Filters
Availability
Publication Year
Resource Type
Faculty
School/Institute
Publication Search Results
Sort
Results per page
1 - 10 of 13
-
(2023)ThesisThe past decade has witnessed a surge of LoRaWAN systems and their applications. It is one of the most popular Internet of Things (IoT) solutions. Such networks connect 'smart' devices that communicate seamlessly over the Internet. It is estimated that there will be over 2.7 billion LoRaWAN devices connected to the Internet by 2025. As the number of devices increases, the security of LoRaWAN systems remains a major concern due to the broadcast nature of wireless communications and the challenges associated with cryptographic key management. Therefore, we proposed a key generation system and an authentication scheme to address these concerns. This thesis makes three new contributions to LoRa/LoRaWAN security. The first is a key generation algorithm to generate keys based on the channel (distribution) model of real-time Received Signal Strength Indicator (RSSI). Extensive evaluation with a campus LoRa testbed shows that the proposed system can improve key generation rates by three to five times compared to the state-of-the-art approach (LoRakey). The second contribution is a novel authentication scheme that takes the advantages of carrier frequency offset (CFO), and In-Phase and Quadrature (I/Q) features based on the unique radio signal characteristics of LoRa radio spread spectrum modulation. Compared to the state-of-the-art approach (SLoRa), our approach not only achieves similar accuracy in high Signal to Noise Ratio (SNR) scenarios, but also produces over 98% identification accuracy in ultra low SNR scenarios. The above approach improves the identification accuracy for transceiver authentication; however, since the I/Q features are based on transceiver power, the identification process is still related to device location, which means the identification will not work once the transceiver moves. Therefore, our third contribution is an improved identification algorithm for transceiver authentication. By exploiting machine learning (ML), the algorithm can use the spectrogram feature to identify transceivers even when they move their location. The proposed approach achieves 94% and 80% accuracy under low SNR scenarios and ultra low SNR scenarios.
-
(2022)ThesisBipartite graphs are extensively used to model relationships between two different types of entities. In many real-world bipartite graphs, relationships are naturally uncertain due to various reasons such as data noise, measurement error and imprecision of data, leading to uncertain bipartite graphs. In this thesis, we propose the (\alpha,\beta,\eta)-core model, which is the first cohesive subgraph model on uncertain bipartite graphs. To capture the uncertainty of relationships/edges, \eta-degree is adopted to measure the vertex engagement level, which is the largest integer k such that the probability of a vertex having at least k neighbors is not less than \eta. Given degree constraints \alpha and \beta, and a probability threshold \eta, the (\alpha,\beta,\eta)-core requires that each vertex on the upper or lower level have \eta-degree no less than \alpha or \beta, respectively. An (\alpha,\beta,\eta)-core can be derived by iteratively removing a vertex with \eta-degree below the degree constraint and updating the \eta-degrees of its neighbors. This incurs prohibitively high cost due to the \eta-degree computation and updating, and it is not scalable to large bipartite graphs. This motivates us to develop index-based approaches. We propose a basic full index that stores (\alpha,\beta,\eta)-core for all possible \alpha, \beta, and \eta combinations, thus supporting optimal retrieval of the vertices in any (\alpha,\beta,\eta)-core. Due to its long construction time and high space complexity, we further propose a probability-aware index to achieve a balance between time and space costs. To efficiently build the probability-aware index, we design a bottom-up index construction algorithm and a top-down index construction algorithm. Extensive experiments are conducted on real-world datasets with generated edge probabilities under different distributions, which show that (1) (\alpha,\beta,\eta)-core is an effective model; (2) index construction and query processing are significantly sped up by the proposed techniques.
-
(2022)ThesisPointer analysis addresses a fundamental problem in program analysis: determining statically whether or not a given pointer may reference an object in the program. It underpins almost all forms of other static analysis, including program understanding, program verification, bug detection, security analysis, compiler optimization, and symbolic execution. However, existing pointer analysis techniques suffer from efficiency and scalability issues for large programs. Improving their efficiency while still maintaining their precision is a long-standing hard problem. This thesis aims to improve the efficiency and scalability of pointer analysis for object-oriented programming languages such as Java by exploring fine-grained context sensitivity. Unlike traditional approaches, which apply context-sensitivity either uniformly to all methods or selectively to a subset of methods in a program, we go one step further by applying context-sensitivity only to a subset of precision-critical variables and objects so that we can reduce significantly the scale of Pointer Assignment Graph (PAG). Conducting pointer analysis on a smaller PAG enables the pointer analysis to run significantly faster while preserving most of its precision. This thesis makes its contributions by introducing three different fine-grained pointer analysis approaches for Java programs. The first approach, called TURNER, can accelerate k-object-sensitive pointer analysis (i.e., kOBJ) for Java significantly with negligible precision loss by exploiting object containment and reachability. The second approach, called context debloating, can accelerate all existing object-sensitive pointer analysis algorithms for Java by eliminating the context explosion problem completely for context-independent objects. In addition, we have also developed the first supporting tool, named CONCH, for identifying context-independent objects. The last approach, called P3CTX, represents the first precision-preserving technique for accelerating k-callsite-sensitive pointer analysis (kCFA) for Java based on a complete CFL-reachability formulation of kCFA for Java with built-in on-the-fly call graph construction (for the first time).
