Computer security

Secure multiparty computation (secure MPC) is a computational paradigm that enables a group of parties to evaluate a public function on their private data without revealing the data (i.e., by preserving the privacy of their data). This computational approach, sometimes also referred to as secure function evaluation (SFE) and privacy-preserving computation, has attracted significant attention in the last couple of decades. It has been studied in different application domains, including in privacy-preserving data mining and machine learning, secure signal processing, secure genome analysis, sealed-bid auctions, etc. There are different approaches for realizing secure MPC. Some commonly used approaches include secret sharing schemes, Yao's garbled circuits, and homomorphic encryption techniques.
The main focus of this dissertation is to further investigate secure multiparty computation as an appealing area of research and to study its applications in different domains. We specifically focus on secure multiparty computation based on secret sharing and fully homomorphic encryption (FHE) schemes. We review the important theoretical foundations of these approaches and provide some novel applications for each of them. For the fully homomorphic encryption (FHE) part, we mainly focus on FHE schemes based on the LWE problem [142] or RLWE problem [109]. Particularly, we provide a C++ implementation for the ring variant of a third generation FHE scheme called the approximate eigenvector method (a.k.a., the GSW scheme) [67]. We then propose some novel approaches for homomorphic evaluation of common functionalities based on the implemented (R)LWE [142] and [109] and RGSW [38,58] schemes. We specifically present some constructions for homomorphic computation of pseudorandom functions (PRFs). For secure computation based on secret sharing [150], we provide some novel protocols for secure trust evaluation (STE). Our proposed STE techniques [137] enable the parties in trust and reputation systems (TRS) to securely assess their trust values in each other while they keep their input trust values private. It is worth mentioning that trust and reputation are social mechanisms which can be considered as soft security measures that complement hard security measures (e.g., cryptographic and secure multiparty computation techniques) [138, 171].

The Internet has provided humanity with many great benefits, but it has also introduced new risks and dangers. E-commerce and other web portals have become large industries with big data. Criminals and other bad actors constantly seek to exploit these web properties through web attacks. Being able to properly detect these web attacks is a crucial component in the overall cybersecurity landscape. Machine learning is one tool that can assist in detecting web attacks. However, properly using machine learning to detect web attacks does not come without its challenges. Classification algorithms can have difficulty with severe levels of class imbalance. Class imbalance occurs when one class label disproportionately outnumbers another class label. For example, in cybersecurity, it is common for the negative (normal) label to severely outnumber the positive (attack) label. Another difficulty encountered in machine learning is models can be complex, thus making it difficult for even subject matter experts to truly understand a model’s detection process. Moreover, it is important for practitioners to determine which input features to include or exclude in their models for optimal detection performance. This dissertation studies machine learning algorithms in detecting web attacks with big data. Severe class imbalance is a common problem in cybersecurity, and mainstream machine learning research does not sufficiently consider this with web attacks. Our research first investigates the problems associated with severe class imbalance and rarity. Rarity is an extreme form of class imbalance where the positive class suffers extremely low positive class count, thus making it difficult for the classifiers to discriminate. In reducing imbalance, we demonstrate random undersampling can effectively mitigate the class imbalance and rarity problems associated with web attacks. Furthermore, our research introduces a novel feature popularity technique which produces easier to understand models by only including the fewer, most popular features. Feature popularity granted us new insights into the web attack detection process, even though we had already intensely studied it. Even so, we proceed cautiously in selecting the best input features, as we determined that the “most important” Destination Port feature might be contaminated by lopsided traffic distributions.

While it is evident that network services continue to play an ever-increasing role in our daily lives, it is less evident that our information infrastructure requires a concerted, well-conceived, and fastidiously executed strategy to remain viable. Government agencies, Non-Governmental Organizations (\NGOs"), and private organizations are all targets for malicious online activity. Security has deservedly become a serious focus for organizations that seek to assume a more proactive posture; in order to deal with the many facets of securing their infrastructure.
At the same time, the discipline of data science has rapidly grown into a prominent role, as once purely theoretical machine learning algorithms have become practical for implementation. This is especially noteworthy, as principles that now fall neatly into the field of data science has been contemplated for quite some time, and as much as over two hundred years ago. Visionaries like Thomas Bayes [18], Andrey Andreyevich Markov [65], Frank Rosenblatt [88], and so many others made incredible contributions to the field long before the impact of Moore's law [92] would make such theoretical work commonplace for practical use; giving rise to what has come to be known as "Data Science".

Peer-to-peer (P2P) networking has been receiving increasing attention from the
research community recently. How to conduct efficient and effective searching in such
networks has been a challenging research topic. This dissertation focuses on unstructured
file-sharing peer-to-peer networks. Three novel searching schemes are proposed,
implemented, and evaluated. In the first scheme named ISRL (Intelligent Search by Reinforcement
Learning), we propose to systematically learn the best route to desired files
through reinforcement learning when topology adaptation is impossible or infeasible. To
discover the best path to desired files, ISRL not only explores new paths by forwarding
queries to randomly chosen neighbors, but also exploits the paths that have been discovered
for reducing the cumulative query cost. Three models of ISRL are put forwarded: a
basic version for finding one desired file, MP-ISRL (MP stands for Multiple-Path ISRL)
for finding at least k files, and C-ISRL (C refers to Clustering) for reducing maintenance
overhead through clustering when there are many queries. ISRL outperforms existing searching approaches in unstructured peer-to-peer networks by achieving similar query
quality with lower cumulative query cost. The experimental results confirm the performance
improvement of ISRL. The second approach, HS-SDBF (Hint-based Searching
by Scope Decay Bloom Filter), addresses the issue of effective and efficient hint propagation.
We design a new data structure called SDBF (Scope Decay Bloom Filter) to
represent and advertise probabilistic hints. Compared to existing proactive schemes, HSSDBF
can answer many more queries successfully at a lower amortized cost considering
both the query traffic and hint propagation traffic. Both the analytic and the experimental
results support the performance improvement of our protocol. The third algorithm, hybrid
search, seeks to combine the benefits of both forwarding and non-forwarding searching
schemes. In this approach, a querying source directly probes its own extended neighbors
and forwards a query to a subset of its extended neighbors and guides these neighbors
to probe their own extended neighbors on its behalf. The hybrid search is able to adapt
query execution to the popularity of desired files without generating too much state maintenance
overhead because of the 1-hop forwarding inherent in the approach. It achieves
a higher query efficiency than the forwarding scheme and a better success rate than the
non-forwarding approach. To the best of our knowledge, this work is the first attempt
to integrate forwarding and non-forwarding schemes. Simulation results demonstrate the
effectiveness of the hybrid search.

