ISSN: 2032-9393
Downloads: 54547
Submit Article
Submission Instructions
Open Access Information
Ethics and Malpractice Statement
Most Recent Issue
2019
Issue 21Issue 20Issue 19
2018
Issue 18Issue 17Issue 16Issue 15
2017
Issue 14Issue 13Issue 12Issue 11
2016
Issue 10Issue 9Issue 8Issue 7
2015
Issue 6Issue 5Issue 4Issue 3
2011
Issue 2Issue 1

EAI Endorsed Transactions on Security and Safety

EAI Endorsed Transactions on Security and Safety is an open access, peer-reviewed scholarly journal focused on security and safety of network and service infrastructures. The journal publishes research articles, review articles and editorials with a quarterly frequency. Authors are not charged for article submission and processing.

Editor(s)-in-Chief: Sencun Zhu and Aziz Mohaisen

Growing threats and increasingly also failures due to complexity may compromise the security and resilience of network and service infrastructures. Applications and services require security of data handling and we need new security architectures and scalable and interoperable security policies for this. There is a need to guarantee end-to-end security in data communications and storage, including identity management and authentication.

Moreover, we need technology to enable network security monitoring and tracing and to assess the trustworthiness of infrastructures and services. It must ensure the protection of personal data and privacy and to properly assign liability and risks, together with the appropriate governance models needed to do so. Furthermore this is applied to the settings of Public Safety in general.

  • Blockchain and Applications
  • Cyber Threat Intelligence
  • Network Intrusion Detection and Prevention, Firewalls, Packet Filters
  • Malware Analysis and Detection including Advanced Persistent Threats (APTs)
  • Web and Systems Security
  • Distributed Denial of Service Attacks and Defenses
  • Communication Privacy and Anonymity
  • Circumvention and Anti-Censorship Technologies
  • Cyber Forensics and Anti-Forensics
  • Vulnerabilities Identification and Exploitation Authentication Systems: Public Key Infrastructures, Key Management, Credential Management
  • Secure Routing, Naming/Addressing, Network Management
  • Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
  • Security & Privacy in Peer-to-Peer and Overlay Networks
  • Security & Privacy for Emerging Technologies: VoIP, Internet-of-Things, Social Networks
  • Security & Isolation in Cloud, Data Center and Software-Defined Networks
  • Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
  • Security & Privacy in Internet of Things (IoT) and Industrial IoT (IIoT)

  • Security & Privacy in Cyber Physical Systems (CPS)

Call for Papers: Special issue on: Security and Privacy Issues for the Artificial Intelligence Era (Manuscript submission deadline: 2020-03-20; Notification of acceptance: 2020-04-20; Submission of final revised paper: 2020-05-22; Publication of special issue (tentative): 2020-06-12)

Guest editors: Ximeng Liu (Fuzhou University, China)

Guest editors: Kim-Kwang Raymond Choo (The University of Texas at San Antonio, USA)

Guest editors: Yinbin Miao (City University of Hong Kong, China)

Guest editors: Yang Yang (Singapore Management University, Singapore)

  • Yao Liu (University of South Florida, USA)
  • Kai Zeng (George Mason University, USA)
  • Rui Zhang (University of Delaware, USA)
  • Linhai Song (Penn State University, USA)
  • Zhiguo Wan (Shangdong University, China)
  • Issa Khalil (Qatar Computing Research Institute, Qatar)
  • George Kesidis (Penn State University, USA)
  • Amro Awad (University of Central Florida, USA)
  • Eric Chan-Tin (Loyola University Chicago, USA)
  • Karim Elish (Florida Polytechnic University, USA)
  • Joongheon Kim (Korea University, Korea)
  • Eugene Vasserman (Kansas State University, USA)
  • An Wang (Case Western Reserve University, USA)
  • Jiawei Yuan (Embry-Riddle Aeronautical University, USA)
  • Mohammad Ashiqur Rahman (Florida International University, USA)
  • Sachin Shetty (Old Dominion University, USA)
  • Jeffrey Spaulding (Niagara University, USA)
  • Zhongshu Gu (IBM, USA)
  • Shujun Li (University of Kent, UK)
  • Heng Zhang (Western Sydney University, Australia)
  • Kaiqi Xiong (University of South Florida, USA)

