With the rapid growth of wireless communication, sensor technology, and mobile computing, the ad hoc network has gained increasing attention from governments, corporations, and scientific research organisations. Ad hoc and sensor network security has become crucial. Malicious node identification, network resilience and survival, and trust models are among the security challenges discussed. The security of ad hoc networks is a key problem. In this paper, we'll look at a few security procedures and approaches that can be useful in keeping this network secure. We've compiled a list of all the ad networks' descriptions with explanations. Before presenting our conclusions from the examination of the literature, we went through various papers on the issue. The taxonomy diagram for the Ad-hoc Decentralized Network is the next item on the agenda. Security is one of the most significant challenges with an ad hoc network. In most cases, cyber-attackers will be able to connect to a wireless ad hoc network and, as a result, to the device if they reach within signal range. So, we moved on to a discussion of VANET, UAVs security issues discovered in the field. The outcomes of various ad hoc network methods were then summarised in the form tables. Furthermore, the Diffie Hellman Key Exchange is used to investigate strategies for improving ad-hoc network security and privacy in the next section, and a comparison of RSA with Diffie Hellman is also illustrated. This paper can be used as a guide and reference to provide readers with a broad knowledge of wireless ad hoc networks and how to deal with their security issues.
Authored by Usman Rana, O. Elahi, M. Mushtaq, Ali Shah
Vehicular Ad-hoc Networks (VANETs) is a very fast emerging research area these days due to their contribution in designing Intelligent transportation systems (ITS). ITS is a well-organized group of wireless networks. It is a derived class of Mobile Ad-hoc Networks (MANETs). VANET is an instant-formed ad-hoc network, due to the mobility of vehicles on the road. The goal of using ITS is to enhance road safety, driving comfort, and traffic effectiveness by alerting the drivers at right time about upcoming dangerous situations, traffic jams, road diverted, weather conditions, real-time news, and entertainment. We can consider Vehicular communication as an enabler for future driverless cars. For these all above applications, it is necessary to make a threat-free environment to establish secure, fast, and efficient communication in VANETs. In this paper, we had discussed the overviews, characteristics, securities, applications, and various data dissemination techniques in VANET.
Authored by Bhagwati Sharan, Megha Chhabra, Anil Sagar
Visible light communication (VLC) is a short-range wireless optical communication that can transmit data by switching lighting elements at high speeds in indoor areas. In common areas, VLC can provide data security at every layer of communication by using physical layer security (PLS) techniques as well as existing cryptography-based techniques. In the literature, PLS techniques have generally been studied for monochrome VLC systems, and multicolor VLC studies are quite limited. In this study, to the best of authors’ knowledge, null steering (NS) and artificial noise (AN), which are widely used PLS methods, have been applied to multi-colored LED-based VLC systems for the first time in the literature and the achievable secrecy rate has been calculated.
Authored by Besra Çetindere, Cenk Albayrak, Kadir Türk
Wireless-fidelity (Wi-Fi) and Bluetooth are examples of modern wireless communication technologies that employ radio waves as the primary channel for data transmission. but it ought to find alternatives over the limitation and interference in the radio frequency (RF) band. For viable alternatives, visible light communication (VLC) technology comes to play as Light Fidelity (Li-Fi) which uses visible light as a channel for delivering very high-speed communication in a Wi-Fi way. In terms of availability, bandwidth, security and efficiency, Li-Fi is superior than Wi-Fi. In this paper, we present a Li-Fi-based indoor communication system. prototype model has been proposed for single user scenario using visible light portion of electromagnetic spectrum. This system has been designed for audio data communication in between the users in transmitter and receiver sections. LED and photoresistor have been used as optical source and receiver respectively. The electro-acoustic transducer provides the required conversion of electrical-optical signal in both ways. This system might overcome problems like radio-frequency bandwidth scarcity However, its major problem is that it only works when it is pointed directly at the target.
