Work Package 1: Scenarios
|Secure Software Updates for Constrained IoT Devices||Poster||Marco Filippi||Resource constrained embedded devices are often expected to be deployed and stay active in the field for prolonged amounts of time (sometimes decades!). Unpatched devices left vulnerable in the field pose a risk to both the user's of such devices and the networks the devices operate in. The purpose of this topic if to design secure and practical software update mechanisms for highly resource constrained devices with limited energy, memory, and computational resources.|
|Estimating and Predicting Path Loss for Fake Base Station Detection||Poster||Setareh Roshan|
Fake base stations have recently been in the news for being used as tools for location tracking, and interception for example. There are existing techniques for fake base station detection (typically relying on metadata from the neighboring base stations), but these are ill-fitted for smarter attackers, or next generation fake base stations. One possible additional criterion to study for their detection, is the precise estimation of the base station location and emitting power. For this, we want to estimate with high precision the path loss (power attenuation) between a device and the antenna.
While current heuristic models (Okumura-Hata, COST...) may be sufficient for rough approximations of the path loss, we are actually interested in improving here the quality of these estimations, in order to provide a higher accuracy for the calculations based on this path loss value. There is a current attempt, in this research field, to use raytracing to simulate the path loss (among other things). But raytracing takes a lot of time and CPU power, and would most likely be prohibitive in our case (where most of the processing should/could be done on the device). We want to achieve this goal differently. One way to achieve this is by modeling the non-linear diffusion function coming from the BTS: depending on a number of factors (typically spectrum band, height of the antenna, emitting power. . . ), the path loss distribution can fluctuate.
We propose to look at the possibility of modeling accurately the path loss using the topography of the land (buildings, their material...) as an extra input for the attenuation models.
Work Package 2: Privacy Enhancing Technologies
Private Membership Test Protocol with Low Communication Complexity
|Poster and Demo||Sara Ramezanian|
We introduce a protocol with low communication complexity, that enables clients to search through server's database privately. We use homomorphic encryption to hide client's search item and perform computation on server's database.
|The Circle Game: Scalable Private Membership Test Using Trusted Hardware||Poster||Sandeep Tamrakar and Andrew Paverd|
Malware checking is changing from being a local service to a cloud-assisted one where users’ devices query a cloud server, which hosts a dictionary of malware signatures, to check if particular applications are potentially malware. Whilst such an architecture gains all the benefits of cloud-based services, it opens up a major privacy concern since the cloud service can infer personal traits of the users based on the lists of applications queried by their devices.
In the poster, we present a simple PMT approach using a carousel: circling the entire dictionary through trusted hardware on the cloud server. We show how the carousel approach, using different data structures to represent the dictionary, can be realized on two different commercial hardware security architectures (ARM TrustZone and Intel SGX). Through extensive experimental analysis, we show that our carousel approach surprisingly outperforms Path ORAM on the same hardware by supporting a much higher query arrival rate while guaranteeing acceptable response latency for individual queries.
|Privacy-Preserving Deep Learning Prediction||Paperand Demo and||Jian Liu|
Cloud-based prediction models are increasingly popular but risk privacy: clients sending prediction requests to the service need to disclose potentially sensitive data to the server. In this paper, we explore the problem of privacy-preserving predictions: after each prediction, the server learns nothing about clients' input and clients learn nothing about the model. We present a technique that transforms a learned neural network to its privacy-preserving form.
