Pub Date : 2019-04-29DOI: 10.4108/eai.29-4-2019.162405
Qiumao Ma, Wensheng Zhang
Most of existing ORAM constructions have communication efficiency as the major optimization priority; the server storage efficiency, however, has not received much attention. Motivated by the observation that, the server storage efficiency is as important as communication efficiency when the storage capacity is very large and/or the outsourced data are not frequently accessed, we propose in this paper a new ORAM construction called Octopus ORAM. Through extensive security analysis and performance comparison, we demonstrate that, Octopus ORAM is secure; also, it significantly improves the server storage efficiency, achieves a comparable level of communication efficiency as state-of-the-art ORAM constructions, at the cost of increased client-side storage, and the increased client-side storage should be affordable to the clients who adopt local facilities such as cloud storage gateways. Received on 04 March 2019; accepted on 26 April 2019; published on 29 April 2019
{"title":"Octopus ORAM: An Oblivious RAM with Communication and Server Storage Efficiency","authors":"Qiumao Ma, Wensheng Zhang","doi":"10.4108/eai.29-4-2019.162405","DOIUrl":"https://doi.org/10.4108/eai.29-4-2019.162405","url":null,"abstract":"Most of existing ORAM constructions have communication efficiency as the major optimization priority; the server storage efficiency, however, has not received much attention. Motivated by the observation that, the server storage efficiency is as important as communication efficiency when the storage capacity is very large and/or the outsourced data are not frequently accessed, we propose in this paper a new ORAM construction called Octopus ORAM. Through extensive security analysis and performance comparison, we demonstrate that, Octopus ORAM is secure; also, it significantly improves the server storage efficiency, achieves a comparable level of communication efficiency as state-of-the-art ORAM constructions, at the cost of increased client-side storage, and the increased client-side storage should be affordable to the clients who adopt local facilities such as cloud storage gateways. Received on 04 March 2019; accepted on 26 April 2019; published on 29 April 2019","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"76 12","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131456358","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-29DOI: 10.4108/EAI.25-1-2019.159347
V. Anastopoulos, S. Katsikas
Organizations collect log data for various reasons, including security related ones. The multitude and diversity of the devices that generate log records increases, resulting to dispersed networks and large volumes of data. The design of a log management infrastructure is usually led by decisions that are commonly based on industry best practices and experience, but fail to adapt to the evolving threat landscape. In this work a novel methodology for the design of a dynamic log management infrastructure is proposed. The proposed methodology leverages social network analysis to relate the infrastructure with the threat landscape, thus enabling it to evolve as threats evolve. The workings of the methodology are demonstrated by means of its application for the design of the log management infrastructure of a real organization.
{"title":"A Methodology for the Dynamic Design of Adaptive Log Management Infrastructures","authors":"V. Anastopoulos, S. Katsikas","doi":"10.4108/EAI.25-1-2019.159347","DOIUrl":"https://doi.org/10.4108/EAI.25-1-2019.159347","url":null,"abstract":"Organizations collect log data for various reasons, including security related ones. The multitude and diversity of the devices that generate log records increases, resulting to dispersed networks and large volumes of data. The design of a log management infrastructure is usually led by decisions that are commonly based on industry best practices and experience, but fail to adapt to the evolving threat landscape. In this work a novel methodology for the design of a dynamic log management infrastructure is proposed. The proposed methodology leverages social network analysis to relate the infrastructure with the threat landscape, thus enabling it to evolve as threats evolve. The workings of the methodology are demonstrated by means of its application for the design of the log management infrastructure of a real organization.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"116 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122623698","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-29DOI: 10.4108/EAI.25-1-2019.159346
Naiwei Liu, Wanyu Zang, Songqing Chen, Meng Yu, R. Sandhu
In recent years, research efforts have been made to develop safe and secure environments for ARM platform. The new ARMv8 architecture brought in security features by design. However, there are still some security problems with ARMv8. For example, on Cortex-A series, there are risks that the system is vulnerable to sidechannel attacks. One major category of side-channel attacks utilizes cache memory to obtain a victim’s secret information. In the cache based side-channel attacks, an attacker measures a sequence of cache operations to obtain a victim’s memory access information, deriving more sensitive information. The success of such attacks highly depends on accurate information about the victim’s cache accesses. In this paper, we describe an innovative approach to defend against side-channel attack on Cortex-A series chips. We also considered the side-channel attacks in the context of using TrustZone protection on ARM. Our adaptive noise injection can significantly reduce the bandwidth of side-channel while maintaining an affordable system overhead. The proposed defense mechanisms can be used on ARM Cortex-A architecture. Our experimental evaluation and theoretical analysis show the effectiveness and efficiency of our proposed defense.
