ISSN: 2032-9393
Downloads: 67360
Submit Article
Submission Instructions
Open Access Information
Ethics and Malpractice Statement
Most Recent Issue
2020
Issue 23
2019
Issue 22Issue 21Issue 20Issue 19
2018
Issue 18Issue 17Issue 16Issue 15
2017
Issue 14Issue 13Issue 12Issue 11
2016
Issue 10Issue 9Issue 8Issue 7
2015
Issue 6Issue 5Issue 4Issue 3
2011
Issue 2Issue 1

EAI Endorsed Transactions on Security and Safety

EAI Endorsed Transactions on Security and Safety is an open access, peer-reviewed scholarly journal focused on security and safety of network and service infrastructures. The journal publishes research articles, review articles, commentaries, editorials, technical articles, and short communications with a quarterly frequency. Authors are not charged for article submission and processing.

Editor(s)-in-Chief: Sencun Zhu and David Mohaisen

Growing threats and increasingly also failures due to complexity may compromise the security and resilience of network and service infrastructures. Applications and services require security of data handling and we need new security architectures and scalable and interoperable security policies for this. There is a need to guarantee end-to-end security in data communications and storage, including identity management and authentication.

Moreover, we need technology to enable network security monitoring and tracing and to assess the trustworthiness of infrastructures and services. It must ensure the protection of personal data and privacy and to properly assign liability and risks, together with the appropriate governance models needed to do so. Furthermore this is applied to the settings of Public Safety in general.

  • Blockchain and Applications
  • Cyber Threat Intelligence
  • Network Intrusion Detection and Prevention, Firewalls, Packet Filters
  • Malware Analysis and Detection including Advanced Persistent Threats (APTs)
  • Web and Systems Security
  • Distributed Denial of Service Attacks and Defenses
  • Communication Privacy and Anonymity
  • Circumvention and Anti-Censorship Technologies
  • Cyber Forensics and Anti-Forensics
  • Vulnerabilities Identification and Exploitation Authentication Systems: Public Key Infrastructures, Key Management, Credential Management
  • Secure Routing, Naming/Addressing, Network Management
  • Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
  • Security & Privacy in Peer-to-Peer and Overlay Networks
  • Security & Privacy for Emerging Technologies: VoIP, Internet-of-Things, Social Networks
  • Security & Isolation in Cloud, Data Center and Software-Defined Networks
  • Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
  • Security & Privacy in Internet of Things (IoT) and Industrial IoT (IIoT)
  • Security & Privacy in Cyber Physical Systems (CPS)

Call for Papers: Special issue on: Security and Privacy Issues for the Artificial Intelligence Era (Manuscript submission deadline: 2020-12-31; Notification of acceptance: 2021-02-15; Submission of final revised paper: 2021-03-15; Publication of special issue (tentative): 2021-04-30)

Guest editors: Ximeng Liu (Fuzhou University, China)

Guest editors: Kim-Kwang Raymond Choo (The University of Texas at San Antonio, USA)

Guest editors: Yinbin Miao (City University of Hong Kong, China)

Guest editors: Yang Yang (Singapore Management University, Singapore)

  • Yao Liu (University of South Florida, USA)
  • Kai Zeng (George Mason University, USA)
  • Rui Zhang (University of Delaware, USA)
  • Linhai Song (Penn State University, USA)
  • Zhiguo Wan (Shangdong University, China)
  • Issa Khalil (Qatar Computing Research Institute, Qatar)
  • George Kesidis (Penn State University, USA)
  • Amro Awad (University of Central Florida, USA)
  • Eric Chan-Tin (Loyola University Chicago, USA)
  • Karim Elish (Florida Polytechnic University, USA)
  • Joongheon Kim (Korea University, Korea)
  • Eugene Vasserman (Kansas State University, USA)
  • An Wang (Case Western Reserve University, USA)
  • Jiawei Yuan (Embry-Riddle Aeronautical University, USA)
  • Mohammad Ashiqur Rahman (Florida International University, USA)
  • Sachin Shetty (Old Dominion University, USA)
  • Jeffrey Spaulding (Niagara University, USA)
  • Zhongshu Gu (IBM, USA)
  • Shujun Li (University of Kent, UK)
  • Heng Zhang (Western Sydney University, Australia)
  • Kaiqi Xiong (University of South Florida, USA)
  • Mohamed Amine Ferrag (Guelma University, Algeria)