Work Package 3: Data Analytic Technologies
|Android Malfare Detection: Building Useful Representations||Poster||Luiza Sayfullina||The problem of proactively detecting Android Malware has proven to be a challenging one. The challenges stem from a variety of issues, but recent literature has shown that this task is hard to solve with high accuracy when only a restricted set of features, like permissions or similar fixed sets of features, are used. The opposite approach of including all available features is also problematic, as it causes the features space to grow beyond reasonable size. We found an efficient way to select a representative feature space, preserving its discriminative power on unseen data. We go beyond traditional approaches like Principal Component Analysis, which is too heavy for large-scale problems with millions of features. In particular we show that many feature groups that can be extracted from Android application packages, like features extracted from the manifest file or strings extracted from the Dalvik Executable (DEX), should be filtered and used in classification separately. Our proposed dimensionality reduction scheme is applied to each group separately and consists of raw string preprocessing, feature selection via log-odds and finally applying random projections. With the size of the feature space growing exponentially as a function of the training set's size, our approach drastically decreases the size of the feature space of several orders of magnitude; this in turn allows accurate classification to become possible in a real world scenario. After reducing the dimensionality we use the feature groups in a light-weight ensemble of logistic classifiers.|
|Automated Detection of Android Malware||Demo||Dmitriy Komashinskiy|
We present a system for automated detection of mobile malware for Android OS. The system comprises a number of static malware analysis methods and Machine Learning techniques. The approach was developed by F-Secure Labs in collaboration with researchers from Aalto University and Arcada University of Applied Sciences.
|An Adaptive Detection and Prevention Architecture for Unsafe Traffic in SDN Enabled Mobile Networks||Poster and demo||Mehnroosh Monshizadeh and Vikramajeet Khatri||The forthcoming 5G cloud networks will utilize software defined networking (SDN) and network functions virtualization (NFV) to provide new services. However, applying these technologies introduce new threats to network. To detect the security attacks and malicious traffic both on end user and cloudified mobile network, we apply centralized monitoring and combine dynamicity and programmability of SDN, traffic filtering capabilities of IDS and clustering mechanisms for load balancing. We discuss and demonstrate an adaptive detection and prevention architecture for SDN enabled mobile networks.|
|Image Classification Using Local Features||Poster and demo||Anton Akusok|
Automated Internet security technologies must adopt human-like vision of the data to address upcoming problems. Our particular task is to perform image content classification, that is language-independent and can augment text-based methods in web page labelling. Existing approaches to the task are explained on a poster, and presented as a demo program.
Work Package 4: Infrastructure and Integration
|Live Migration of SGX Enclaves||Poster||Arseny Kurnikov|
Providing more security guarantees for the cloud computing can benefit both cloud providers and their clients. One technology to protect users data being processed in the cloud is Intel SGX. This work addresses an important challenge of migrating SGX enclaves between physical hosts. We propose a secure protocol for live migration of an enclave.
|Securebox: Platform for Safeguarding Network Edge||Poster||Ibbad Hafeez, Lauri Suomalainen||The number of connected devices is increasing exponentially, which has made the job of managing and securing networks more complex and demanding than ever before. In this paper, we present a novel service-based solution for securing edge networks that are poorly managed and do not offer adequate security and management features. Our proposed system includes a smart gateway Securebox offering advanced security and network management features at device level granularity and a Security and Management Service (SMS) which provides services including traffic analysis services, management services for remote device, network and security policy etc. Instead of tight coupling with hardware, our system enables flexible and on-demand deployment of security services to detect and block malicious activities in the network. Our demonstration shows that the proposed system is easy to deploy, manage and operate different networks and resolves a number of challenges in network security management domain (Demo Videos).|
IoT Sentinel: Automated Device-Type Identification in IoT
|Poster||Markus Miettinen, Samuel Marchal, Ibbad Hafeez||Several IoT vendors are producing IP-connected devices that often suffer from flawed security designs and implementations. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach. We propose a machine learning based system capable of identifying the types of devices being connected to an IoT network. Device-types can be linked to know vulnerabilities in order to take the appropriate measures for mitigating the risk of vulnerable devices.|
|IoTurva: Securing Device-to-Device Communications in IoT Ecosystem||Poster||Ibbad Hafeez||Signature based anomaly detection schemes fall short in handling complex device to device (D2D) interactions in IoT ecosystem. In this work, we envision a fuzzy based inference engine which collects the rule base from crowd-sourcing, online resources and other sources, and uses this rule based to classify new D2D interactions happening in IoT networks as normal or anomalous.|