ABSTRACT. Location trajectories provide valuable insights for applications from urban planning to pandemic control. However, mobility data can also reveal sensitive information about individuals, such as political opinions, religious beliefs, or sexual orientations. Existing privacy-preserving approaches for publishing this data face a significant utility-privacy trade-off. Releasing synthetic trajectory data generated through deep learning offers a promising solution. Due to the trajectories' sequential nature, most existing models are based on recurrent neural networks (RNNs). However, research in generative adversarial networks (GANs) largely employs convolutional neural networks (CNNs) for image generation. This discrepancy raises the question of whether advances in computer vision can be applied to trajectory generation. In this work, we introduce a Reversible Trajectory-to-CNN Transformation (RTCT) that adapts trajectories into a format suitable for CNN-based models. We integrated this transformation with the well-known DCGAN in a proof-of-concept (PoC) and evaluated its performance against an RNN-based trajectory GAN using four metrics across two datasets. The PoC was superior in capturing spatial distributions compared to the RNN model but had difficulty replicating sequential and temporal properties. Although the PoC's utility is not sufficient for practical applications, the results demonstrate the transformation's potential to facilitate the use of CNNs for trajectory generation, opening up avenues for future research. To support continued research, all source code has been made available under an open-source license.

ABSTRACT. The widespread use of healthcare data for online medical diagnosis has been made possible by deep learning advancements. However, entrusting computation and storage to unreliable external medical servers brings security and privacy concerns. As a result, developing trustworthy deep learning algorithms has attracted growing interest in defending against privacy concerns in patient data. Federated learning was developed to protect sensitive data privacy by allowing computation on the client side. Privacy leakage in the communication channel of healthcare systems, through inference, free-riding, Man-in-the-Middle, model poisoning, and gradient attacks, is still a crucial issue. To address this, we introduce an efficient Privacy Embedded Learning (PEL) method that trains machine learning models without compromising privacy. This PEL method addresses how machine learning models handle privacy issues by securing privacy at the patient end, at a medical server and in communication media. To balance privacy protection and model performance, PEL uses an edge intelligence-enabled federated learning to defend Smart Healthcare Systems from privacy attacks by applying artificial noise functions and an iteration-based Conventional Neural Network (CNN) model. PEL also offers gradient encryption in federated learning to protect the derived model parameters as gradients on communication media to protect users’ privacy without revealing user-sensitive information. We also integrated Federated Edge Aggregator (FEA) in the proposed PEL method to offer a lower overhead than peer mechanisms. We compare the proposed method with existing work and evaluate performance with well-known datasets: COVID-19 chest X-rays and MNIST. The performance is demonstrated by testing accuracy of about 92% and good privacy protection when safeguarding patient and healthcare provider data.

ABSTRACT. Traditionally, kidney exchange allows patients with an incompatible living kidney donor to exchange their donors in form of exchange cycles. Today, additional transplants are achieved through so-called exchange chains. These are initiated by an altruistic donor, who donates a kidney without requiring anything in return. In practice, kidney exchange is typically facilitated through central platforms, which compute potential exchange cycles and chains for a large number of patients and donors. To overcome the severe security issues of this centralized approach, several secure multi-party computation (SMPC) protocols for kidney exchange have been proposed recently. However, the privacy-preserving protocols proposed to date either do not scale for a sufficient number of patients and donors or do not support~exchange chains. In this paper, we present the first SMPC protocol that both supports exchange chains and yields efficient run times for a large number of patients and donors. We have implemented our protocol in the framework MP-SPDZ and evaluated its run time performance. Besides, we present evaluation results based on real-world data for the use of our protocol in a dynamic setting, where patient-donor pairs and altruistic donors arrive and depart over time.

ABSTRACT. Fuzzy deduplication frees up more storage space than exact deduplication. Traditional deduplication schemes do not only fail to extend to fuzzy deduplication directly but also be vulnerable to brute-force guessing attacks (e.g. Convergent Encryption (CE) and Message-locked Encryption (MLE)). Currently, fuzzy deduplication is mainly handled with the help of aided-server and a third-party validator for the security and feasibility. This work extracts a single-server fuzzy deduplication scheme for encrypted multimedia data under dual-entity (e.g., uploader \& server, and a third-party is not necessary).In addition, we perform experimental evaluation of DEFD on real-world datasets. The results show that DEFD can save 95+% of storage space, and for the real outsourced data deduplication scenarios DEFD can improve the accuracy by 5.287%.

ABSTRACT. Integrating subsystems developed by different manufacturers is a challenging task. Nevertheless, in fields like intelligent transportation systems (ITS), it is imperative for vehicles and infrastructure to constantly communicate. The proposed method models elements from a Threat Analysis and Risk Assessment (TARA) of each subsystem using SysML. Then it applies compatibility conditions to the exported model to generate an output compatibility statement. This statement indicates whether the subsystems are compatible from a security perspective or not. The method enables subsystems to assess their potential for secure integration allowing for independent development by manufacturers. We implement the method and evaluate it on an industrial use case to showcase the method’s ability to determine the security compatibility of two subsystems.

