ABSTRACT. SCADA systems are one of the critical infrastructures and face many security threats. Attackers can control SCADA systems through network attacks, destroying the normal operation of the power system. It is important to conduct a risk assessment of security threats on SCADA systems. However, existing models for risk assessment using attack trees mainly focus on describing possible intrusions rather than the interaction between threats and defenses. In this paper, we comprehensively consider intrusion likelihood and defense capability and propose a quantitative risk assessment model of security threats based on attack countermeasure tree (ACT). Each leaf node in ACT contains two attributes: exploitable vulnerabilities and defense countermeasures. An attack scenario can be constructed by means of traversing the leaf nodes. We set up six indicators to evaluate the impact of security threats in attack scenarios according to NISTIR 7628 standard. Experimental results show the attack probability of security threats and high-risk attack scenarios in SCADA systems. We can improve defense countermeasures to protect against security threats corresponding to high-risk scenarios. In addition, the model can continually update risk assessments based on the implementation of the system's defensive countermeasures.

ABSTRACT. The payment of most popular cryptocurrencies such as Bitcoin or Ethereum happens between two blockchain addresses, which are usually two random strings that are not easily memorialized or managed by human beings. Recently, web 3.0 has become a dominant narrative in the development of the cryptocurrency sphere. In the web 3.0 world, users will be in control of their privacy and the monetization of their data. Meanwhile, we also see various infrastructures for human-readable identifiers (HRI) such as Ethereum naming service (ENS) springing out recently. These newly established account systems for Web 3.0, combined with the users' existing various online identities such as social media accounts, email accounts, etc, will constitute the main HRI layer for the payment network of Web 3.0. Most payments in the Web 3.0 world will happen between the HRI accounts.

This work presents an anonymous payment scheme for HRIs, that allows a user to manage multiple human-readable identities with one single secret key. Our proposed scheme borrows ideas from the Zether framework and replaces the underlying public-key encryption scheme with anonymous identity-based encryption (AIBE) scheme, which fits perfectly with the management of multiple HRIs. By exploiting the anonymity guarantee of the underlying IBE scheme, the token can be transferred among these HRIs anonymously with the transferred amount also encrypted. Interestingly, our approach does not require any ring signature like or Merkle-tree-based zero-knowledge proof in order to protect the identifier anonymity. This suggests that the new framework based on AIBE scheme has a significant performance advantage when it comes to the privacy protection of layer-2 HRI accounts compared with the original Zether framework.

ABSTRACT. With the rapid development of blockchain technology, it provides a new technical solution for secure storage of data and trusted computing. However, in the actual application of data traceability, blockchain technology has an obvious disadvantage: the large amount of data stored in the blockchain system will lead to a long response time for users to query data. Higher query delay severely restricts the development of block chain technology in the traceability system. In order to solve this problem, we propose an efficient, secure and low storage overhead blockchain query scheme. Specifically, we design an index structure independent of Merkle tree to support efficient intra-block query, and create new fields in the block header to optimize inter-block query. Compared with several existing schemes, our scheme ensures the security of data. Finally, we simulate and evaluate our proposed scheme. The results show that the proposed scheme has better execution efficiency while reducing additional overhead.

ABSTRACT. Cyber ranges, built to simulate the topologies, configurations, and runtime status of the real network, can be employed to test and verify the security and/or privacy issues of user behaviors in newly developed systems and networks in a virtual but extremely similar environment. However, most of the existing user behavior simulation methods usually suffer from low authenticity and trust in real-world user behaviors, especially for large-scale and complex industrial control systems (ICSs). To meet this gap, this paper proposes a novel user behavior simulation method for ICS cyber ranges. Specifically, we first accelerate and replay the user traffic by compressing the time interval to balance the packet loss rate and distortion rate. Then, we generate coarse-grained group user behaviors. Further, we generate fine-grained individual user behaviors to fit the same software under different levels of subsystems. Importantly, to build a multi-granularity ICS cyber range that can simulate different types of user behaviors, we use the cloud platform to create protocol stacks, dockers, virtual machines, and physical devices. Experiment results show that the simulated user behaviors in ICS cyber ranges are highly similar to the actual network environments.