Sencun Zhu1

Dr. Sencun Zhu is an associate professor of Department of Computer Science and Engineering at The Pennsylvania State University (PSU). He received the B.S. degree in precision instruments from Tsinghua University, , the M.S. degree in signal processing from the University of Science and Technology of China, Graduate School at Beijing, and the Ph.D. degree in information technology from George Mason University in 1996, 1999, and 2004, respectively. His research interests include wireless and mobile security, software and network security, fraud detection, and user online safety and privacy. . More details of his research can be found in http://www.cse.psu.edu/~sxz16/.

David Mohaisen2

University of Central Florida, USA


1: Department of Computer Science and Engineering and College of Information Sciences and Technology at The Pennsylvania State University (PSU)
2: University of Central Florida, USA

  • Caching Techniques for Security Metadata in Integrity-Protected Fabric-Attached Memories

    Appears in:
    sesa 18: e1

    Authors:
    Mazen Alwadi, Amro Awad

    Published:
    11th Aug 2020

    Abstract:
    The constant need for larger memories and the diversity of workloads have driving the system vendors away from the conventional processor-centric architecture into a memory-centric architecture. Memorycentric architecture, allows multiple computing nodes to connect to a huge shared memory pool and…The constant need for larger memories and the diversity of workloads have driving the system vendors
    away from the conventional processor-centric architecture into a memory-centric architecture. Memorycentric architecture, allows multiple computing nodes to connect to a huge shared memory pool and
    access it directly. To improve the performance, each node uses a small local memory to cache the data.
    These architectures introduces several problems when memory encryption and integrity verification are
    implemented. For instance, using a single integrity tree to protect both memories can introduce unnecessary
    overheads. Therefore, we propose Split-Tree, which implements two separate integrity tree for each memory.
    Later, we analyze the system performance, and the security metadata caches behavior when separate trees
    are used. We use the gathered insights to improve the security metadata caching for the separate trees and
    ultimately improve the system performance.
     more »

  • Self-Controllable Super-Resolution Deep Learning Framework for Surveillance Drones in Security Applications

    Appears in:
    sesa 20(23): e5

    Authors:
    Soohyun Park, Yeongeun Kang, Jeman Park, Joongheon Kim

    Published:
    30th Jun 2020

    Abstract:
    This paper proposes a self-controllable super-resolution adaptation algorithm in drone platforms. The drone platforms are generally used for surveillance in target network areas. Thus, super-resolution algorithms which are for enhancing surveillance video quality are essential. In surveillance dr…This paper proposes a self-controllable super-resolution adaptation algorithm in drone platforms. The drone
    platforms are generally used for surveillance in target network areas. Thus, super-resolution algorithms which
    are for enhancing surveillance video quality are essential. In surveillance drone platforms, generating video
    streams obtained by CCTV cameras is not static, because the cameras record the video when abnormal objects
    are detected. The generation of streams is not predictable, therefore, this unpredictable situation can be
    harmful to reliable surveillance monitoring. To handle this problem, the proposed algorithm designs superresolution adaptation. With the proposed algorithm, the shallow model which is fast and low-performance
    will be used if the stream queue is near overflow. On the other hand, the deep model which is highperformance and slow will be used if the queue is idle to improve the performance of super-resolution.
     more »

  • Vul-Mirror: A Few-Shot Learning Method for Discovering Vulnerable Code Clone

    Appears in:
    sesa 20(23): e4

    Authors:
    Yuan He, Wenjie Wang, Hongyu Sun, Yuqing Zhang

    Published:
    10th Jun 2020

    Abstract:
    It is quite common for reusing code in soft development, which may lead to the wide spread of the vulnerability, so automatic detection of vulnerable code clone is becoming more and more important. However, the existing solutions either cannot automatically extract the characteristics of the vuln…It is quite common for reusing code in soft development, which may lead to the wide spread of the vulnerability, so
    automatic detection of vulnerable code clone is becoming more and more important. However, the existing solutions either
    cannot automatically extract the characteristics of the vulnerable codes or cannot select different algorithms according to
    different codes, which results in low detection accuracy. In this paper, we consider the identification of vulnerable code
    clone as a code recognition task and propose a method named Vul-Mirror based on a few-shot learning model for
    discovering clone vulnerable codes. It can not only automatically extract features of vulnerabilities, but also use the
    network to measure similarity. The results of experiments on open-source projects of five operating systems show that the
    accuracy of Vul-Mirror is 95.7%, and its performance is better than the state-of-the-art methods.
     more »

