ISSN: 2032-9393
Downloads: 52135
Submit Article
Submission Instructions
Open Access Information
Ethics and Malpractice Statement
Most Recent Issue
2019
Issue 20Issue 19
2018
Issue 18Issue 17Issue 16Issue 15
2017
Issue 14Issue 13Issue 12Issue 11
2016
Issue 10Issue 9Issue 8Issue 7
2015
Issue 6Issue 5Issue 4Issue 3
2011
Issue 2Issue 1

EAI Endorsed Transactions on Security and Safety

EAI Endorsed Transactions on Security and Safety is an open access, peer-reviewed scholarly journal focused on security and safety of network and service infrastructures. The journal publishes research articles, review articles and editorials with a quarterly frequency. Authors are not charged for article submission and processing.

Editor(s)-in-Chief: Sencun Zhu and Aziz Mohaisen

Growing threats and increasingly also failures due to complexity may compromise the security and resilience of network and service infrastructures. Applications and services require security of data handling and we need new security architectures and scalable and interoperable security policies for this. There is a need to guarantee end-to-end security in data communications and storage, including identity management and authentication.

Moreover, we need technology to enable network security monitoring and tracing and to assess the trustworthiness of infrastructures and services. It must ensure the protection of personal data and privacy and to properly assign liability and risks, together with the appropriate governance models needed to do so. Furthermore this is applied to the settings of Public Safety in general.

  • Blockchain and Applications
  • Cyber Threat Intelligence
  • Network Intrusion Detection and Prevention, Firewalls, Packet Filters
  • Malware Analysis and Detection including Advanced Persistent Threats (APTs)
  • Web and Systems Security
  • Distributed Denial of Service Attacks and Defenses
  • Communication Privacy and Anonymity
  • Circumvention and Anti-Censorship Technologies
  • Cyber Forensics and Anti-Forensics
  • Vulnerabilities Identification and Exploitation Authentication Systems: Public Key Infrastructures, Key Management, Credential Management
  • Secure Routing, Naming/Addressing, Network Management
  • Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
  • Security & Privacy in Peer-to-Peer and Overlay Networks
  • Security & Privacy for Emerging Technologies: VoIP, Internet-of-Things, Social Networks
  • Security & Isolation in Cloud, Data Center and Software-Defined Networks
  • Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
  • Security & Privacy in Internet of Things (IoT) and Industrial IoT (IIoT)

  • Security & Privacy in Cyber Physical Systems (CPS)

-

  • Yao Liu (University of South Florida, USA)
  • Kai Zeng (George Mason University, USA)
  • Rui Zhang (University of Delaware, USA)
  • Linhai Song (Penn State University, USA)
  • Zhiguo Wan (Shangdong University, China)
  • Issa Khalil (Qatar Computing Research Institute, Qatar)
  • George Kesidis (Penn State University, USA)
  • Amro Awad (University of Central Florida, USA)
  • Eric Chan-Tin (Loyola University Chicago, USA)
  • Karim Elish (Florida Polytechnic University, USA)
  • Joongheon Kim (Korea University, Korea)
  • Eugene Vasserman (Kansas State University, USA)
  • An Wang (Case Western Reserve University, USA)
  • Jiawei Yuan (Embry-Riddle Aeronautical University, USA)
  • Mohammad Ashiqur Rahman (Florida International University, USA)
  • Sachin Shetty (Old Dominion University, USA)
  • Jeffrey Spaulding (Niagara University, USA)
  • Zhongshu Gu (IBM, USA)
  • Shujun Li (University of Kent, UK)
  • Heng Zhang (Western Sydney University, Australia)
  • Kaiqi Xiong (University of South Florida, USA)

  • Mohamed Amine Ferrag (Guelma University, Algeria)

Sencun Zhu1

Dr. Sencun Zhu is an associate professor of Department of Computer Science and Engineering at The Pennsylvania State University (PSU). He received the B.S. degree in precision instruments from Tsinghua University, , the M.S. degree in signal processing from the University of Science and Technology of China, Graduate School at Beijing, and the Ph.D. degree in information technology from George Mason University in 1996, 1999, and 2004, respectively. His research interests include wireless and mobile security, software and network security, fraud detection, and user online safety and privacy. . More details of his research can be found in http://www.cse.psu.edu/~sxz16/.

