Data Assurance and Communication Security

If all vehicles are connected together through a wireless communication channel, vehicular ad hoc networks (VANETs) can support a wide range of real-time traffic information services, such as intelligent routing, weather monitoring, emergency call, etc. However, the accuracy and credibility of the transmitted messages among the VANETs are of paramount importance as life may depend on it. In this article we introduce a novel framework called blockchain-assisted privacy-preserving authentication system (BPAS) that provides authentication automatically in VANETs and preserves vehicle privacy at the same time. This design is highly efficient and scalable. It does not require any online registration centre (except for system initialization and vehicle registration), and allows conditional tracing and dynamic revocation of misbehaving vehicles. In this article, we conduct an in-depth security analysis and a comprehensive performance evaluation (which is based on the Hyperledger Fabric platform) for our proposed framework. The results demonstrate that our framework is an efficient solution for the development of a decentralized authentication system in VANETs.

Increasingly, governments around the world, particularly in technologically advanced countries, are exploring or implementing smart homes, or the related smart facilities for the benefits of the society. The capability to remotely access and control Internet of Things (IoT) devices (e.g., capturing of images, audios, and other information) is convenient but risky, as vulnerable devices can be exploited to conduct surveillance or perform other nefarious activities on the users and organizations. This highlights the necessity of designing a secure and efficient remote user authentication solution. Most of the existing solutions for this problem are generally based on a single-server architecture, which has limitations in terms of privacy and anonymity (leading to users' daily activities being predicted), and integrity and confidentiality (resulting in an unreliable behavior auditing). While blockchain-based solutions may mitigate these issues, they still face some critical challenges (e.g., providing regulation of behaviors and privacy protection of access policy). Motivated by these facts, in this article, we construct a novel secure mutual authentication system, which can be applied in smart homes and other applications. Specifically, the proposed approach integrates blockchain, group signature, and message authentication code to provide reliable auditing of users' access history, anonymously authenticate group members, and efficiently authenticate home gateway, respectively. We also prove the security and privacy requirements, including anonymity, traceability, and confidentiality, that the proposed system satisfies, with an implementation and evaluation to demonstrate its practicality.

Federated learning is a distributed machine learning technology that can protect users’ data privacy, so it has attracted more and more attention in the industry and academia. Nonetheless, most of the existing works focused on the cost optimization of the entire process, while the cost of individual participants cannot be considered. In this article, we explore a min-max cost-optimal problem to guarantee the convergence rate of federated learning in terms of cost in wireless edge networks. In particular, we minimize the cost of the worst-case participant subject to the delay, local CPU-cycle frequency, power allocation, local accuracy, and subcarrier assignment constraints. Considering that the formulated problem is a mixed-integer nonlinear programming problem, we decompose it into several sub-problems to derive its solutions, in which the subcarrier assignment and power allocation are obtained by utilizing the Lagrangian dual decomposition method, the CPU-cycle frequency is obtained by a heuristic algorithm, and the local accuracy is obtained by an iteration algorithm. Simulation results show the convergence of the proposed algorithm and reveal that the proposed scheme can accomplish a tradeoff between the cost and fairness by comparing the proposed scheme with the existing schemes.

In recent years, numerous multi-view subspace clustering methods have been proposed to exploit the complementary information from multiple views. Most of them perform data reconstruction within each single view, which makes the subspace representation unpromising and thus can not well identify the underlying relationships among data. In this paper, we propose to conduct subspace clustering based on Flexible Multi-view Representation (FMR) learning, which avoids using partial information for data reconstruction. The latent representation is flexibly constructed by enforcing it to be close to different views, which implicitly makes it more comprehensive and well-adapted to subspace clustering. With the introduction of kernel dependence measure, the latent representation can flexibly encode complementary information from different views and explore nonlinear, high-order correlations among these views. We employ the Alternating Direction Minimization (ADM) method to solve our problem. Empirical studies on real-world datasets show that our method achieves superior clustering performance over other state-of-the-art methods.