  • Mohamed Amine Ferrag (Guelma University, Algeria)

Sencun Zhu1

Dr. Sencun Zhu is an associate professor of Department of Computer Science and Engineering at The Pennsylvania State University (PSU). He received the B.S. degree in precision instruments from Tsinghua University, , the M.S. degree in signal processing from the University of Science and Technology of China, Graduate School at Beijing, and the Ph.D. degree in information technology from George Mason University in 1996, 1999, and 2004, respectively. His research interests include wireless and mobile security, software and network security, fraud detection, and user online safety and privacy. . More details of his research can be found in http://www.cse.psu.edu/~sxz16/.

Aziz Mohaisen2

University of Central Florida, USA


1: Department of Computer Science and Engineering and College of Information Sciences and Technology at The Pennsylvania State University (PSU)
2: University of Central Florida, USA

  • Controlled BTG: Toward Flexible Emergency Override in Interoperable Medical Systems

    Appears in:
    sesa 18: e1

    Authors:
    Qais Tasali, Christine Sublett, Eugene Y. Vasserman

    Published:
    19th Feb 2020

    Abstract:
    INTRODUCTION: In medical cyber-physical systems (mCPS), availability must be prioritized over other security properties, making it challenging to craft least-privilege authorization policies which preserve patient safety and confidentiality even during emergency situations. For example, unauthori…INTRODUCTION: In medical cyber-physical systems (mCPS), availability must be prioritized over other
    security properties, making it challenging to craft least-privilege authorization policies which preserve patient
    safety and confidentiality even during emergency situations. For example, unauthorized access to device(s)
    connected to a patient or an app controlling these devices could result in patient harm. Previous work has
    suggested a virtual version of “Break the Glass” (BTG), an analogy to breaking a physical barrier to access
    a protected emergency resource such as a fire extinguisher or “crash cart”. In healthcare, BTG is used to
    override access controls and allow for unrestricted access to resources, e.g. Electronic Health Records. After a
    “BTG event” completes, the actions of all concerned parties are audited to validate the reasons and legitimacy
    for the override.

    OBJECTIVES: Medical BTG has largely been treated as an all-or-nothing scenario: either a means to obtain
    unrestricted access is provided, or BTG is not supported. We show how to handle BTG natively within the
    ABAC model, maintaining full compatibility with existing access control frameworks, putting BTG in the
    policy domain rather than requiring framework modifications. This approach also makes BTG more flexible,
    allowing for fine-grained facility-specific policies, and even automates auditing in many situations, while
    maintaining the principle of least-privilege.

    METHODS: We do this by constructing a BTG “meta-policy” which works with existing access control policies
    by explicitly allowing override when requested.

    RESULTS: We present a sample BTG policy and formally verify that the resulting combined set of access
    control policies correctly satisfies the goals of the original policy set and allows expanded access during a BTG
    event. We show how to use the same verification methods to check new policies, easing the process of crafting
    least-privilege policies.
     more »