-
(2023)ThesisThis thesis targets two-level reliability in Driver Monitoring Systems for effective vehicle safety by addressing chip-level functional and image-level system reliability with the following contributions. Aiming to address chip-level functional reliability, this thesis proposes LFTSM - a Lightweight and Fully Testable Single-Event Upsets (SEUs) Mitigation System for SRAM-based Xilinx SoC FPGAs that combines a Xilinx internal configuration repair mechanism with an external scrubber in the processor cores. Existing SEU mitigation techniques, such as Triple Modular Redundancy and configuration scrubbing have high resource overheads, limited testability, or use resources that are susceptible to SEUs themselves. In comparison, LFTSM achieves reliability in resource-intensive applications with less than 1% resource overhead on XC7Z020 FPGA, widest fault coverage, and full testing control as per Automotive Safety Integrity Level, defined by ISO 26262. The proposed system achieves the lowest resource utilization in comparison to the existing solutions in literature, without the need for external memories or third-party tools. This thesis validates LFTSM through controlled fault injection with complete control over the number and locations of error injections in the configuration memory, achieving detection of upsets within 8ms and correction of single-bit and multi-bit upsets in a few milliseconds for XC7Z020 device. JPEG images transmitted over noisy channels render image reconstruction impossible and consequently, lead to severe degradation of CNN object detection performance on these corrupted JPEG images. Existing error-resilient techniques are often complex, offer no parameterization, have limited hardware implementation, or they need architectural changes. Aiming to address this image-level system reliability, this thesis proposes EPHJEG system - a novel FPGA-based error-resilient parameterizable and reconfigurable JPEG encoder core that enhances error resilience in JPEG images while improving CNN-based object detection performance on these images. The system is validated through controlled JPEG image corruptions. Results show a 3x improvement in relative robustness for COCO-C and Pinochle card datasets with the Faster-RCNN model. Additionally, this thesis contributes by exploring the EPHJEG error-resilient design space to identify efficient parameters that achieve adequate JPEG error resilience while maintaining a balance between reliability and overhead. At last, this thesis contributes by presenting a unique method that uses Restart Markers to selectively compress regions of interest (ROI), reducing the image file size for efficient storage and bandwidth. Results show that ROI-based selective encoding effectively reduces image file size. The FPGA SoC-based reliability systems presented in this thesis are successfully integrated and tested with industrial resource-intensive automotive applications. The conclusion highlights key findings and proposes future research areas.
-
(2023)ThesisDeep neural models have achieved impressive success and progress in the last decade. However, high-quality models require a large amount of data, parameters as well as computation power. This originates from the curse of dimensionality and poor out-of-distribution generalization of current probabilistic models. Current machine learning models requires data points to be independently identically distributed which is often not satisfied in real-world applications. This mismatch damages the direct application of classic learning models on out-of-distribution data. In this dissertation, we propose to explore this issue from three perspectives. First, we explore the impact of distribution perturbation under the adversarial attack, which validates the sensitivity of deep learning models under even small distribution shifts. To increase the robustness of our system, we propose a detection model in the recommendation system scenario. The second problem we investigate is the domain adaptation. Specifically, we study how to learn good representations to map samples from one domain to another domain in the image transfer setting. Finally, we probe into the domain generalization setting where a model aims to achieve better performance under multiple domains. We study the meta-learning models to learn directly from multi-task settings to explore a way to learn representation under a large distribution shift
-
(2023)ThesisImage classification has made remarkable success due to deep learning techniques and vast amounts of labeled data. However, in real-world scenarios, the data distribution is long-tailed, making acquiring sufficient labels difficult, thus hindering the performance of deep models. To overcome these obstacles, Zero-Shot Learning (ZSL) is proposed. ZSL aims to transfer classification ability from seen to unseen classes with semantic side information as the bridge. The success of ZSL requires two crucial abilities, i.e., the generalization ability to transfer classification capability to unseen classes and the specialization ability to extract discriminative features. This thesis investigates the two abilities to address ZSL and its variant, Generalized Zero-Shot Learning (GZSL), where testing images can come from both seen and unseen classes. To enhance the generalization ability, we employ a generative network and adapt it to diverse task characteristics to synthesize visual features of unseen classes and incorporate meta-learning to eliminate inherent biases towards seen classes. To improve the specialization ability, we increase the visual distinction between features by dynamically discovering global-cooperative localities and progressively aggregating them based on visual correlations. We further introduce spiral learning to improve locality learning with semantic generalization, which revisits visual representations guided by a series of attribute groups to understand complex semantic relationships. However, focusing solely on one of these abilities may result in either being overly general with decreased classification performance or too specialized to generalize to unseen classes effectively. Therefore, we propose to equip the two abilities simultaneously and balance them at the instance and dataset levels via a self-adjusted diversity loss and a linear annealed updating schedule. Additionally, we extend our approach to another ZSL scenario, Compositional ZSL (CZSL), where labels are combinations of attributes and objects, and conduct experiments in Open-World settings (OW-CZSL). In this setting, we enhance specialization by non-local and local attention mechanisms and improve generalization by disentangling attribute and object features. In summary, we propose novel frameworks for ZSL/GZSL/CZSL to improve and balance generalization and specialization abilities and achieve state-of-the-art performance in different settings on multiple benchmarks.