This paper describes the development and implementation of KRisk, an innovative technology-enabled auditor decision aid for making client acceptance and continuance risk assessments. KRisk, developed and designed by KPMG LLP, is part of the firm's audit quality control and risk management processes. In this paper, we discuss the environmental and technological forces that affect auditor business risk management. We also describe important aspects of the development, functionality, and implementation of KRisk. We discuss possible impediments to realizing the full potential of decision aids that have been reported in prior auditing research, and describe how KRisk and related audit quality control procedures implemented at KPMG were designed to overcome such impediments. Also, we present some ideas for scholarly research dealing with auditor business risk management issues, and issues related to the design and use of decision aids in general.

Linux container mechanism has attracted a lot of attention and is increasingly utilized to deploy industry applications. Though it is a consensus that the container mechanism is not secure due to the kernel-sharing property, it lacks a concrete and systematical evaluation on its security using real world exploits. In this paper, we collect an attack dataset including 223 exploits that are effective on the container platform, and classify them into different categories using a two-dimensional attack taxonomy. Then we evaluate the security of existing Linux container mechanism using 88 typical exploits filtered out from the dataset. We find 50 (56.82%) exploits can successfully launch attacks from inside the container with the default configuration. Since the privilege escalation exploits can completely disable the container protection mechanism, we conduct an in-depth analysis on these exploits. We find the kernel security mechanisms such as Capability, Seccomp, and MAC play a more important role in preventing privilege escalation than the container isolation mechanisms (i.e., Namespace and Cgroup). However, the interdependence and mutual-influence relationship among these kernel security mechanisms may make them fall into the "short board effect" and impair their protection capability. By studying the 11 exploits that still can successfully break the isolation provided by container and achieve privilege escalation, we identify a common 4-step attack model followed by all 11 exploits. Finally, we propose a defense mechanism to effectively defeat those identified privilege escalation attacks.

Achieving data integrity verification for large-scale IoT data in cloud storage safely and efficiently has become one of the hot topics with further applications of Internet of Things. Traditional data integrity verification methods generally use encryption techniques to protect data in the cloud, relying on trusted Third Party Auditors (TPAs). Blockchain based data integrity schemes can successfully avoid the trust problem of TPAs, however, they have to face the problems of large computational and communication overhead. To address the issues above, we propose a Blockchain and Bilinear mapping based Data Integrity Scheme (BB-DIS) for large-scale IoT data. In our BB-DIS, IoT data is sliced into shards and homomorphic verifiable tags (HVTs) are generated for sampling verification. Data integrity can be achieved according to the characteristics of bilinear mapping in the form of blockchain transactions. Performance analysis of BB-DIS including feasibility, security, dynamicity and complexity is also discussed in detail. A prototype system of BB-DIS is then presented to illustrate how to implement our verification scheme. Experimental results based on Hyperledger Fabric demonstrate that the proposed verification scheme significantly improves the efficiency of integrity verification for large-scale IoT data with no need of TPAs.

Cryptography plays an important role in computer and communication security. In practical implementations of cryptosystems, the cryptographic keys are usually loaded into the memory as plaintext, and then used in the cryptographic algorithms. Therefore, the private keys are subject to memory disclosure attacks that read unauthorized data from RAM. Such attacks could be performed through software methods (e.g., Open SSL Heart bleed) even when the integrity of the victim system's executable binaries is maintained. They could also be performed through physical methods (e.g., Cold-boot attacks on RAM chips) even when the system is free of software vulnerabilities. In this paper, we propose Mimosa that protects RSA private keys against the above software-based and physical memory attacks. When the Mimosa service is in idle, private keys are encrypted and reside in memory as cipher text. During the cryptographic computing, Mimosa uses hardware transactional memory (HTM) to ensure that (a) whenever a malicious process other than Mimosa attempts to read the plaintext private key, the transaction aborts and all sensitive data are automatically cleared with hardware mechanisms, due to the strong atomicity guarantee of HTM, and (b) all sensitive data, including private keys and intermediate states, appear as plaintext only within CPU-bound caches, and are never loaded to RAM chips. To the best of our knowledge, Mimosa is the first solution to use transactional memory to protect sensitive data against memory disclosure attacks. We have implemented Mimosa on a commodity machine with Intel Core i7 Haswell CPUs. Through extensive experiments, we show that Mimosa effectively protects cryptographic keys against various attacks that attempt to read sensitive data from memory, and it only introduces a small performance overhead.