ABSTRACT. This paper introduces a new type of attack on isolated, air-gapped workstations. Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band. The Serial ATA (SATA) is a bus interface widely used in modern computers and connects the host bus to mass storage devices such as hard disk drives, optical drives, and solid-state drives. The prevalence of the SATA interface makes this attack highly available to attackers in a wide range of computer systems and IT environments. We discuss related work on this topic and provide technical background. We show the design of the transmitter and receiver and present the implementation of these components. We also demonstrate the attack on different computers and provide the evaluation. The results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver. Furthermore, we show that the attack can operate from user mode, is effective even from inside a Virtual Machine (VM), and can successfully work with other running workloads in the background. Finally, we discuss defense and mitigation techniques for this new air-gap attack.

ABSTRACT. The growing power of cloud computing prompts data owners to outsource their databases to the cloud. In order to fit for the multi-dimensional data processing in big data era, multi-dimensional range queries, especially over cloud platform, have received considerable attention in recent years. However, since the third-party clouds are not fully trusted, it is popular for the data owners to encrypt sensitive data before outsourcing. It promotes the research of encrypted data retrieval. Nevertheless, most existing solutions suffer from the leakage of the single-dimensional privacy, and such leakage would severely put the data at risk. Although a few existing works have addressed the problem of single-dimensional privacy, they are impractical in some real scenarios due to the issues of inefficiency, inaccuracy, and lack of support for diverse data. This paper mainly focuses on range queries over encrypted data. We first propose a private range query scheme for encrypted data based on homomorphic encryption, which can effectively protect data privacy. By using the dual-server model as the framework of the system, we not only achieve multi-dimensional privacy-preserving range query but also innovatively realize similarity search based on MinHash over ciphertext domains. Then we perform formal security analysis and evaluate our scheme on real datasets. The result shows that our proposed scheme is efficient and privacy-preserving. Moreover, we apply our scheme to a shopping website. The low latency demonstrates that our proposed scheme is practical.

ABSTRACT. With the rapid development of personal computers and mobile devices, it is very important to deploy a suitable user authentication to protect the information and data stored on these devices. Due to various privacy and security concerns, contactless authentication has received much attention, among which in-air gesture based authentication is one promising solution. Motivated by this observation, in this work, we develop and implement a real-time in-air hand gesture-based user authentication system, where users can define or select various gestures and generate their credentials. Our system can verify a user using a deep learning-enabled inference framework without the need of being trained by a powerful device. Different from the state-of-the-art, our system uses a method of convex hull to recognize the hand gesture. In our user study, we involve 20 participants to examine the system performance, and find it is viable and usable with a success rate of 95%.

ABSTRACT. Privacy policies are statements about how websites, applications, and any other service providers collect, use, share and manage users' data. Nowadays, the contents of privacy policies have been affected by different regulations such as the General Data Protection Regulation (GDPR), which enforces the protection of personal data and also requires privacy policies to be more transparent for readers. There is a limited understanding of how GDPR has impacted the content of privacy policies. This study presents a framework for evaluation of compliance of privacy policies with GDPR recommendations and best practices. This evaluation framework includes text feature analysis, coverage analysis, and content analysis. Our findings suggest that although GDPR enforcement has improved the content of privacy policies, many of these privacy policies do not fully satisfy GDPR requirements.

