Light gradient boosting machine with optimized hyperparameters for identification of malicious access in IoT network

In this paper, an advanced and optimized Light Gradient Boosting Machine (LGBM) technique is proposed to identify the intrusive activities in the Internet of Things (IoT) network. The followings are the major contributions: i) An optimized LGBM model has been developed for the identification of malicious IoT activities in the IoT network; ii) An efficient evolutionary optimization approach has been adopted for finding the optimal set of hyper-parameters of LGBM for the projected problem. Here, a Genetic Algorithm (GA) with k-way tournament selection and uniform crossover operation is used for efficient exploration of hyper-parameter search space; iii) Finally, the performance of the proposed model is evaluated using state-of-the-art ensemble learning and machine learning-based model to achieve overall generalized performance and efficiency. Simulation outcomes reveal that the proposed approach is superior to other considered methods and proves to be a robust approach to intrusion detection in an IoT environment.     

Secure communication in CloudIoT through design of a lightweight authentication and session key agreement scheme

Internet of Things (IoT) is a newly emerged paradigm where multiple embedded devices, known as things, are connected via the Internet to collect, share, and analyze data from the environment. In order to overcome the limited storage and processing capacity constraint of IoT devices, it is now possible to integrate them with cloud servers as large resource pools. Such integration, though bringing applicability of IoT in many domains, raises concerns regarding the authentication of these devices while establishing secure communications to cloud servers. Recently, Kumari et al proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that it satisfies all security requirements and is secure against various attacks. In this paper, we first prove that the scheme of Kumari et al is susceptible to various attacks, including the replay attack and stolen-verifier attack. We then propose a lightweight authentication protocol for secure communication of IoT embedded devices and cloud servers. The proposed scheme is proved to provide essential security requirements such as mutual authentication, device anonymity, and perfect forward secrecy and is robust against security attacks. We also formally verify the security of the proposed protocol using BAN logic and also the Scyther tool. We also evaluate the computation and communication costs of the proposed scheme and demonstrate that the proposed scheme incurs minimum computation and communication overhead, compared to related schemes, making it suitable for IoT environments with low processing and storage capacity.     

Implementation and characterization of flash-based hardware security primitives for cryptographic key generation

Hardware security primitives, also known as physical unclonable functions (PUFs), perform innovative roles to extract the randomness unique to specific hardware. This paper proposes a novel hardware security primitive using a commercial off-the-shelf flash memory chip that is an intrinsic part of most commercial Internet of Things (IoT) devices. First, we define a hardware security source model to describe a hardware-based fixed random bit generator for use in security applications, such as cryptographic key generation. Then, we propose a hardware security primitive with flash memory by exploiting the variability of tunneling electrons in the floating gate. In accordance with the requirements for robustness against the environment, timing variations, and random errors, we developed an adaptive extraction algorithm for the flash PUF. Experimental results show that the proposed flash PUF successfully generates a fixed random response, where the uniqueness is 49.1%, steadiness is 3.8%, uniformity is 50.2%, and min-entropy per bit is 0.87. Thus, our approach can be applied to security applications with reliability and satisfy high-entropy requirements, such as cryptographic key generation for IoT devices.     

人工噪声辅助的多用户安全传输方法

针对传统人工噪声辅助的安全传输方法无法适用于发射天线数等于接收天线数的多用户(Multiuser, MU)多输入多输出(Multiple-Input Multiple-Output, MIMO)系统的问题,提出了一种人工噪声辅助的多用户安全传输新方法。通过合理设计人工噪声与预编码矩阵,该方法可在同时满足所有用户传输需求的基础上,显著提升发射天线数等于接收天线数的MU-MIMO系统的安全性。同时,针对提出的方法进行了检测算法与平均保密速率的推导与分析。理论分析与仿真结果表明,所提方法可有效提升无线通信系统的安全性,在信噪比为20 dB时,该方法较传统方法的平均保密速率提升达到120%。     

