Software Protection and Secure Authentication for Autonomous Vehicular Cloud Computing

Artificial Intelligence (AI) is changing every technology we deal with. Autonomy has been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected coined as Autonomous Vehicles (AVs). Moreover, researchers found a way to make more use of these enormous capabilities and introduced Autonomous Vehicles Cloud Computing (AVCC). In these platforms, vehicles can lend their unused resources and sensory data to join AVCC. In this dissertation, we investigate security and privacy issues in AVCC. As background, we built our vision of a layer-based approach to thoroughly study state-of-the-art literature in the realm of AVs. Particularly, we examined some cyber-attacks and compared their promising mitigation strategies from our perspective. Then, we focused on two security issues involving AVCC: software protection and authentication. For the first problem, our concern is protecting client’s programs executed on remote AVCC resources. Such a usage scenario is susceptible to information leakage and reverse-engineering. Hence, we proposed compiler-based obfuscation techniques. What distinguishes our techniques, is that they are generic and software-based and utilize the intermediate representation, hence, they are platform agnostic, hardware independent and support different high level programming languages. Our results demonstrate that the control-flow of obfuscated code versions are more complicated making it unintelligible for timing side-channels. For the second problem, we focus on protecting AVCC from unauthorized access or intrusions, which may cause misuse or service disruptions. Therefore, we propose a strong privacy-aware authentication technique for users accessing AVCC services or vehicle sharing their resources with the AVCC. Our technique modifies robust function encryption, which protects stakeholder’s confidentiality and withstands linkability and “known-ciphertexts” attacks. Thus, we utilize an authentication server to search and match encrypted data by performing dot product operations. Additionally, we developed another lightweight technique, based on KNN algorithm, to authenticate vehicles at computationally limited charging stations using its owner’s encrypted iris data. Our security and privacy analysis proved that our schemes achieved privacy-preservation goals. Our experimental results showed that our schemes have reasonable computation and communications overheads and efficiently scalable

Cloud-based homomorphic encryption for privacy-preserving machine learning in clinical decision support

While privacy and security concerns dominate public cloud services, Homomorphic Encryption (HE) is seen as an emerging solution that ensures secure processing of sensitive data via untrusted networks in the public cloud or by third-party cloud vendors. It relies on the fact that some encryption algorithms display the property of homomorphism, which allows them to manipulate data meaningfully while still in encrypted form; although there are major stumbling blocks to overcome before the technology is considered mature for production cloud environments. Such a framework would find particular relevance in Clinical Decision Support (CDS) applications deployed in the public cloud. CDS applications have an important computational and analytical role over confidential healthcare information with the aim of supporting decision-making in clinical practice. Machine Learning (ML) is employed in CDS applications that typically learn and can personalise actions based on individual behaviour. A relatively simple-to-implement, common and consistent framework is sought that can overcome most limitations of Fully Homomorphic Encryption (FHE) in order to offer an expanded and flexible set of HE capabilities. In the absence of a significant breakthrough in FHE efficiency and practical use, it would appear that a solution relying on client interactions is the best known entity for meeting the requirements of private CDS-based computation, so long as security is not significantly compromised. A hybrid solution is introduced, that intersperses limited two-party interactions amongst the main homomorphic computations, allowing exchange of both numerical and logical cryptographic contexts in addition to resolving other major FHE limitations. Interactions involve the use of client-based ciphertext decryptions blinded by data obfuscation techniques, to maintain privacy. This thesis explores the middle ground whereby HE schemes can provide improved and efficient arbitrary computational functionality over a significantly reduced two-party network interaction model involving data obfuscation techniques. This compromise allows for the powerful capabilities of HE to be leveraged, providing a more uniform, flexible and general approach to privacy-preserving system integration, which is suitable for cloud deployment. The proposed platform is uniquely designed to make HE more practical for mainstream clinical application use, equipped with a rich set of capabilities and potentially very complex depth of HE operations. Such a solution would be suitable for the long-term privacy preserving-processing requirements of a cloud-based CDS system, which would typically require complex combinatorial logic, workflow and ML capabilities