Authored by Alamgir Kabir, Md. Ahammed, Chinmoy Das, Mehedi Kaium, Md. Zardar, Soma Prathibha
The expanding streaming culture of large amounts of data, as well as the requirement for faster and more reliable data transport systems, necessitates the development of innovative communication technologies such as Visible Light Communication (VLC). Nonetheless, incorporating VLC into next-generation networks is challenging due to technological restrictions such as air absorption, shadowing, and beam dispersion. One technique for addressing some of the challenges is to use the multiple input multiple output (MIMO) technique, which involves the simultaneous transmission of data from several sources, hence increasing data rate. In this work, the data transmission performance of the MIMO-VLC system is evaluated using a variety of factors such as distance from the source, data bit rate, and modulation method.
Authored by Maha Sliti
Over earlier years of huge technical developments, the need for a communication system has risen tremendously. Inrecent times, public realm interaction has been a popular area, hence the research group is emphasizing the necessity of quick and efficient broadband speeds, as well as upgraded security protocols. The main objective of this project work is to combine conventional Li-Fi and VLC techniques for video communication. VLC is helping to deliver fast data speeds, bandwidth efficiency, and a relatively secure channel of communication. Li-Fi is an inexpensive wireless communication (WC) system. Li-Fi can transmit information (text, audio, and video) to any electronic device via the LEDs that are positioned in the space to provide lighting. Li-Fi provides more advantages than Wi-Fi, such as security, high efficiency, speed, throughput, and low latency. The information can be transferred based on the flash property of the LED. Communication is accomplished by turning on and off LED lights at a faster pace than the human visual system can detect.
Authored by G Hussain, M Shruthe, S Rithanyaa, Saravana Madasamy, Nandagopal Velu
In the near future, the high data rate challenge would not be possible by using the radio frequency (RF) only. As the user will increase, the network traffic will increase proportionally. Visible light communication (VLC) is a good solution to support huge number of indoor users. VLC has high data rate over RF communication. The way internet users are increasing, we have to think over VLC technology. Not only the data rate is a concern but also its security, cost, and reliability have to be considered for a good communication network. Quantum technology makes a great impact on communication and computing in both areas. Quantum communication technology has the ability to support better channel capacity, higher security, and lower latency. This paper combines the quantum technology over the existing VLC and compares the performance between quantum visible light communication performance (QVLC) over the existing VLC system. Research findings clearly show that the performance of QVLC is better than the existing VLC system.
Authored by Syed Hasan, Mostafa Chowdhury, Md. Saiam
Visible light communication (VLC) is an important alternative and/or complementary technology for next generation indoor wireless broadband communication systems. In order to ensure data security for VLC in public areas, many studies in literature consider physical layer security (PLS). These studies generally neglect the reflections in the VLC channel and assume no inter symbol interference (ISI). However, increasing the data transmission rate causes ISI. In addition, even if the power of the reflections is small compared to the line of sight (LoS) components, it can affect the secrecy rate in a typical indoor VLC system. In this study, we investigate the effects of ISI and reflected channel components on secrecy rate in multiple-input single-output (MISO) VLC scenario utilized null-steering (NS) and artificial noise (AN) PLS techniques.
Authored by Cenk Albayrak, Hüseyin Arslan, Kadir Türk
To achieve secure uplink communication from smartphones’ screen to a telephoto camera at a long distance of 3.5 meters, we demonstrate that low-luminance space division multiplexing screen is effective in enhancement of the physical layer security. First, a numerical model shows that the spatial inter-symbol interference caused by space division multiplexing prevents eavesdropping from a wide angle by the camera. Second, wide-angle characteristics of the symbol error rate and the pixel value distribution are measured to verify the numerical analysis. We experimentally evaluate the difference in the performances from a wide angle depending on the screen luminance and color. We also evaluate the performances at a long distance in front of the screen and a short distance from a wider angle.