数据安全治理现状研究与分析

近年来,国内外数据泄露事件频发,大量企业的商业利益、声誉受损。数据安全法律法规相继颁布,监管力度不断升级,企业逐渐意识到数据安全治理的重要性与紧迫性。通过对2021年开展的企业数据安全治理能力评估现状进行整理,总结企业数据安全治理工作在组织建设、人才培养、技术工具等方面的现状与趋势,提供能力提升思路,以供业界参考。     

数据要素市场化的理论内涵、现实挑战和实践路径

数据要素是数字经济时代的全新生产要素,数据要素市场化在数字经济推进经济高质量发展中具有显著的战略意义.目前,全球对于数据要素的认识仍然处在积极探索中,正确把握数据要素市场化的新内涵、新特征、新要求、新挑战至关重要.在对数据要素市场化的理论内涵和重大意义进行系统阐述的基础上,通过数据要素市场化指数测度发现我国当前数据要素市场化起步晚、起步缓,面临数据产权确权难、数据价值评估难、数据交易流通难、数据保护监管难等挑战,从而从加快数据汇聚、推动数据流通、深化数据应用、强化数据安全等方面提出具有实践价值的解决路径.     

基于Focal-EIOU函数的被动式太赫兹图像违禁物品识别

针对被动式太赫兹安检系统因环境影响导致图像质量波动,从而影响识别算法,导致准确率大幅降低的问题,提出了基于Focal-EIOU损失函数的改进YOLOv4算法,并用被动式太赫兹人体安检图像对刀、枪违禁物品进行模型训练获得模型。建立不同环境、不同位置角度携带刀枪嫌疑物人员的太赫兹图像数据库,采用图像增广的方法构建丰富数据集;将YOLOv4的CIOU loss改进为Focal-EIOU loss,提高算法对太赫兹图像识别的鲁棒性,进而经过训练获得较优的模型。在本文的测试集中,使用改进后的算法训练的模型平均检测精确度(mAP)达到96.4%,检测速度在28 ms左右,交并比(IOU)平均值为0.95,在同等条件下高于常规算法,改善了检测识别的效果。实验结果表明,本文方法能够有效提高被动式太赫兹人体安检系统的嫌疑物识别准确率,有利于该项技术在人体安检领域的推广应用。     

Extracting embedded messages using adaptive steganography based on optimal syndrome-trellis decoding paths

Privacy protection is the key to maintaining the Internet of Things (IoT) communication strategy. Steganography is an important way to achieve covert communication that protects user data privacy. Steganalysis technology is the key to checking steganography security, and its ultimate goal is to extract embedded messages. Existing methods cannot extract under known cover images. To this end, this paper proposes a method of extracting embedded messages under known cover images. First, the syndrome-trellis encoding process is analyzed. Second, a decoding path in the syndrome trellis is obtained by using the stego sequence and a certain parity-check matrix, while the embedding process is simulated using the cover sequence and parity-check matrix. Since the decoding path obtained by the stego sequence and the correct parity-check matrix is optimal and has the least distortion, comparing the path consistency can quickly filter the coding parameters to determine the correct matrices, and embedded messages can be extracted correctly. The proposed method does not need to embed all possible messages for the second time, improving coding parameter recognition significantly. The experimental results show that the proposed method can identify syndrome-trellis coding parameters in stego images embedded by adaptive steganography quickly to realize embedded message extraction.     

浅析光以太网的网络安全

文章简单介绍了光以太网网络安全的基本技术,根据光以太网的特性分析了其物理安全隐患及可采取的防御措施,并对光以太网中数据的信息安全进行了分析,探讨了采用身份认证和信息加密方法加强信息安全性的具体实现策略.     

实施VoIP过程中的安全性考虑

随着 VoIP(Voice over IP)技术在全球电信市场的不断普及,VoIP的安全问题迫切需要得到解决,而这也是运营商开展业务的前提.VoIP安全可以分为业务的正常提供、业务内容的保密、呼叫者身份确认和系统安全等.文章分析了VoIP目前存在的安全威胁及其相应的防范措施.