Traditional X.509 public key infrastructures (PKIs) depend on trusted certification authorities (CAs) to sign certificates, used in SSL/TLS to authenticate web servers and establish secure channels. However, recent security incidents indicate that CAs may (be compromised to) sign fraudulent certificates. In this article, we propose blockchain-based certificate transparency (CT) and revocation transparency (RT) to balance the absolute authority of CAs. Our scheme is compatible with X.509 PKIs but significantly reinforces the security guarantees of a certificate. The CA-signed certificates and their revocation status information of an SSL/TLS web server are published by the subject (i.e., the web server) as a transaction in the global certificate blockchain. The certificate blockchain acts as append-only public logs to monitor CAs’ certificate signing and revocation operations, and an SSL/TLS web server is granted with the cooperative control on its certificates. A browser compares the certificate received in SSL/TLS negotiations with the ones in the public certificate blockchain, and accepts it only if it is published and not revoked. We implement the prototype system with Firefox and Nginx, and the experimental results show that it introduces reasonable overheads.

This paper proposes a new transmission policy for intelligent reflecting surface (IRS) empowered wireless powered internet of things systems. Particularly, an energy station (ES) wirelessly charges for multiple IoT devices during downlink wireless energy transfer (WET) and then these devices deliver their own message to an access point (AP) during uplink wireless information transfer (WIT). Also, an IRS is deployed to improve energy harvesting and data transmission capabilities. To enhance self-sustainability of the IRS, the IRS harvests energy from the ES based on the harvest-then-transmit protocol. In this paper, we maximize the sum throughput via optimizing the phase shifts of the IRS, the transfer time scheduling as well as the power splitting ratio. Due to the non-convexity of the formulated problem, we divide the problem into two sub-problems, each of which can be handled separately. Then, we adopt an alternating optimization (AO) algorithm with the semidefinite programming (SDP) relaxation. Also, we consider a special case where the circuit power consumption of IoT devices can be neglected. In this case, we derive a closed form solution for the optimal transmission time slots, power allocation and phase shift by the Lagrange dual method. Finally, numerical evaluations validate effectiveness of the proposed scheme, which significantly benefits from the IRS in improving network throughput.

Federated learning (FL) can protect clients’ privacy from leakage in distributed machine learning. Applying federated learning to edge computing can protect the privacy of edge clients and benefit edge computing. Nevertheless, eavesdroppers can analyze the parameter information to specify clients’ private information and model features. And it is difficult to achieve a high privacy level, convergence, and low communication overhead during the entire process in the FL framework. In this paper, we propose a novel privacy-preserving federated learning framework for edge computing (PFLF). In PFLF, each client and the application server add noise before sending the data. To protect the privacy of clients, we design a flexible arrangement mechanism to count the optimal training times for clients. We prove that PFLF guarantees the privacy of clients and servers during the entire training process. Then, we theoretically prove that PFLF has three main properties: 1) For a given privacy level and model aggregation times, there is an optimal number of participating times for clients; 2) There is an upper and lower bound of convergence; 3) PFLF achieves low communication overhead by designing a flexible participation training mechanism. Simulation experiments confirm the correctness of our theoretical analysis. Therefore, PFLF helps design a framework to balance privacy levels and convergence and achieve low communication overhead when there is a part of clients dropping out of training.