  • Security of HPC Systems: From a Log-analyzing Perspective

    Appears in:
    sesa 19(21): e5

    Authors:
    Zhengping Luo, Zhe Qu, Tung Thanh Nguyen, Hui Zeng, Zhuo Lu

    Published:
    1st Aug 2019

    Abstract:
    High Performance Computing (HPC) systems mainly focused on how to improve performances of the computing. It has competitive processing capacity both in terms of calculation speed and available memory. HPC infrastructures are valuable computing resources that need to be carefully guarded and avoid…High Performance Computing (HPC) systems mainly focused on how to improve performances of the
    computing. It has competitive processing capacity both in terms of calculation speed and available memory.
    HPC infrastructures are valuable computing resources that need to be carefully guarded and avoid being
    maliciously used. Thus, vulnerabilities are quintessential issues in HPC systems due to most of jobs and
    resources run or stored usually are sensitive and high-profit information. In this survey, we comprehensively
    review securities of HPC systems from a log-analyzing perspective, including well-known attacks and widely
    used defenses, especially intruder detection methods. We found that log files are used for the security purposes
    much less than what we expected. How to use all the available log files comprehensively and employ state-ofthe-art intrusion techniques to improve the robustness of HPC systems still lies for future research.
     more »

  • Do Metadata-based Deleted-File-Recovery (DFR) Tools Meet NIST Guidelines?

    Appears in:
    sesa 19(21): e4

    Authors:
    Andrew Meyer, Sankardas Roy

    Published:
    1st Aug 2019

    Abstract:
    Digital forensics (DF) tools are used for post-mortem investigation of cyber-crimes. CFTT (Computer Forensics Tool Testing) Program at National Institute of Standards and Technology (NIST) has defined expectations for a DF tool’s behavior. Understanding these expectations and how DF tools work is…Digital forensics (DF) tools are used for post-mortem investigation of cyber-crimes. CFTT (Computer Forensics
    Tool Testing) Program at National Institute of Standards and Technology (NIST) has defined expectations for a
    DF tool’s behavior. Understanding these expectations and how DF tools work is critical for ensuring integrity
    of the forensic analysis results. In this paper, we consider standardization of one class of DF tools which are
    for Deleted File Recovery (DFR). We design a list of canonical test file system images to evaluate a DFR tool.
    Via extensive experiments we find that many popular DFR tools do not satisfy some of the standards, and we
    compile a comparative analysis of these tools, which could help the user choose the right tool. Furthermore,
    one of our research questions identifies the factors which make a DFR tool fail. Moreover, we also provide
    critique on applicability of the standards. Our findings is likely to trigger more research on compliance of
    standards from the researcher community as well as the practitioners.
     more »

  • Applying Machine Learning Techniques to Understand User Behaviors When Phishing Attacks Occur

    Appears in:
    sesa 19(21): e3

    Authors:
    Yi Li, Kaiqi Xiong, Xiangyang Li

    Published:
    1st Aug 2019

    Abstract:
    Emails have been widely used in our daily life. It is important to understand user behaviors regarding email security situation assessments. However, there are very challenging and limited studies on email user behaviors. To study user security-related behaviors, we design and investigate an emai…Emails have been widely used in our daily life. It is important to understand user behaviors regarding
    email security situation assessments. However, there are very challenging and limited studies on email user
    behaviors. To study user security-related behaviors, we design and investigate an email test platform to
    understand how users behave differently when they read emails, some of which are phishing. Specifically,
    we conduct two experimental studies, where participants take part in our experiments on site in a lab
    contained environment and online through Amazon Mechanical Turk that are referred to on-site study and
    online study, respectively. In the two experimental studies, we design questionnaires for the two studies and
    use a set of emails including phishing emails from the real world with some necessary modifications for
    personal information protection. Furthermore, we develop necessary software tools to collect experimental
    data include participants’ basic background information, time measurement, mouse movement, and their
    answers to survey questions. Based on the collected data, we investigate what factors, such as intervention,
    phishing types, and an incentive mechanism, play a key role in user behaviors when phishing attacks occur.
    The difficulty of such investigation is due to the qualitative analysis of user behaviors and the limited number
    of data in the on-site study. For these reasons, we develop an approach to quantify user behavior metrics
    and reduce the number of user attributes by evaluating the significance of each attribute and analyzing
    the correlation of attributes. Moreover, we propose a machine learning framework, which contains attribute
    reduction, to find a critical point that classifies the performance of a participant into either ‘good’ or ‘bad’
    through 10-fold cross-validation with randomly selected attributes cross-validation models. The proposed
    machine learning model can be used to predict the performance of a user based on the user profile. Our data
    analysis shows that intervention and an incentive mechanism play a significant role while phishing type I is
    more harmful to users compared to the other two types. The findings of this research can be used to help a
    user identify a phishing attack and prevent the user from being a victim of such an attack.
     more »