Aziz Mohaisen2

University of Central Florida, USA


1: Department of Computer Science and Engineering and College of Information Sciences and Technology at The Pennsylvania State University (PSU)
2: University of Central Florida, USA

  • Human-Generated and Machine-Generated Ratings of Password Strength: What Do Users Trust More?

    Appears in:
    sesa 18: e1

    Authors:
    Saeed Ibrahim Alqahtani, Shujun Li, Haiyue Yuan, Patrice Rusconi

    Published:
    20th Jan 2020

    Abstract:
    Proactive password checkers have been widely used to persuade users to select stronger passwords by providing machine-generated strength ratings of passwords. If such ratings do not match human-generated ratings of human users, there can be a loss of trust in PPCs. In order to study the effective…Proactive password checkers have been widely used to persuade users to select stronger passwords by
    providing machine-generated strength ratings of passwords. If such ratings do not match human-generated
    ratings of human users, there can be a loss of trust in PPCs. In order to study the effectiveness of PPCs, it
    would be useful to investigate how human users perceive such machine- and human-generated ratings in
    terms of their trust, which has been rarely studied in the literature. To fill this gap, we report a large-scale
    crowdsourcing study with over 1,000 workers. The participants were asked to choose which of the two ratings
    they trusted more. The passwords were selected based on a survey of over 100 human password experts. The
    results revealed that participants exhibited four distinct behavioral patterns when the passwords were hidden,
    and many changed their behaviors significantly after the passwords were disclosed, suggesting their reported
    trust was influenced by their own judgments.
     more »

  • Octopus ORAM: An Oblivious RAM with Communication and Server Storage Efficiency

    Appears in:
    sesa 19(20): e5

    Authors:
    Qiumao Ma, Wensheng Zhang

    Published:
    29th Apr 2019

    Abstract:
    Most of existing ORAM constructions have communication efficiency as the major optimization priority; the server storage efficiency, however, has not received much attention. Motivated by the observation that, the server storage efficiency is as important as communication efficiency when the storag…Most of existing ORAM constructions have communication efficiency as the major optimization priority; the server storage efficiency, however, has not received much attention. Motivated by the observation that, the server storage efficiency is as important as communication efficiency when the storage capacity is very large and/or the outsourced data are not frequently accessed, we propose in this paper a new ORAM
    construction called Octopus ORAM. Through extensive security analysis and performance comparison, we
    demonstrate that, Octopus ORAM is secure; also, it significantly improves the server storage efficiency,
    achieves a comparable level of communication efficiency as state-of-the-art ORAM constructions, at the cost of increased client-side storage, and the increased client-side storage should be affordable to the clients who adopt local facilities such as cloud storage gateways.
     more »

  • AMASS: Automated Software Mass Customization via Feature Identification and Tailoring

    Appears in:
    sesa 19(20): e4

    Authors:
    Hongfa Xue, Yurong Chen, Guru Venkataramani, Tian Lan

    Published:
    29th Apr 2019

    Abstract:
    The rapid inflation of software features brings inefficiency and vulnerabilities into programs, resulting in an increased attack surface with a higher possibility of exploitation. In this paper, we propose a novel framework for automated software mass customization (AMASS), which automatically iden…The rapid inflation of software features brings inefficiency and vulnerabilities into programs, resulting in an increased attack surface with a higher possibility of exploitation. In this paper, we propose a novel framework for automated software mass customization (AMASS), which automatically identifies program features from binaries, tailors and eliminates the features to create customized program binaries in accordance with user needs, in a fully unsupervised fashion. It enables us to modularize program features and efficiently create customized program binaries at large scale. Evaluation using real-world executables including OpenSSL and LibreOffice demonstrates that AMASS can create a wide range of customized binaries for diverse feature requirements, with an average 92.76% accuracy for feature/function identification and up to 67% reduction of program attack surface.
     more »

  • Confidential State Verification for the Delegated Cloud Jobs with Confidential Audit Log