ABSTRACT. Chainweb and some other parallel blockchain sys- tems have recently been proposed, with the objectives of improv- ing the throughput and enhancing the tamper-proof capability. While many security related studies have been conducted for traditional single-chain based blockchain systems, the security aspect of parallel chain systems is yet to be well studied and understood. Our paper presents a systematic study on selfish mining attacks in Chainweb based on mathematical modeling. Specifically, selfish mining is conducted by concentrating the computation power on a subset of parallel chains and operating a proper withholding strategy. We demonstrate how to establish a Markov chain based analytical model with innovative tech- niques to handle the very large state space. Our Markov chain model is also capable of handling different number of parallel chains. The mathematical analysis brings an insightful, in fact counterintuitive, finding that the attackers need less computation power to harvest additional rewards through withholding when Chainweb contains a larger number of chains; while the common understanding is that the more chains are used, the more tamper- proof the system is. The accuracy of the Markov chain analysis is demonstrated via comparison to the simulation results.

ABSTRACT. Nowadays, the Internet of Things (IoT) has attracted much attention from the industry, and new initiatives are expected to be developed in the next decade. IoT is establishing a globally connected sensor network in which many devices are connected to the Internet generating large amounts of data. Conversely, many challenges need to be overcome to enable efficient and secure IoT applications (e.g., interoperability, se- curity, standards, and server technologies). Furthermore, edge computing presents a paramount role in the diverse range of IoT applications. The ability of edge services to serve multiple tenants is also an essential capability given the current and future demands of low-latency responses and seamless operations. In this sense, processing sensitive data for different tenants (e.g., e- health and smart cities applications) requires transactions to be protected and isolated from different flows. Thereupon, different tenants can be targeted by Distributed Denial of Service (DDoS) attacks. However, attacks performed against a tenant remain unknown to others, preventing the improvement of detection and mitigation capabilities for DDoS attacks. The main obstacle in this collaboration relies on maintaining privacy in a multi- tenant environment while sharing the characteristics of attacks faced in the past. In this paper, we propose a collaborative DDoS detection and classification approach for distributed multi-tenant IoT environments using Federated Learning. This approach enables multiples tenants to collaboratively enhance their DDoS detection and classification capabilities across all edge nodes while maintaining their privacy. To accomplish this, tenants train deep learning instances on locally scaled traffic data and share the model parameters with other tenants. This strategy enables safer IoT operations and can be adopted in different applications. The experiments performed on a simulated environ- ment considered the CICDDoS2019 dataset and showed that the proposed approach can classify different DDoS attacks types with over 84.2% accuracy. The results demonstrate that collaborative DDoS detection enhances tenant protection compared to single detection.

ABSTRACT. Recent attacks on Machine Learning (ML) models such as evasion attacks with adversarial examples and models stealing through extraction attacks pose several security and privacy threats. Prior work proposes to use adversarial training to secure models from adversarial examples that can evade the classification of a model and deteriorate its performance. However, this protection technique affects the model's decision boundary and its prediction probabilities, hence it might raise model privacy risks. In fact, a malicious user using only a query access to the prediction output of a model can extract it and obtain a high-accuracy and high-fidelity surrogate model. To have a greater extraction, these attacks leverage the prediction probabilities of the victim model. Indeed, all previous work on extraction attacks do not take into consideration the changes in the training process for security purposes. In this paper, we propose a framework to assess extraction attacks on adversarially trained models with vision datasets. To the best of our knowledge, our work is the first to perform such evaluation. Through an extensive empirical study, we demonstrate that adversarially trained models are more vulnerable to extraction attacks than models obtained under natural training circumstances. They can achieve up to ×1.2 higher accuracy and agreement with a fraction lower than ×0.75 of the queries. We additionally find that the adversarial robustness capability is transferable through extraction attacks, i.e., extracted Deep Neural Networks (DNNs) from robust models show an enhanced accuracy to adversarial examples compared to extracted DNNs from naturally trained (i.e. standard) models.