  • Attacker Capability based Dynamic Deception Model for Large-Scale Networks

    Appears in:
    sesa 19(21): e2

    Authors:
    Md Ali Reza Al Amin, Sachin Shetty, Laurent Njilla, Deepak K. Tosh, Charles Kamouha

    Published:
    1st Aug 2019

    Abstract:
    In modern days, cyber networks need continuous monitoring to keep the network secure and available to legitimate users. Cyber attackers use reconnaissance mission to collect critical network information and using that information, they make an advanced level cyber-attack plan. To thwart the recon…In modern days, cyber networks need continuous monitoring to keep the network secure and available to legitimate users.
    Cyber attackers use reconnaissance mission to collect critical network information and using that information, they make an
    advanced level cyber-attack plan. To thwart the reconnaissance mission and counterattack plan, the cyber defender needs to
    come up with a state-of-the-art cyber defense strategy. In this paper, we model a dynamic deception system (DDS) which
    will not only thwart reconnaissance mission but also steer the attacker towards fake network to achieve a fake goal state. In
    our model, we also capture the attacker’s capability using a belief matrix which is a joint probability distribution over the
    security states and attacker types. Experiments conducted on the prototype implementation of our DDS confirm that the
    defender can make the decision whether to spend more resources or save resources based on attacker types and thwart
    reconnaissance mission.
     more »

  • Human-Generated and Machine-Generated Ratings of Password Strength: What Do Users Trust More?

    Appears in:
    sesa 19(21): e1

    Authors:
    Saeed Ibrahim Alqahtani, Shujun Li, Haiyue Yuan, Patrice Rusconi

    Published:
    1st Aug 2019

    Abstract:
    Proactive password checkers have been widely used to persuade users to select stronger passwords by providing machine-generated strength ratings of passwords. If such ratings do not match human-generated ratings of human users, there can be a loss of trust in PPCs. In order to study the effective…Proactive password checkers have been widely used to persuade users to select stronger passwords by
    providing machine-generated strength ratings of passwords. If such ratings do not match human-generated
    ratings of human users, there can be a loss of trust in PPCs. In order to study the effectiveness of PPCs, it
    would be useful to investigate how human users perceive such machine- and human-generated ratings in
    terms of their trust, which has been rarely studied in the literature. To fill this gap, we report a large-scale
    crowdsourcing study with over 1,000 workers. The participants were asked to choose which of the two ratings
    they trusted more. The passwords were selected based on a survey of over 100 human password experts. The
    results revealed that participants exhibited four distinct behavioral patterns when the passwords were hidden,
    and many changed their behaviors significantly after the passwords were disclosed, suggesting their reported
    trust was influenced by their own judgments.
     more »

  • Octopus ORAM: An Oblivious RAM with Communication and Server Storage Efficiency

    Appears in:
    sesa 19(20): e5

    Authors:
    Qiumao Ma, Wensheng Zhang

    Published:
    29th Apr 2019

    Abstract:
    Most of existing ORAM constructions have communication efficiency as the major optimization priority; the server storage efficiency, however, has not received much attention. Motivated by the observation that, the server storage efficiency is as important as communication efficiency when the storag…Most of existing ORAM constructions have communication efficiency as the major optimization priority; the server storage efficiency, however, has not received much attention. Motivated by the observation that, the server storage efficiency is as important as communication efficiency when the storage capacity is very large and/or the outsourced data are not frequently accessed, we propose in this paper a new ORAM
    construction called Octopus ORAM. Through extensive security analysis and performance comparison, we
    demonstrate that, Octopus ORAM is secure; also, it significantly improves the server storage efficiency,
    achieves a comparable level of communication efficiency as state-of-the-art ORAM constructions, at the cost of increased client-side storage, and the increased client-side storage should be affordable to the clients who adopt local facilities such as cloud storage gateways.
     more »

