Privacy-Preserved Linkable Social-Physical Data Publication

In this dissertation, we investigate the privacy-preserved data publication problems towards pervasively existing linkable social-physical contents. On the one hand, data publication has been considered as a critical approach to facilitate numerous utilities for individuals, populations, platform owners, and all third-party service providers. On the other hand, the unprecedented adoption of mobile devices and the dramatic development of Internet-of-Thing (IoT) systems have pushed the collection of surrounding physical information among populations to a totally novel stage. The collected contents can provide a fine-grained access to both physical and social aspects of the crowds, which introduces a comprehensively linkable and potentially sensitive information domain. The linkage includes the related index like privacy, utility, and efficiency for sophisticated applications, the inherent correlations among multiple data sources or information dimensions, and the connections among individuals. As the linkage leads to various novel challenges for privacy preservation, there should be a body of novel mechanisms for linkable social-physical data publications. As a result, this dissertation proposes a series of mechanisms for privacy-preserved linkable social-physical data publication. Firstly, we study the publication of physical data where the co-existing useful social proles and the sensitive physical proles of the data should be carefully maintained. Secondly, we investigate the data publication problem jointly considering the privacy preservation, data utility, and resource efficiency for task completion in crowd-sensing systems. Thirdly, we investigate the publication of private contents used for the recommendation, where contents of a user contribute to the recommendation results for others. Fourthly, we study the publications of reviews in local business service systems, where users expect to conceal their frequently visited locations while cooperatively maintain the utility of the whole system. Fifthly, we study the acquisition of privacy-preserved knowledge on cyber-physical social networks, where third-party service providers can derive the community structure without accessing the sensitive social links. We also provide detailed analysis and discussion for proposed mechanisms, and extensively validate their performance via real-world datasets. Both results demonstrate that the proposed mechanisms can properly preserve the privacy while maintaining the data utility. At last, we also propose the future research topics to complete the whole dissertation. The first topic focuses on the privacy preservation towards correlations beneath multiple data sources. The second topic studies more privacy issues for the whole population during data publication, including both the novel threats for related communities, and the disclosure of trends within crowds

Mobile crowd sensing architectural frameworks: A comprehensive survey

Mobile Crowd Sensing has emerged as a new sensing paradigm, efficiently exploiting human intelligence and mobility in conjunction with advanced capabilities and proliferation of mobile devices. In order for MCS applications to reach their full potentials, a number of research challenges should be sufficiently addressed. The aim of this paper is to survey representative mobile crowd sensing applications and frameworks proposed in related research literature, analyze their distinct features and discuss on their relative merits and weaknesses, highlighting also potential solutions, in order to take a step closer to the definition of a unified MCS architectural framework