  • Editorial

    Appears in:
    sesa 20(22): e1

    Authors:
    David Mohaisen, Sencun Zhu

    Published:
    18th May 2020

    Abstract:
    more »

  • Minor Privacy Protection by Real-time Children Identification and Face Scrambling at the Edge

    Appears in:
    sesa 20(23): e3

    Authors:
    Alem Fitwi, Meng Yuan, Seyed Yahya Nikouei, Yu Chen

    Published:
    14th May 2020

    Abstract:
    The collection of personal information about individuals, including the minor members of a family, by closed circuit television (CCTV) cameras creates a lot of privacy concerns. Revealing children’s identifications or activities may compromise their well-being. In this paper, we propose a novel Mino…The collection of personal information about individuals, including the minor members of a family, by closed circuit television (CCTV) cameras creates a lot of privacy concerns. Revealing children’s identifications or activities may compromise their well-being. In this paper, we propose a novel Minor Privacy protection solution using Real-time video processing at the Edge (MiPRE). It is refined to be feasible and accurate to identify minors and apply appropriate privacy-preserving measures accordingly. State of the art deep learning architectures are modified and repurposed to maximize the accuracy of MiPRE. A pipeline extracts face from the input frames and identify minors. Then, a lightweight algorithm scrambles the faces of the minors to anonymize them. Over 20,000 labeled sample points collected from open sources are used for classification. The quantitative experimental results show the superiority of MiPRE with an accuracy of 92.1% with near real-time performance.
     more »

  • Identify Vulnerability Fix Commits Automatically Using Hierarchical Attention Network

    Appears in:
    sesa 20(23): e2

    Authors:
    Mingxin Sun, Wenjie Wang, Hantao Feng, Hongu Sun, Yuqing Zhang

    Published:
    12th May 2020

    Abstract:
    The application of machine learning and deep learning in the field of vulnerability detection is a hot topic in security research, but currently it faces the problem of lack of dataset. Considering vulnerable code can be obtained from vulnerability fix commits, we propose an automatic vulnerability c…The application of machine learning and deep learning in the field of vulnerability detection is a hot topic in security research, but currently it faces the problem of lack of dataset. Considering vulnerable code can be obtained from vulnerability fix commits, we propose an automatic vulnerability commit identification tool based on hierarchical attention network (HAN) to expand existing vulnerability dataset. HAN can model the input data at the word and sentence levels respectively and pay attention to the changes in the characteristics of different words in different categories, which improves the classification performance. Experimental results show that the accuracy and F1 of our model both achieve 92%. Through the vulnerability fix commit, researchers can quickly locate the vulnerable code. And extracting vulnerable code from open-source software can effectively expand the current dataset due to the enormous number of open-source software.
     more »

  • Measuring the Cost of Software Vulnerabilities

    Appears in:
    sesa 20(23): e1

    Authors:
    Afsah Anwar, Aminollah Khormali, Jinchun Choi, Hisham Alasmary, Sung J. Choi, Saeed Salem, DaeHun Nyang, David Mohaisen

    Published:
    12th May 2020

    Abstract:
    Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation …Enterprises are increasingly considering security as an added cost, making it necessary for those enterprises to see a tangible incentive in adopting security measures. Despite data breach laws, prior studies have suggested that only 4% of reported data breach incidents have resulted in litigation in federal courts, showing the limited legal ramifications of security breaches and vulnerabilities. In this paper, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability and to estimate vulnerability disclosure dates as a baseline for estimating the implication of software vulnerabilities. We further build a model for stock price prediction using the nonlinear autoregressive neural network with exogenous factors (NARX) Neural Network model to estimate the effect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better prediction performance. Our analysis also shows that the effect of vulnerabilities on vendors varies, and greatly depends on the specific software industry. Whereas some industries are shown statistically to be affected negatively by the release of software vulnerabilities, even when those vulnerabilities are not broadly covered by the media, some others were not affected at all.
     more »