    Appears in:
    sesa 19(20): e3

    Authors:
    Anyi Liu, Selena Haidar, Yuan Cheng, Yingjiu Li

    Published:
    29th Apr 2019

    Abstract:
    Cloud computing provides versatile solutions that allow users to delegate their jobs. An apparent limitation of most cloud audit services is that it is difficult for cloud users to tell the state of a delegated job. Although cloud users can provide a user-specified model, the model is susceptible t…Cloud computing provides versatile solutions that allow users to delegate their jobs. An apparent limitation of most cloud audit services is that it is difficult for cloud users to tell the state of a delegated job. Although cloud users can provide a user-specified model, the model is susceptible to various exploits. In this paper, we present VERDICT, a system that amplifies the capability of the existing cloud audit services and allows users to check the state of a cloud job through
    the confidential model and audit log. VERDICT extracts the model from an application and keeps it in the encrypted form. The encrypted model is partitioned and updated with homomorphic encryption cipher in multiple sandboxes. The state of a delegated job can be checked by cloud users at any time. We implement VERDICT and deploy it in the VMs and containers on popular cloud platforms. Our evaluation shows that VERDICT is capable of reporting the state
    of a cloud job at run time, keeping the model confidential, and detecting malicious operations.
     more »

  • Efficient, Effective, and Realistic Website Fingerprinting Mitigation

    Appears in:
    sesa 19(20): e2

    Authors:
    Weiqi Cui, Jiangmin Yu, Yanmin Gong, Eric Chan-Tin

    Published:
    29th Apr 2019

    Abstract:
    Website fingerprinting attacks have been shown to be able to predict the website visited even if the network connection is encrypted and anonymized. These attacks have achieved accuracies as high as 92%. Mitigations to these attacks are using cover/decoy network traffic to add noise, padding to en…Website fingerprinting attacks have been shown to be able to predict the website visited even if the network
    connection is encrypted and anonymized. These attacks have achieved accuracies as high as 92%. Mitigations to these attacks are using cover/decoy network traffic to add noise, padding to ensure all the network packets are the same size, and introducing network delays to confuse an adversary. Although these mitigations have been shown to be effective, reducing the accuracy to 10%, the overhead is high. The latency overhead is above 100% and the bandwidth overhead is at least 30%. We introduce a new realistic cover traffic algorithm, based on a user’s previous network traffic, to mitigate website fingerprinting attacks. In simulations, our algorithm
    reduces the accuracy of attacks to 14% with zero latency overhead and about 20% bandwidth overhead. In real-world experiments, our algorithms reduces the accuracy of attacks to 16% with only 20% bandwidth
    overhead.
     more »

  • Spill the Beans: Extrospection of Internet of Things by Exploiting Denial of Service

    Appears in:
    sesa 19(20): e1

    Authors:
    Vinay Sachidananda, Suhas Bhairav, Yuval Elovici

    Published:
    29th Apr 2019

    Abstract:
    Internet of Things (IoT) exposes various vulnerabilities at different levels. One such exploitable vulnerability is Denial of Service (DoS). In this work, we focus on a large-scale extensive study of various forms of DoS and how it can be exploited in different protocols of IoT. We propose an atta…Internet of Things (IoT) exposes various vulnerabilities at different levels. One such exploitable vulnerability
    is Denial of Service (DoS). In this work, we focus on a large-scale extensive study of various forms of DoS and how it can be exploited in different protocols of IoT. We propose an attack and defense framework called OWL which is tailored for IoT and that can perform various forms of DoS on IP, Bluetooth, and Zigbee devices. We consider various DoS vulnerabilities such as illegitimate packet injection, Bluetooth Low Energy (BLE) scanning attack, Zigbee frame counter-attack, etc., regarding IP, Bluetooth and Zigbee devices. To understand how resilient is IoT for DoS, we propose two new metrics to measure the Resilience and the Quality of Service (QoS) degradation in IoT. We have conducted large-scale experimentation with real IoT devices in our security IoT testbed. The experiments conducted are for DoS, Distributed Denial of Service (DDoS) by setting up Mirai and Permanent Denial of Service (PDoS) using BrickerBot on various IoT devices. We have also compared our framework with the existing state of the art tools.
     more »

  • Privacy-Preserving Multi-Party Directory Services

    Appears in:
    sesa 19(19): e5

    Authors:
    Yuzhe Tang, Kai Li, Katchaguy Areekijseree, Shuigeng Zhou, Liting Hu

