Session E1

Cyber Physical Security

4:20 PM — 5:40 PM HKT
Dec 2 Wed, 3:20 AM — 4:40 AM EST

SIC^2: Securing Microcontroller Based IoT Devices with Low-cost Crypto Coprocessors

Bryan Pearson, Cliff Zou, Yue Zhang, Zhen Ling and Xinwen Fu

In this paper, we explore the use of microcontrollers (MCUs) and crypto coprocessors to secure IoT applications, and show how developers may implement a low-cost platform that provides protects private keys against software attacks. We first demonstrate the plausibility of format string attacks on the ESP32, a popular MCU from Espressif that uses the Harvard architecture. The format string attacks can be used to remotely steal private keys hard-coded in the firmware. We then present a framework termed SIC2 (Securing IoT with Crypto Coprocessors), for secure key provisioning that protects end users�� private keys from both software attacks and untrustworthy manufacturers. As a proof of concept, we pair the ESP32 with the low-cost ATECC608A cryptographic coprocessor by Microchip and connect to Amazon Web Services (AWS) and Amazon Elastic Container Service (EC2) using a hardware-protected private key, which provides the security features of TLS communication including authentication, encryption and integrity. We have developed a prototype and performed extensive experiments to show that the ATECC608A crypto chip may significantly reduce the TLS handshake time by as much as 82% with the remote server, and it may lower the total energy consumption of the system by up to 70%. Our results indicate that securing IoT with crypto coprocessors is a practicable solution for low-cost MCU based IoT devices.

Intelligent detection algorithm against UAVs' GPS spoofing attack

Shenqing Wang, Jiang Wang��Chunhua Su, and Xinshu Ma

Unmanned Aerial Vehicle (UAV) technology is more and more widely used in the field of civil and military information acquisition. GPS plays the most critical part of UAVs�� navigation and positioning. However, since the communication channel of the GPS signals is open, attackers can disguise as real GPS signals to launch GPS spoofing attacks on civilian UAVs. At present, the detection schemes for GPS spoofing attacks can be divided into three categories respectively based on encryption and digital signatures, the characteristics of the GPS signal and various external characteristics of UAVs. However, there are some problems in these methods, such as low computing efficiency, difficulty in equipment upgrading, and limited application scenarios.To solve these problems, we propose a new GPS spoofing attack detection method based on Long Short-Term Memory (LSTM) which is a machine learning algorithm. In order to improve the detection ratio, after the machine learning algorithm, we let the UAVs fly according to the path of a specific shape to accurately detect GPS spoofing attacks. This is also the first time machine learning has been used to detect GPS spoofing attacks. According to our algorithm, we can detect GPS spoofing attacks accurately and quickly in a short time. This paper describes in detail the algorithm we proposed to resist GPS spoofing attacks, and the corresponding experiments are carried out in the simulation environment. The experimental results show that our method can quickly and accurately detect UAV GPS spoofing attacks without requiring upgrades to existing equipment.

An Efficient and Scalable Sparse Polynomial Multiplication Accelerator for LAC on FPGA

Jipeng Zhang, Zhe Liu, Hao Yang, Junhao Huang and Weibin Wu

LAC, a Ring-LWE based scheme, has shortlisted for the second round evaluation of the National Institute of Standards and Technology Post-Quantum Cryptography (NIST-PQC) Standardization. FPGAs are widely used to design accelerators for cryptographic schemes, especially in resourceconstrained scenarios, such as IoT. Sparse Polynomial Multiplication (SPM) is the most compute-intensive routine in LAC. Designing an accelerator for SPM on FPGA can significantly improve the performance of LAC. However, as far as we know, there are currently no works related to the hardware implementation of SPM for LAC. In this paper, the proposed efficient and scalable SPM accelerator fills this gap. More concretely, we firstly develop the Dual-For-Loop-Parallel (DFLP) technique to optimize the accelerator��s parallel design. This technique can achieve 2x performance improvement compared with the previous works. Secondly, we design a hardwarefriendly modular reduction algorithm for the modulus 251. Our method not only saves hardware resources but also improves performance. Then, we launch a detailed analysis and optimization of the pipeline design, achieving a frequency improvement of up to 34%. Finally, our design is scalable, and we can achieve various performance-area trade-offs through parameter p. Our results demonstrate that the proposed design can achieve a very considerable performance improvement with moderate hardware area costs. For example, our mediumscale architecture for LAC-128 takes only 783 LUTs, 432 FFs, 5BRAMs, and no DSP on an Artix-7 FPGA and can complete LAC��s polynomial multiplication in 8512 cycles at a frequency of 202MHz.

