. Thus CP_ABSC effectively defines a multicast group based on the access rights of the data. CP_ABSC provides collusion attack resistance, message authentication, forgery prevention, and confidentiality. It can be easily applied to secure push-based multicasts where the data is pushed from the source to multiple destinations and pull-based multicasts where the data is downloaded from a repository by multiple destinations. Compared to CP_ABE, CP_ABSC combines encryption with signature at a lower computational cost for signcryption and a slightly higher cost in designcryption for signature verification.

Access Control (AC) is a well known mechanism that allows access restriction to resources. Nevertheless, it does not provide notification when a resource is retransmitted to an unauthorized third party. To overcome this issue, one can use mechanisms such as Data Loss/Leak Prevention (DLP) or Transmission Control (TC). These mechanisms are based on policies that are defined by security experts. Unfortunately, these policies can contradict existing AC rules, leading to security leakage (i.e. a legitimate user is allowed to send a resource to someone who has no access rights in the AC).In this article, we aim at creating TC policies that are compliant with existing AC policies. To do so, we use a mapping mechanism that generates TC rules directly from existing AC policies. Thanks to the generated rules, our solution can make inferences to improve existing AC and enhance security knowledge between infrastructures.

Protocol signature specifications play an important role in networking and security services, such as Quality of Service(QoS), vulnerability discovery, malware detection, and so on. In this paper, we propose ProParser, a network trace based protocol signature inference system that exploits the embedded contextual correlations of n-grams in protocol messages. In ProParser, we first apply markov field aspect model to discover the contextual relations and spatial structure among n-grams extracted from protocol traces. Next, we perform keyword-based clustering algorithm to cluster messages into extremely cohesive groups, and finally use heuristic ranking rules to generate the signature specifications for the corresponding protocol. We evaluate ProParser on real-world network traces including both textual and binary protocols. We also compare ProParser with the state-of-the-art tool, ProWord, and find that our approach performs more accurately and effectively in practice.

We consider delegation attack in authentication systems in which a credential holder shares their credentials with a third party that we call helper, to allow them to use their account. We motivate this problem and propose a model for non-delegatable authentication and a novel authentication system, based on behavioural biometrics, that achieves non-delegatability. Our main observation is that a user’s behaviour in complex activities such as playing a computer game, provides an imprint of many of their personal traits in the form of measurable features, that can be used to identify them. Carefully selected features will be “hard” to pass on to others, hence providing non-delegatability. As a proof of concept we designed and implemented a computer game (a complex activity), and used the feature points in the game play to construct a user model for authentication. We describe our implementation and experiments to evaluate correctness, security and non-delegatability. Compared to using traditional biometrics, the system enhances user privacy because the user model is with respect to an activity and do not have direct relation to the user’s identifying information. We discuss our results and deployment of the system in practice, and propose directions for future research.

To ensure the security of sensitive data, people need to encrypt them before uploading them to the public storage. Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained sharing of encrypted data. However, ABE lacks user and authority accountability. The user can share his/her secret key without being identified, while key generation center (KGC) can generate any user’s secret key. In this paper, we propose a practical large universe ciphertext-policy ABE (CP-ABE) with user and authority accountability in the white-box model. As embedding the user’s identity information into this user’s secret key directly, the trace stage has only O(1) time overhead. The property of accountability is proved against the dishonest user and KGC in the standard model. We implement our scheme in Charm. Experiments show that CP-ABE of Rouselakis and Waters in CCS 2013 is enhanced in user and authority accountability by our method with small computational cost.

Distributed applications are often composed of autonomous components that are controlled by different stakeholders. Authorization in such a scenario has to be enforced in a decentralized way so that administrators retain control over their respective resources. In this paper, we define a flexible access control model for a data-driven coordination middleware that abstracts the collaboration of autonomous peers. It supports the definition of fine-grained policies that depend on authenticated subject attributes, content properties and context data. To enable peers to act on behalf of others, chained delegation is supported and permissions depend on trust assumptions about nodes along this chain. Besides access to data, also service invocations, dynamic behavior changes and policy updates can be authorized in a unified way. We show how this access control model can be integrated into a secure middleware architecture and provide example policies for simple coordination patterns.

