Predicting Diffusion Reach Probabilities via Representation Learning on Social Networks

Diffusion reach probability between two nodes on a network is defined as the probability of a cascade originating from one node reaching to another node. An infinite number of cascades would enable calculation of true diffusion reach probabilities between any two nodes. However, there exists only a finite number of cascades and one usually has access only to a small portion of all available cascades. In this work, we addressed the problem of estimating diffusion reach probabilities given only a limited number of cascades and partial information about underlying network structure. Our proposed strategy employs node representation learning to generate and feed node embeddings into machine learning algorithms to create models that predict diffusion reach probabilities. We provide experimental analysis using synthetically generated cascades on two real-world social networks. Results show that proposed method is superior to using values calculated from available cascades when the portion of cascades is small

Dynamic resiliency analysis of key predistribution in wireless sensor networks

Wireless sensor networks have been analyzed for more than a decade from operational and security points of view. Several key predistribution schemes have been proposed in the literature. Although valuable and state-of-the-art proposals have been made, their corresponding security analyses have not been performed by considering the dynamic nature of networking behavior and the time dimension. The sole metric used for resiliency analysis of key predistribution schemes is "fraction of links compromised" which is roughly defined as the ratio of secure communication links that the adversary can compromise over all secure links. However, this metric does not consider the dynamic nature of the network; it just analyzes a snapshot of the network without considering the time dimension. For example, possible dead nodes may cause change of routes and some captured links become useless for the attacker as time goes by. Moreover, an attacker cannot perform sensor node capturing at once, but performs over time. That is why a methodology for dynamic security analysis is needed in order to analyze the change of resiliency in time a more realistic way. In this paper, we propose such a dynamic approach to measure the resiliency of key predistribution schemes in sensor networks. We take the time dimension into account with a new performance metric, "captured message fraction". This metric is defined as the percentage of the messages generated within the network to be forwarded to the base station (sink) that are captured and read by the attacker. Our results show that for the cases where the static fraction of links compromised metric indicates approximately 40% of the links are compromised, our proposed captured message fraction metric shows 80% of the messages are captured by the attacker. This clearly proves the limitations of the static resiliency analysis in the literature

A-MAKE: an efficient, anonymous and accountable authentication framework for WMNs

In this paper, we propose a framework, named as A-MAKE, which efficiently provides security, privacy, and accountability for communications in wireless mesh networks. More specifically, the framework provides an anonymous mutual authentication protocol whereby legitimate users can connect to network from anywhere without being identified or tracked. No single party (e.g., network operator) can violate the privacy of a user, which is provided in our framework in the strongest sense. Our framework utilizes group signatures, where the private key and the credentials of the users are generated through a secure three-party protocol. User accountability is implemented via user revocation protocol that can be executed by two semitrusted authorities, one of which is the network operator. The assumptions about the trust level of the network operator are relaxed. Our framework makes use of much more efficient signature generation and verification algorithms in terms of computation complexity than their counterparts in literature, where signature size is comparable to the shortest signatures proposed for similar purposes so far

Security, privacy and trust in wireless mesh networks

With the advent of public key cryptography, digital signature schemes have been extensively studied in order to minimize the signature sizes and to accelerate their execution while providing necessary security properties. Due to the privacy concerns pertaining to the usage of digital signatures in authentication schemes, privacy-preserving signature schemes, which provide anonymity of the signer, have attracted substantial interest in research community. Group signature algorithms, where a group member is able to sign on behalf of the group anonymously, play an important role in many privacy-preserving authentication/ identification schemes. On the other hand, a safeguard is needed to hold users accountable for malicious behavior. To this end, a designated opening/revocation manager is introduced to open a given anonymous signature to reveal the identity of the user. If the identified user is indeed responsible for malicious activities, then s/he can also be revoked by the same entity. A related scheme named direct anonymous attestation is proposed for attesting the legitimacy of a trusted computing platform while maintaining its privacy. This dissertation studies the group signature and direct anonymous attestation schemes and their application to wireless mesh networks comprising resource-constrained embedded devices that are required to communicate securely and be authenticated anonymously, while malicious behavior needs to be traced to its origin. Privacy-aware devices that anonymously connect to wireless mesh networks also need to secure their communication via efficient symmetric key cryptography, as well. In this dissertation, we propose an efficient, anonymous and accountable mutual authentication and key agreement protocol applicable to wireless mesh networks. The proposed scheme can easily be adapted to other wireless networks. The proposed scheme is implemented and simulated using cryptographic libraries and simulators that are widely deployed in academic circles. The implementation and simulation results demonstrate that the proposed scheme is effective, efficient and feasible in the context of hybrid wireless mesh networks, where users can also act as relaying agents. The primary contribution of this thesis is a novel privacy-preserving anonymous authentication scheme consisting of a set of protocols designed to reconcile user privacy and accountability in an efficient and scalable manner in the same framework. The three-party join protocol, where a user can connect anonymously to the wireless mesh network with the help of two semi-trusted parties (comprising the network operator and a third party), is efficient and easily applicable in wireless networks settings. Furthermore, two other protocols, namely two-party identification and revocation protocols enable the network operator, with the help of the semi-trusted third party, to trace suspected malicious behavior back to its origins and revoke users when necessary. The last two protocols can only be executed when the two semi-trusted parties cooperate to provide accountability. Therefore, the scheme is protected against an omni-present authority (e.g. network operator) violating the privacy of network users at will. We also provide arguments and discussions for security and privacy of the proposed scheme