Secure and Verifiable Data Access Control Scheme With Policy Update and Computation Outsourcing for Edge Computing

Yue Guan, Songtao Guo, Pan Li and Yuanyuan Yang

Edge computing means that computing tasks are executed on edge devices closer to the data source. It can effectively improve system response speed and reduce the risk of user data leakage. However, current data access control schemes usually focus on cloud computing and rarely on edge computing. Although attribute-based encryption (ABE) scheme can realize flexible and reliable access control, computing cost is too high with the increase of access policy complexity. Therefore, combining computation outsourcing technology with dynamic policy updating technology, we propose a data access control scheme based on ciphertext-policy ABE (CP-ABE) for edge computing. We outsource part of storage service and part of decryption computing to edge nodes, effectively reducing the computing pressure of users. When data owner requires a new access policy, policy update key is generated timely and transmitted to cloud service provider, which is used to update the access policy, reducing the risk of bandwidth consumption and leakage of the ciphertext back and forth transmission. Finally, security analysis and experiment results verify the safety and effectiveness of our scheme.

Session Chair

Chunpeng Ge (Nanjing University of Aeronautics and Astronautics)

Session E2

AI and Distributed System Security

4:20 PM — 6:00 PM HKT
Dec 2 Wed, 3:20 AM — 5:00 AM EST

Secure Door on Cloud: A Secure Data Transmission Scheme to Protect Kafka's Data

Hanyi Zhang, Liming Fang, Keyu Jiang, Weiting Zhang, Minghui Li and Lu Zhou

Apache Kafka, which is a high-throughput distributed message processing system, has been leveraged by the majority of enterprise for its outstanding performance. Un-like common cloud-based access control architectures, Kafka service providers often need to build their systems on other enterprises high-performance cloud platforms. However, since the cloud platform belongs to a third party, it is not necessarily reliable. Paradoxically, it has been demonstrated that Kafka's data is stored in the cloud in the plaintext form, and thus poses a serious risk of user privacy leakage. In this paper, we propose a secure fine-grained data transmission scheme called Secure Door on Cloud (SDoC) to protect the data from being leaked in Kafka. SDoC is not only more secure than Kafka's built-insecurity mechanism, but also can effectively prevent third-party cloud from stealing plaintext data. To evaluate the performance of the SDoC, we simulate normal inter-entity communication and show that Kafka with SDoC integration has a lower data transfer time overhead than that of Kafka with built-in security mechanism opened.

A Solution to Data Accessibility Across Heterogeneous Blockchains

Zhihui Wu, Yang Xiao, Enyuan Zhou, Qingqi Pei, and Quan Wang

Cross-heterogeneous blockchain interactions have been attracting much attention due to their application in depository blockchains mutual access and cross-blockchain identity authentication. Trusted access across heterogeneous chains is gradually becoming a hot challenge. In order to ensure cross-blockchain trusted access, the majority of the current works focus on on-chain notaries and the relay chain model. However, these methods have the following drawbacks: 1) notaries on the chain are more vulnerable to attacks due to their high degree of centralization, which causes off-chain users to lose their trust and thus exacerbates the off-chain trust crisis; 2) although the relay model involves multiple parties in maintenance and supervision and enjoys a more robust trust, the paticipatant nodes are relatively fixed, which impose a terrible dilemma that invalid nodes cannot participate in consensus formation in a timely manner, thus progressively disrupting the connectivity of the relay across heterogeneous chains and eventually reducing the rate of trusted mutual access.
In this article, we propose a novel general framework for cross-heterogeneous blockchain communication based on a periodical committee rotation mechanism to support information exchange of diverse transactions across multiple heterogeneous blockchain systems. Connecting heterogeneous blockchains through committees has a more robust trust than the notary method. In order to eliminate the impact of downtime nodes in a timely manner, we periodically reorganize the committee and give priority to replacing downed nodes to ensure the reliability of the system. In addition, a message-oriented verification mechanism is designed to improve the rate of trusted intervisit across heterogeneous chains. We have built a prototype of the scheme and conducted simulation experiments on the current mainstream blockchain for message exchange across heterogeneous chains. The results show that our solution has a good performance both in inter-chain access rate and system stability.