Pan-sharpening refers to the fusion of a low-resolution (LR) multispectral (MS) image and a high-resolution (HR) panchromatic (PAN) image to obtain an HR MS image (i.e., pan-sharpened MS image). From the point of view of variational complementary data fusion, it becomes an optimization problem with geometry and spectral preserving constraints. In this paper, a novel unified optimizing pan-sharpening model is proposed by integrating a data-generative fidelity term and a compound prior term, which incorporates both spatial fractional-order geometry and spectral-spatial low-rank priors. Specifically, the proposed model consists of three important ingredients: 1) data-generative fidelity term, which models the degradation relationship between the LR and HR MS images to enforce the geometry and spectral preserving constraints; 2) fractional-order total variation-based spatial fractional-order geometry prior term, which especially exploits the spatial fractional-order gradient feature consistence between the PAN and pan-sharpened MS images to transfer the spatial structure information of the PAN image into the pan-sharpened MS image; and 3) weighted nuclear norm-based spectral-spatial low-rank prior term, which exploits the nonlocal patches-based low-rank structural sparsity simultaneously in the pan-sharpened MS image and the LR MS image for further preserving image spatial structures and spectral information. Thus, the main novelty behind the proposed model is an optimizing mechanism by fully taking advantage of the spatial details and texture expressive power of the spatial fractional-order geometry prior as well as the spectral-spatial correlation preserving capacity of the low-rank prior. Finally, the proposed model can be implemented in an alternating direction method of multipliers framework, and thus, an efficient algorithm is presented. To verify the validity, the new proposed method is systematically compared with some state-of-the-art techniques using the Pleiades, GeoEye-1, QuickBird, and WorldView2 satellite data sets in the subjective, objective, and efficiency aspects. The results show that the proposed method performs better than the compared methods in terms of higher spatial and spectral qualities.

Internet of Things (IoT) presents opportunities for designing new technologies for organizations. Many organizations are beginning to accept these technologies for their daily work, where employees can be connected, both on the organization's premises and the "outside", for business continuity. However, organizations continue to experience data breach incidents. Even though there is a plethora of researches in Information Security, there "seems" to be little or lack of interest from the research community, when it comes to human factors and its relationship to data breach incidents. The focus is usually on the technological component of Information Technology systems. Regardless of any technological solutions introduced, human factors continue to be an area that lacks the required attention. Making the assumption that people will follow expected secure behavioral patterns and therefore system security expectations will be satisfied, may not necessarily be true. Security is not something that can simply be purchased; human factors will always prove to be an important space to explore. Hence, human factors are without a doubt a critical point in Information Security. In this study, we propose an Organizational Information Security Framework For Human Factors applicable to the Internet of Things, which includes countermeasures that can help prevent or reduce data breach incidents as a result of human factors. Using linear regression on data breach incidents reported in the United States of America from 2009 to 2017, the study validates human factors as a weak-point in information security that can be extended to Internet of Things by predicting the relationship between human factors and data breach incidents, and the strength of these relationships. Our results show that five breach incidents out of the seven typified human factors to statistically and significantly predict data breach incidents. Furthermore, the results also show a positive correlation between human factors and these data breach incidents.

Over the Internet, digital signature has been an indispensable approach to securing e-commerce and other online transactions requiring authentication. Concerning the computing costs of signature generation and verification, it has become a more and more common practice for security practitioners to outsource such computations from heavily loaded application servers called tenants to dedicated proxies like signature servers in the enterprise private cloud. In this paper, we present our high-performance signature server called Guess. It implements the elliptic curve digital signature algorithm (ECDSA) with 256-b key size on a Linux-powered commodity computer, harnessing a desktop graphics processing unit as a featured cryptographic accelerator. We demonstrate our experience in maximizing the computing power of Guess and also its capability to deliver such power to the tenants, which includes down-to-earth customization and optimization considering various hardware and software factors. Our comprehensive implementation of ECDSA is tested against intensive network traffic. Field experiments show that Guess achieves T <sub xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">s</sub> = 8.71 × 10 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">6</sup> operations per second (OPS) for signature generation or T <sub xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">v</sub> = 9.29 × 10 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">5</sup> OPS for verification, which is significantly faster than existent prototypes and products. Guess is a universal server that readily supports various categories of elliptic curve cryptographic schemes, such as digital signature, key agreement, and encryption.