-
(2023)ThesisPersonalized collaborative intelligence aims to provide humans with a personalized experience. Recommender systems are essential to pave the way, helping people identify relevant, personalized content from large information spaces and make intelligent decisions. However, several challenges remain, such as coping with emerging new users, constantly shifting pools of content of interest, and context-dependent preferences. On the other hand, recommendation methods focus on modelling users' consistent preferences but may fail to capture the high dynamism in user interests and settings. Hence, dynamic recommendation emerges as a viable alternative, using dynamic recommendation procedures to increase recommendation performance. Specifically, this dissertation focuses on the following significant challenges: Modelling Feedback: User feedback varies, and it can be explicit or implicit. Implicit feedback is difficult to convert into a mathematical formulation and optimize. An accurate feedback model can guide recommender systems to update their policy and provide better recommendation results. Hence, modelling feedback properly when facing a user's dynamic intention would be challenging. Sparse Interactions: Recommender systems typically contain millions of data collected from prior interactions. Learning a suitable recommendation policy is challenging because not every record is useful. For example, before a user explicitly signals by making a purchase or rating the item of interest, a large amount of interaction data has been generated. The absence of explicit signals makes it difficult for recommender systems to learn an appropriate recommendation policy. Therefore, investigating a selection mechanism or method to improve recommendation performance is critical. Efficient Exploration: Given the sparse interaction nature of the recommender systems, another challenge is how to efficiently explore the useful trajectories to be used for training. The traditional approach focuses on random exploration, which is not strong enough for recommender systems. Hence, a specifically designed strategy will be required for the recommender systems.
-
(2023)ThesisIn recent years, there has been a rapid increase in the number of Internet of Things (IoT), which has dramatically changed daily living. Heterogeneous IoT deployments make vulnerability detection and mitigation difficult. Moreover, these devices constantly evolve, creating new attack vectors and making existing solutions rapidly ineffective. There is a need to address the IoT security problem from a broader perspective. Individual IoT devices need to be fine-tuned for security as well as there is a need to design innovative security monitoring methods by considering the IoT-specific requirements and not by merely adopting non-IoT solutions. In this dissertation, we address these challenges by providing a holistic security solution suitable for the ever-evolving IoT deployments. In the first work, we focus on the security of IoT devices by proposing a fundamentally different approach based on the "security-by-design" principle, where the software architecture of an IoT device is revamped to a completely modular one. Each IoT device comprises several programmable functional modules that may be dynamically plugged into and out of the device. A system administrator can remotely monitor the security level of all deployed IoT devices, design a customized mitigation plan for each device, and patch them on-the-fly to attain the required security level. These mitigation solutions may consist of modules provided by different vendors or publicly available and verified modules, reducing development efforts and catering to the prevailing lack of security expertise in the IoT industry. We thoroughly evaluated our approach using five diverse real-world IoT use cases and analyzed mitigation time, performance, and device functionality. The results reveal that the suggested approach can quickly mitigate installed IoT devices on-the-fly while using little CPU power and, on average, 4.5 percent of the device's RAM. Once the devices have been designed for better security, we focus on building IoT-specific security monitoring solutions. Most existing solutions are based on statistical learning systems that learn "normal" and "vulnerable" security scenarios from aggregate data. A major shortcoming in this approach is that IoT is a nascent field lacking large datasets. These devices are heterogeneous and lack sufficient historical records for any particular device. This lack of data results in poor performance of learning systems. In the later part of this dissertation, we focus on this shortcoming of IoT attack detection schemes. In our second contribution, we propose a novel solution that integrates machine learning with human judgment for error management. Humans can have insightful domain knowledge such as critical cases, irrelevant features, some essential rules, misjudged decisions, etc.. They, therefore, can quickly amend the error made by a statistical learning technique. We investigate IoT event-spoofing attacks on home automation systems. For human knowledge acquisition, we have used Ripple-down rules(RDR), where knowledge is acquired from human users by presenting a context, and the users then justify their conclusion by distinguishing features. We then evaluated our system on a publicly available dataset, showing that our method increases attack-detection accuracy despite utilizing a 100-fold smaller training dataset, demonstrating rapid learning due to its successful integration of human expertise and thus presenting a feasible solution IoT dynamics. In the next work, we have applied advanced machine-learning techniques to detect event-spoofing attacks. We treat the IoT events dataset as multi-variate temporal data. By performing temporal data transformations, we are able to reveal certain crucial patterns which are not visible through traditional statistical analysis. Our evaluation confirms that our time-series-based solution approach improves the spoof-event detection accuracy manifold, despite using a 100-fold and, for a few events, even a 500-fold reduced dataset.