Authored by Alisa Kawade, Wataru Chujo, Kentaro Kobayashi
Wrist-worn devices enable access to essential information and they are suitable for a wide range of applications, such as gesture and activity recognition. Wrist-worn devices require appropriate technologies when used in sensitive areas, overcoming vulnerabilities in regard to security and privacy. In this work, we propose an approach to recognize wrist rotation by utilizing Visible Light Communication (VLC) that is enabled by low-cost LEDs in an indoor environment. In this regard, we address the channel model of a VLC communicating wristband (VLCcw) in terms of the following factors. The directionality and the spectral composition of the light and the corresponding spectral sensitivity and the directional characteristics of the utilized photodiode (PD). We verify our VLCcw from the simulation environment by a small-scale experimental setup. Then, we analyze the system when white and RGBW LEDs are used. In addition, we optimized the VLCcw system by adding more receivers for the purpose of reducing the number of LEDs on VLCcw. Our results show that the proposed approach generates a feasible real-world simulation environment.
Authored by Saman Zahiri-Rad, Ziad Salem, Andreas Weiss, Erich Leitgeb
The Sixth Generation (6G) is currently under development and it is a planned successor of the Fifth Generation (5G). It is a new wireless communication technology expected to have a greater coverage area, significant fast and a higher data rate. The aim of this paper is to examine the literature on challenges and possible solutions of 6G's security, privacy and trust. It uses the systematic literature review technique by searching five research databases for search engines which are precise keywords like “6G,” “6G Wireless communication,” and “sixth generation”. The latter produced a total of 1856 papers, then the security, privacy and trust issues of the 6G wireless communication were extracted. Two security issues, the artificial intelligence and visible light communication, were apparent. In conclusion, there is a need for new paradigms that will provide a clear 6G security solutions.
Authored by Mulumba Gracia, Vusumuzi Malele, Sphiwe Ndlovu, Topside Mathonsi, Lebogang Maaka, Tonderai Muchenje
Systems based on WB protection have a limited lifetime, measured in months and sometimes days. Unfortunately, to understand for how long the application will be uncompromised, if possible, only empirically. However, it is possible to make a preliminary assessment of the security of a particular implementation, depending on the methods and their number used in the implementation, it will allow reallocating resources to more effective means of protection.
Authored by Alla Levina, Ivan Kamnev
With the rapid development of the Internet of Things and the exploration of its application scenarios, embedded devices are deployed in various environments to collect information and data. In such environments, the security of embedded devices cannot be guaranteed and are vulnerable to various attacks, even device capture attacks. When embedded devices are attacked, the attacker can obtain the information transmitted by the channel during the encryption process and the internal operation of the encryption. In this paper, we analyze various existing white-box schemes and show whether they are suitable for application in IoT. We propose an application of WBEAs for distributed devices in IoT scenarios and conduct experiments on several devices in IoT scenarios.
Authored by Zheng Xu
All along, white-box cryptography researchers focus on the design and implementation of certain primitives but less to the practice of the cipher working modes. For example, the Galois/Counter Mode (GCM) requires block ciphers to perform only the encrypting operations, which inevitably facing code-lifting attacks under the white-box security model. In this paper, a code-lifting resisted GCM (which is named WBGCM) is proposed to mitigate this security drawbacks in the white-box context. The basic idea is to combining external encodings with exclusive-or operations in GCM, and therefore two different schemes are designed with external encodings (WBGCM-EE) and maskings (WBGCM-Maksing), respectively. Furthermore, WBGCM is instantiated with Chow et al.'s white-box AES, and the experiments show that the processing speeds of WBGCM-EE and WBGCM-Masking achieves about 5 MBytes/Second with a marginal storage overhead.
Authored by Nanjiang Xie, Zheng Gong, Yufeng Tang, Lei Wang, Yamin Wen
With the widespread application of power Internet of Things (IoT), the edge IoT agents are often threatened by various attacks, among which the white-box attack is the most serious. The white-box implementation of the cryptography algorithm can hide key information even in the white-box attack context by means of obfuscation. However, under the specially designed attack, there is still a risk of the information being recovered within a certain time complexity. In this paper, by introducing pseudo states, a new white-box implementation of SM4 algorithm is proposed. The encryption and decryption processes are implemented in the form of matrices and lookup tables, which are obfuscated by scrambling encodings. The introduction of pseudo states could complicate the obfuscation, leading to the great improvement in the security. The number of pseudo states can be changed according to the requirements of security. Through several quantitative indicators, including diversity, ambiguity, the time complexity required to extract the key and the value space of the key and external encodings, it is proved that the security of the proposed implementation could been enhanced significantly, compared with the existing schemes under similar memory occupation.