    Published:
    29th Jan 2019

    Abstract:
    In the era of big data, the data-processing pipeline becomes increasingly distributed among multiple sites. To connect data consumers with remote producers, a public directory service is essential. This is evidenced by adoption in emerging applications such as electronic healthcare. This work syst…In the era of big data, the data-processing pipeline becomes increasingly distributed among multiple sites. To connect data consumers with remote producers, a public directory service is essential. This is evidenced by adoption in emerging applications such as electronic healthcare.
    This work systematically studies the privacy-preserving and security hardening of a public directory service.
    First, we address the privacy preservation of serving a directory over the Internet. With Internet eavesdroppers
    performing attacks with background knowledge, the directory service has to be privacy preserving, for the
    compliance with data-protection laws (e.g., HiPAA). We propose techniques to adaptively inject noises to the
    public directory in such a way that is aware of application-level data schema, effectively preserving privacy and achieving high search recall.
    Second, we tackle the problem of securely constructing the directory among distrusting data producers.
    For provable security, we model the directory construction problem by secure multi-party computations (MPC). For efficiency, we propose a pre-computation framework that minimizes the private computation and conducts aggressive pre-computation on public data. In addition, we tackle the systems-level efficiency by exploiting data-level parallelism on general-purpose graphics processing units (GPGPU). We apply the proposed scheme to real health-care scenarios for constructing patient-locator services in emerging Health Information Exchange (or HIE) networks.
    For privacy evaluation, we conduct extensive analysis of our noise-injecting techniques against various
    background-knowledge attacks. We conduct experiments on real-world datasets and demonstrate the low attack success rate for the protection effectiveness. For performance evaluation, we implement our MPC optimization techniques on open-source MPC software. Through experiments on local and geo-distributed settings, our performance results show that the proposed pre-computation achieves a speedup of more than an order of magnitude without security loss.
     more »

  • Differentially Private High-Dimensional Data Publication via Markov Network

    Appears in:
    sesa 19(19): e4

    Authors:
    Wei Zhang, Jingwen Zhao, Fengqiong Wei, Yunfang Chen

    Published:
    29th Jan 2019

    Abstract:
    Differentially private data publication has recently received considerable attention. However, it faces some challenges in differentially private high-dimensional data publication, such as the complex attribute relationships, the high computational complexity and data sparsity. Therefore, we propo…Differentially private data publication has recently received considerable attention. However, it faces some challenges in differentially private high-dimensional data publication, such as the complex attribute relationships, the high computational
    complexity and data sparsity. Therefore, we propose PrivMN, a novel method to publish high-dimensional data with differential privacy guarantee. We first use the Markov model to represent the mutual relationships between attributes to solve the problem that the direction of relationship between variables cannot be determined in practical application. We then take advantage of approximate inference to calculate the joint distribution of high-dimensional data under differential privacy to figure out the computational and spatial complexity of accurate reasoning. Extensive experiments on real datasets demonstrate that our solution makes the published high-dimensional synthetic datasets more efficient under the guarantee
    of differential privacy.
     more »

  • Forget the Myth of the Air Gap: Machine Learning for Reliable Intrusion Detection in SCADA Systems

    Appears in:
    sesa 19(19): e3

    Authors:
    Rocio Lopez Perez, Florian Adamsky, Ridha Soua, Thomas Engel

    Published:
    29th Jan 2019

    Abstract:
    Since Critical Infrastructures (CIs) use systems and equipment that are separated by long distances, Supervisory Control And Data Acquisition (SCADA) systems are used to monitor their behaviour and to send commands remotely. For a long time, operator of CIs applied the air gap principle, a security…Since Critical Infrastructures (CIs) use systems and equipment that are separated by long distances, Supervisory Control And Data Acquisition (SCADA) systems are used to monitor their behaviour and to send commands remotely. For a long time, operator of CIs applied the air gap principle, a security strategy that physically isolates the control network from other communication channels. True isolation, however, is difficult nowadays due to the massive spread of
    connectivity: using open protocols and more connectivity opens new network attacks against CIs. To cope with this dilemma, sophisticated security measures are needed to address malicious intrusions, which are steadily increasing in number and
    variety. However, traditional Intrusion Detection Systems (IDSs) cannot detect attacks that are not already present in their databases. To this end, we assess in this paper Machine Learning (ML) techniques for anomaly detection in SCADA systems
    using a real data set collected from a gas pipeline system and provided by the Mississippi State University (MSU). The contribution of this paper is two-fold: 1) The evaluation of four techniques for missing data estimation and two techniques for data normalization, 2) The performances of Support Vector Machine (SVM), Random Forest (RF), Bidirectional Long
    Short Term Memory (BLSTM) are assessed in terms of accuracy, precision, recall and F1 score for intrusion detection. Two cases are differentiated: binary and categorical classifications. Our experiments reveal that RF and BLSTM detect intrusions effectively, with an F1 score of respectively > 99% and > 96%.
     more »

