ISSN: 2032-9393
Submit Article
Submission Instructions
Ethics and Malpractice Statement
Back to Journal Page
2021
Issue 30Issue 29Issue 28Issue 27
2020
Issue 24Issue 26Issue 25Issue 23
2019
Issue 22Issue 21Issue 20Issue 19
2018
Issue 18Issue 17Issue 16Issue 15
2017
Issue 14Issue 13Issue 12Issue 11
2016
Issue 10Issue 9Issue 8Issue 7
2015
Issue 6Issue 5Issue 4Issue 3
2011
Issue 2Issue 1

EAI Endorsed Transactions on Security and Safety

Issue 20, 2019
Editor(s)-in-Chief: Sencun Zhu and Aziz Mohaisen

  • Spill the Beans: Extrospection of Internet of Things by Exploiting Denial of Service

    Appears in:
    sesa 19(20): e1

    Authors:
    Vinay Sachidananda, Suhas Bhairav, Yuval Elovici

    Abstract:
    Internet of Things (IoT) exposes various vulnerabilities at different levels. One such exploitable vulnerability is Denial of Service (DoS). In this work, we focus on a large-scale extensive study of various forms of DoS and how it can be exploited in different protocols of IoT. We propose an atta…Internet of Things (IoT) exposes various vulnerabilities at different levels. One such exploitable vulnerability
    is Denial of Service (DoS). In this work, we focus on a large-scale extensive study of various forms of DoS and how it can be exploited in different protocols of IoT. We propose an attack and defense framework called OWL which is tailored for IoT and that can perform various forms of DoS on IP, Bluetooth, and Zigbee devices. We consider various DoS vulnerabilities such as illegitimate packet injection, Bluetooth Low Energy (BLE) scanning attack, Zigbee frame counter-attack, etc., regarding IP, Bluetooth and Zigbee devices. To understand how resilient is IoT for DoS, we propose two new metrics to measure the Resilience and the Quality of Service (QoS) degradation in IoT. We have conducted large-scale experimentation with real IoT devices in our security IoT testbed. The experiments conducted are for DoS, Distributed Denial of Service (DDoS) by setting up Mirai and Permanent Denial of Service (PDoS) using BrickerBot on various IoT devices. We have also compared our framework with the existing state of the art tools.
     more »

  • Efficient, Effective, and Realistic Website Fingerprinting Mitigation

    Appears in:
    sesa 19(20): e2

    Authors:
    Weiqi Cui, Jiangmin Yu, Yanmin Gong, Eric Chan-Tin

    Abstract:
    Website fingerprinting attacks have been shown to be able to predict the website visited even if the network connection is encrypted and anonymized. These attacks have achieved accuracies as high as 92%. Mitigations to these attacks are using cover/decoy network traffic to add noise, padding to en…Website fingerprinting attacks have been shown to be able to predict the website visited even if the network
    connection is encrypted and anonymized. These attacks have achieved accuracies as high as 92%. Mitigations to these attacks are using cover/decoy network traffic to add noise, padding to ensure all the network packets are the same size, and introducing network delays to confuse an adversary. Although these mitigations have been shown to be effective, reducing the accuracy to 10%, the overhead is high. The latency overhead is above 100% and the bandwidth overhead is at least 30%. We introduce a new realistic cover traffic algorithm, based on a user’s previous network traffic, to mitigate website fingerprinting attacks. In simulations, our algorithm
    reduces the accuracy of attacks to 14% with zero latency overhead and about 20% bandwidth overhead. In real-world experiments, our algorithms reduces the accuracy of attacks to 16% with only 20% bandwidth
    overhead.
     more »

  • Confidential State Verification for the Delegated Cloud Jobs with Confidential Audit Log

    Appears in:
    sesa 19(20): e3

    Authors:
    Anyi Liu, Selena Haidar, Yuan Cheng, Yingjiu Li

    Abstract:
    Cloud computing provides versatile solutions that allow users to delegate their jobs. An apparent limitation of most cloud audit services is that it is difficult for cloud users to tell the state of a delegated job. Although cloud users can provide a user-specified model, the model is susceptible t…Cloud computing provides versatile solutions that allow users to delegate their jobs. An apparent limitation of most cloud audit services is that it is difficult for cloud users to tell the state of a delegated job. Although cloud users can provide a user-specified model, the model is susceptible to various exploits. In this paper, we present VERDICT, a system that amplifies the capability of the existing cloud audit services and allows users to check the state of a cloud job through
    the confidential model and audit log. VERDICT extracts the model from an application and keeps it in the encrypted form. The encrypted model is partitioned and updated with homomorphic encryption cipher in multiple sandboxes. The state of a delegated job can be checked by cloud users at any time. We implement VERDICT and deploy it in the VMs and containers on popular cloud platforms. Our evaluation shows that VERDICT is capable of reporting the state
    of a cloud job at run time, keeping the model confidential, and detecting malicious operations.
     more »

  • AMASS: Automated Software Mass Customization via Feature Identification and Tailoring