Authored by Weiwei Miao, Chao Jin, Zeng Zeng, Zhejing Bao, Xiaogang Wei, Rui Zhang
Recent works have empirically shown that neural network interpretability is susceptible to malicious manipulations. However, existing attacks against Interpretable Deep Learning Systems (IDLSes) all focus on the white-box setting, which is obviously unpractical in real-world scenarios. In this paper, we make the first attempt to attack IDLSes in the decision-based black-box setting. We propose a new framework called Dual Black-box Adversarial Attack (DBAA) which can generate adversarial examples that are misclassified as the target class, yet have very similar interpretations to their benign cases. We conduct comprehensive experiments on different combinations of classifiers and interpreters to illustrate the effectiveness of DBAA. Empirical results show that in all the cases, DBAA achieves high attack success rates and Intersection over Union (IoU) scores.
Authored by Yike Zhan, Baolin Zheng, Qian Wang, Ningping Mou, Binqing Guo, Qi Li, Chao Shen, Cong Wang
Modern hardware systems are composed of a variety of third-party Intellectual Property (IP) cores to implement their overall functionality. Since hardware design is a globalized process involving various (untrusted) stakeholders, a secure management of the valuable IP between authors and users is inevitable to protect them from unauthorized access and modification. To this end, the widely adopted IEEE standard 1735-2014 was created to ensure confidentiality and integrity. In this paper, we outline structural weaknesses in IEEE 1735 that cannot be fixed with cryptographic solutions (given the contemporary hardware design process) and thus render the standard inherently insecure. We practically demonstrate the weaknesses by recovering the private keys of IEEE 1735 implementations from major Electronic Design Automation (EDA) tool vendors, namely Intel, Xilinx, Cadence, Siemens, Microsemi, and Lattice, while results on a seventh case study are withheld. As a consequence, we can decrypt, modify, and re-encrypt all allegedly protected IP cores designed for the respective tools, thus leading to an industry-wide break. As part of this analysis, we are the first to publicly disclose three RSA-based white-box schemes that are used in real-world products and present cryptanalytical attacks for all of them, finally resulting in key recovery.
Authored by Julian Speith, Florian Schweins, Maik Ender, Marc Fyrbiak, Alexander May, Christof Paar
The current adversarial attacks against machine learning models can be divided into white-box attacks and black-box attacks. Further the black-box can be subdivided into soft label and hard label black-box, but the latter has the deficiency of only returning the class with the highest prediction probability, which leads to the difficulty in gradient estimation. However, due to its wide application, it is of great research significance and application value to explore hard label blackbox attacks. This paper proposes an Automatic Selection Attacks Framework (ASAF) for hard label black-box models, which can be explained in two aspects based on the existing attack methods. Firstly, ASAF applies model equivalence to select substitute models automatically so as to generate adversarial examples and then completes black-box attacks based on their transferability. Secondly, specified feature selection and parallel attack method are proposed to shorten the attack time and improve the attack success rate. The experimental results show that ASAF can achieve more than 90% success rate of nontargeted attack on the common models of traditional dataset ResNet-101 (CIFAR10) and InceptionV4 (ImageNet). Meanwhile, compared with FGSM and other attack algorithms, the attack time is reduced by at least 89.7% and 87.8% respectively in two traditional datasets. Besides, it can achieve 90% success rate of attack on the online model, BaiduAI digital recognition. In conclusion, ASAF is the first automatic selection attacks framework for hard label blackbox models, in which specified feature selection and parallel attack methods speed up automatic attacks.
