# PapersCutA shortcut to recent security papers

### Arxiv

#### Temporal Phase Shifts in SCADA Networks

Authors: Chen Markman, Avishai Wool, Alvaro A. Cardenas

Abstract: In Industrial Control Systems (ICS/SCADA), machine to machine data traffic is highly periodic. Previous work showed that in many cases, it is possible to create an automata-based model of the traffic between each individual Programmable Logic Controller (PLC) and the SCADA server, and to use the model to detect anomalies in the traffic. When testing the validity of previous models, we noticed that overall, the models have difficulty in dealing with communication patterns that change over time. In this paper we show that in many cases the traffic exhibits phases in time, where each phase has a unique pattern, and the transition between the different phases is rather sharp. We suggest a method to automatically detect traffic phase shifts, and a new anomaly detection model that incorporates multiple phases of the traffic. Furthermore we present a new sampling mechanism for training set assembly, which enables the model to learn all phases during the training stage with lower complexity. The model presented has similar accuracy and much less permissiveness compared to the previous general DFA model. Moreover, the model can provide the operator with information about the state of the controlled process at any given time, as seen in the traffic phases.

Comment: Full version of CPS-SPC'18 short paper

Date: 15 Aug 2018

#### Mitigating Sybils in Federated Learning Poisoning

Authors: Clement Fung, Chris J. M. Yoon, Ivan Beschastnikh

Abstract: Machine learning (ML) over distributed data is relevant to a variety of domains. Existing approaches, such as federated learning, compose the outputs computed by a group of devices at a central aggregator and run multi-round algorithms to generate a globally shared model. Unfortunately, such approaches are susceptible to a variety of attacks, including model poisoning, which is made substantially worse in the presence of sybils. In this paper we first evaluate the vulnerability of federated learning to sybil-based poisoning attacks. We then describe FoolsGold, a novel defense to this problem that identifies poisoning sybils based on the diversity of client contributions in the distributed learning process. Unlike prior work, our system does not assume that the attackers are in the minority, requires no auxiliary information outside of the learning process, and makes fewer assumptions about clients and their data. In our evaluation we show that FoolsGold exceeds the capabilities of existing state of the art approaches to countering ML poisoning attacks. Our results hold for a variety of conditions, including different distributions of data, varying poisoning targets, and various attack strategies.

Comment: 15 pages

Date: 14 Aug 2018

#### Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures

Authors: Mengjia Yan, Christopher Fletcher, Josep Torrellas

Abstract: Deep Neural Networks (DNNs) are fast becoming ubiquitous for their ability to attain good accuracy in various machine learning tasks. A DNN's architecture (i.e., its hyper-parameters) broadly determines the DNN's accuracy and performance, and is often confidential. Attacking a DNN in the cloud to obtain its architecture can potentially provide major commercial value. Further, attaining a DNN's architecture facilitates other, existing DNN attacks. This paper presents Cache Telepathy: a fast and accurate mechanism to steal a DNN's architecture using the cache side channel. Our attack is based on the insight that DNN inference relies heavily on tiled GEMM (Generalized Matrix Multiply), and that DNN architecture parameters determine the number of GEMM calls and the dimensions of the matrices used in the GEMM functions. Such information can be leaked through the cache side channel. This paper uses Prime+Probe and Flush+Reload to attack VGG and ResNet DNNs running OpenBLAS and Intel MKL libraries. Our attack is effective in helping obtain the architectures by very substantially reducing the search space of target DNN architectures. For example, for VGG using OpenBLAS, it reduces the search space from more than $10^{35}$ architectures to just 16.

Date: 14 Aug 2018

#### Sea of Lights: Practical Device-to-Device Security Bootstrapping in the Dark

Authors: Flor Álvarez, Max Kolhagen, Matthias Hollick

Abstract: Practical solutions to bootstrap security in today's information and communication systems critically depend on centralized services for authentication as well as key and trust management. This is particularly true for mobile users. Identity providers such as Google or Facebook have active user bases of two billion each, and the subscriber number of mobile operators exceeds five billion unique users as of early 2018. If these centralized services go completely dark' due to natural or man made disasters, large scale blackouts, or country-wide censorship, the users are left without practical solutions to bootstrap security on their mobile devices. Existing distributed solutions, for instance, the so-called web-of-trust are not sufficiently lightweight. Furthermore, they support neither cross-application on mobile devices nor strong protection of key material using hardware security modules. We propose Sea of Lights(SoL), a practical lightweight scheme for bootstrapping device-to-device security wirelessly, thus, enabling secure distributed self-organized networks. It is tailored to operate in the dark' and provides strong protection of key material as well as an intuitive means to build a lightweight web-of-trust. SoL is particularly well suited for local or urban operation in scenarios such as the coordination of emergency response, where it helps containing/limiting the spreading of misinformation. As a proof of concept, we implement SoL in the Android platform and hence test its feasibility on real mobile devices. We further evaluate its key performance aspects using simulation.

Date: 14 Aug 2018

#### ACE of Spades in the IoT Security Game: A Flexible IPsec Security Profile for Access Control

Authors: Santiago Aragon, Marco Tiloca, Max Maass, Matthias Hollick, Shahid Raza

Abstract: The Authentication and Authorization for Constrained Environments (ACE) framework provides fine-grained access control in the Internet of Things, where devices are resource-constrained and with limited connectivity. The ACE framework defines separate profiles to specify how exactly entities interact and what security and communication protocols to use. This paper presents the novel ACE IPsec profile, which specifies how a client establishes a secure IPsec channel with a resource server, contextually using the ACE framework to enforce authorized access to remote resources. The profile makes it possible to establish IPsec Security Associations, either through their direct provisioning or through the standard IKEv2 protocol. We provide the first Open Source implementation of the ACE IPsec profile for the Contiki OS and test it on the resource-constrained Zolertia Firefly platform. Our experimental performance evaluation confirms that the IPsec profile and its operating modes are affordable and deployable also on constrained IoT platforms.