The selection of security countermeasures against current cyber attacks does not generally perform appropriate assessments of the attack and countermeasure impact over the system. In addition, the methodologies used to evaluate and select countermeasures are generally based on assumptions, estimations, and expert knowledge. A great level of subjectivity is considered while estimating parameters such as benefits and importance of the investment in cost sensitive models. We propose in this paper a decision support tool that uses a Return On Response Investment (RORI) metric, and a 3D geometrical model to simulate the impact of attacks and countermeasures on the system. The former is a cost sensitive model used to evaluate, rank and select security countermeasures against complex cyber attacks. The latter, is a tool that represents the impact of attacks and countermeasures in a three dimensional coordinate system. As a result, we are able to automatically select mitigation strategies addressing multiple and complex cyber attacks, that are efficient in stopping the attack and preserve, at the same time, the best service to legitimate users. The implementation of the tool and main results are detailed at the end of the paper to show the applicability of our model.

This paper proposes MpDroid, an API-level multi-policy access control enforcement based on the ‘Rule Set Based Access Control’ (RSBAC) framework. In the MpDroid, we monitor and manage resources, services and Android inter-component communication (ICC) based on multiple policies mechanism, so as to restrict the applications access to the sensitive APIs and prevent privilege escalation attacks. When installing an application, we build the mapping relationships between sensitive APIs and the application capability. Each rule in the user-defined and context policies is regarded as a limitation of the application capability. Moreover, system policy is used for matching the illegal ICC communications. Experimental results showed that we can realize the API-level access control for Android middleware, and prevent the illegal ICC communication on the Android 4.1.4.

We are investigating a novel approach towards reliable and efficient protection of consumer privacy in the Advanced Metering Infrastructure (AMI). In the smart grid, one of the main concerns of consumers is associated with the usage of the smart meters and how utility companies handle energy consumption data, which can potentially reveal sensitive and private information about consumers. Current solutions provide privacy-preserving protocols using zero-knowledge proofs and homomorphic encryption, which work on aggregated smart meter data. There is still lack of an integrated solution that enables privacy preservation with access to fine-grained data such that opportunities of making energy consumption more efficient are not sacrificed. Such access will also enable other forms of advanced intelligent analysis like energy fraud detection. In this regard, we propose a three-tier privacy preservation model that includes secure communication among smart meters, utility company, and a Trusted Third Party (TTP) using Certificateless Public Key Encryption and AES 128. It is a flexible framework allowing protection of consumer privacy such that only consumers can securely retrieve their fine-grained readings through the TTP’s web-portal. This protocol supports dynamic rate utilization as well as data mining for advanced analysis. In addition, the proposed secure framework satisfies computational resource limitations in the Advanced Metering Infrastructure and provides a scalable solution for efficient consumer privacy-preserving billing.

As a kind of covert communication technology, stegangoraphy can transmit cryptography using public cover on the internet. However, the behavior is easy to be found because of the cover distortion. To solve this problem, we define two distortion functions to measure the impact of embedding secret. They are called cover perception distortion (CPD) and statistical property distortion (SPD). Then a security stegangoraphy strategy can be generated adaptively by minimizing the two distortion functions. The experiment results demonstrate the effectiveness of our work.

With users’ increasing awareness of security and privacy issues, Android’s permission mechanism and other existing methods fall short to provide effective protection over user data. This paper presents SARRE, a Semantics-Aware Rule Recommendation and Enforcement system to detect critical information outflows and prevent information leakage. SARRE leverages runtime monitoring and statistical analysis to identify system event paths. Then, an online recommendation algorithm is developed to automatically assign and enforce a semantics-aware security rule to each event path. Our preliminary results on real-world malware samples and popular apps from Google Play show that the recommended rules by our system are effective in preventing information leakage and enabling protection policies for users’ private data.

Industrial plants are heterogeneous networks with different computation and communication capabilities along with different security properties. The optimal operation of a plant requires a balance between communication capabilities and security features. A secure communication data flow with high latency and low bandwidth does not provide the required efficiency in a plant. Therefore, we focus on assessing the relation of security, capacity and timeliness properties of an industrial network for overall network performance.

To strike a balance between usefulness of network traces and privacy protection, offline prefix-preserving anonymization has been studied extensively to anoymize IP addresses while preserving their prefix nature. In this paper, a novel Dynamic Subtree-scheduling Packet Anonymization scheme called DS-PAn is developed for measurement systems based on the prefix-preserving algorithm Crypto-PAn. DS-PAn makes online anoymization practical to be operated at a high rate, while using less memory compared to precomputed Crypto-PAn. Performance evaluations validate that the proposed algorithm outperforms the conventional anonymization mechanism in terms of computation speed as well as memory requirement.