{"title":"Adaptive Noise Injection against Side-Channel Attacks on ARM Platform","authors":"Naiwei Liu, Wanyu Zang, Songqing Chen, Meng Yu, R. Sandhu","doi":"10.4108/EAI.25-1-2019.159346","DOIUrl":"https://doi.org/10.4108/EAI.25-1-2019.159346","url":null,"abstract":"In recent years, research efforts have been made to develop safe and secure environments for ARM platform. The new ARMv8 architecture brought in security features by design. However, there are still some security problems with ARMv8. For example, on Cortex-A series, there are risks that the system is vulnerable to sidechannel attacks. One major category of side-channel attacks utilizes cache memory to obtain a victim’s secret information. In the cache based side-channel attacks, an attacker measures a sequence of cache operations to obtain a victim’s memory access information, deriving more sensitive information. The success of such attacks highly depends on accurate information about the victim’s cache accesses. In this paper, we describe an innovative approach to defend against side-channel attack on Cortex-A series chips. We also considered the side-channel attacks in the context of using TrustZone protection on ARM. Our adaptive noise injection can significantly reduce the bandwidth of side-channel while maintaining an affordable system overhead. The proposed defense mechanisms can be used on ARM Cortex-A architecture. Our experimental evaluation and theoretical analysis show the effectiveness and efficiency of our proposed defense.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132481089","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-29DOI: 10.4108/eai.29-7-2019.159627
Y. Tang, Kai Li, K. Areekijseree, Shuigeng Zhou, Liting Hu
In the era of big data, the data-processing pipeline becomes increasingly distributed among multiple sites. To connect data consumers with remote producers, a public directory service is essential. This is evidenced by adoption in emerging applications such as electronic healthcare. This work systematically studies the privacy-preserving and security hardening of a public directory service. First, we address the privacy preservation of serving a directory over the Internet. With Internet eavesdroppers performing attacks with background knowledge, the directory service has to be privacy preserving, for the compliance with data-protection laws (e.g., HiPAA). We propose techniques to adaptively inject noises to the public directory in such a way that is aware of application-level data schema, effectively preserving privacy and achieving high search recall. Second, we tackle the problem of securely constructing the directory among distrusting data producers. For provable security, we model the directory construction problem by secure multi-party computations (MPC). For efficiency, we propose a pre-computation framework that minimizes the private computation and conducts aggressive pre-computation on public data. In addition, we tackle the systems-level efficiency by exploiting data-level parallelism on general-purpose graphics processing units (GPGPU). We apply the proposed scheme to real health-care scenarios for constructing patient-locator services in emerging Health Information Exchange (or HIE) networks. For privacy evaluation, we conduct extensive analysis of our noise-injecting techniques against various background-knowledge attacks. We conduct experiments on real-world datasets and demonstrate the low attack success rate for the protection effectiveness. For performance evaluation, we implement our MPC optimization techniques on open-source MPC software. Through experiments on local and geo-distributed settings, our performance results show that the proposed pre-computation achieves a speedup of more than an order of magnitude without security loss. Received on 15 December 2018; accepted on 20 January 2019; published on 29 January 2019
{"title":"Privacy-Preserving Multi-Party Directory Services","authors":"Y. Tang, Kai Li, K. Areekijseree, Shuigeng Zhou, Liting Hu","doi":"10.4108/eai.29-7-2019.159627","DOIUrl":"https://doi.org/10.4108/eai.29-7-2019.159627","url":null,"abstract":"In the era of big data, the data-processing pipeline becomes increasingly distributed among multiple sites. To connect data consumers with remote producers, a public directory service is essential. This is evidenced by adoption in emerging applications such as electronic healthcare. This work systematically studies the privacy-preserving and security hardening of a public directory service. First, we address the privacy preservation of serving a directory over the Internet. With Internet eavesdroppers performing attacks with background knowledge, the directory service has to be privacy preserving, for the compliance with data-protection laws (e.g., HiPAA). We propose techniques to adaptively inject noises to the public directory in such a way that is aware of application-level data schema, effectively preserving privacy and achieving high search recall. Second, we tackle the problem of securely constructing the directory among distrusting data producers. For provable security, we model the directory construction problem by secure multi-party computations (MPC). For efficiency, we propose a pre-computation framework that minimizes the private computation and conducts aggressive pre-computation on public data. In addition, we tackle the systems-level efficiency by exploiting data-level parallelism on general-purpose graphics processing units (GPGPU). We apply the proposed scheme to real health-care scenarios for constructing patient-locator services in emerging Health Information Exchange (or HIE) networks. For privacy evaluation, we conduct extensive analysis of our noise-injecting techniques against various background-knowledge attacks. We conduct experiments on real-world datasets and demonstrate the low attack success rate for the protection effectiveness. For performance evaluation, we implement our MPC optimization techniques on open-source MPC software. Through experiments on local and geo-distributed settings, our performance results show that the proposed pre-computation achieves a speedup of more than an order of magnitude without security loss. Received on 15 December 2018; accepted on 20 January 2019; published on 29 January 2019","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116196664","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-29DOI: 10.4108/EAI.25-1-2019.159348
