1 2 3 13

Evolutionary Methods for Generating Synthetic MasterPrint Templates: Dictionary Attack in Fingerprint Recognition

February 21, 2018

Aditi Roy, Nasir Memon, Julian Togelius and Arun Ross

Recent research has demonstrated the possibility of generating “Masterprints” that can be used by an adversary to launch a dictionary attack against a fingerprint recognition system. Masterprints are fingerprint images that fortuitously match with a large number of other fingerprints thereby compromising the security of a fingerprint-based biometric system, especially those equipped with smallsized fingerprint sensors. This work presents new methods for creating a synthetic MasterPrint dictionary that sequentially maximizes the probability of matching a large number of target fingerprints.

Analyzing and Mitigating the Impact of Permanent Faults on a Systolic Array Based Neural Network Accelerator

February 17, 2018

Jeff (Jun) Zhang, Tianyu Gu, Kanad Basu and Siddharth Garg

Due to their growing popularity and computational cost, deep neural networks (DNNs) are being targeted for hardware acceleration. A popular architecture for DNN acceleration, adopted by the Google Tensor Processing Unit (TPU), utilizes a systolic array based matrix multiplication unit at its core. This paper deals with the design of faulttolerant, systolic array based DNN accelerators for high defect rate technologies. To this end, we empirically show that the classification accuracy of a baseline TPU drops significantly even at extremely low fault rates (as low as 0.006%).

Sensibility Testbed: Automated IRB Policy Enforcement in Mobile Research Apps

February 13, 2018

Yanyan Zhuang,Albert Rafetseder, Yu Hu, Yuan Tian and Justin Cappos

Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks.


February 12, 2018

Yiming Zhang , Quan Ho Vuong , Kenny Song , Xiao-Yue Gong and Keith W. Ross

This paper considers entropy bonus, which is used to encourage exploration in policy gradient. In the case of high-dimensional action spaces, calculating the entropy and its gradient requires enumerating all the actions in the action space and running forward and back-propagation for each action, which may be computationally infeasible. We develop several novel unbiased estimators for the entropy bonus and its gradient. We apply these estimators to several models for the parameterized policies, including Independent Sampling, CommNet, Autoregressive with Modified MDP, and Autoregressive with LSTM.

ThUnderVolt: Enabling Aggressive Voltage Underscaling and Timing Error Resilience for Energy Efficient Deep Neural Network Accelerators

February 11, 2018

Jeff Zhang, Kartheek Rangineni, Zahra Ghodsi,  and Siddharth Garg

Hardware accelerators are being increasingly deployed to boost the performance and energy efficiency of deep neural network (DNN) inference. In this paper we propose Thundervolt, a new framework that enables aggressive voltage underscaling of high-performance DNN accelerators without compromising classification accuracy even in the presence of high timing error rates. Using post-synthesis timing simulations of a DNN accelerator modeled on the Google TPU, we show that Thundervolt enables between 34%-57% energy savings on state-of-the-art speech and image recognition benchmarks with less than 1%loss in classification accuracy and no performance loss.

A Game-Theoretic Approach to Design Secure and Resilient Distributed Support Vector Machines

February 7, 2018

Rui Zhang and Quanyan Zhu

Distributed Support Vector Machines (DSVM) have been developed to solve large-scale classification problems in networked systems with a large number of sensors and control units. However, the systems become more vulnerable as detection and defense are increasingly difficult and expensive. This work aims to develop secure and resilient DSVM algorithms under adversarial environments in which an attacker can manipulate the training data to achieve his objective. We establish a game-theoretic framework to capture the conflicting interests between an adversary and a set of distributed data processing units.

Typicality Matching for Pairs of Correlated Graphs

February 3, 2018

Farhad Shirani, Siddharth Garg and Elza Erkip

In this paper, the problem of matching pairs of correlated random graphs with multi-valued edge attributes is considered. Graph matching problems of this nature arise in several settings of practical interest including social network deanonymization, study of biological data, web graphs, etc. An achievable region for successful matching is derived by analyzing a new matching algorithm that we refer to as typicality matching. The algorithm operates by investigating the joint typicality of the adjacency matrices of the two correlated graphs.

Distributed Privacy-Preserving Collaborative Intrusion Detection Systems for VANETs

February 2, 2018

Tao Zhang and Quanyan Zhu

Vehicular ad hoc network (VANET) is an enabling technology in modern transportation systems for providing safety and valuable information, and yet vulnerable to a number of attacks from passive eavesdropping to active interfering. Intrusion detection systems (IDSs) are important devices that can mitigate the threats by detecting malicious behaviors. Furthermore, the collaborations among vehicles in VANETs can improve the detection accuracy by communicating their experiences between nodes.

On the Secure and Reconfigurable Multi-Layer Network Design for Critical Information Dissemination in the Internet of Battlefield Things (IoBT)

January 26, 2018

Muhammad Junaid Farooq, Student Member, IEEE and Quanyan Zhu

The Internet of things (IoT) is revolutionizing the management and control of automated systems leading to a paradigm shift in areas such as smart homes, smart cities, health care, transportation, etc. The IoT technology is also envisioned to play an important role in improving the effectiveness of military operations in battlefields. The interconnection of combat equipment and other battlefield resources for coordinated automated decisions is referred to as the Internet of battlefield things (IoBT). IoBT networks are significantly different from traditional IoT networks due to battlefield specific challenges such as the absence of communication infrastructure, heterogeneity of devices, and susceptibility to cyber-physical attacks.