  • A Methodology for the Dynamic Design of Adaptive Log Management Infrastructures

    Appears in:
    sesa 19(19): e2

    Authors:
    V. Anastopoulos, S. Katsikas

    Published:
    29th Jan 2019

    Abstract:
    Organizations collect log data for various reasons, including security related ones. The multitude and diversity of the devices that generate log records increases, resulting to dispersed networks and large volumes of data. The design of a log management infrastructure is usually led by decisions t…Organizations collect log data for various reasons, including security related ones. The multitude and diversity of the devices that generate log records increases, resulting to dispersed networks and large volumes of data. The design of a log management infrastructure is usually led by decisions that are commonly based on industry best practices and experience, but fail to adapt to the evolving threat landscape. In this work a novel methodology for the design of a dynamic log management infrastructure is proposed. The proposed methodology leverages social network analysis to relate the infrastructure with the threat landscape, thus enabling it to evolve as threats evolve. The workings of the methodology are
    demonstrated by means of its application for the design of the log management infrastructure of a real organization.
     more »

  • Adaptive Noise Injection against Side-Channel Attacks on ARM Platform

    Appears in:
    sesa 19(19): e1

    Authors:
    Naiwei Liu, Wanyu Zang, Songqing Chen, Meng Yu, Ravi Sandhu

    Published:
    29th Jan 2019

    Abstract:
    In recent years, research efforts have been made to develop safe and secure environments for ARM platform. The new ARMv8 architecture brought in security features by design. However, there are still some security problems with ARMv8. For example, on Cortex-A series, there are risks that the system …In recent years, research efforts have been made to develop safe and secure environments for ARM platform. The new ARMv8 architecture brought in security features by design. However, there are still some security problems with ARMv8. For example, on Cortex-A series, there are risks that the system is vulnerable to sidechannel attacks. One major category of side-channel attacks utilizes cache memory to obtain a victim’s secret information. In the cache based side-channel attacks, an attacker measures a sequence of cache operations to obtain a victim’s memory access information, deriving more sensitive information. The success of such attacks highly depends on accurate information about the victim’s cache accesses. In this paper, we describe an innovative approach to defend against side-channel attack on Cortex-A series chips. We also considered
    the side-channel attacks in the context of using TrustZone protection on ARM. Our adaptive noise injection can significantly reduce the bandwidth of side-channel while maintaining an affordable system overhead. The proposed defense mechanisms can be used on ARM Cortex-A architecture. Our experimental evaluation and theoretical analysis show the effectiveness and efficiency of our proposed defense.
     more »

  • A Deep Learning Approach for Network Intrusion Detection System

    Appears in:
    sesa 16(9): e2

    Authors:
    Ahmad Javaid, Quamar Niyaz, Weiqing Sun, Mansoor Alam

    Downloads:
    5644

    Abstract:
    A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in their organizations. However, many challenges arise while developing a flexible and efficient NIDS for unforeseen and unpredictable attacks. We propose a deep learning based approach for…A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in
    their organizations. However, many challenges arise while
    developing a flexible and efficient NIDS for unforeseen and unpredictable attacks. We propose a deep learning based approach for developing such an efficient and flexible NIDS.
    We use Self-taught Learning (STL), a deep learning based technique, on NSL-KDD - a benchmark dataset for network
    intrusion. We present the performance of our approach and compare it with a few previous work. Compared metrics include accuracy, precision, recall, and f-measure values.
     more »

  • Mouse Underlaying: Global Key and Mouse Listener Based on an Almost Invisible Window with Local Listeners and Sophisticated Focus

    Appears in:
    sesa 18(15): e5

    Author:
    Tim Niklas Witte

    Downloads:
    4944

    Abstract:
    Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim’s machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection tech…Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim’s machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection techniques against keyloggers become increasingly better. This article presents the method of Mouse Underlaying for creating a new kind of software based keyloggers. This method is implemented in Java for testing countermeasures concerning keylogger protection, virtual keyboard, signatures and behavior detection by anti-virus programs. Products of various manufacturers are used for demonstration purposes. All of them failed without an exception. In addition, the reasons why these products failed are analyzed, and moreover, measures against Mouse Underlaying are developed based on the demonstration results.
     more »

  • Threats, Countermeasures and Attribution of Cyber Attacks on Critical Infrastructures

    Appears in:
    sesa 18(16): e1

    Authors:
    Leandros Maglaras, Mohamed Amine Ferrag, Abdelouahid Derhab, Mithun Mukherjee, Helge Janicke, Stylianos Rallis

    Downloads:
    2689

    Abstract:
    As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threat…As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threats to critical infrastructures along with protective measures that one nation can take, and which are classified according to legal, technical, organizational, capacity building, and cooperation aspects. Finally we provide an overview of current methods and practices regarding cyber attribution and cyber peace keeping.
     more »

  • Reviewing the book “Principles of Cyber-physical Systems” from a security perspective

    Appears in:
    sesa 15(4): e6

    Authors:
    Minghui Zhu, Peng Liu

    Downloads:
    1296

    Abstract:
    This is a review of the book “Principles of Cyber-physical Systems” authored by Rajeev Alur and published by the MIT Press at 2015.This is a review of the book “Principles of Cyber-physical Systems” authored by Rajeev Alur and published by the MIT Press at 2015.
     more »

  • A V2X Message Evaluation Methodology and Cross-Domain Modelling of Safety Applications in V2X-enabled E/E-Architectures

    Appears in:
    sesa 16(8): e1

    Authors:
    Harald Bucher, Marius-Florin Buciuman, Alexander Klimm, Oliver Sander, Jürgen Becker

    Downloads:
    1180

    Abstract:
    The introduction of Vehicular Ad-Hoc Networks (VANETs) enables great potential for improving road traffic flow and especially active safety applications such as cooperative adaptive cruise control (CACC). Such applications not only rely on continuous broadcast of vehicle state information (beacons)…The introduction of Vehicular Ad-Hoc Networks (VANETs) enables great potential for improving road traffic flow and especially active safety applications such as cooperative adaptive cruise control (CACC). Such applications not only rely on continuous broadcast of vehicle state information (beacons) of all vehicles, but also have strict real-time requirements. Regarding automotive E/E architectures this continuous broadcasting adds heavy internal E/E data traffic that needs to be processed in real-time by Electronic Control Units (ECUs).
    In this work we address this issue by proposing a novel cluster-based message evaluation methodology to significantly reduce internal E/E network traffic by discarding irrelevant messages. The approach is only depending on information received over beacons. It combines a vehicle clustering strategy as well as network and vehicle state monitoring capabilities in order to correctly evaluate messages under real-time constraints. The proposed methodology is modeled inside an abstract ECU. It is evaluated by simulating a model-based CACC application under different traffic scenarios. It is shown that a significant reduction of messages is achievable, while still guaranteeing accident-free behavior of CACC.
     more »

  • WG-8: A Lightweight Stream Cipher for Resource-Constrained Smart Devices

    Appears in:
    sesa 15(3): e4

    Authors:
    Xinxin Fan, Kalikinkar Mandal, Guang Gong

    Downloads:
    1074

    Abstract:
    Lightweight cryptographic primitives are essential for securing pervasive embedded devices like RFID tags, smart cards, and wireless sensor nodes. In this paper, we present a lightweight stream cipher WG-8, which is tailored from the well-known Welch-Gong (WG) stream cipher family, for resource-c…Lightweight cryptographic primitives are essential for securing pervasive embedded devices like RFID tags,
    smart cards, and wireless sensor nodes. In this paper, we present a lightweight stream cipher WG-8, which is
    tailored from the well-known Welch-Gong (WG) stream cipher family, for resource-constrained devices. WG-8
    inherits the good randomness and cryptographic properties of the WG stream cipher family and is resistant to
    the most common attacks against stream ciphers. The software implementations of the WG-8 stream cipher on
    two popular low-power microcontrollers as well as the extensive comparison with other lightweight cryptography
    implementations highlight that in the context of securing lightweight embedded applications WG-8 has favorable
    performance and low energy consumption.
     more »

  • A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN)

    Appears in:
    sesa 17(12): e2

    Authors:
    Quamar Niyaz, Weiqing Sun, Ahmad Y. Javaid

    Downloads:
    993

    Abstract:
    Distributed Denial of Service (DDoS) is one of the most prevalent attacks that an organizational network infrastructure comes across nowadays. Poor network management, low-priced Internet subscriptions, and readily available attack tools can be attributed to their rise. The recently emerged softwar…Distributed Denial of Service (DDoS) is one of the most prevalent attacks that an organizational network infrastructure comes across nowadays. Poor network management, low-priced Internet subscriptions, and readily available attack tools can be attributed to their rise. The recently emerged software-defined networking (SDN) and deep learning (DL) concepts promise to revolutionize their respective domains. SDN keeps the global view of the entire managed the network from a single point, i.e., the controller, thus making the network management easier. DL-based approaches improve feature extraction/reduction from a high-dimensional dataset such as network traffic headers. This work proposes a deep learning based multi-vector DDoS detection system in an SDN environment. The detection system is implemented as a network application on top of the SDN controller and can monitor the managed network traÿc. Performance evaluation is based on different metrics by applying the system on traÿc traces collected from different scenarios. A high accuracy with low false-positive rate is observed in attack detection for the proposed system.
     more »

  • ITFComp: A Compression Algorithm for ARM Architecture Instruction Trace Files

    Appears in:
    sesa 16(8): e2

    Authors:
    Mohammad Qasem, Lukas Pustina

    Downloads:
    934

    Abstract:
    Testing the performance of a new computational component is costly due to the need of prototyping different setups. Therefore, trace driven hardware simulations are used. Instruction Trace Files (ITFs) are files containing traces of executed instructions in a program's run and are used as an input …Testing the performance of a new computational component is costly due to the need of prototyping different setups. Therefore, trace driven hardware simulations are used. Instruction Trace Files (ITFs) are files containing traces of executed instructions in a program's run and are used as an input for hardware simulations. ITFs tend to be large in size, causing a storage challenge. Many trace reduction techniques exist to deal with the ITFs' storage challenge. In this paper we introduce ITFComp, a compression algorithm that combines general purpose compression methods with knowledge about ARM architecture ITFs' structure to reduce their size. ITFComp also works on compressing data memory addresses accessed by instructions within ITFs to further reduce an ITF size. Results show a reduction of 600 times on average when combined with LZMA compression algorithm. This reduction is 4 times better than when using LZMA alone, and 10 times better than when using DEFLATE. ITFComp introduces a negligible overhead in the decompression time (less than 1%).
     more »

  • Network-based Analysis and Classification of Malware using Behavioral Artifacts Ordering

    Appears in:
    sesa 18(16): e2

    Authors:
    Aziz Mohaisen, Omar Alrawi, Jeman Park, Joongheon Kim, DaeHun Nyang, Manar Mohaisen

    Downloads:
    824

    Abstract:
    Using runtime execution artifacts to identify malware and its associated “family” is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, the use of these fine-granularity …Using runtime execution artifacts to identify malware and its associated “family” is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, the use of these fine-granularity data points makes these techniques computationally expensive. Moreover, the signatures and heuristics are often circumvented by subsequent malware authors. In this work, we propose Chatter, a system that is concerned only with the order in which high-level system events take place. Individual events are mapped onto an alphabet and execution traces are captured via terse concatenations of those letters. Then, leveraging an analyst labeled corpus of malware, n-gram document classification techniques are applied to produce a classifier predicting malware family. This paper describes that technique and its proof-of-concept evaluation. In its prototype form only network events are considered and eleven malware families are used. We show the technique achieves 83%-94% accuracy in isolation and makes non-trivial performance improvements when integrated with a baseline classifier of combined order features to reach an accuracy of up to 98.8%.
     more »

  • Evaluation of Cryptography Usage in Android Applications

    Appears in:
    sesa 16(9): e4

    Authors:
    Alexia Chatzikonstantinou, Christoforos Ntantogian, Georgios Karopoulos, Christos Xenakis

    Downloads:
    749

    Abstract:
    Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we d…Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8% of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis.
     more »
Publisher
EAI
ISSN
2032-9393
Number of Volumes
6
Last Published
29th Apr 2019