R. L. Perez, Florian Adamsky, R. Soua, T. Engel
Since Critical Infrastructures (CIs) use systems and equipment that are separated by long distances, Supervisory Control And Data Acquisition (SCADA) systems are used to monitor their behaviour and to send commands remotely. For a long time, operator of CIs applied the air gap principle, a security strategy that physically isolates the control network from other communication channels. True isolation, however, is di ffi cult nowadays due to the massive spread of connectivity: using open protocols and more connectivity opens new network attacks against CIs. To cope with this dilemma, sophisticated security measures are needed to address malicious intrusions, which are steadily increasing in number and variety. However, traditional Intrusion Detection Systems (IDSs) cannot detect attacks that are not already present in their databases. To this end, we assess in this paper Machine Learning (ML) techniques for anomaly detection in SCADA systems using a real data set collected from a gas pipeline system and provided by the Mississippi State University (MSU). The contribution of this paper is two-fold: 1) The evaluation of four techniques for missing data estimation and two techniques for data normalization, 2) The performances of Support Vector Machine (SVM), Random Forest (RF), Bidirectional Long Short Term Memory (BLSTM) are assessed in terms of accuracy, precision, recall and F 1 score for intrusion detection. Two cases are di ff erentiated: binary and categorical classifications. Our experiments reveal that RF and BLSTM detect intrusions e ff ectively, with an F 1 score of respectively > 99% and > 96%.
{"title":"Forget the Myth of the Air Gap: Machine Learning for Reliable Intrusion Detection in SCADA Systems","authors":"R. L. Perez, Florian Adamsky, R. Soua, T. Engel","doi":"10.4108/EAI.25-1-2019.159348","DOIUrl":"https://doi.org/10.4108/EAI.25-1-2019.159348","url":null,"abstract":"Since Critical Infrastructures (CIs) use systems and equipment that are separated by long distances, Supervisory Control And Data Acquisition (SCADA) systems are used to monitor their behaviour and to send commands remotely. For a long time, operator of CIs applied the air gap principle, a security strategy that physically isolates the control network from other communication channels. True isolation, however, is di ffi cult nowadays due to the massive spread of connectivity: using open protocols and more connectivity opens new network attacks against CIs. To cope with this dilemma, sophisticated security measures are needed to address malicious intrusions, which are steadily increasing in number and variety. However, traditional Intrusion Detection Systems (IDSs) cannot detect attacks that are not already present in their databases. To this end, we assess in this paper Machine Learning (ML) techniques for anomaly detection in SCADA systems using a real data set collected from a gas pipeline system and provided by the Mississippi State University (MSU). The contribution of this paper is two-fold: 1) The evaluation of four techniques for missing data estimation and two techniques for data normalization, 2) The performances of Support Vector Machine (SVM), Random Forest (RF), Bidirectional Long Short Term Memory (BLSTM) are assessed in terms of accuracy, precision, recall and F 1 score for intrusion detection. Two cases are di ff erentiated: binary and categorical classifications. Our experiments reveal that RF and BLSTM detect intrusions e ff ectively, with an F 1 score of respectively > 99% and > 96%.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"146 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132118444","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-25DOI: 10.4108/EAI.8-4-2019.157413
Mina Khalili, Mengyuan Zhang, D. Borbor, Lingyu Wang, Nicandro Scarabeo, M. Zamor
Nowadays, small to medium sized companies, which usually cannot afford hiring dedicated security experts, are interested in benefiting from Managed Security Services (MSS) provided by third party Security Operation Centers (SOC) to tackle network-wide threats. Accordingly, the performance of the SOC is becoming more and more important to the service providers in order to optimize their resources and compete in the global market. Security specialists in a SOC, called analysts, have an important role to analyze suspicious machine-generated alerts to see whether they are real attacks. How to monitor and improve the performance of analysts inside a SOC is a critical issue that most service providers need to address. In this paper, by observing workflows of a real-world SOC, a tool consisting of three different modules is designed for monitoring analysts' activities, analysis performance measurement, and performing simulation scenarios. The tool empowers managers to evaluate the SOC's performance which helps them to conform to Service-Level Agreement (SLA) regarding required response time to security incidents, and see the need for improvement. Moreover, the designed tool is strengthened by a background service module to provide feedback about anomalies or informative issues for security analysts in the SOC. Three case studies have been conducted based on real data collected from the operational SOC, and simulation results have demonstrated the effectiveness of the different modules of the designed tool in improving the SOC performance.