  • AMASS: Automated Software Mass Customization via Feature Identification and Tailoring

    Appears in:
    sesa 19(20): e4

    Authors:
    Hongfa Xue, Yurong Chen, Guru Venkataramani, Tian Lan

    Published:
    29th Apr 2019

    Abstract:
    The rapid inflation of software features brings inefficiency and vulnerabilities into programs, resulting in an increased attack surface with a higher possibility of exploitation. In this paper, we propose a novel framework for automated software mass customization (AMASS), which automatically iden…The rapid inflation of software features brings inefficiency and vulnerabilities into programs, resulting in an increased attack surface with a higher possibility of exploitation. In this paper, we propose a novel framework for automated software mass customization (AMASS), which automatically identifies program features from binaries, tailors and eliminates the features to create customized program binaries in accordance with user needs, in a fully unsupervised fashion. It enables us to modularize program features and efficiently create customized program binaries at large scale. Evaluation using real-world executables including OpenSSL and LibreOffice demonstrates that AMASS can create a wide range of customized binaries for diverse feature requirements, with an average 92.76% accuracy for feature/function identification and up to 67% reduction of program attack surface.
     more »

  • Confidential State Verification for the Delegated Cloud Jobs with Confidential Audit Log

    Appears in:
    sesa 19(20): e3

    Authors:
    Anyi Liu, Selena Haidar, Yuan Cheng, Yingjiu Li

    Published:
    29th Apr 2019

    Abstract:
    Cloud computing provides versatile solutions that allow users to delegate their jobs. An apparent limitation of most cloud audit services is that it is difficult for cloud users to tell the state of a delegated job. Although cloud users can provide a user-specified model, the model is susceptible t…Cloud computing provides versatile solutions that allow users to delegate their jobs. An apparent limitation of most cloud audit services is that it is difficult for cloud users to tell the state of a delegated job. Although cloud users can provide a user-specified model, the model is susceptible to various exploits. In this paper, we present VERDICT, a system that amplifies the capability of the existing cloud audit services and allows users to check the state of a cloud job through
    the confidential model and audit log. VERDICT extracts the model from an application and keeps it in the encrypted form. The encrypted model is partitioned and updated with homomorphic encryption cipher in multiple sandboxes. The state of a delegated job can be checked by cloud users at any time. We implement VERDICT and deploy it in the VMs and containers on popular cloud platforms. Our evaluation shows that VERDICT is capable of reporting the state
    of a cloud job at run time, keeping the model confidential, and detecting malicious operations.
     more »

  • Efficient, Effective, and Realistic Website Fingerprinting Mitigation

    Appears in:
    sesa 19(20): e2

    Authors:
    Weiqi Cui, Jiangmin Yu, Yanmin Gong, Eric Chan-Tin

    Published:
    29th Apr 2019

    Abstract:
    Website fingerprinting attacks have been shown to be able to predict the website visited even if the network connection is encrypted and anonymized. These attacks have achieved accuracies as high as 92%. Mitigations to these attacks are using cover/decoy network traffic to add noise, padding to en…Website fingerprinting attacks have been shown to be able to predict the website visited even if the network
    connection is encrypted and anonymized. These attacks have achieved accuracies as high as 92%. Mitigations to these attacks are using cover/decoy network traffic to add noise, padding to ensure all the network packets are the same size, and introducing network delays to confuse an adversary. Although these mitigations have been shown to be effective, reducing the accuracy to 10%, the overhead is high. The latency overhead is above 100% and the bandwidth overhead is at least 30%. We introduce a new realistic cover traffic algorithm, based on a user’s previous network traffic, to mitigate website fingerprinting attacks. In simulations, our algorithm
    reduces the accuracy of attacks to 14% with zero latency overhead and about 20% bandwidth overhead. In real-world experiments, our algorithms reduces the accuracy of attacks to 16% with only 20% bandwidth
    overhead.
     more »