    Appears in:
    sesa 19(20): e4

    Authors:
    Hongfa Xue, Yurong Chen, Guru Venkataramani, Tian Lan

    Abstract:
    The rapid inflation of software features brings inefficiency and vulnerabilities into programs, resulting in an increased attack surface with a higher possibility of exploitation. In this paper, we propose a novel framework for automated software mass customization (AMASS), which automatically iden…The rapid inflation of software features brings inefficiency and vulnerabilities into programs, resulting in an increased attack surface with a higher possibility of exploitation. In this paper, we propose a novel framework for automated software mass customization (AMASS), which automatically identifies program features from binaries, tailors and eliminates the features to create customized program binaries in accordance with user needs, in a fully unsupervised fashion. It enables us to modularize program features and efficiently create customized program binaries at large scale. Evaluation using real-world executables including OpenSSL and LibreOffice demonstrates that AMASS can create a wide range of customized binaries for diverse feature requirements, with an average 92.76% accuracy for feature/function identification and up to 67% reduction of program attack surface.
     more »

  • Octopus ORAM: An Oblivious RAM with Communication and Server Storage Efficiency

    Appears in:
    sesa 19(20): e5

    Authors:
    Qiumao Ma, Wensheng Zhang

    Abstract:
    Most of existing ORAM constructions have communication efficiency as the major optimization priority; the server storage efficiency, however, has not received much attention. Motivated by the observation that, the server storage efficiency is as important as communication efficiency when the storag…Most of existing ORAM constructions have communication efficiency as the major optimization priority; the server storage efficiency, however, has not received much attention. Motivated by the observation that, the server storage efficiency is as important as communication efficiency when the storage capacity is very large and/or the outsourced data are not frequently accessed, we propose in this paper a new ORAM
    construction called Octopus ORAM. Through extensive security analysis and performance comparison, we
    demonstrate that, Octopus ORAM is secure; also, it significantly improves the server storage efficiency,
    achieves a comparable level of communication efficiency as state-of-the-art ORAM constructions, at the cost of increased client-side storage, and the increased client-side storage should be affordable to the clients who adopt local facilities such as cloud storage gateways.
     more »

Scope

Growing threats and increasingly also failures due to complexity may compromise the security and resilience of network and service infrastructures. Applications and services require security of data handling and we need new security architectures and scalable and interoperable security policies for…

Growing threats and increasingly also failures due to complexity may compromise the security and resilience of network and service infrastructures. Applications and services require security of data handling and we need new security architectures and scalable and interoperable security policies for this. There is a need to guarantee end-to-end security in data communications and storage, including identity management and authentication.

Moreover, we need technology to enable network security monitoring and tracing and to assess the trustworthiness of infrastructures and services. It must ensure the protection of personal data and privacy and to properly assign liability and risks, together with the appropriate governance models needed to do so. Furthermore this is applied to the settings of Public Safety in general.

more »

Indexing

more »

Editorial Board

  • Yao Liu (University of South Florida, USA)
  • Kai Zeng (George Mason University, USA)
  • Linhai Song (Penn State University, USA)
  • Zhiguo Wan (Shangdong University, China)
  • Issa Khalil (Qatar Computing Research Institute, Qatar)
  • George Kesidis (Penn State University, USA)
  • Amro Awad (Uni…
  • Yao Liu (University of South Florida, USA)
  • Kai Zeng (George Mason University, USA)
  • Linhai Song (Penn State University, USA)
  • Zhiguo Wan (Shangdong University, China)
  • Issa Khalil (Qatar Computing Research Institute, Qatar)
  • George Kesidis (Penn State University, USA)
  • Amro Awad (University of Central Florida, USA)
  • Eric Chan-Tin (Loyola University Chicago, USA)
  • Karim Elish (Florida Polytechnic University, USA)
  • Joongheon Kim (Korea University, Korea)
  • Eugene Vasserman (Kansas State University, USA)
  • An Wang (Case Western Reserve University, USA)
  • Jiawei Yuan (Embry-Riddle Aeronautical University, USA)
  • Mohammad Ashiqur Rahman (Florida International University, USA)
  • Sachin Shetty (Old Dominion University, USA)
  • Jeffrey Spaulding (Niagara University, USA)
  • Zhongshu Gu (IBM, USA)
  • Shujun Li (University of Kent, UK)
  • Heng Zhang (Western Sydney University, Australia)
  • Kaiqi Xiong (University of South Florida, USA)
  • Mohamed Amine Ferrag (Guelma University, Algeria)
  • Bo Luo (University of Kansas, USA)
  • Zhen Huang (DePaul University, USA)
  • Ziming Zhao, University at Buffalo, USA
more »

Journal Blurb

Visit the new journal website to submit and consult our contents: https://publications.eai.eu/index.php/sesa/index

Visit the new journal website to submit and consult our contents: https://publications.eai.eu/index.php/sesa/index

more »
Publisher
EAI
ISSN
2032-9393
Volume
6
Published
2019-04-29
EAI Logo

About EAI

Community

Publish with EAI