  • CPAR: Cloud-Assisted Privacy-preserving Image Annotation with Randomized k-d Forest

    Appears in:
    sesa 20(22): e5

    Authors:
    Yifan Tian, Jiawei Yuan, Yantian Hou

    Published:
    21st Apr 2020

    Abstract:
    With the explosive growth in the number of pictures taken by smartphones, organizing and searching pictures has become important tasks. To efficiently fulfill these tasks, the key enabler is annotating images with proper keywords, with which keyword-based searching and organizing become available…With the explosive growth in the number of pictures taken by smartphones, organizing and searching
    pictures has become important tasks. To efficiently fulfill these tasks, the key enabler is annotating images
    with proper keywords, with which keyword-based searching and organizing become available for images.
    Currently, smartphones usually synchronize photo albums with cloud storage platforms, and have their
    images annotated with the help of cloud computing. However, the “offloading-to-cloud” solution may cause
    privacy breach, since photos from smart photos contain various sensitive information. For privacy protection,
    existing research made effort to support cloud-based image annotation on encrypted images by utilizing
    cryptographic primitives. Nevertheless, for each annotation, it requires the cloud to perform linear checking
    on the large-scale encrypted dataset with high computational cost.
    This paper proposes a cloud-assisted privacy-preserving image annotation with randomized k-d forest, namely
    CPAR. With CPAR, users are able to automatically assign keywords to their images by leveraging the power
    of cloud with privacy protected. CPAR proposes a novel privacy-preserving randomized k-d forest structure,
    which significantly improves the annotation performance compared with existing research. Thorough analysis
    is carried out to demonstrate the security of CPAR. Experimental evaluation on the well-known IAPR TC-12
    dataset validates the efficiency and effectiveness of CPAR.
     more »

  • Development of a Multifactor-Security-Protocol System Using Ambient Noise Synthesis

    Appears in:
    sesa 20(22): e4

    Authors:
    Agbotiname Lucky Imoize, Boluwatife Samuel Ben-Adeola, John Adetunji Adebisi

    Published:
    15th Apr 2020

    Abstract:
    The escalating cases of security threats on the global scene, especially in the cyberspace, demands urgent need to deploy sophisticated measures to mitigate these calamitous threats. To this end, various lock mechanisms have been developed and deployed to prevent access to control systems from po…The escalating cases of security threats on the global scene, especially in the cyberspace, demands urgent need to deploy
    sophisticated measures to mitigate these calamitous threats. To this end, various lock mechanisms have been developed
    and deployed to prevent access to control systems from potential intruders. This paper provides a solution to this pervasive
    problem, addressing concerns on the physical and virtual components of an access control system. A locally generated
    One-Time-Passkeys (OTPs) was created, leveraging ambient noise as entropy input. The system was deployed on an
    Arduino microcontroller embedded in a safe-cabinet secured with a 12V solenoid lock. The design was implemented and
    tested against standard metrics. Results achieved include algorithmic optimizations of existing local OTP protocol
    implementations, and the realization of a safe lock module, which interfaces with a mobile application developed on
    Android over a secured Bluetooth connection.
     more »

  • Manipulating Users’ Trust on Amazon Echo: Compromising Smart Home from Outside

    Appears in:
    sesa 20(22): e3

    Authors:
    Yuxuan Chen, Xuejing Yuan, Aohui Wang, Kai Chen, Shengzhi Zhang, Heqing Huang