ABSTRACT. The automotive controller area network (CAN) bus functions as the communications backbone of automobiles around the globe. Unfortunately, the CAN bus was developed for the closed-system vehicles of the 1980s, not the inter-connected---even autonomous---vehicles hitting the roads today, meaning that the CAN bus is extraordinarily insecure. Much of the literature points to automotive intrusion detection as the solution; it is lightweight and does not involve re-engineering the CAN bus. That said, in safety-critical automotive environments, we can expect to see millions of messages every ten minutes; as such, accuracy is paramount. A false positive rate (FPR) of 0.00001 corresponds to about ten false positives every ten minutes.

Therefore, in this paper, we investigate false positives generated by the machine learning models that constitute automotive intrusion detection systems (IDSs). In particular, we explore the timestamp and time delta features to determine if they have a positive or negative impact on the FPR. Then, we look into the patterns of false positives, and we discover that many false positives are produced during actual attacks. Essentially, when legitimate messages are interlaced with attack messages, anomalous patterns are produced, and legitimate messages are flagged as anomalous. The IDS has done its job and detected an attack---it simply misidentified legitimate messages as part of the attack. When it comes to automotive attacks, many of the mitigation strategies do not require precise identification of the attack messages; that is, it is enough to know that an attack is ongoing. As such, we exclude false positives that occur during attack conditions from the FPR, and we examine the results. We find that, for a number of machine learning models, discounting attack-related false positives can significantly improve the FPR.

ABSTRACT. Quantum computers are believed to be capable of breaking the security of most classical public key cryptosystems. To mitigate future security risks, researchers have been working on a hybrid approach that uses both classical and post-quantum cryptographic techniques, with the aim of keeping the system secure as long as at least one of the cryptosystems remains secure. However, most existing hybrid cryptosystems require protocol revisions to accommodate post-quantum cryptographic algorithms, leading to extensive modifications of existing codebases and increased complexity in the state machines. In this paper, we explore a novel generic hybrid model that requires only minimal changes to the codebase of a classical cryptosystem while maintaining the simplicity of the state machines. To illustrate the working principle and provide a benchmark for our generic hybrid model, we conduct a case study on the IKEv2 protocol using the strongSwan library. Our benchmark reveals that, in a hybrid configuration with two protocols, our generic model introduces minimal overhead compared to the combined key exchange time of both protocols. Moreover, our model design allows for the initiation of different protocols in parallel, resulting in an acceleration of the key exchange time, particularly in hybrid configurations involving more than two protocols.

ABSTRACT. Generative AI, particularly through ``deepfake" technology, stands at the crossroads of innovation and ethical dilemma. On one hand, it brings unprecedented advancements, transforming how we interact with digital content. On the other hand, it significantly compromises privacy and security, casting a shadow over the reliability of speaker recognition systems and fueling misuse in telecommunication fraud and manipulation of public opinion. This stark contrast not only raises legitimate concerns over the safety of sharing personal audio and video but also questions the very authenticity of digital media. To address the challenges of traceability in deepfake content and guarantee the integrity of audio, we propose a new solution specifically designed to counteract voice conversion and synthetic speech attacks. Leveraging cutting-edge deep learning technology, three extension strategies and ensemble learning of synthesis layer, this approach not only overcomes the inherent limitations of existing forensic methods but also resolves the issues associated with high-capacity watermarks. It achieves exceptionally high accuracy and imperceptibility across multiple speech datasets, various synthetic forgery methods, and numerous speech processing algorithms.

ABSTRACT. Synthetic Aperture Radar has been extensively used in numerous fields and can gather a wealth of information about the area of interest. This large-scene data-intensive technology puts a high value on automatic target recognition (ATR) which can free the utilizers and boost the efficiency. Recent advances in artificial intelligence have made it possible to create a deep learning-based SAR ATR that can automatically identify target features from massive input data. In the last 6 years, intensive research has been conducted in this area, however, most papers in the current SAR ATR field used recurrent neural network (RNN) and convolutional neural network (CNN)-varied models to deepen the regime’s understanding of the SAR images. To equip SAR ATR with updated deep learning technology, this paper tries to apply a lightweight vision transformer (LViT)-based model to classify SAR images. The entire structure was verified by an open- accessed SAR data set and recognition results show that the final classification outcomes are robust and more accurate in comparison with referred traditional network structures without even using any convolutional layers.