Wireless sensor networks or WSNs continually become more common in todays world. They
are able to give us a constant view into the world as they gather information and make this information
more readily available. The infonnation these networks gather and contain is valuable and protecting
it is of great importance. Today more and more devices are becoming wireless and mobile. This
is allowing for very diverse networks to be created and they are constantly changing. Nodes in
these networks are either moving to different positions or going offi ine which constantly changes the
overall layout of the network. With this increasing connectivity of today's devices this opens the
door for possibility for these types of networks to become targets by malicious objects designed to
bring harm to the network. Many unre liable networks already face many problems such as having
to optimize battety life and being deployed in areas where they can be damaged. A malicious object
in this type of network has the power to destroy data and deplete the networks limited resources
such as bandwidth and power. Removal of these malicious objects can also have a negative effect
on these limited resources. We must find a way to remove these malicious objects in a way that
minimizes loss to the network. In this paper we will look at the information survival threshold of these types of networks. Certain controllable parameters exist that directly impact the survival rate
of all data in the network. We will combine this with the addition our own self-replicating objects to
the network designed to neutralize their malicious counterparts. We will examine these information
survival threshold parameters along with specific parameters available to the network. We shall see
how these parameters affect overall survival of data in the network and their impact on our own good
data.

This research addresses the need for increased interoperability between the varied access control systems in use today, and for a secure means of providing access to remote physical devices over untrusted networks. The Universal Physical Access Control System (UPACS) is an encryption-enabled security protocol that provides a standard customizable device control mechanism that can be used to control the behavior of a wide variety of physical devices, and provide users the ability to securely access those physical devices over untrusted networks.

After comparing general architectures for accessing business databases from the Web, we propose a platform-independent, language-independent, object-oriented, fourtier CORBA-based architecture. The proposed architecture is presented in pattern format. Several security mechanisms are incorporated into the proposed architecture. A Web Reservation System (WRS) was created to test this architecture. Starting from an analysis pattern, a design model for the WRS was developed using the CORBA Object Request Broker (ORB); this was a Virtual Car Reservation System (VCRS). In the VCRS system, a user can get a reservation number when necessary information is entered from a Web browser. The user can also retrieve the reservation information by using the reservation number. All reservation information is stored in a distributed database system at a remote site. A realistic application of the proposed architecture is also described. We also provide an evaluation and comparison of the proposed architecture with other architectures.

Recent worms have used sophisticated propagation techniques to propagate faster than the patch distribution and have utilized previously unknown vulnerabilities. To mitigate repetition of such epidemics in future, active defense mechanisms are needed that not only identify malicious activity, but can also defend against widespread outbreak. We provide a framework capable of reacting quickly to quarantine infections. The fundamental components of our framework are detector and VLAN switch. We have provided a proof of concept implementation, where we use the Blaster worm as an example, and demonstrate that detection of worms is possible, and individual infected hosts can be isolated quickly. Furthermore, using Monte Carlo simulations, we show that such containment of future epidemics is possible. In addition, we also compute the overhead of detection and mitigation approaches and have shown that our approach has lower overhead compared to the others.

Efficient searching is one of the important design issues in peer-to-peer (P2P) networks. Among various searching techniques, semantic-based searching has drawn significant attention recently. Gnutella-like efficient searching system (GES) [29] is such a system. GES derives node vector , a semantic summary of all documents on a node based on vector space model (VSM). The node-based topology adaptation algorithm and search protocol are then discussed. However, when there are many categories of documents at each node, the node vector representation may be inaccurate. We extend the idea of GES and present a class-based search system (CSS). It makes use of a document clustering algorithm: OSKM [27] to cluster all documents on a node into several classes. Each class can be viewed as a virtual node. As a result, class vector replaces node vector and plays an important role in class-based topology adaptation and search process, which makes CSS very efficient. Our simulation demonstrates that CSS outperforms GES.

The fuzzy vault scheme introduced by Juels and Sudan [Jue02] was implemented in a fingerprint cryptography system using COTS software. This system proved to be unsuccessful. Failure analysis led to a series of simulations to investigate the parameters and system thresholds necessary for such a system to perform adequately and as guidance for constructing similar systems in the future. First, a discussion of the role of biometrics in data security and cryptography is presented, followed by a review of the key developments leading to the development of the fuzzy vault scheme. The relevant mathematics and algorithms are briefly explained. This is followed by a detailed description of the implementation and simulation of the fuzzy vault scheme. Finally, conclusions drawn from analysis of the results of this research are presented.