Attribute-based encryption (ABE) allows user to encrypt and decrypt data based on user attributes, and can be applied in some promising area such as mobile cloud storage. Since these are massive users in these applications, secure online transmission of decryption key is necessary. In this paper, a ciphertext-policy attribute-based encryption (CP-ABE) method with secure decryption key generation and outsourcing decryption of ABE ciphertexts is proposed. In the method, a user’s public key information is embedded into his decryption key in the key generation algorithm. Both the user’s decryption key and private key are needed to decrypt a ciphertext. With only the decryption key, a ciphertext cannot be decrypted, so the decryption key is secure and can be directly transmitted online. This saves some costs comparing to other transmission approaches, such as Secure Sockets Layer (SSL). Furthermore, the method supports outsourcing the decryption of ABE ciphertexts. Our analysis and experiment results prove that our method is more efficient than the existing outsourcing methods which generally use key transformation technique.

Vehicular adhoc network allows vehicles to exchange their information for safety and traffic efficiency. However, exchanging information may threaten the driver privacy because it includes spatiotemporal information and is broadcast publicly on a periodical basis. In this paper, we propose a context-adaptive privacy scheme which lets a vehicle decide autonomously when to change its pseudonym and how long it should remain silent to ensure unlinkability. This scheme adapts dynamically based on the density of the surrounding traffic and the user privacy preferences. According to the experimental results, the proposed scheme demonstrates a significant reduction in traceability with a better quality of forward collision warning application compared with the random silent period scheme.

The popularity of smart devices has grown rapidly in recent years, and now they are necessary elements connecting us to the Internet everywhere. As the number of smartphone users has explosively increased, malware authors are moving their targets from legacy computers to the smart devices. Therefore, we are facing new types of threats.

Correlation Power Analysis (CPA) is one of effective means of power analysis in side channel analysis. The noisy power traces can affect the power of CPA. It is significant to select the helpful power traces to improve the efficiency of analysis. In this paper, we present a new pre-processing method that is based on Improved Singular Value Decomposition (ISVD) for selecting the traces when using CPA to attack. The ISVD is a combination of SVD and Z-score. Experimental results show that our method is effective to improve the efficiency when analyzing both the unprotected implementation and the masked implementation.

Application size and complexity are the underlying cause of numerous security vulnerabilities in code. In order to mitigate the risks arising from such vulnerabilities, various techniques have been proposed to isolate the execution of sensitive code from the rest of the application and from other software on the platform (e.g. the operating system). However, even with these partitioning techniques, it is not immediately clear exactly how they can and should be used to partition applications. What overall partitioning scheme should be followed; what granularity of the partitions should be. To some extent, this is dependent on the capabilities and performance of the partitioning technology in use. For this work, we focus on the upcoming Intel Software Guard Extensions (SGX) technology as the state-of-the-art in this field. SGX provides a trusted execution environment, called an enclave, that protects the integrity of the code and the confidentiality of the data inside it from other software, including the operating system. We present a novel framework consisting of four possible schemes under which an application can be partitioned. These schemes range from coarse-grained partitioning, in which the full application is included in a single enclave, through ultra-fine partitioning, in which each application secret is protected in an individual enclave. We explain the specific security benefits provided by each of the partitioning schemes and discuss how the performance of the application would be affected. To compare the different partitioning schemes, we have partitioned OpenSSL using four different schemes. We discuss SGX properties together with the implications of our design choices in this paper.

Spam, an unsolicited or unwanted email, has traditionally been and continues to be one of the most challenging problems for cyber security. Image-based spam or image spam is a recent trick developed by the spammers which embeds malicious image with the text message in a binary format. Spammers use image based spamming with the intention of escaping the text based spam filters. On the way to detect image spam, several techniques have been developed. However, these techniques are vulnerable to most recent image spam and exhibit lack of competence. With a view to diminish the limitations of the existing solutions, this paper proposes a robust and efficient approach for image spam detection using machine learning algorithm. Our proposed system analyzes the file features together with the visual features of the embedded image. These features are used to train a classifier based on back propagation neural networks to detect the email as spam or legitimate one. Experimental evaluation demonstrates the effectiveness of the proposed system comparable to the existing models for image spam classification.

Software testing is an integral part of software development life cycle which ensures the quality of the software. An exhaustive testing is not always possible because of combinatorial optimisation problem. Thus, in the software testing phase, generation of optimal number of test data accelerate the overall software testing process. We identified that the reduction of interactions among the input parameters significantly reduces the number of test data and generate an optimal test data set. This interaction is known as ‘t’-way interaction. Over the last decade, a large number of ‘t’-way test data generation strategies have been developed. However, generating optimum number of test data appears to be a NP-hard problem where the test data generation time becomes significantly higher. This paper proposes an effective test data generation strategy based on ‘Kids Card’ game known as MTTG. The proposed strategy significantly reduces the test data generation time. The result and discussion section shows that, MTTG outperforms all other strategies.

