More Like this

1. Nystrom-based Localization in Precision Agriculture Sensors

   Lichtenberg, Samuel; Tasissa, Abiy (June 2024, Proceedings of the 16th International Conference on Precision Agriculture)

   Wireless sensor networks play a pivotal role in a myriad of applications, including agriculture, health monitoring, tracking and structural health monitoring. One crucial aspect of these applications involves accurately determining the positions of the sensors. In this paper, we study a novel Nystrom based sampling protocol in which a selected group of anchor nodes, with known locations, establish communication with only a subset of the remaining sensor nodes. Leveraging partial distance information, we present an efficient algorithm for estimating sensor locations. To demonstrate the effectiveness of our approach, we provide empirical results using synthetic data and underscore the practical advantages of our sampling technique for precision agriculture. 

   more » « less
2. ProvIoT: Detecting Stealthy Attacks in IoT through Federated Edge-Cloud Security

   Mukherjee, Kunal; Wiedemeier, Joshua; Wang, Qi; Kamimura, Junpei; Rhee, John Junghwan; Wei, James; Li, Zhichun; Yu, Xiao; Tang, Lu-An; Gui, Jiaping; et al (March 2024, ACM)

   Internet of Things (IoT) devices have increased drastically in complexity and prevalence within the last decade. Alongside the proliferation of IoT devices and applications, attacks targeting them have gained popularity. Recent large-scale attacks such as Mirai and VPNFilter highlight the lack of comprehensive defenses for IoT devices. Existing security solutions are inadequate against skilled adversaries with sophisticated and stealthy attacks against IoT devices. Powerful provenance-based intrusion detection systems have been successfully deployed in resource-rich servers and desktops to identify advanced stealthy attacks. However, IoT devices lack the memory, storage, and computing resources to directly apply these provenance analysis techniques on the device. This paper presents ProvIoT, a novel federated edge-cloud security framework that enables on-device syscall-level behavioral anomaly detection in IoT devices. ProvIoT applies federated learning techniques to overcome data and privacy limitations while minimizing network overhead. Infrequent on-device training of the local model requires less than 10% CPU overhead; syncing with the global models requires sending and receiving 2MB over the network. During normal offline operation, ProvIoT periodically incurs less than 10% CPU overhead and less than 65MB memory usage for data summarization and anomaly detection. Our evaluation shows that ProvIoT detects fileless malware and stealthy APT attacks with an average F1 score of 0.97 in heterogeneous real-world IoT applications. ProvIoT is a step towards extending provenance analysis to resource-constrained IoT devices, beginning with well-resourced IoT devices such as the RaspberryPi, Jetson Nano, and Google TPU. 

   more » « less
3. Privacy-Preserving and Post-Quantum Counter Denial of Service Framework for Wireless Networks

   https://doi.org/10.1109/MILCOM61039.2024.10773665  

   Darzi, Saleh; Yavuz, Attila Altay (October 2024, IEEE)

   As network services progress and mobile and IoT environments expand, numerous security concerns have surfaced for spectrum access systems (SASs). The omnipresent risk of Denial-of-Service (DoS) attacks and raising concerns about user privacy (e.g., location privacy, anonymity) are among such cyber threats. These security and privacy risks increase due to the threat of quantum computers that can compromise longterm security by circumventing conventional cryptosystems and increasing the cost of countermeasures. While some defense mechanisms exist against these threats in isolation, there is a significant gap in the state of the art on a holistic solution against DoS attacks with privacy and anonymity for spectrum management systems, especially when post-quantum (PQ) security is in mind. In this paper, we propose a new cybersecurity framework, PACDoSQ, which is the first to offer location privacy and anonymity for spectrum management with counter DoS and PQ security simultaneously. Our solution introduces the private spectrum bastion concept to exploit existing architectural features of SASs and then synergizes them with multi-server private information retrieval and PQ-secure Tor to guarantee a location-private and anonymous acquisition of spectrum information, together with hash-based client-server puzzles for counter DoS. We prove that PACDoSQ achieves its security objectives and show its feasibility via a comprehensive performance evaluation. 

   more » « less
4. Forward-Private Dynamic Searchable Symmetric Encryption with Efficient Search

   https://doi.org/10.1109/ICC.2018.8422480  

   Ozmen, Muslum Ozgur; Hoang, Thang; Yavuz, Attila A. (May 2018, 2018 IEEE International Conference on Communications (ICC))

   Dynamic Searchable Symmetric Encryption (DSSE) allows to delegate keyword search and file update over an encrypted database via encrypted indexes, and therefore provides opportunities to mitigate the data privacy and utilization dilemma in cloud storage platforms. Despite its merits, recent works have shown that efficient DSSE schemes are vulnerable to statistical attacks due to the lack of forward-privacy, whereas forward-private DSSE schemes suffers from practicality concerns as a result of their extreme computation overhead. Due to significant practical impacts of statistical attacks, there is a critical need for new DSSE schemes that can achieve the forward-privacy in a more practical and efficient manner. We propose a new DSSE scheme that we refer to as Forward-private Sublinear DSSE (FS-DSSE). FS-DSSE harnesses special secure update strategies and a novel caching strategy to reduce the computation cost of repeated queries. Therefore, it achieves forward-privacy, sublinear search complexity, low end-to-end delay, and parallelization capability simultaneously. We fully implemented our proposed method and evaluated its performance on a real cloud platform. Our experimental evaluation results showed that the proposed scheme is highly secure and highly efficient compared with state-of-the-art DSSE techniques. Specifically, FS-DSSE is up to three magnitude of times faster than forward-secure DSSE counterparts, depending on the frequency of the searched keyword in the database. 

   more » « less
5. Practical Considerations of Fully Homomorphic Encryption in Privacy-Preserving Machine Learning

   https://doi.org/10.1109/bigdata62323.2024.10825068  

   Lo, Dan Chia-Tien; Shi, Yong; Shahriar, Hossain; Deng, Bobin; Zhang, Xinyue; Chen, Mei-Lan (December 2024, IEEE)

   Machine learning has been successfully applied to big data analytics across various disciplines. However, as data is collected from diverse sectors, much of it is private and confidential. At the same time, one of the major challenges in machine learning is the slow training speed of large models, which often requires high-performance servers or cloud services. To protect data privacy while still allowing model training on such servers, privacy-preserving machine learning using Fully Homomorphic Encryption (FHE) has gained significant attention. However, its widespread adoption is hindered by performance degradation. This paper presents our experiments on training models over encrypted data using FHE. The results show that while FHE ensures privacy, it can significantly degrade performance, requiring complex tuning to optimize. 

   more » « less