{"title":"Monitoring and Improving Managed Security Services inside a Security Operation Center","authors":"Mina Khalili, Mengyuan Zhang, D. Borbor, Lingyu Wang, Nicandro Scarabeo, M. Zamor","doi":"10.4108/EAI.8-4-2019.157413","DOIUrl":"https://doi.org/10.4108/EAI.8-4-2019.157413","url":null,"abstract":"Nowadays, small to medium sized companies, which usually cannot afford hiring dedicated security experts, are interested in benefiting from Managed Security Services (MSS) provided by third party Security Operation Centers (SOC) to tackle network-wide threats. Accordingly, the performance of the SOC is becoming more and more important to the service providers in order to optimize their resources and compete in the global market. Security specialists in a SOC, called analysts, have an important role to analyze suspicious machine-generated alerts to see whether they are real attacks. How to monitor and improve the performance of analysts inside a SOC is a critical issue that most service providers need to address. In this paper, by observing workflows of a real-world SOC, a tool consisting of three different modules is designed for monitoring analysts' activities, analysis performance measurement, and performing simulation scenarios. The tool empowers managers to evaluate the SOC's performance which helps them to conform to Service-Level Agreement (SLA) regarding required response time to security incidents, and see the need for improvement. Moreover, the designed tool is strengthened by a background service module to provide feedback about anomalies or informative issues for security analysts in the SOC. Three case studies have been conducted based on real data collected from the operational SOC, and simulation results have demonstrated the effectiveness of the different modules of the designed tool in improving the SOC performance.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130845345","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-01-25DOI: 10.4108/eai.8-4-2019.157414
Xianmang He, Yuan Hong, Yindong Chen
Data privacy has attracted significant interests in both database theory and security communities in the past few decades. Differential privacy has emerged as a new paradigm for rigorous privacy protection regardless of adversaries prior knowledge. However, the meaning of privacy bound and how to select an appropriate may still be unclear to the general data owners. More recently, some approaches have been proposed to derive the upper bounds of for specified privacy risks. Unfortunately, these upper bounds suffer from some deficiencies (e.g., the bound relies on the data size, or might be too large), which greatly limits their applicability. To remedy this problem, we propose a novel approach that converts the privacy bound in differential privacy to privacy risks understandable to generic users, and present an in-depth theoretical analysis for it. Finally, we have conducted experiments to demonstrate the effectiveness of our model. Received on 19 December 2018; accepted on 21 January 2019; published on 25 January 2019
{"title":"Exploring the Privacy Bound for Differential Privacy: From Theory to Practice","authors":"Xianmang He, Yuan Hong, Yindong Chen","doi":"10.4108/eai.8-4-2019.157414","DOIUrl":"https://doi.org/10.4108/eai.8-4-2019.157414","url":null,"abstract":"Data privacy has attracted significant interests in both database theory and security communities in the past few decades. Differential privacy has emerged as a new paradigm for rigorous privacy protection regardless of adversaries prior knowledge. However, the meaning of privacy bound and how to select an appropriate may still be unclear to the general data owners. More recently, some approaches have been proposed to derive the upper bounds of for specified privacy risks. Unfortunately, these upper bounds suffer from some deficiencies (e.g., the bound relies on the data size, or might be too large), which greatly limits their applicability. To remedy this problem, we propose a novel approach that converts the privacy bound in differential privacy to privacy risks understandable to generic users, and present an in-depth theoretical analysis for it. Finally, we have conducted experiments to demonstrate the effectiveness of our model. Received on 19 December 2018; accepted on 21 January 2019; published on 25 January 2019","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"31 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114012771","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: