Journal of Communications and Information Networks
Print ISSN 2096-1081 CN 10-1375/TN
Editor-in-Chief: Wei Zhang
Cyber-physical systems are being confronted with an ever-increasing number of security threats from the complicated interactions and fusions between cyberspace and physical space. Integrating security-related activities into the early phases of the development life cycle is a monolithic and cost-effective solution for the development of security-critical cyber-physical systems. These activities often incorporate security mechanisms from different realms. We present a fine-grained design flow paradigm for security-critical and software-intensive cyber-physical systems. We provide a comprehensive survey on the domain-specific architectures, countermeasure techniques and security standards involved in the development life cycle of security-critical cyber-physical systems, and adapt these elements to the newly designed flow paradigm. Finally, we provide prospectives and future directions for improving the usability and security level of this design flow paradigm.
User targeting via behavioral analysis is becoming increasingly prevalent in online messaging services. By taking into account users' behavior information such as geographic locations, purchase behaviors, and search histories, vendors can deliver messages to users who are more likely to have a strong preference. For example, advertisers can rely on some ad-network for distributing ads to targeted users. However, collecting such personal information for accurate targeting raises severe privacy concerns. In order to incentivize users to participate in such behavioral targeting systems, addressing the privacy concerns becomes of paramount importance. We provide a survey of privacy-preserving user targeting. We present the architectures of user targeting, the security threats faced by user targeting, and existing approaches to privacy-preserving user targeting. Some future research directions are also identified.
Chandran, et al. introduce the direction of position based cryptography at CRYPTO 2009. In position based cryptography, the position of a party is used to be its unique “credential” in order to realize the cryptographic tasks, such as position based encryption, position based signature, position based key exchange and so on. Position based key exchange, as a basic primitive in position based cryptography, can be used to establish a shared key based on the position of the participant. To begin with, this paper presents the notions of the prover-to-verifier mode and the prover-to-prover mode for position based key exchange. In the prover-to-verifier mode, a secret key can be shared between a prover and the verifiers according to the position of the prover. While in the prover-to-prover mode, two provers located at the valid positions can negotiate a shared key with the help of the verifiers and any other party whose position is illegal cannot obtain the shared key. At the same time, this paper formalizes two security definitions against colluding adversaries: position based prover-to-verifier key exchange and position based prover-to-prover key exchange. Then, this paper introduces the bounded retrieval model and the implementations of position based key exchange in two modes based on the bounded retrieval model. Finally, this paper discusses the position based key exchange protocols in two modes from both security and performance perspectives.
Mobile devices such as smartphones and tablets have continued to grow in recent years. Nowadays, people rely on these ubiquitous smart devices and carry them everywhere in their daily lives. Acoustic signal, as a simple and prevalent transmitting vector for end-to-end communication, shows unique characteristics comparing with another popular communication method, i. e. , optical signal, especially on the applications performed over smart devices. Acoustic signal does not require lineof-sight when transmission, the computational power of most smart devices are sufficient to modulate/demodulate acoustic signal using software acoustic modem only, which can be easily deployed on current off-the-shelf smart devices. Therefore, many acoustics-based short range communication systems have been developed and are used in sensitive applications such as building access control and mobile payment system. However, past work shows that an acoustic eavesdropper snooping on the communication between a transmitter and its legitimate receiver can easily break their communication protocol and decode the transmitted information. To solve this problem, many solutions have been proposed to protect the acoustic signal against eavesdroppers. In this overview, we explore the designs of existing solutions, the corresponding implementations, and their methodologies to protect acoustic signal communication. For each dependable and secure acoustics-based short range communication system, we present the major technical hurdles to be overcome, the state-of-the-art, and also offer a vision of the future research issues on this promising technology.
Cloud computing facilitates convenient and on-demand network access to a centralized pool of resources. Currently, many users prefer to outsource data to the cloud in order to mitigate the burden of local storage. However, storing sensitive data on remote servers poses privacy challenges and is currently a source of concern. SE (Searchable Encryption) is a positive way to protect users sensitive data, while preserving search ability on the server side. SE allows the server to search encrypted data without leaking information in plaintext data. The two main branches of SE are SSE (Searchable Symmetric Encryption) and PEKS (Public key Encryption with Keyword Search). SSE allows only private key holders to produce ciphertexts and to create trapdoors for search, whereas PEKS enables a number of users who know the public key to produce ciphertexts but allows only the private key holder to create trapdoors. This article surveys the two main techniques of SE: SSE and PEKS. Different SE schemes are categorized and compared in terms of functionality, efficiency, and security. Moreover, we point out some valuable directions for future work on SE schemes.
Satellite networks have many advantages over traditional terrestrial networks. However, it is very difficult to design a satellite network with excellent performance. The paper briefly summarizes some existing satellite network routing technologies from the perspective of both single-layer and multilayer satellite constellations, and focuses on the main ideas, characteristics, and existing problems of these routing technologies. For single-layer satellite networks, two routing strategies are discussed, virtual node strategy and virtual topology strategy. Moreover, considering the deficiency of existing multilayer satellite network routing, we discuss the topic invulnerability. Finally, the challenges and problems faced by the satellite network are analyzed and the trend of future development is predicted.
Modern mobile devices provide a wide variety of services. Users are able to access these services for many sensitive tasks relating to their everyday lives (e. g. , finance, home, or contacts). However, these services also provide new attack surfaces to attackers. Many efforts have been devoted to protecting mobile users from privacy leakage. In this work, we study state-ofthe-art techniques for the detection and protection of privacy leakage and discuss the evolving trends of privacy research.
The widespread application of heterogeneous cloud computing has enabled enormous advances in the real-time performance of telehealth systems. A cloud-based telehealth system allows healthcare users to obtain medical data from various data sources supported by heterogeneous cloud providers. Employing data duplications in distributed cloud databases is an alternative approach for achieving data sharing among multiple data users. However, this approach results in additional storage space being used, even though reducing data duplications would lead to a decrease in data acquisitions and realtime performance. To address this issue, this paper focuses on developing a dynamic data deduplication method that uses an intelligent blocker to determine the working mode of data duplications for each data package in heterogeneous cloudbased telehealth systems. The proposed approach is named the SD2M (Smart Data Deduplication Model), in which the main algorithm applies dynamic programming to produce optimal solutions to minimizing the total cost of data usage. We implement experimental evaluations to examine the adaptability of the proposed approach.
Internet worms can propagate across networks at terrifying speeds, reduce network security to a remarkable extent, and cause heavy economic losses. Thus, the rapid elimination of Internet worms using partial immunization becomes a significant matter for sustaining Internet infrastructure. This paper addresses this issue by presenting a novel worm susceptiblevaccinated-exposed-infectious-recovered model, named the SVEIR model. The SVEIR model extends the classical susceptibleexposed-infectious-recovered model (refer to SEIR model) through incorporating a saturated incidence rate and a partial immunization rate. The basic reproduction number in the SVEIR model is obtained. By virtue of the basic reproduction number, we prove the global stabilities of an infection-free equilibrium point and a unique endemic equilibrium point. Numerical methods are used to verify the proposed SVEIR model. Simulation results show that partial immunization is highly effective for eliminating worms, and the SVEIR model is viable for controlling and forecasting Internet worms.
A virtual machine placement optimization model based on optimized ant colony algorithm is proposed. The model is able to determine the physical machines suitable for hosting migrated virtual machines. Thus, it solves the problem of redundant power consumption resulting from idle resource waste of physical machines. First, based on the utilization parameters of the virtual machine, idle resources and energy consumption models are proposed. The models are dedicated to quantifying the features of virtual resource utilization and energy consumption of physical machines. Next, a multi-objective optimization strategy is derived for virtual machine placement in cloud environments. Finally, an optimal virtual machines placement scheme is determined based on feature metrics, multi-objective optimization, and the ant colony algorithm. Experimental results indicate that compared with the traditional genetic algorithms-based MGGA model, the convergence rate is increased by 16%, and the optimized highest average energy consumption is reduced by 18%. The model exhibits advantages in terms of algorithm efficiency and efficacy.
In the era of global Internet security threats, there is an urgent need for different organizations to cooperate and jointly fight against cyber attacks. We present an algorithm that combines a privacy-preserving technique and a multi-step attack-correlation method to better balance the privacy and availability of alarm data. This algorithm is used to construct multistep attack scenarios by discovering sequential attack-behavior patterns. It analyzes the time-sequential characteristics of attack behaviors and implements a support-evaluation method. Optimized candidate attack-sequence generation is applied to solve the problem of pre-defined association-rule complexity, as well as expert-knowledge dependency. An enhanced k-anonymity method is applied to this algorithm to preserve privacy. Experimental results indicate that the algorithm has better performance and accuracy for multi-step attack correlation than other methods, and reaches a good balance between efficiency and privacy.
Abstract: Integration of the IoT (Internet of Things) with Cloud Computing, termed as the CoT (Cloud of Things) can help achieve the goals of the envisioned IoT and future Internet. In a typical CoT infrastructure, the data collected from wireless sensor networks and IoTs is transmitted through a SG (Smart Gateway) to the cloud. The bandwidth between an IoT access point and SG becomes a bottleneck for information transmission between the IoT and the cloud. We propose a novel game theory model to describe the CoT attacker, who expects to use minimum set and energy consumption of IoT attack devices to occupy as many bandwidth resources as possible in a given time period; and the defender, who expects to minimize false alarms. By analyzing this model, we have found that the game theory model is a non-cooperative and repeated incomplete information game, and Nash equilibrium is existent, perfected by the subgame. The best strategy for each stage of the attack is to adjust the attack link number dynamically based on the comparison results of value and turning point for each time period. At the same time, the defender adjusts the threshold value β dynamically, based on the comparison results of the Load value and expected value of α for each time period. The simulation result shows that our strategy can significantly mitigate the harm of a distributed denial of service attack.