PrivAG: Analyzing Attributed Graph Data with Local Differential Privacy

Zichun Liu, Liusheng Huang, Hongli Xu, Wei Yang and Shaowei Wang

Attributed graph data is powerful to describe relational information in various areas, such as social links through numerous web services and citation/reference relations in the collaboration network. Taking advantage of attributed graph data, service providers can model complex systems and capture diversified interactions to achieve better business performance. However, privacy concern is a huge obstacle to collect and analyze user��s attributed graph data.
Existing studies on protecting private graph data mainly focus on edge local differential privacy(LDP), which might be insufficient in some highly sensitive scenarios. In this paper, we present a novel privacy notion that is stronger than edge LDP, and investigate approaches to analyze attributed graphs under this notion. To neutralize the effect of excessively introduced noise, we propose PrivAG, a privacy-preserving framework that protects attributed graph data in the local setting while providing representative graph statistics. The effectiveness and efficiency of PrivAG framework is validated through extensive experiments.

Exploring Data Correlation between Feature Pairs for Generating Constraint-based Adversarial Examples

Yunzhe Tian, Yingdi Wang, Endong Tong, Wenjia Niu, Liang Chang, Qi Alfred Chen, Gang Li and Jiqiang Liu

Adversarial example (AE), an input that is modified slightly to cause a machine learning system to produce erroneous outputs, has seen significant studies recently. Unfortunately, the fine data perturbation of AE ignores to keep potential data correlations between feature pairs. Thus, such AE will be easily filtered by configuring data correlations as basic filtering rules. In this paper, avoiding not to be filtered as well as causing false classification, an advanced robust AE generation attack is proposed. We first define four basic data correlations called strict linear constraint, approximate linear constraint, addition boundary constraint and zero multiplication constraint. Then, based on embedding multiple data correlations into one constraint matrix from the Pearson analysis, our approach can enable a Hadamard product of the constraint matrix and the sign of gradient matrix to craft perturbations, keeping consistent data correlations. Experimental results on intrusion detection system (IDS) indicate: 1) Nearly all AEs from original IFGSM are invalid by filtering according to basic data correlations; 2) In our method, AEs against a targeted DNN-based classifier can achieve an attack success rate of 99%, with transfer attack ability of 94% average success rate to attack other different mainstream classifiers.

A Deep Learning Framework Supporting Model Ownership Protection and Traitor Tracing

Guowen Xu, Hongwei Li, Yuan Zhang, Xiaodong Lin, Robert H. Deng and Xuemin Shen

Cloud-based deep learning (DL) solutions have been widely used in applications ranging from image recognition to speech recognition. Meanwhile, as commercial software and services, such solutions have raised the need for intellectual property rights protection of the underlying DL models. Watermarking is the mainstream of existing solutions to address this concern, by primarily embedding pre-defined secrets in a model��s training process. However, existing efforts almost exclusively focus on detecting whether a target model is pirated, without considering traitor tracing. In this paper, we present SecureMark DL, which enables a model owner to embed a unique fingerprint for every customer within parameters of a DL model, extract and verify the fingerprint from a pirated model, and hence trace the rogue customer who illegally distributed his model for profits. We demonstrate that SecureMark DL is robust against various attacks including fingerprints collusion and network transformation (e.g., model compression and model fine-tuning). Extensive experiments conducted on MNIST and CIFAR10 datasets, as well as various types of deep neural network show the superiority of SecureMark DL in terms of training accuracy and robustness against various types of attacks.

Session Chair

Yang Xiao (Xidian University)

Made with in Toronto · Privacy Policy · © 2020 Duetone Corp.