Implementing a protected zone in a reconfigurable processor for isolated execution of cryptographic algorithms

We design and realize a protected zone inside a reconfigurable and extensible embedded RISC processor for isolated execution of cryptographic algorithms. The protected zone is a collection of processor subsystems such as functional units optimized for high-speed execution of integer operations, a small amount of local memory, and general and special-purpose registers. We outline the principles for secure software implementation of cryptographic algorithms in a processor equipped with the protected zone. We also demonstrate the efficiency and effectiveness of the protected zone by implementing major cryptographic algorithms, namely RSA, elliptic curve cryptography, and AES in the protected zone. In terms of time efficiency, software implementations of these three cryptographic algorithms outperform equivalent software implementations on similar processors reported in the literature. The protected zone is designed in such a modular fashion that it can easily be integrated into any RISC processor; its area overhead is considerably moderate in the sense that it can be used in vast majority of embedded processors. The protected zone can also provide the necessary support to implement TPM functionality within the boundary of a processor

Performance evaluation of different CRL distribution schemes embedded in WMN authentication

Wireless Mesh Networks (WMNs) have emerged as a promising technology to provide low cost and scalable solutions for high speed Internet access and additional services. In hybrid WMNs, where mesh clients also act as relaying agents and form a mesh client network, it is important to provide users with an efficient anonymous and accountable authentication scheme. Accountability is required for the malicious users that are to be identified and revoked from the network access and related services. Promising revocation schemes are based on Certification Revocation Lists (CRLs). Since in hybrid WMNs mesh clients also authenticate other clients, distribution of these CRLs is an important task. In this paper, we propose and examine the performance of different distribution schemes of CRLs and analyze authentication performance in two scenarios: in one scenario all mesh routers and mesh clients obtain CRLs and in the second one, CRLs are held only by the mesh routers and mesh clients acting as relaying agents require CRL checking to be performed from the router in authenticating another client

Performance Evaluation of Different CRL Distribution Schemes Embedded in WMN Authentication

Abstract. Wireless Mesh Networks (WMNs) have emerged as a promising technology to provide low cost and scalable solutions for high speed Internet access and additional services. In hybrid WMNs, where mesh clients also act as relaying agents and form a mesh client network, it is important to provide users with an efficient anonymous and accountable authentication scheme. Accountability is required for the malicious users that are to be identified and revoked from the network access and related services. Promising revocation schemes are based on Certification Revocation Lists (CRLs). Since in hybrid WMNs mesh clients also authenticate other clients, distribution of these CRLs is an important task. In this paper, we propose and examine the performance of different distribution schemes of CRLs and analyze authentication performance in two scenarios: in one scenario all mesh routers and mesh clients obtain CRLs and in the second one, CRLs are held only by the mesh routers and mesh clients acting as relaying agents require CRL checking to be performed from the router in authenticating another client

SPR2EP: A Semi-Supervised Spam Review Detection Framework

Authenticity and reliability of the information spread over the cyberspace is becoming increasingly important. This is especially important in e-commerce since potential customers check reviews and customer feedbacks online before making a purchasing decision. Although this information is easily accessible through related websites, lack of verification of the authenticity of these reviews raises concerns about their reliability. Besides, fraudulent users disseminate misinformation to deceive people into acting against their interest. So, detection of fake and unreliable reviews is a crucial problem that must be addressed by the security researchers

A(2)-MAKE: An efficient anonymous and accountable mutual authentication and key agreement protocol for WMNs

Multi-hop hybrid wireless mesh networks (WMNs) have recently attracted increasing attention and deployment. For easy acceptance and wide deployment of WMNs, security, privacy, and accountability issues have to be addressed by providing efficient, reliable, and scalable protocols. The fact that regular users, which may be resource-constrained wireless devices, are involved in routing activities highlights the need for efficiency and compactness. However, the said objectives, i.e., security, privacy, accountability, efficiency etc., are, most of the time, not compatible. So far no previous work has adequately reconciled these conflicting objectives in a practical framework. In this paper, we design and implement such a framework named as A(2)-MAKE, which is a collection of protocols. The framework provides an anonymous mutual authentication protocol whereby legitimate users can connect to network from anywhere without being identified or tracked unwillingly. No single party (or authority, network operator, etc.) can violate the privacy of a user, which is provided in our framework in the strongest sense. Our framework utilizes group signatures, where the private keys and corresponding credentials of the users are generated in a secure three-party protocol. User accountability is implemented via user identification and revocation protocols that can be executed by two semi-trusted authorities, one of which is the network operator. The assumptions about the trust level of the network operator are relaxed with respect to similar protocols. Our framework makes use of more efficient signature generation and verification algorithms in terms of computational complexity than their counterparts in literature, where signature size is almost the same as the shortest signatures proposed for similar purposes so far