    Published:
    7th Apr 2020

    Abstract:
    Nowadays, voice control becomes a popular application that allows people to communicate with their devices more conveniently. Amazon Echo, designed around Alexa, is capable of controlling devices, e.g., smart lights, etc. Moreover, with the help of IFTTT (if-this-then-that) service, Amazon Echo’s …Nowadays, voice control becomes a popular application that allows people to communicate with their devices
    more conveniently. Amazon Echo, designed around Alexa, is capable of controlling devices, e.g., smart lights, etc. Moreover, with the help of IFTTT (if-this-then-that) service, Amazon Echo’s skill set gets improved significantly. However, people who are enjoying these conveniences may not take security into account. Hence, it becomes important to carefully scrutinize the Echo’s voice control attack surface and the corresponding impacts. In this paper, we proposed MUTAE (Manipulating Users’ Trust on Amazon Echo) attack to remotely compromise Echo’s voice control interface. We also conducted security analysis and performed taxonomy based on different consequences considering the level of trust that users have placed on Echo. Finally, we also proposed mitigation techniques that protect Echo from MUTAE attack.
     more »

  • Controlled BTG: Toward Flexible Emergency Override in Interoperable Medical Systems

    Appears in:
    sesa 20(22): e2

    Authors:
    Qais Tasali, Christine Sublett, Eugene Y. Vasserman

    Published:
    19th Feb 2020

    Abstract:
    INTRODUCTION: In medical cyber-physical systems (mCPS), availability must be prioritized over other security properties, making it challenging to craft least-privilege authorization policies which preserve patient safety and confidentiality even during emergency situations. For example, unauthori…INTRODUCTION: In medical cyber-physical systems (mCPS), availability must be prioritized over other
    security properties, making it challenging to craft least-privilege authorization policies which preserve patient
    safety and confidentiality even during emergency situations. For example, unauthorized access to device(s)
    connected to a patient or an app controlling these devices could result in patient harm. Previous work has
    suggested a virtual version of “Break the Glass” (BTG), an analogy to breaking a physical barrier to access
    a protected emergency resource such as a fire extinguisher or “crash cart”. In healthcare, BTG is used to
    override access controls and allow for unrestricted access to resources, e.g. Electronic Health Records. After a
    “BTG event” completes, the actions of all concerned parties are audited to validate the reasons and legitimacy
    for the override.

    OBJECTIVES: Medical BTG has largely been treated as an all-or-nothing scenario: either a means to obtain
    unrestricted access is provided, or BTG is not supported. We show how to handle BTG natively within the
    ABAC model, maintaining full compatibility with existing access control frameworks, putting BTG in the
    policy domain rather than requiring framework modifications. This approach also makes BTG more flexible,
    allowing for fine-grained facility-specific policies, and even automates auditing in many situations, while
    maintaining the principle of least-privilege.

    METHODS: We do this by constructing a BTG “meta-policy” which works with existing access control policies
    by explicitly allowing override when requested.

    RESULTS: We present a sample BTG policy and formally verify that the resulting combined set of access
    control policies correctly satisfies the goals of the original policy set and allows expanded access during a BTG
    event. We show how to use the same verification methods to check new policies, easing the process of crafting
    least-privilege policies.
     more »

  • A Deep Learning Approach for Network Intrusion Detection System

    Appears in:
    sesa 16(9): e2

    Authors:
    Ahmad Javaid, Quamar Niyaz, Weiqing Sun, Mansoor Alam

    Downloads:
    7611

    Abstract:
    A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in their organizations. However, many challenges arise while developing a flexible and efficient NIDS for unforeseen and unpredictable attacks. We propose a deep learning based approach for…A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in
    their organizations. However, many challenges arise while
    developing a flexible and efficient NIDS for unforeseen and unpredictable attacks. We propose a deep learning based approach for developing such an efficient and flexible NIDS.
    We use Self-taught Learning (STL), a deep learning based technique, on NSL-KDD - a benchmark dataset for network
    intrusion. We present the performance of our approach and compare it with a few previous work. Compared metrics include accuracy, precision, recall, and f-measure values.
     more »

  • Mouse Underlaying: Global Key and Mouse Listener Based on an Almost Invisible Window with Local Listeners and Sophisticated Focus

    Appears in:
    sesa 18(15): e5

    Author:
    Tim Niklas Witte

    Downloads:
    5212

    Abstract:
    Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim’s machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection tech…Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim’s machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection techniques against keyloggers become increasingly better. This article presents the method of Mouse Underlaying for creating a new kind of software based keyloggers. This method is implemented in Java for testing countermeasures concerning keylogger protection, virtual keyboard, signatures and behavior detection by anti-virus programs. Products of various manufacturers are used for demonstration purposes. All of them failed without an exception. In addition, the reasons why these products failed are analyzed, and moreover, measures against Mouse Underlaying are developed based on the demonstration results.
     more »