  • Spill the Beans: Extrospection of Internet of Things by Exploiting Denial of Service

    Appears in:
    sesa 19(20): e1

    Authors:
    Vinay Sachidananda, Suhas Bhairav, Yuval Elovici

    Published:
    29th Apr 2019

    Abstract:
    Internet of Things (IoT) exposes various vulnerabilities at different levels. One such exploitable vulnerability is Denial of Service (DoS). In this work, we focus on a large-scale extensive study of various forms of DoS and how it can be exploited in different protocols of IoT. We propose an atta…Internet of Things (IoT) exposes various vulnerabilities at different levels. One such exploitable vulnerability
    is Denial of Service (DoS). In this work, we focus on a large-scale extensive study of various forms of DoS and how it can be exploited in different protocols of IoT. We propose an attack and defense framework called OWL which is tailored for IoT and that can perform various forms of DoS on IP, Bluetooth, and Zigbee devices. We consider various DoS vulnerabilities such as illegitimate packet injection, Bluetooth Low Energy (BLE) scanning attack, Zigbee frame counter-attack, etc., regarding IP, Bluetooth and Zigbee devices. To understand how resilient is IoT for DoS, we propose two new metrics to measure the Resilience and the Quality of Service (QoS) degradation in IoT. We have conducted large-scale experimentation with real IoT devices in our security IoT testbed. The experiments conducted are for DoS, Distributed Denial of Service (DDoS) by setting up Mirai and Permanent Denial of Service (PDoS) using BrickerBot on various IoT devices. We have also compared our framework with the existing state of the art tools.
     more »

  • A Deep Learning Approach for Network Intrusion Detection System

    Appears in:
    sesa 16(9): e2

    Authors:
    Ahmad Javaid, Quamar Niyaz, Weiqing Sun, Mansoor Alam

    Downloads:
    5958

    Abstract:
    A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in their organizations. However, many challenges arise while developing a flexible and efficient NIDS for unforeseen and unpredictable attacks. We propose a deep learning based approach for…A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in
    their organizations. However, many challenges arise while
    developing a flexible and efficient NIDS for unforeseen and unpredictable attacks. We propose a deep learning based approach for developing such an efficient and flexible NIDS.
    We use Self-taught Learning (STL), a deep learning based technique, on NSL-KDD - a benchmark dataset for network
    intrusion. We present the performance of our approach and compare it with a few previous work. Compared metrics include accuracy, precision, recall, and f-measure values.
     more »

  • Mouse Underlaying: Global Key and Mouse Listener Based on an Almost Invisible Window with Local Listeners and Sophisticated Focus

    Appears in:
    sesa 18(15): e5

    Author:
    Tim Niklas Witte

    Downloads:
    4973

    Abstract:
    Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim’s machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection tech…Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim’s machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection techniques against keyloggers become increasingly better. This article presents the method of Mouse Underlaying for creating a new kind of software based keyloggers. This method is implemented in Java for testing countermeasures concerning keylogger protection, virtual keyboard, signatures and behavior detection by anti-virus programs. Products of various manufacturers are used for demonstration purposes. All of them failed without an exception. In addition, the reasons why these products failed are analyzed, and moreover, measures against Mouse Underlaying are developed based on the demonstration results.
     more »

  • Threats, Countermeasures and Attribution of Cyber Attacks on Critical Infrastructures

    Appears in:
    sesa 18(16): e1

    Authors:
    Leandros Maglaras, Mohamed Amine Ferrag, Abdelouahid Derhab, Mithun Mukherjee, Helge Janicke, Stylianos Rallis