Machinic Eyes: New and Post-Digital Aesthetics, Surveillance, and Resistance

This work concerns the rise of the New Aesthetic, an art project developed by James Bridle in 2012. The New Aesthetic, as envisioned by Bridle, was chiefly concerned with the overlapping of physical and digital realities through both the artifacts produced by this overlapping and the systems involved therein. I introduce the advent of the New Aesthetic and present the major criticisms: the lack of a robust theoretical and scholarly framework, the lack of a historical framework, the privileging of artifacts over systems as new Aesthetic, and the fragmented scholarly outlook on the New Aesthetic. Upon further examination, I discovered that the New Aesthetic is less of an art project but a metaphor for a global surveillance apparatus that is the result of clandestine partnerships between multinational technology corporations and intelligence agencies associated the Five Eyes consortium. In this dissertation, I critique the New Aesthetic from a scholarly viewpoint, offer a historical precedent of how the New Aesthetic came to be from cultural and technological perspectives, examine the rise of the global surveillance apparatus within the New Aesthetic, and offer ideas of how to resist surveillance as a result of our reliance upon computational technologies

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Internet Daemons: Digital Communications Possessed

We’re used to talking about how tech giants like Google, Facebook, and Amazon rule the internet, but what about daemons? Ubiquitous programs that have colonized the Net’s infrastructure—as well as the devices we use to access it—daemons are little known. Fenwick McKelvey weaves together history, theory, and policy to give a full account of where daemons come from and how they influence our lives—including their role in hot-button issues like network neutrality. Going back to Victorian times and the popular thought experiment Maxwell’s Demon, McKelvey charts how daemons evolved from concept to reality, eventually blossoming into the pandaemonium of code-based creatures that today orchestrates our internet. Digging into real-life examples like sluggish connection speeds, Comcast’s efforts to control peer-to-peer networking, and Pirate Bay’s attempts to elude daemonic control (and skirt copyright), McKelvey shows how daemons have been central to the internet, greatly influencing everyday users. Internet Daemons asks important questions about how much control is being handed over to these automated, autonomous programs, and the consequences for transparency and oversight. Table of Contents Abbreviations and Technical Terms Introduction 1. The Devil We Know: Maxwell’s Demon, Cyborg Sciences, and Flow Control 2. Possessing Infrastructure: Nonsynchronous Communication, IMPs, and Optimization 3. IMPs, OLIVERs, and Gateways: Internetworking before the Internet 4. Pandaemonium: The Internet as Daemons 5. Suffering from Buffering? Affects of Flow Control 6. The Disoptimized: The Ambiguous Tactics of the Pirate Bay 7. A Crescendo of Online Interactive Debugging? Gamers, Publics and Daemons Conclusion Acknowledgments Appendix: Internet Measurement and Mediators Notes Bibliography Index Reviews Beneath social media, beneath search, Internet Daemons reveals another layer of algorithms: deeper, burrowed into information networks. Fenwick McKelvey is the best kind of intellectual spelunker, taking us deep into the infrastructure and shining his light on these obscure but vital mechanisms. What he has delivered is a precise and provocative rethinking of how to conceive of power in and among networks. —Tarleton Gillespie, author of Custodians of the Internet Internet Daemons is an original and important contribution to the field of digital media studies. Fenwick McKelvey extensively maps and analyzes how daemons influence data exchanges across Internet infrastructures. This study insightfully demonstrates how daemons are transformative entities that enable particular ways of transferring information and connecting up communication, with significant social and political consequences. —Jennifer Gabrys, author of Program Eart

Developing an Effective Detection Framework for Targeted Ransomware Attacks in Brownfield Industrial Internet of Things