With the increasingly popularity of mobile devices (e.g. iPhones and iPads), Mobile Ad hoc Networks (MANETs) have emerged as a topical research area in recent years, and adapting and implementing voice protocols over MANETs is a popular area of inquiry. Successful implementation of voice over MANETs would present a more efficient and cheaper way of communication. In this paper, we propose a cross-domain Session Initiation Protocol (SIP), a widely used voice over Internet Protocol (VoIP) protocol, solution for MANETs using dynamic clustering by extending the scheme of Aburumman and Choo. Our enhanced solution allows us to scale across domains, and deal with outbound requests using the reputation method. Advantages of this solution include avoiding the shortcomings associated with centralized approaches, such as a single point of failure. To demonstrate the utility of the solution, we simulate and evaluate the proposed solution under different conditions and using metrics such as trust level, overhead, network delay, success ratio, and network management packet.

The IT infrastructure of today needs to be ready to defend against massive cyber-attacks which often originate from distributed attackers such as Botnets. Most Intrusion Detection Systems (IDSs), nonetheless, are still working in isolation and cannot effectively detect distributed attacks. Collaborative IDSs (CIDSs) have been proposed as a collaborative defense against the ever more sophisticated distributed attacks. However, collaboration by exchanging suspicious alarms among all interconnected sensors in CIDSs does not scale with the size of the IT infrastructure; hence, detection performance and communication overhead, required for collaboration, must be traded off. We propose to partition the set of considered sensors into subsets, or communities, as a lever for this trade off. The novelty of our approach is the application of ensemble based learning, a machine learning paradigm suitable for distributed intrusion detection. In our approach, community members exchange data features used to train models of normality, not bare alarms, thereby further reducing the communication overhead of our approach. Our experiments show that we can achieve detection rates close to those based on global information exchange with smaller subsets of collaborating sensors.

As a main method in database intrusion detection, database anomaly detection should be able to detect users’ operational behaviours for timely prevention of possible attacks and for guarantee of database security. Aiming at this, we apply cluster analysis techniques to anomaly detection and propose a novel density-based clustering algorithm called DBCAPSIC, which is adopted to clustering database users according to their behavior types and behavior frequencies. Privilege patterns are extracted from the clusters and serve as a reference in anomaly detection. The simulation experiment proves that the algorithm can recognize the anomalous operations with few mistakes.

In this paper, we investigate user selection algorithms for massive MIMO downlink wireless channel using secrecy rates. Massive MIMO is new disruptive wireless communication technology that exploits the benefits of having large number of antennas at the base station (BS). Given the fact of large antenna dimensions at BS, still the number of devices/users in the system are larger than total antennas. Hence, selection of an optimal set of devices/users for efficient resource allocation is a critical issue. This paper investigates user selection algorithms in massive MIMO downlink/broadcast wireless system. Traditional selection algorithms are generally based on channel strength, channel angle information, algorithm complexity and capacity maximization. In this paper, we investigate selection algorithms based on secrecy rate which is important parameter for secure transmission and compare the performance of this new approach with existing algorithms.

Human surveillance is an important research activity for security concern. Due to the increasing demand of security in different domains, development of smart and efficient surveillance system has attracted immense interest in recent years. Most of the existing surveillance systems are based on monocular camera and limited by their fixed view angles and hence cannot provide sufficient three-dimensional depth information for person recognition and tracking. This paper proposes an efficient and cost-effective human surveillance system using stereo vision technique. The system uses a multi-view stereo camera pair for image capturing and analyzes the stereoscopic pictures to estimate the 3D depth information for accurate detection and tracking of the human objects. The system can provide automatic warning in case of unrecognized people and entrance in the restricted zones. Experimental results are arranged to demonstrate the robustness and efficiency of our proposed system. Our system is very inexpensive and computationally fast comparable to the existing state-of-the-art surveillance systems.

Advances in information and communications technology has led to a significant advances in noncontact portable devices capable of monitoring vital signals of patients. These wearable and implantable bio-monitoring systems allow collections of wearable sensors to be constructed as a Body Area Network (BAN) to record biological data for a subject. Such systems can be used to improve the quality of life and treatment outcomes for patients. One of the main uses for a bio-monitoring system is to record biological data values from a subject and provide them to a doctor or other medical professional. However, wearable bio-monitoring systems raise unique security considerations. In this paper, we discuss some of the security considerations that have arisen in our work around communications agnostic bio-monitoring, and how we have addressed these concerns. Furthermore, the issues related to the identifying and trusting sender and receiver entities are discussed.