    Downloads:
    2853

    Abstract:
    As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threat…As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threats to critical infrastructures along with protective measures that one nation can take, and which are classified according to legal, technical, organizational, capacity building, and cooperation aspects. Finally we provide an overview of current methods and practices regarding cyber attribution and cyber peace keeping.
     more »

  • Reviewing the book “Principles of Cyber-physical Systems” from a security perspective

    Appears in:
    sesa 15(4): e6

    Authors:
    Minghui Zhu, Peng Liu

    Downloads:
    1357

    Abstract:
    This is a review of the book “Principles of Cyber-physical Systems” authored by Rajeev Alur and published by the MIT Press at 2015.This is a review of the book “Principles of Cyber-physical Systems” authored by Rajeev Alur and published by the MIT Press at 2015.
     more »

  • A V2X Message Evaluation Methodology and Cross-Domain Modelling of Safety Applications in V2X-enabled E/E-Architectures

    Appears in:
    sesa 16(8): e1

    Authors:
    Harald Bucher, Marius-Florin Buciuman, Alexander Klimm, Oliver Sander, Jürgen Becker

    Downloads:
    1202

    Abstract:
    The introduction of Vehicular Ad-Hoc Networks (VANETs) enables great potential for improving road traffic flow and especially active safety applications such as cooperative adaptive cruise control (CACC). Such applications not only rely on continuous broadcast of vehicle state information (beacons)…The introduction of Vehicular Ad-Hoc Networks (VANETs) enables great potential for improving road traffic flow and especially active safety applications such as cooperative adaptive cruise control (CACC). Such applications not only rely on continuous broadcast of vehicle state information (beacons) of all vehicles, but also have strict real-time requirements. Regarding automotive E/E architectures this continuous broadcasting adds heavy internal E/E data traffic that needs to be processed in real-time by Electronic Control Units (ECUs).
    In this work we address this issue by proposing a novel cluster-based message evaluation methodology to significantly reduce internal E/E network traffic by discarding irrelevant messages. The approach is only depending on information received over beacons. It combines a vehicle clustering strategy as well as network and vehicle state monitoring capabilities in order to correctly evaluate messages under real-time constraints. The proposed methodology is modeled inside an abstract ECU. It is evaluated by simulating a model-based CACC application under different traffic scenarios. It is shown that a significant reduction of messages is achievable, while still guaranteeing accident-free behavior of CACC.
     more »

  • WG-8: A Lightweight Stream Cipher for Resource-Constrained Smart Devices

    Appears in:
    sesa 15(3): e4

    Authors:
    Xinxin Fan, Kalikinkar Mandal, Guang Gong

    Downloads:
    1095

    Abstract:
    Lightweight cryptographic primitives are essential for securing pervasive embedded devices like RFID tags, smart cards, and wireless sensor nodes. In this paper, we present a lightweight stream cipher WG-8, which is tailored from the well-known Welch-Gong (WG) stream cipher family, for resource-c…Lightweight cryptographic primitives are essential for securing pervasive embedded devices like RFID tags,
    smart cards, and wireless sensor nodes. In this paper, we present a lightweight stream cipher WG-8, which is
    tailored from the well-known Welch-Gong (WG) stream cipher family, for resource-constrained devices. WG-8
    inherits the good randomness and cryptographic properties of the WG stream cipher family and is resistant to
    the most common attacks against stream ciphers. The software implementations of the WG-8 stream cipher on
    two popular low-power microcontrollers as well as the extensive comparison with other lightweight cryptography
    implementations highlight that in the context of securing lightweight embedded applications WG-8 has favorable
    performance and low energy consumption.
     more »

  • A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN)