Gelişmiş Ölçüm Altyapısı İçin Güvenlik Uygulamaları

Elektrik tüketimi ölçüm araçları, manuel olarak ölçüm yapılan analog sayaçlardan, elektrik tüketimi ile ilgili bilgileri toplayan ve elektrik dağıtım firmalarına ileten yeni akıllı sayaçlara doğru evrilmektedir. Sayaç verisinin okunmasını sağlayan tek yönlü otomatik sayaç okuma sistemlerinin (AMR) çıkışıyla sayaçlar akıllı şebeke yatırımlarının önemli bir kısmını oluşturmuştur. Otomatik sayaç okuma sistemleri ilk uygulamalar için cazip olmasına rağmen, çözülmesi gereken önemli bir husus olan talep tarafı yönetiminin AMR ile sağlanamadığı fark edilmiştir. AMR teknolojisinin kabiliyetlerinin tek yönlü sayaç verisi okuma ile sınırlı olması nedeniyle, sayaçlardan toplanan veriler üzerinden düzeltici önlemler alınmasına ve tüketicinin enerjiyi daha verimli akıllı kullanmasına yönelik özeliklere izin vermemektedir. Gelişmiş Ölçüm Altyapısı (AMI) ise akıllı sayaçlar ve dağıtım şirketleri arasında çift yönlü iletişim kurarak dağıtım şirketlerine sayaçlar üzerindeki parametreleri dinamik olarak değiştirme imkanı tanır. Bu nedenle, bu çalışmada AMI güvenliği üzerine odaklanılacaktır. Akıllı sayaç sistemlerinin yaygınlaşması ile birlikte, güvenlik bu sistemlerin gerekli ve kaçınılmaz bir ihtiyacı haline gelmektedir. Diğer taraftan, AMI sadece akıllı sayaçların fiziksel olarak dağıtımı manasına gelmemekte, ayrıca sayaç verilerinin yönetimi için gerekli olan karmaşık bir iletişim ağı ve bilgi teknolojileri altyapısını da içermektedir. Dolayısıyla güvenlik çözümlerini ele alırken geniş bir perspektifle yaklaşmak gerekmektedir. Bu nedenle de, sistemin kritik varlıkları belirlenmeli, tehditler iyi analiz edilmeli ve daha sonra güvenlik gereksinimleri iyi tanımlanmış olmalıdır. Bu çalışma AMI sisteminin temel güvenlik gereksinimleri, tehditlere karşı sistem kısıtlarını düşünerek olası çözümleri üzerine, şu anki güvenlik çözümlerini de resmederek, genel bir bakış sunmaktadır. Bu çalışmada, AMI sisteminin güvenlik gereksinimleri analiz edilecek, kısıtlar belirlenecek ve olası güvenlik tehditlerine karşı olası karşı önlemler belirlenecektir. Metering utilities have been replacing from analog meters that are read manually with new, smart meters that gather information about electricity consumption and transmit it back to electric companies. The metering has been the important part of the Smart Grid investments so far, with the initial introduction of one-way automated meter reading (AMR) systems to read meter data. Even though AMR technology proved to be initially enticing, utility companies have realized that AMR does not address demand-side management which is the major issue they need to solve. Since AMR’s capability is restricted to reading meter data due to its one-way communication system, it does not let utilities take corrective action based on the information gathered from the meters and does not assist customers in using energy intelligently. Advanced Metering Infrastructure (AMI) creates a two-way communication network between smart meters and utility systems and provides utilities the ability to modify service-level parameters dynamically. Therefore in this work we will also focus on AMI security practices. While smart metering systems are become widespread security is going to be the one of its essential and inevitable needs. On the other hand, AMI does not only mean the physical deployment of smart meters, but it also includes meter data management system which is a complicated communication network and IT infrastructure. Hence a broad perspective has to be adopted when security solutions are considered. Therefore, assets of the system must be identified, threats must be well analyzed and then security requirements must be well defined. This paper presents an overview on the main security requirements of the AMI, on the threats possible solutions considering the system constraints by picturing the current security solutions. In this work, the security requirements for AMI systems will be analyzed, constraints will be determined and possible countermeasures against security threats will be given