Travel route planning aims to map out a feasible sightseeing itinerary for a traveler covering famous attractions and meeting the tourist's desire. It is very useful for tourists to plan their travel routes when they want to travel at unfamiliar scenic cities. Existing methods for travel route planning mainly concentrate on a single planning problem for a special task, but is not capable of being applied to other tasks. For example, previous must-visit planning methods cannot be applied to the next-point recommendation, despite these two tasks are closely related to each other in travel route planning. Besides, most of the existing work do not consider the important auxiliary information such as Point of Interests (POI) attributes, user preference, and historical route data in their approaches. In this paper, we propose a flexible Multi-task Deep Travel Route Planning framework named MDTRP to integrate rich auxiliary information for more effective planning. Specifically, we first construct a heterogeneous network through the relations between users and POIs and employ a heterogeneous network embedding method to learn the features of users and POIs. Then we present an attention-based deep model to integrate the auxiliary information and focus on important visited points for the prediction of next POIs. Finally, a beam search algorithm is introduced to flexibly generate multiple feasible route candidates for three types of planning tasks (next-point recommendation, general route planning, and must-visit planning). We introduce six public datasets to conduct extensive experiments, of which the results demonstrate the flexibility and superiority of the proposed approach in travel route planning.

Optimizing the computational efficiency of the artificial neural networks is crucial for resource-constrained platforms like autonomous driving systems. To address this challenge, we proposed a Lightweight Context-aware Network (LCNet) that accelerates semantic segmentation while maintaining a favorable trade-off between inference speed and segmentation accuracy in this paper. The proposed LCNet introduces a partial-channel transformation (PCT) strategy to minimize computing latency and hardware requirements of the basic unit. Within the PCT block, a three-branch context aggregation (TCA) module expands the feature receptive fields, capturing multiscale contextual information. Additionally, a dual-attention-guided decoder (DD) recovers spatial details and enhances pixel prediction accuracy. Extensive experiments on three benchmarks demonstrate the effectiveness and efficiency of the proposed LCNet model. Remarkably, a smaller model LCNet <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$_{3\_7}$</tex-math> </inline-formula> achieves 73.8% mIoU with only 0.51 million parameters, with an impressive inference speed of <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\sim$</tex-math> </inline-formula> 142.5 fps and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\sim$</tex-math> </inline-formula> 9 fps using a single RTX 3090 GPU and Jetson Xavier NX, respectively, on the Cityscapes test set at <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$1024\times 1024$</tex-math> </inline-formula> resolution. A more accurate version of the LCNet <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$_{3\_11}$</tex-math> </inline-formula> can achieve 75.8% mIoU with 0.74 million parameters at <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\sim$</tex-math> </inline-formula> 117 fps inference speed on Cityscapes at the same resolution. Much faster inference speed can be achieved at smaller image resolutions. LCNet strikes a great balance between computational efficiency and prediction capability for mobile application scenarios. The code is available at https://github.com/lztjy/LCNet.