Optimal Active Social Network De-anonymization Using Information Thresholds

January 19, 2018

Farhad Shirani, Siddharth Garg and Elza Erkip.

In this paper, de-anonymizing internet users by actively querying their group memberships in social networks is considered. In this problem, an anonymous victim visits the attacker’s website, and the attacker uses the victim’s browser history to query her social media activity for the purpose of de-anonymization using the minimum number of queries. A stochastic model of the problem is considered where the attacker has partial prior knowledge of the group membership graph and receives noisy responses to its real-time queries.

The Cyber and Critical Infrastructures Nexus: Interdependencies, Dependencies and Their Impacts on Public Services

December 27, 2017

Rae Zimmerman

Critical infrastructures (CI) provide fundamental services in ways that are essential to the social and economic fabric of society. These infrastructures are apparently becoming increasingly interconnected with one another (Saidi et al. 2018: 1), and these interconnections appear in the form of interdependencies and dependencies. Information technologies or information and communications technologies (ICT) are often a major location point for that interconnectivity and have been increasingly so for some CI sectors, not only within single infrastructure sectors, subsectors, or subsector components, but also among different infrastructure sectors.

A Hybrid Stochastic Game for Secure Control of Cyber-Physical Systems

December 27, 2017

Fei Miao, Quanyan Zhu, Miroslav Pajic and George J. Pappas

In this paper, we establish a zero-sum, hybrid state stochastic game model for designing defense policies for cyber-physical systems against different types of attacks. With the increasingly integrated properties of cyber-physical systems (CPS) today, security is a challenge for critical infrastructures. Though resilient control and detecting techniques for a specific model of attack have been proposed, to analyze and design detection and defense mechanisms against multiple types of attacks for CPSs requires new system frameworks. Besides security, other requirements such as optimal control cost also need to be considered.

TERMinator Suite: Benchmarking Privacy-Preserving Architectures

December 14, 2017

Dimitris Mouris, Nektarios Georgios Tsoutsos, and Michail Maniatakos

Security and privacy are fundamental objectives characterizing contemporary cloud computing. Despite the wide adoption of encryption for protecting data in transit and at rest, data in use remains unencrypted inside cloud processors and memories, as computation is not applicable on encrypted values. This limitation introduces security risks, as unencrypted values can be leaked through side-channels or hardware Trojans. To address this problem, encrypted architectures have recently been proposed, which leverage homomorphic encryption to natively process encrypted data using datapaths of thousands of bits.

A Game-Theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy

December 14, 2017

Jeffrey Pawlick, Edward Colbert and Quanyan Zhu.

Cyber attacks on both databases and critical infrastructure have threatened public and private sectors. Meanwhile, ubiquitous tracking and wearable computing have infringed upon privacy. Advocates and engineers have recently proposed using defensive deception as a means to leverage the information asymmetry typically enjoyed by attackers as a tool for defenders. The term deception, however, has been employed broadly and with a variety of meanings. In this paper, we survey 24 articles from 2007–2017 that use game theory to model defensive deception for cybersecurity and privacy.

Image Carving with Missing Headers and Missing Fragments

December 7, 2017

Emre Durmus, Manoranjan Mohanty, Samet Taspinar, Erkam Uzun and Nasir Memon

Although some remarkable advancements have been made in image carving, even in the presence of fragmentation, existing methods are not effective when parts (fragments) of an image are missing. This paper addresses this problem and proposes a PRNU (Photo Response Non-Uniformity)-based image carving method. The proposed technique assumes that the underlying camera fingerprint (camera sensor noise) is available prior to the carving process. Given a large number of image fragments, the camera fingerprint is used to find the position of fragments in a to-be-carved image.

Evolution of Logic Locking

November 29, 2017

Muhammad Yasin and Ozgur Sinanoglu

The globalization of integrated circuit (IC) supply chain and the emergence of threats, such as intellectual property (IP) piracy, reverse engineering, and hardware Trojans, have forced semiconductor companies to revisit the trust in the supply chain. Logic locking is emerging as a popular and effective countermeasure against these threats. Over the years, multiple logic techniques have been developed. Moreover, a number of attacks have been proposed that expose the security vulnerabilities of these techniques. This paper highlights the key developments in the logic locking research and presents a comprehensive literature review of logic locking.

Seeded Graph Matching: Efficient Algorithms and Theoretical Guarantees

November 28, 2017

Farhad Shirani, Siddharth Garg, and Elza Erkip

In this paper, a new information theoretic framework for graph matching is introduced. Using this framework, the graph isomorphism and seeded graph matching problems are studied. The maximum degree algorithm for graph isomorphism is analyzed and sufficient conditions for successful matching are rederived using type analysis. Furthermore, a new seeded matching algorithm with polynomial time complexity is introduced. The algorithm uses `typicality matching’ and techniques from point-to-point communications for reliable matching.

Securing Hardware Accelerators: a New Challenge for High-Level Synthesis (Perspective Paper)

November 17, 2017

Christian Pilato, Siddharth Garg, Kaijie Wu, Ramesh Karri and Francesco Regazzoni

High-level synthesis (HLS) tools have made significant progress in the past few years, improving the design productivity for hardware accelerators and becoming mainstream in industry to create specialized System-on-Chip (SoC) architectures. Increasing the level of security of these heterogeneous architectures is becoming critical. However, state-of-the-art security countermeasures are still applied only to the code executing on the processor cores or manually implemented into the generated components, leading to suboptimal and sometimes even insecure designs.