Mitigating Insider Threat Risks in Cyber-physical Manufacturing Systems

Cyber-Physical Manufacturing System (CPMS)—a next generation manufacturing system—seamlessly integrates digital and physical domains via the internet or computer networks. It will enable drastic improvements in production flexibility, capacity, and cost-efficiency. However, enlarged connectivity and accessibility from the integration can yield unintended security concerns. The major concern arises from cyber-physical attacks, which can cause damages to the physical domain while attacks originate in the digital domain. Especially, such attacks can be performed by insiders easily but in a more critical manner: Insider Threats. Insiders can be defined as anyone who is or has been affiliated with a system. Insiders have knowledge and access authentications of the system\u27s properties, therefore, can perform more serious attacks than outsiders. Furthermore, it is hard to detect or prevent insider threats in CPMS in a timely manner, since they can easily bypass or incapacitate general defensive mechanisms of the system by exploiting their physical access, security clearance, and knowledge of the system vulnerabilities. This thesis seeks to address the above issues by developing an insider threat tolerant CPMS, enhanced by a service-oriented blockchain augmentation and conducting experiments & analysis. The aim of the research is to identify insider threat vulnerabilities and improve the security of CPMS. Blockchain\u27s unique distributed system approach is adopted to mitigate the insider threat risks in CPMS. However, the blockchain limits the system performance due to the arbitrary block generation time and block occurrence frequency. The service-oriented blockchain augmentation is providing physical and digital entities with the blockchain communication protocol through a service layer. In this way, multiple entities are integrated by the service layer, which enables the services with less arbitrary delays while retaining their strong security from the blockchain. Also, multiple independent service applications in the service layer can ensure the flexibility and productivity of the CPMS. To study the effectiveness of the blockchain augmentation against insider threats, two example models of the proposed system have been developed: Layer Image Auditing System (LIAS) and Secure Programmable Logic Controller (SPLC). Also, four case studies are designed and presented based on the two models and evaluated by an Insider Attack Scenario Assessment Framework. The framework investigates the system\u27s security vulnerabilities and practically evaluates the insider attack scenarios. The research contributes to the understanding of insider threats and blockchain implementations in CPMS by addressing key issues that have been identified in the literature. The issues are addressed by EBIS (Establish, Build, Identify, Simulation) validation process with numerical experiments and the results, which are in turn used towards mitigating insider threat risks in CPMS

A Privacy-Preserving Outsourced Data Model in Cloud Environment

Nowadays, more and more machine learning applications, such as medical diagnosis, online fraud detection, email spam filtering, etc., services are provided by cloud computing. The cloud service provider collects the data from the various owners to train or classify the machine learning system in the cloud environment. However, multiple data owners may not entirely rely on the cloud platform that a third party engages. Therefore, data security and privacy problems are among the critical hindrances to using machine learning tools, particularly with multiple data owners. In addition, unauthorized entities can detect the statistical input data and infer the machine learning model parameters. Therefore, a privacy-preserving model is proposed, which protects the privacy of the data without compromising machine learning efficiency. In order to protect the data of data owners, the epsilon-differential privacy is used, and fog nodes are used to address the problem of the lower bandwidth and latency in this proposed scheme. The noise is produced by the epsilon-differential mechanism, which is then added to the data. Moreover, the noise is injected at the data owner site to protect the owners data. Fog nodes collect the noise-added data from the data owners, then shift it to the cloud platform for storage, computation, and performing the classification tasks purposes

Image Based Attack and Protection on Secure-Aware Deep Learning

In the era of Deep Learning, users are enjoying remarkably based on image-related services from various providers. However, many security issues also arise along with the ubiquitous usage of image-related deep learning. Nowadays, people rely on image-related deep learning in work and business, thus there are more entries for attackers to wreck the image-related deep learning system. Although many works have been published for defending various attacks, lots of studies have shown that the defense cannot be perfect. In this thesis, one-pixel attack, a kind of extremely concealed attacking method toward deep learning, is analyzed first. Two novel detection methods are proposed for detecting the one-pixel attack. Considering that image tempering mostly happens in image sharing through an unreliable way, next, this dissertation extends the detection against single attack method to a platform for higher level protection. We propose a novel smart contract based image sharing system. The system keeps full track of the shared images and any potential alteration to images will be notified to users. From extensive experiment results, it is observed that the system can effectively detect the changes on the image server even in the circumstance that the attacker erases all the traces from the image-sharing server. Finally, we focus on the attack targeting blockchain-enhanced deep learning. Although blockchain-enhanced federated learning can defend against many attack methods that purely crack the deep learning part, it is still vulnerable to combined attack. A novel attack method that combines attacks on PoS blockchain and attacks on federated learning is proposed. The proposed attack method can bypass the protection from blockchain and poison federated learning. Real experiments are performed to evaluate the proposed methods