  • Threats, Countermeasures and Attribution of Cyber Attacks on Critical Infrastructures

    Appears in:
    sesa 18(16): e1

    Authors:
    Leandros Maglaras, Mohamed Amine Ferrag, Abdelouahid Derhab, Mithun Mukherjee, Helge Janicke, Stylianos Rallis

    Downloads:
    3412

    Abstract:
    As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threat…As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threats to critical infrastructures along with protective measures that one nation can take, and which are classified according to legal, technical, organizational, capacity building, and cooperation aspects. Finally we provide an overview of current methods and practices regarding cyber attribution and cyber peace keeping.
     more »

  • Reviewing the book “Principles of Cyber-physical Systems” from a security perspective

    Appears in:
    sesa 15(4): e6

    Authors:
    Minghui Zhu, Peng Liu

    Downloads:
    1580

    Abstract:
    This is a review of the book “Principles of Cyber-physical Systems” authored by Rajeev Alur and published by the MIT Press at 2015.This is a review of the book “Principles of Cyber-physical Systems” authored by Rajeev Alur and published by the MIT Press at 2015.
     more »

  • Evaluation of Cryptography Usage in Android Applications

    Appears in:
    sesa 16(9): e4

    Authors:
    Alexia Chatzikonstantinou, Christoforos Ntantogian, Georgios Karopoulos, Christos Xenakis

    Downloads:
    1321

    Abstract:
    Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we d…Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8% of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis.
     more »

  • A V2X Message Evaluation Methodology and Cross-Domain Modelling of Safety Applications in V2X-enabled E/E-Architectures

    Appears in:
    sesa 16(8): e1

    Authors:
    Harald Bucher, Marius-Florin Buciuman, Alexander Klimm, Oliver Sander, Jürgen Becker

    Downloads:
    1316

    Abstract:
    The introduction of Vehicular Ad-Hoc Networks (VANETs) enables great potential for improving road traffic flow and especially active safety applications such as cooperative adaptive cruise control (CACC). Such applications not only rely on continuous broadcast of vehicle state information (beacons)…The introduction of Vehicular Ad-Hoc Networks (VANETs) enables great potential for improving road traffic flow and especially active safety applications such as cooperative adaptive cruise control (CACC). Such applications not only rely on continuous broadcast of vehicle state information (beacons) of all vehicles, but also have strict real-time requirements. Regarding automotive E/E architectures this continuous broadcasting adds heavy internal E/E data traffic that needs to be processed in real-time by Electronic Control Units (ECUs).
    In this work we address this issue by proposing a novel cluster-based message evaluation methodology to significantly reduce internal E/E network traffic by discarding irrelevant messages. The approach is only depending on information received over beacons. It combines a vehicle clustering strategy as well as network and vehicle state monitoring capabilities in order to correctly evaluate messages under real-time constraints. The proposed methodology is modeled inside an abstract ECU. It is evaluated by simulating a model-based CACC application under different traffic scenarios. It is shown that a significant reduction of messages is achievable, while still guaranteeing accident-free behavior of CACC.
     more »

  • A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN)

    Appears in:
    sesa 17(12): e2

    Authors:
    Quamar Niyaz, Weiqing Sun, Ahmad Y. Javaid

    Downloads:
    1229

    Abstract:
    Distributed Denial of Service (DDoS) is one of the most prevalent attacks that an organizational network infrastructure comes across nowadays. Poor network management, low-priced Internet subscriptions, and readily available attack tools can be attributed to their rise. The recently emerged softwar…Distributed Denial of Service (DDoS) is one of the most prevalent attacks that an organizational network infrastructure comes across nowadays. Poor network management, low-priced Internet subscriptions, and readily available attack tools can be attributed to their rise. The recently emerged software-defined networking (SDN) and deep learning (DL) concepts promise to revolutionize their respective domains. SDN keeps the global view of the entire managed the network from a single point, i.e., the controller, thus making the network management easier. DL-based approaches improve feature extraction/reduction from a high-dimensional dataset such as network traffic headers. This work proposes a deep learning based multi-vector DDoS detection system in an SDN environment. The detection system is implemented as a network application on top of the SDN controller and can monitor the managed network traÿc. Performance evaluation is based on different metrics by applying the system on traÿc traces collected from different scenarios. A high accuracy with low false-positive rate is observed in attack detection for the proposed system.
     more »