ABSTRACT. The spread of digital disinformation (aka “fake news”) is arguably one of the most significant threats on the Internet today which can cause individual and societal harm of large scales. The susceptibility to fake news attacks hinges on whether or not Internet users perceive a fake news article/snippet to be legitimate (real) after reading it. In this paper, we attempt to garner an in-depth understanding of users’ susceptibility to text-centric fake news attacks via a neuro-cognitive methodology (thus corroborating as well as extending the traditional behavioral-only approach in significant ways). In particular, we investigate the neural underpinnings relevant to fake vs. real news through EEG, a well-established brain imaging technique. We design and run an EEG experiment with human users to pursue a thorough investigation of users’ perception and cognitive processing of fake vs. real news. We analyze the neural activity associated with the fake vs. real news detection task for different categories of news articles.

Our results show that there may be no statistically significant or automatically inferable differences in the way the human brain processes the fake vs. real news, while marked differences are observed when people are subject to (real or fake) news vs. resting state and even between some different categories of fake news. This neuro-cognitive finding may help to justify users’ susceptibility to fake news attacks, as also confirmed from the behavioral analysis. In other words, the fake news articles may seem almost indistinguishable from the real news articles in both behavioral and neural domains. Our work serves to dissect the fundamental neural phenomena underlying fake news attacks and explains users’ susceptibility to these attacks through the limits of human biology. We believe that this could be a notable insight for the researchers and practitioners suggesting that the human detection of fake news might be ineffective, which may also have an adverse impact on the design of automated detection approaches that crucially rely upon human labeling of text articles for building training models.

ABSTRACT. Rolling code is a keyless access protocol used prominently for garage doors and vehicles entry. In this work, we examine the security of three garage door opener systems which are widely used in the north American markets. Such openers are electronically controlled by wireless remotes and mobile applications. We reverse engineer their rolling code protocol and demonstrate practical attacks that enable an adversary to open the garage door after wirelessly sniffing only one open/close signal produced by the remote control device owner. Our security analysis reveals that such attacks are due to vulnerabilities in the deployment of the rolling code protocol in two out of the three investigated brands.

ABSTRACT. Electronic voting machines (EVM) can improve the efficiency of elections. However, due to the possibility of errors in electronic voting machines, user trust in them is an issue. To improve user trust, one mechanism used by EVMs is the inclusion of a paper audit trail, which shows users a paper receipt of their vote for 7-seconds and asks them to verify their vote. While paper audit trails can theoretically improve user trust, their usability has not yet been explored, which can affect user trust. In this paper, we evaluate the usability of paper audit trails by creating two UI prototypes and testing them with users through a user study. The design of the first prototype reflected existing audit trail systems, whereas the second prototype was created using HCI design principles. Results showed that the second prototype improved error recognition rates compared to the first prototype. Post-test interviews showed that the second prototype also reduced users' stress and anxiety of the voting process. Our work highlights the importance of exploring the human aspect in the design of electronic voting machines, and their associated components such as paper audit trails. It also provides insights into users' overall perceptions of electronic voting.

ABSTRACT. Privacy policy is a legal document in which the users are informed about the data practices used by the organizations. Past research indicates that the privacy policies are long, include incomplete in-formation, and are hard to read. Research also shows that users are not inclined to read these long and verbose policies. The solution that we are proposing in this paper is to build tools that can assist users with finding relevant content in the privacy policies for their queries using semantic approach. This paper presents the development of domain ontology for privacy policies so that the relevant sentences related to privacy question can be automatically identified. For this study, we built an ontology and also validated and evaluated the ontology using qualitative and quantitative methods including competency questions, data driven, and user evaluation. Results from the evaluation of ontology depicted that the amount of text to read was significantly reduced as the users had to only read selected text that ranged from 1% to 30% of a privacy policy. The amount of content selected for reading depended on the query and its associated keywords. This finding shows that the time required to read a policy was significantly reduced as the ontology directed user to content related to a given user query. This finding was also confirmed by the results of the user study session. The results from the user study session indicated that the users found ontology helpful in finding relevant sentences for reading as compared to reading the entire policy.