Authored by Xiaolei Liu, Xiaoyu Li, Desheng Zheng, Jiayu Bai, Yu Peng, Shibin Zhang
The wide application of deep learning techniques is boosting the regulation of deep learning models, especially deep neural networks (DNN), as commercial products. A necessary prerequisite for such regulations is identifying the owner of deep neural networks, which is usually done through the watermark. Current DNN watermarking schemes, particularly white-box ones, are uniformly fragile against a family of functionality equivalence attacks, especially the neuron permutation. This operation can effortlessly invalidate the ownership proof and escape copyright regulations. To enhance the robustness of white-box DNN watermarking schemes, this paper presents a procedure that aligns neurons into the same order as when the watermark is embedded, so the watermark can be correctly recognized. This neuron alignment process significantly facilitates the functionality of established deep neural network watermarking schemes.
Authored by Fang-Qi Li, Shi-Lin Wang, Yun Zhu
When we setup a computer network, we need to know if an attacker can get into the system. We need to do a series of test that shows the vulnerabilities of the network setup. These series of tests are commonly known Penetration Test. The need for penetration testing was not well known before. This paper highlights how penetration started and how it became as popular as it has today. The internet played a big part into the push to getting the idea of penetration testing started. The styles of penetration testing can vary from physical to network or virtual based testing which either can be a benefit to how a company becomes more secure. This paper presents the steps of penetration testing that a company or organization needs to carry out, to find out their own security flaws.
Authored by Devin Sweigert, Md Chowdhury, Nafiz Rifat
With the future 6G era, spiking neural networks (SNNs) can be powerful processing tools in various areas due to their strong artificial intelligence (AI) processing capabilities, such as biometric recognition, AI robotics, autonomous drive, and healthcare. However, within Cyber Physical System (CPS), SNNs are surprisingly vulnerable to adversarial examples generated by benign samples with human-imperceptible noise, this will lead to serious consequences such as face recognition anomalies, autonomous drive-out of control, and wrong medical diagnosis. Only by fully understanding the principles of adversarial attacks with adversarial samples can we defend against them. Nowadays, most existing adversarial attacks result in a severe accuracy degradation to trained SNNs. Still, the critical issue is that they only generate adversarial samples by randomly adding, deleting, and flipping spike trains, making them easy to identify by filters, even by human eyes. Besides, the attack performance and speed also can be improved further. Hence, Spike Probabilistic Attack (SPA) is presented in this paper and aims to generate adversarial samples with more minor perturbations, greater model accuracy degradation, and faster iteration. SPA uses Poisson coding to generate spikes as probabilities, directly converting input data into spikes for faster speed and generating uniformly distributed perturbation for better attack performance. Moreover, an objective function is constructed for minor perturbations and keeping attack success rate, which speeds up the convergence by adjusting parameters. Both white-box and black-box settings are conducted to evaluate the merits of SPA. Experimental results show the model's accuracy under white-box attack decreases by 9.2S% 31.1S% better than others, and average success rates are 74.87% under the black-box setting. The experimental results indicate that SPA has better attack performance than other existing attacks in the white-box and better transferability performance in the black-box setting,
Authored by Xuanwei Lin, Chen Dong, Ximeng Liu, Yuanyuan Zhang
It is well-known that the most existing machine learning (ML)-based safety-critical applications are vulnerable to carefully crafted input instances called adversarial examples (AXs). An adversary can conveniently attack these target systems from digital as well as physical worlds. This paper aims to the generation of robust physical AXs against face recognition systems. We present a novel smoothness loss function and a patch-noise combo attack for realizing powerful physical AXs. The smoothness loss interjects the concept of delayed constraints during the attack generation process, thereby causing better handling of optimization complexity and smoother AXs for the physical domain. The patch-noise combo attack combines patch noise and imperceptibly small noises from different distributions to generate powerful registration-based physical AXs. An extensive experimental analysis found that our smoothness loss results in robust and more transferable digital and physical AXs than the conventional techniques. Notably, our smoothness loss results in a 1.17 and 1.97 times better mean attack success rate (ASR) in physical white-box and black-box attacks, respectively. Our patch-noise combo attack furthers the performance gains and results in 2.39 and 4.74 times higher mean ASR than conventional technique in physical world white-box and black-box attacks, respectively.