Along with Network Function Virtualization (NFV), Mobile Edge Computing (MEC) is becoming a new computing paradigm that enables accommodating innovative applications and services with stringent response delay and resource requirements, including autonomous vehicles and augmented reality. Provisioning reliable network services for users is the top priority of most network service providers, as unreliable services or severe service failures can result in tremendous losses of users, particularly for their mission-critical applications. In this paper, we study reliability-aware VNF instances provisioning in an MEC, where different users request different network services with different reliability requirements through paying their requested services with the aim to maximize the network throughput. To this end, we first formulate a novel reliability-aware VNF instance placement problem by provisioning primary and secondary VNF instances at different cloudlets in MEC for each user while meeting the specified reliability requirement of the user request. We then show that the problem is NP-hard and formulate an Integer Linear Programming (ILP) solution. Due to the NP-hardness of the problem, we instead devise an approximation algorithm with a logarithmic approximation ratio for the problem. Moreover, we also consider two special cases of the problem. For one special case where each request only requests one primary and one secondary VNF instances, the problem is still NP-hard, and we devise a constant approximation algorithm for it. For another special case where different VNFs have the same amounts of computing resource demands, we show that it is polynomial-time solvable by developing a dynamic programming solution for it. We finally evaluate the performance of the proposed algorithms through experimental simulations. Experimental results demonstrate that the proposed algorithms are promising, and the empirical results of the algorithms outperform their analytical counterparts as theoretical estimations usually are very conservative.

Mobile devices have been widely used to process sensitive data and perform important transactions. It is a challenge to protect secure code from a malicious mobile OS. ARM TrustZone technology can protect secure code in a secure domain from an untrusted normal domain. However, since the attack surface of the secure domain will increase along with the size of secure code, it becomes arduous to negotiate with OEMs to get new secure code installed. We propose a novel TrustZone-based isolation framework named TrustICE to create isolated computing environments (ICEs) in the normal domain. TrustICE securely isolates the secure code in an ICE from an untrusted Rich OS in the normal domain. The trusted computing base (TCB) of TrustICE remains small and unchanged regardless of the amount of secure code being protected. Our prototype shows that the switching time between an ICE and the Rich OS is less than 12 ms.

Image forensics aims to detect the manipulation of digital images. Currently, splicing detection, copy-move detection, and image retouching detection are attracting significant attention from researchers. However, image editing techniques develop over time. An emerging image editing technique is colorization, in which grayscale images are colorized with realistic colors. Unfortunately, this technique may also be intentionally applied to certain images to confound object recognition algorithms. To the best of our knowledge, no forensic technique has yet been invented to identify whether an image is colorized. We observed that, compared with natural images, colorized images, which are generated by three state-of-the-art methods, possess statistical differences for the hue and saturation channels. Besides, we also observe statistical inconsistencies in the dark and bright channels, because the colorization process will inevitably affect the dark and bright channel values. Based on our observations, i.e., potential traces in the hue, saturation, dark, and bright channels, we propose two simple yet effective detection methods for fake colorized images: Histogram-based fake colorized image detection and feature encoding-based fake colorized image detection. Experimental results demonstrate that both proposed methods exhibit a decent performance against multiple state-of-the-art colorization approaches.

Search for different types of distinguishers are common tasks in symmetrickey cryptanalysis. In this work, we employ the constraint programming (CP) technique to tackle such problems. First, we show that a simple application of the CP approach proposed by Gerault et al. leads to the solution of the open problem of determining the exact lower bound of the number of active S-boxes for 6-round AES-128 in the related-key model. Subsequently, we show that the same approach can be applied in searching for integral distinguishers, impossible differentials, zero-correlation linear approximations, in both the single-key and related-(twea)key model. We implement the method using the open source constraint solver Choco and apply it to the block ciphers PRESENT, SKINNY, and HIGHT (ARX construction). As a result, we find 16 related-tweakey impossible differentials for 12-round SKINNY-64-128 based on which we construct an 18-round attack on SKINNY-64-128 (one target version for the crypto competition https://sites.google.com/site/skinnycipher announced at ASK 2016). Moreover, we show that in some cases, when equipped with proper strategies (ordering heuristic, restart and dynamic branching strategy), the CP approach can be very efficient. Therefore, we suggest that the constraint programming technique should become a convenient tool at hand of the symmetric-key cryptanalysts.