Date: 14 Aug 2018

#### Mitigating Location Privacy Attacks on Mobile Devices using Dynamic App Sandboxing

Authors: Sashank Narain, Guevara Noubir

Abstract: We present the design, implementation and evaluation of a system, called MATRIX, developed to protect the privacy of mobile device users from location inference and sensor side-channel attacks. MATRIX gives users control and visibility over location and sensor (e.g., Accelerometers and Gyroscopes) accesses by mobile apps. It implements a PrivoScope service that audits all location and sensor accesses by apps on the device and generates real-time notifications and graphs for visualizing these accesses; and a Synthetic Location service to enable users to provide obfuscated or synthetic location trajectories or sensor traces to apps they find useful, but do not trust with their private information. The services are designed to be extensible and easy for users, hiding all of the underlying complexity from them. MATRIX also implements a Location Provider component that generates realistic privacy-preserving synthetic identities and trajectories for users by incorporating traffic information using historical data from Google Maps Directions API, and accelerations using statistical information from user driving experiments. The random traffic patterns are generated by modeling/solving user schedule using a randomized linear program and modeling/solving for user driving behavior using a quadratic program. We extensively evaluated MATRIX using user studies, popular location-driven apps and machine learning techniques, and demonstrate that it is portable to most Android devices globally, is reliable, has low-overhead, and generates synthetic trajectories that are difficult to differentiate from real mobility trajectories by an adversary.

Date: 13 Aug 2018

#### A Preliminary Study On Emerging Cloud Computing Security Challenges

Authors: Babin Bhandari, James Zheng

Abstract: Cloud computing is the internet based provisioning of the computing resources, software, and information on demand. Cloud Computing is referred to as one of most recent emerging paradigms of computing utilities. Since Cloud computing is the dominant infrastructure of the shared services over the internet, it is important to be aware of the security risk and the challenges associated with this emerging computing paradigm. This survey provides a brief introduction to the cloud computing, its major characteristics, and service models. It also explores cloud security threats, lists a few security solutions , and proposes a promsing research direction to deal with the evolving security challenges in Cloud computing.

Date: 13 Aug 2018

#### Deterministic Proof Of Work

Authors: Zhuan Cheng, Gang Wu, Hao Wu, Muxing Zhao, Liang Zhao, Qingfeng Cai

Abstract: Blockchains such as Bitcoin and Ethereum designed their consensus protocol based on the Proof-of-Work (PoW) protocol. However, PoW has certain problems - its throughput is small and it also requires the user to wait extended periods of time for transactions to be confirmed, and even then, there is only a probabilistic guarantee that the transaction is irreversible. In this paper, we propose a new consensus protocol, called Deterministic Proof of Work (DPoW) that guarantees the deterministic finality of transactions. Our protocol introduces a Map-reduce PoW mining mechanism to work alongside Practical Byzantine Fault Tolerance (PBFT) verification. This mechanism allows for transactions to be confirmed immediately, thus largely improving scalability. In addition, it assures strong consistency and security against a multitude of attacks largely because the protocol does not allow forking. Finally, we conducted experiments which demonstrate that our consensus protocol can attain high levels of scalability and consistency without significant reduction to decentralization.

Comment: 2 figures

Date: 13 Aug 2018

#### Review of Different Privacy Preserving Techniques in PPDP

Authors: Jalpesh Vasa, Panthini Modi

Abstract: Big data is a term used for a very large data sets that have many difficulties in storing and processing the data. Analysis this much amount of data will lead to information loss. The main goal of this paper is to share data in a way that privacy is preserved while information loss is kept at least. Data that include Government agencies, University details and Medical history etc., are very necessary for an organization to do analysis and predict trends and patterns, but it may prevent the data owner from sharing the data because of privacy regulations [1]. By doing an analysis of several algorithms of Anonymization such as k-anonymity, l-diversity and tcloseness, one can achieve privacy at minimum loss. Admitting these techniques has some limitations. We need to maintain trade-off between privacy and information loss. We introduce a novel approach called Differential Privacy.

Comment: 05 Pages, "Published with International Journal of Engineering Trends and Technology (IJETT)"

Date: 13 Aug 2018

#### Privacy Preserving and Cost Optimal Mobile Crowdsensing using Smart Contracts on Blockchain

Authors: Dimitris Chatzopoulos, Sujit Gujar, Boi Faltings, Pan Hui

Abstract: The popularity and applicability of mobile crowdsensing applications are continuously increasing due to the widespread of mobile devices and their sensing and processing capabilities. However, we need to offer appropriate incentives to the mobile users who contribute their resources and preserve their privacy. Blockchain technologies enable semi-anonymous multi-party interactions and can be utilized in crowdsensing applications to maintain the privacy of the mobile users while ensuring first-rate crowdsensed data. In this work, we propose to use blockchain technologies and smart contracts to orchestrate the interactions between mobile crowdsensing providers and mobile users for the case of spatial crowdsensing, where mobile users need to be at specific locations to perform the tasks. Smart contracts, by operating as processes that are executed on the blockchain, are used to preserve users' privacy and make payments. Furthermore, for the assignment of the crowdsensing tasks to the mobile users, we design a truthful, cost-optimal auction that minimizes the payments from the crowdsensing providers to the mobile users. Extensive experimental results show that the proposed privacy preserving auction outperforms state-of-the-art proposals regarding cost by ten times for high numbers of mobile users and tasks.

Date: 13 Aug 2018