  • WG-8: A Lightweight Stream Cipher for Resource-Constrained Smart Devices

    Appears in:
    sesa 15(3): e4

    Authors:
    Xinxin Fan, Kalikinkar Mandal, Guang Gong

    Downloads:
    1222

    Abstract:
    Lightweight cryptographic primitives are essential for securing pervasive embedded devices like RFID tags, smart cards, and wireless sensor nodes. In this paper, we present a lightweight stream cipher WG-8, which is tailored from the well-known Welch-Gong (WG) stream cipher family, for resource-c…Lightweight cryptographic primitives are essential for securing pervasive embedded devices like RFID tags,
    smart cards, and wireless sensor nodes. In this paper, we present a lightweight stream cipher WG-8, which is
    tailored from the well-known Welch-Gong (WG) stream cipher family, for resource-constrained devices. WG-8
    inherits the good randomness and cryptographic properties of the WG stream cipher family and is resistant to
    the most common attacks against stream ciphers. The software implementations of the WG-8 stream cipher on
    two popular low-power microcontrollers as well as the extensive comparison with other lightweight cryptography
    implementations highlight that in the context of securing lightweight embedded applications WG-8 has favorable
    performance and low energy consumption.
     more »

  • Threat Modeling for Cloud Infrastructures

    Appears in:
    sesa 18(17): e5

    Authors:
    Nawaf Alhebaishi, Lingyu Wang, Anoop Singhal

    Downloads:
    1187

    Abstract:
    Today’s businesses are increasingly relying on the cloud as an alternative IT solution due to its flexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastruc…Today’s businesses are increasingly relying on the cloud as an alternative IT solution due to its flexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastructures is naturally more challenging than in traditional networks. This is evidenced by the fact that there are limited efforts on threat modeling for cloud infrastructures. In this paper, we conduct comprehensive threat modeling exercises based on two representative cloud infrastructures using several popular threat modeling methods, including attack surface, attack trees, attack graphs, and security metrics based on attack trees and attack graphs, respectively. Those threat modeling efforts may provide cloud providers useful lessons toward better understanding and improving the security of their cloud infrastructures. In addition, we show how hardening solution can be applied based on the threat models and security metrics through extended exercises. Such results may not only benefit the cloud provider but also embed more confidence in cloud tenants by providing them a clearer picture of the potential threats and mitigation solutions.
     more »

  • ITFComp: A Compression Algorithm for ARM Architecture Instruction Trace Files

    Appears in:
    sesa 16(8): e2

    Authors:
    Mohammad Qasem, Lukas Pustina

    Downloads:
    1164

    Abstract:
    Testing the performance of a new computational component is costly due to the need of prototyping different setups. Therefore, trace driven hardware simulations are used. Instruction Trace Files (ITFs) are files containing traces of executed instructions in a program's run and are used as an input …Testing the performance of a new computational component is costly due to the need of prototyping different setups. Therefore, trace driven hardware simulations are used. Instruction Trace Files (ITFs) are files containing traces of executed instructions in a program's run and are used as an input for hardware simulations. ITFs tend to be large in size, causing a storage challenge. Many trace reduction techniques exist to deal with the ITFs' storage challenge. In this paper we introduce ITFComp, a compression algorithm that combines general purpose compression methods with knowledge about ARM architecture ITFs' structure to reduce their size. ITFComp also works on compressing data memory addresses accessed by instructions within ITFs to further reduce an ITF size. Results show a reduction of 600 times on average when combined with LZMA compression algorithm. This reduction is 4 times better than when using LZMA alone, and 10 times better than when using DEFLATE. ITFComp introduces a negligible overhead in the decompression time (less than 1%).
     more »
Publisher
EAI
ISSN
2032-9393
Number of Volumes
7
Last Published
2020-06-30