Authored by Inderjeet Singh, Toshinori Araki, Kazuya Kakizaki
Recent advancements in Deep Neural Networks (DNNs) have enabled widespread deployment in multiple security-sensitive domains. The need for resource-intensive training and the use of valuable domain-specific training data have made these models the top intellectual property (IP) for model owners. One of the major threats to DNN privacy is model extraction attacks where adversaries attempt to steal sensitive information in DNN models. In this work, we propose an advanced model extraction framework DeepSteal that steals DNN weights remotely for the first time with the aid of a memory side-channel attack. Our proposed DeepSteal comprises two key stages. Firstly, we develop a new weight bit information extraction method, called HammerLeak, through adopting the rowhammer-based fault technique as the information leakage vector. HammerLeak leverages several novel system-level techniques tailored for DNN applications to enable fast and efficient weight stealing. Secondly, we propose a novel substitute model training algorithm with Mean Clustering weight penalty, which leverages the partial leaked bit information effectively and generates a substitute prototype of the target victim model. We evaluate the proposed model extraction framework on three popular image datasets (e.g., CIFAR-10/100/GTSRB) and four DNN architectures (e.g., ResNet-18/34/Wide-ResNetNGG-11). The extracted substitute model has successfully achieved more than 90% test accuracy on deep residual networks for the CIFAR-10 dataset. Moreover, our extracted substitute model could also generate effective adversarial input samples to fool the victim model. Notably, it achieves similar performance (i.e., 1-2% test accuracy under attack) as white-box adversarial input attack (e.g., PGD/Trades).
Authored by Adnan Rakin, Md Chowdhuryy, Fan Yao, Deliang Fan
Web browsers are among the most important but also complex software solutions to access the web. It is therefore not surprising that web browsers are an attractive target for attackers. Especially in the last decade, security researchers and browser vendors have developed sandboxing mechanisms like security-relevant HTTP headers to tackle the problem of getting a more secure browser. Although the security community is aware of the importance of security-relevant HTTP headers, legacy applications and individual requests from different parties have led to possible insecure configurations of these headers. Even if specific security headers are configured correctly, conflicts in their functionalities may lead to unforeseen browser behaviors and vulnerabilities. Recently, the first work which analyzed duplicated headers and conflicts in headers was published by Calzavara et al. at USENIX Security [1]. The authors focused on inconsistent protections by using both, the HTTP header X-Frame-Options and the framing protection of the Content-Security-Policy.We extend their work by analyzing browser behaviors when parsing duplicated headers, conflicting directives, and values that do not conform to the defined ABNF metalanguage specification. We created an open-source testbed running over 19,800 test cases, at which nearly 300 test cases are executed in the set of 66 different browsers. Our work shows that browsers conform to the specification and behave securely. However, all tested browsers behave differently when it comes, for example, to parsing the Strict-Transport-Security header. Moreover, Chrome, Safari, and Firefox behave differently if the header contains a character, which is not allowed by the defined ABNF. This results in the protection mechanism being fully enforced, partially enforced, or not enforced and thus completely bypassable.
Authored by Hendrik Siewert, Martin Kretschmer, Marcus Niemietz, Juraj Somorovsky
The popularity of portable web browsers is increasing due to its convenient and compact nature along with the benefit of the data being stored and transferred easily using a USB drive. As technology gets updated frequently, developers are working on web browsers that can be portable in nature with additional security features like private mode browsing, built in ad blockers etc. The increased probability of using portable web browsers for carrying out nefarious activities is a result of cybercriminals with the thought that if they use portable web browsers in private mode it won't leave a digital footprint. Hence, the research paper aims at performing a comparative study of four portable web browsers namely Brave, TOR, Vivaldi, and Maxthon along with various memory acquisition tools to understand the quantity and quality of the data that can be recovered from the memory dump in two different conditions that is when the browser tabs were open and when the browser tabs were closed in a system to aid the forensic investigators.
Authored by Meenu Hariharan, Akash Thakar, Parvesh Sharma