    Appears in:
    sesa 17(12): e2

    Authors:
    Quamar Niyaz, Weiqing Sun, Ahmad Y. Javaid

    Downloads:
    1031

    Abstract:
    Distributed Denial of Service (DDoS) is one of the most prevalent attacks that an organizational network infrastructure comes across nowadays. Poor network management, low-priced Internet subscriptions, and readily available attack tools can be attributed to their rise. The recently emerged softwar…Distributed Denial of Service (DDoS) is one of the most prevalent attacks that an organizational network infrastructure comes across nowadays. Poor network management, low-priced Internet subscriptions, and readily available attack tools can be attributed to their rise. The recently emerged software-defined networking (SDN) and deep learning (DL) concepts promise to revolutionize their respective domains. SDN keeps the global view of the entire managed the network from a single point, i.e., the controller, thus making the network management easier. DL-based approaches improve feature extraction/reduction from a high-dimensional dataset such as network traffic headers. This work proposes a deep learning based multi-vector DDoS detection system in an SDN environment. The detection system is implemented as a network application on top of the SDN controller and can monitor the managed network traÿc. Performance evaluation is based on different metrics by applying the system on traÿc traces collected from different scenarios. A high accuracy with low false-positive rate is observed in attack detection for the proposed system.
     more »

  • ITFComp: A Compression Algorithm for ARM Architecture Instruction Trace Files

    Appears in:
    sesa 16(8): e2

    Authors:
    Mohammad Qasem, Lukas Pustina

    Downloads:
    968

    Abstract:
    Testing the performance of a new computational component is costly due to the need of prototyping different setups. Therefore, trace driven hardware simulations are used. Instruction Trace Files (ITFs) are files containing traces of executed instructions in a program's run and are used as an input …Testing the performance of a new computational component is costly due to the need of prototyping different setups. Therefore, trace driven hardware simulations are used. Instruction Trace Files (ITFs) are files containing traces of executed instructions in a program's run and are used as an input for hardware simulations. ITFs tend to be large in size, causing a storage challenge. Many trace reduction techniques exist to deal with the ITFs' storage challenge. In this paper we introduce ITFComp, a compression algorithm that combines general purpose compression methods with knowledge about ARM architecture ITFs' structure to reduce their size. ITFComp also works on compressing data memory addresses accessed by instructions within ITFs to further reduce an ITF size. Results show a reduction of 600 times on average when combined with LZMA compression algorithm. This reduction is 4 times better than when using LZMA alone, and 10 times better than when using DEFLATE. ITFComp introduces a negligible overhead in the decompression time (less than 1%).
     more »

  • Network-based Analysis and Classification of Malware using Behavioral Artifacts Ordering

    Appears in:
    sesa 18(16): e2

    Authors:
    Aziz Mohaisen, Omar Alrawi, Jeman Park, Joongheon Kim, DaeHun Nyang, Manar Mohaisen

    Downloads:
    865

    Abstract:
    Using runtime execution artifacts to identify malware and its associated “family” is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, the use of these fine-granularity …Using runtime execution artifacts to identify malware and its associated “family” is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, the use of these fine-granularity data points makes these techniques computationally expensive. Moreover, the signatures and heuristics are often circumvented by subsequent malware authors. In this work, we propose Chatter, a system that is concerned only with the order in which high-level system events take place. Individual events are mapped onto an alphabet and execution traces are captured via terse concatenations of those letters. Then, leveraging an analyst labeled corpus of malware, n-gram document classification techniques are applied to produce a classifier predicting malware family. This paper describes that technique and its proof-of-concept evaluation. In its prototype form only network events are considered and eleven malware families are used. We show the technique achieves 83%-94% accuracy in isolation and makes non-trivial performance improvements when integrated with a baseline classifier of combined order features to reach an accuracy of up to 98.8%.
     more »

  • Evaluation of Cryptography Usage in Android Applications

    Appears in:
    sesa 16(9): e4

    Authors:
    Alexia Chatzikonstantinou, Christoforos Ntantogian, Georgios Karopoulos, Christos Xenakis

    Downloads:
    805

    Abstract:
    Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we d…Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8% of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis.
     more »
Publisher
EAI
ISSN
2032-9393
Number of Volumes
6
Last Published
1st Aug 2019