The Industrial Internet of Things (IIoT) is being interconnected with many critical industrial activities, creating major cyber security concerns. The key concern is with edge systems of Brownfield IIoT, where new devices and technologies are deployed to interoperate with legacy industrial control systems and leverage the benefits of IoT. These edge devices, such as edge gateways, have opened the way to advanced attacks such as targeted ransomware. Various pre-existing security solutions can detect and mitigate such attacks but are often ineffective due to the heterogeneous nature of the IIoT devices and protocols and their interoperability demands. Consequently, developing new detection solutions is essential. The key challenges in developing detection solutions for targeted ransomware attacks in IIoT systems include 1) understanding attacks and their behaviour, 2) designing accurate IIoT system models to test attacks, 3) obtaining realistic data representing IIoT systems' activities and connectivities, and 4) identifying attacks. This thesis provides important contributions to the research focusing on investigating targeted ransomware attacks against IIoT edge systems and developing a new detection framework. The first contribution is developing the world's first example of ransomware, specifically targeting IIoT edge gateways. The experiments' results demonstrate that such an attack is now possible on edge gateways. Also, the kernel-related activity parameters appear to be significant indicators of the crypto-ransomware attacks' behaviour, much more so than for similar attacks in workstations. The second contribution is developing a new holistic end-to-end IIoT security testbed (i.e., Brown-IIoTbed) that can be easily reproduced and reconfigured to support new processes and security scenarios. The results prove that Brown-IIoTbed operates efficiently in terms of its functions and security testing. The third contribution is generating a first-of-its-kind dataset tailored for IIoT systems covering targeted ransomware attacks and their activities, called X-IIoTID. The dataset includes connectivity- and device-agnostic features collected from various data sources. The final contribution is developing a new asynchronous peer-to-peer federated deep learning framework tailored for IIoT edge gateways for detecting targeted ransomware attacks. The framework's effectiveness has been evaluated against pre-existing datasets and the newly developed X-IIoTID dataset

A Geology of the General Intellect

We can no longer be certain whether the central terms and conceptual matrix that the Italian Autonomist Marxist tradition richly develops and draws on--the common, the general intellect, immaterial labour, psychopolitics, cognitariat--are able to survive unscathed the theoretical problems that the epoch of the Anthropocene poses. In an attempt to push this conceptual matrix to its political and ontological limits, I expose a series of “ecological deficits” at the core of Autonomist thought and make the argument that semiocapitalism is a geological operator just as much it is a cognitive, financial or linguistic one. This has a plethora of paradoxical implications that are constellated throughout the three chapters. The first chapter explores the non-mediatic conditions of possibility behind “mediation”: following Jussi Parikka and Matteo Pasquinelli, the first “ecological deficit” emerges due to conflating the mediasphere with the subjective operations of the “sign” (semiotic flows of labour, knowledge, information) and “desire” (creative flows, libidinal energy, affects) as well as over-valuing the “general intellect” (the productive powers of the social brain) and its exclusive relation to the infosphere (knowledge transmission, big data, linguistic networks of communication), the cognitariat (social subjectivity, value-producing labour) and the technosphere (machines, fixed capital). The second chapter critiques Antonio Negri’s ontological theory of value: following Silvia Federici and Jason W. Moore, the second “ecological deficit” emerges due to Autonomism’s negligence of socially necessary unpaid work, non-human relations of reproduction and cheap nature that make possible value-producing labour; this chapter also, following Bernard Stiegler, critiques an ontology of the sign that privileges expressionism (immaterial semiotic productivity, meaning and epistemics) over impressionism (retentional systems of incarnation, reproduction and energetics). The third chapter develops a critique of representational eco-politics or the spectacular Anthropocene: following Jean Baudrillard and Yves Citton, the final “ecological deficit” emerges due to the hyperplasia of images, data and simulacra of the Anthropocene itself, whereby the referent is spectralized by the luminescent aura of the sign, resulting in complicated forms of irrelevance, boredom and attentional scarcities. Each chapter in its own way develops the speculative leitmotif of a “transcendental geology --i.e. the claim that the earth is a condition of possibility for thought

LIPIcs, Volume 251, ITCS 2023, Complete Volume

LIPIcs, Volume 251, ITCS 2023, Complete Volum