ABSTRACT. Authentication in TLS is predominately carried out with X.509 digital certificates issued by certificate authorities (CA). The centralized nature of current public key infrastructures, however, comes along with severe risks, such as single points of failure and susceptibility to cyber-attacks, potentially undermining the security and trustworthiness of the entire system. With Decentralized Identifiers (DID) alongside distributed ledger technology, it becomes technically feasible to prove ownership of a unique identifier without requiring an attestation of the proof's public key by a centralized and therefore vulnerable CA. This article presents DID Link, a novel authentication scheme for TLS 1.3 that empowers entities to authenticate in a TLS-compliant way with self-issued X.509 certificates that are equipped with ledger-anchored DIDs instead of CA-issued identifiers. It facilitates the exchange of tamper-proof and 3rd-party attested claims in the form of DID-bound Verifiable Credentials after the TLS handshake to complete the authentication with a full identification of the communication partner. A prototypical implementation shows comparable TLS handshake durations of DID Link if verification material is cached and reasonable prolongations if it is obtained from a ledger. The significant speed improvement of the resulting TLS channel over a widely used, DID-based alternative transport protocol on the application layer demonstrates the potential of DID Link to become a viable solution for the establishment of secure and trustful end-to-end communication links with decentrally managed digital identities.

ABSTRACT. Side-channel attacks have emerged as the predominant approach for exploiting the weaknesses of cryptographic equipment. Therefore, it is becoming increasingly necessary to prioritize countermeasures that can improve the security level of these implementations. A Mixed-Mode Clock Manager (MMCM) primitive has been utilized in several time-based hiding countermeasures against side-channel attacks. However, they cannot be applied to ASIC implementations because the MMCM is a Xilinx primitive. Consequently, this paper proposes a hybrid dynamic Gold code-based solution to generate multiple different frequencies. The countermeasure combines a pair of preferred polynomials with a ring oscillator, so it is suitable for both FPGA and ASIC designs. The hardware overhead of our suggested architecture is 1.007× and 1.009× in terms of slice LUTs and registers, respectively. The total area cost of the circuit on the CMOS 0.18 um process is 398,835 square micrometers, representing a 1.004x increase compared to the unprotected case. Moreover, the approach is resistant to both standard and sliding window-based Correlation Power Analysis attacks, even when employing up to one million power traces.

ABSTRACT. Given their crucial role in protecting networks from numerous security threats, intrusion detection systems are crucial to any cybersecurity architecture. Deep neural networks have recently shown astounding effectiveness and performance in various machine learning applications, including intrusion detection. However, it has been observed that deep learning models are highly susceptible to a wide range of attacks during both the training and testing phases. These attacks can compromise the privacy of deep learning models, such as poisoning attacks that can affect the performance of the target model during the training process and evasion attacks that can undermine the security of these models during the testing phase. Numerous studies have been conducted to understand and mitigate these attacks and to propose more efficient techniques with higher success rates and accuracy in various tasks utilizing deep learning models, such as image classification, face recognition, network intrusion detection, and healthcare applications. Despite the considerable efforts in this area, the network domain still lacks sufficient attention to these attacks and vulnerabilities. This paper aims to address this gap by proposing a framework for adversarial attacks against network intrusion detection systems (NIDS). The proposed framework focuses on poisoning and evasion attacks and tries to combine these attacks. We evaluate the proposed framework on three CIC-IDS2017, CIC-IDS2018, and CIC-UNSW datasets.

ABSTRACT. Consumer-grade brain computer interface, i.e., EEG headsets are getting popular in our daily life activities. These devices are low-cost, light-weight in design and powerful enough to interact with a computing device effectively. In medical-grade use, EEG signal helps to detect different brain disease, e.g., sleep disorder, Epilepsy, Parkinson’s disease, Alzheimer’s disease. In consumer-grade use, EEG signal helps to communicate with the computing system in an error-free way. The high density brain imaging techniques and the easy integration features of EEG headsets introduce serious privacy attack to end-users. In this paper, we introduce Disease Detector, an eavesdropping attack which infers information about brain disease from EEG signal collected during daily life activities, such as stationary activities (e.g., desk work, idle sitting), light ambulatory activities (e.g., stairs up and down, walking), and intense ambulatory activities (e.g., jogging, running). In this attack, we utilize a low-cost and light-weight consumer-grade EEG headset to integrate with a smartphone/smartwatch/computer using Bluetooth connection and collect data passively without user intervention. We show that how an attacker can infer user’s private health conditions (i.e., Epilepsy) from uncontrolled EEG signal and use it for unknown malicious purposes (e.g., targeted advertisement, trigger disease symptoms with flashing strobe lights, high frequency sounds etc.). We evaluate the attack with spectral analysis and machine learning. Our machine learning results show accuracy of 82% on stationary activities, 94% on light ambulatory activities and 83% on intense ambulatory activities in identifying an epileptic patient from a healthy person.

Our work shows that, it is indeed feasible for an attacker to learn about serious health condition by analyzing EEG signal collected from a low-end EEG headset. We believe our work serves to raise awareness to a potentially hard-to address threat arising from consumer-grade EEG headset and provides insights to security researchers to consider robust security measurements to protect users’ private sensitive information (e.g., health condition).