Security analysis of the micro transport protocol with a misbehaving receiver

BitTorrent is the most widely used Peer-to-Peer (P2P) protocol and it comprises the largest share of traffic in Europe. To make BitTorrent more Internet Service Provider (ISP) friendly, BitTorrent Inc. invented the Micro Transport Protocol (uTP). It is based on UDP with a novel congestion control called Low Extra Delay Background Transport (LEDBAT). This protocol assumes that the receiver always gives correct feedback, since otherwise this deteriorates throughput or yields to corrupted data. We show through experimental investigation that a misbehaving uTP receiver, which is not interested in data integrity, can increase the bandwidth of the sender by up to five times. This can cause a congestion collapse and steal large share of a victim’s bandwidth. We present three attacks, which increase the bandwidth usage significantly. We have tested these attacks in a real world environment and show its severity both in terms of number of packets and total traffic generated. We also present a countermeasure for protecting against the attacks and evaluate the performance of that defence strategy

Security in networks of unmanned aerial vehicles for surveillance with an agent-based approach inspired by the principles of blockchain

Unmanned aerial vehicles (UAVs) can support surveillance even in areas without network infrastructure. However, UAV networks raise security challenges because of its dynamic topology. This paper proposes a technique for maintaining security in UAV networks in the context of surveillance, by corroborating information about events from different sources. In this way, UAV networks can conform peer-to-peer information inspired by the principles of blockchain, and detect compromised UAVs based on trust policies. The proposed technique uses a secure asymmetric encryption with a pre-shared list of official UAVs. Using this technique, the wrong information can be detected when an official UAV is physically hijacked. The novel agent based simulator ABS-SecurityUAV is used to validate the proposed approach. In our experiments, around 90% of UAVs were able to corroborate information about a person walking in a controlled area, while none of the UAVs corroborated fake information coming from a hijacked UAV

Efficient Privacy-Preserving Facial Expression Classification

This paper proposes an efficient algorithm to perform privacy-preserving (PP) facial expression classification (FEC) in the client-server model. The server holds a database and offers the classification service to the clients. The client uses the service to classify the facial expression (FaE) of subject. It should be noted that the client and server are mutually untrusted parties and they want to perform the classification without revealing their inputs to each other. In contrast to the existing works, which rely on computationally expensive cryptographic operations, this paper proposes a lightweight algorithm based on the randomization technique. The proposed algorithm is validated using the widely used JAFFE and MUG FaE databases. Experimental results demonstrate that the proposed algorithm does not degrade the performance compared to existing works. However, it preserves the privacy of inputs while improving the computational complexity by 120 times and communication complexity by 31 percent against the existing homomorphic cryptography based approach

Privacy-Preserving iVector-Based Speaker Verification

This paper introduces an efficient algorithm to develop a privacy-preserving voice verification based on iVector and linear discriminant analysis techniques. This research considers a scenario in which users enrol their voice biometric to access different services (i.e., banking). Once enrolment is completed, users can verify themselves using their voice print instead of alphanumeric passwords. Since a voice print is unique for everyone, storing it with a third-party server raises several privacy concerns. To address this challenge, this paper proposes a novel technique based on randomization to carry out voice authentication, which allows the user to enrol and verify their voice in the randomized domain. To achieve this, the iVector-based voice verification technique has been redesigned to work on the randomized domain. The proposed algorithm is validated using a well-known speech dataset. The proposed algorithm neither compromises the authentication accuracy nor adds additional complexity due to the randomization operations

R-PEKS: RBAC Enabled PEKS for Secure Access of Cloud Data

In the recent past, few works have been done by combining attribute-based access control with multi-user PEKS, i.e., public key encryption with keyword search. Such attribute enabled searchable encryption is most suitable for applications where the changing of privileges is done once in a while. However, to date, no efficient and secure scheme is available in the literature that is suitable for these applications where changing privileges are done frequently. In this paper our contributions are twofold. Firstly, we propose a new PEKS scheme for string search, which, unlike the previous constructions, is free from bi-linear mapping and is efficient by 97% compared to PEKS for string search proposed by Ray et.al in TrustCom 2017. Secondly, we introduce role based access control (RBAC) to multi-user PEKS, where an arbitrary group of users can search and access the encrypted files depending upon roles. We termed this integrated scheme as R-PEKS. The efficiency of R-PEKS over the PEKS scheme is up to 90%. We provide formal security proofs for the different components of R-PEKS and validate these schemes using a commercial dataset

ASSESSMENT OF ANTINEOPLASTIC POTENTIAL OF ANNONA RETICULATA LINN. ON HUMAN CANCER CELL LINES

ABSTRACTObjective: The present study was undertaken to establish the antineoplastic potential of Annona reticulata on human cancer cell lines, viz., squamouscell carcinoma 9 (SCC9), MCF-7 (human breast adenocarcinoma), A549 (lung adenocarcinoma), and HCT116 (colorectal carcinoma) cells.Methods: The study was performed through MTT, cell cycle (G2M), and DNA fragmentation assays. Cells inhibited in MTT assay were subjected to cellcycle analysis and DNA fragmentation, respectively.Results: The extracts showed dose-dependent growth inhibition of SCC9, MCF-7, A549, and HCT116 cells. In contrast to HCT116 and A549 cells,which exhibited cytotoxicity at a higher concentration with IC50 value of 271.7 and 296 µg/ml, the extract treated SCC9 and MCF-7 cells exhibitedsignificant cytotoxicity at a lower concentration with IC50 value of 49.47 and 52.65 µg/ml, respectively. The treated A549 and MCF-7 cells showed cellcycle arrest up to 7.07% and 14.42%, respectively, at G2/M phase of cell cycle. DNA fragmentation was not observed in both A549 and MCF-7 cellstreated with A. reticulata extract at a concentration of 320 µg/ml.Conclusion: Encouraging preliminary results emphasize the necessity for further research on characterization of individual compounds from thisextract and advocate it as a good source of anticancer agent for certain types of cancer.Keywords: Annona reticulata, Anticancer activity, MTT, G2M and DNA fragmentation

Smart, secure and seamless access control scheme for mobile devices

Smart devices capture users' activity such as unlock failures, application usage, location and proximity of devices in and around their surrounding environment. This activity information varies between users and can be used as digital fingerprints of the users' behaviour. Traditionally, users are authenticated to access restricted data using long term static attributes such as password and roles. In this paper, in order to allow secure and seamless data access in mobile environment, we combine both the user behaviour captured by the smart device and the static attributes to develop a novel access control technique. Security and performance analyses show that the proposed scheme substantially reduces the computational complexity while enhances the security compared to the conventional schemes

Cloud Security Engineering: Theory, Practice and Future Research

The eleven papers in this special issue address security and privacy concerns associated with cloud computing. This special issue is dedicated to the identification of techniques that enable security mechanisms to be engineered and implemented in cloud services and cloud systems. A key focus is on the integration of theoretical foundations with practical deployment of security strategies that make cloud systems more secure for both end users and providers – enabling end users to increase the level of trust they have in cloud service providers – and conversely for cloud service providers to provide greater guarantees to end users about the security of their services and data