-
(2024)ThesisThe push for digitising identities needs to occur with serious consideration of privacy in order to instil public confidence. However, the digital identity management sector still experiences leakage of Personally Identifiable Information (PII) due to improper data protection practices and security failures by the service providers. In this regard, the concept of Self-Sovereign Identity (SSI) is proposed under the premise of allowing users to exert complete control over their identities and credentials. Blockchain technology provides a neutral third-party platform for SSI ecosystems on which trust can be built to increase confidence in all participating parties to create, store, share and verify sensitive identity data. During identity data sharing, in SSI data exchange only happens between the data owner and the verifier without passing through any third parties. While this approach offers a privacy-centric solution, it poses a challenge in terms of the trusted source and oversharing of the shared data. This thesis presents a detailed implementation architecture of issuer management for trust and identity data-sharing features to ensure the privacy of blockchain-based SSI systems. This thesis makes three novel contributions. We first propose CredTrust, a trust propagation protocol that supports individuals of SSI who may attempt to issue a credential (e.g., a letter of consent) to be trusted as verifiable issuers in the SSI platform. To support the credential issuers in SSI with adequate trust we establish a trust propagation credential template in the blockchain. This template is designed in such a way that it can embed an update policy section prescribing for what purpose and by whom certain sections can be updated to propagate the required trust. Our approach utilises (i) the sanitizable signature scheme to propagate the trust to an individual issuer, and (ii) a voting mechanism to minimise the possibility of collusion while propagating the trust. A proof-of-concept of the protocol is implemented using health service consent delegation as an application scenario. Our implementation demonstrates that the solution is both practical and performs well under varying system loads. We also perform a qualitative security analysis of the proposed CredTrust protocol where we consider several probable attack scenarios and argue how our protocol defends against them. Next, we propose the design of a blockchain-based Self-Sovereign Identity (SSI) platform architecture named CredChain that allows secure creation, sharing and verification of credentials. Beyond the verification of identities and credentials, a flexible selective disclosure solution is proposed using redactable signatures to minimise the amount of shared data. The credentials are managed through a decentralised application/wallet which allows users to store their credential data privately under their full control and re-use as necessary. We implement a self-sovereign identity (SSI)-focused decentralised application (DApp) for credential management, ensuring no credential is stored on-chain and evaluate it using a real-world use case scenario. Finally, We show that our proposed CredChain architecture is secure by analysing its security with respect to the fundamental security goals. Our evaluation results show that CredChain architecture is feasible, secure and exhibits a level of performance that is within the expected benchmarks of the well-known blockchain platform, Parity Ethereum. In the last work, we propose CredAct, a user activity verification scheme, focusing on data minimisation. A variety of activity-sharing applications like discount offers, loyalty programs, and incentive systems require activity verification in their business processes. However, in any application, observing end-user activity is challenging because this allows the observer to collect vast amounts of users’ identity information (along with their real identity). Users are sometimes forced to disclose their activity and identity information for the sake of verifiability and hardly there is any limit to disclosure. This in turn raises serious privacy concerns like identifiability and linkability. Our proposed function-based requirement query forces the observer to collect only the required data. Secondly, we presented a novel ZKP-based cryptographic commitment that facilitates the users to hide the use of identity data from an issuer. The use of blockchain technology here makes the activity data-sharing process transparent. The evaluation results of CredAct show that the system is feasible with minimal operational overheads compared to traditional cryptographic techniques. We also perform a qualitative privacy and security analysis considering a relevant threat model.
-
(2024)ThesisAnonymity networks are becoming increasingly popular in today's online world as more users attempt to safeguard their online privacy. Tor is currently the most popular anonymity network and provides anonymity to users and services (hidden services). However, the anonymity provided by Tor is also being misused in various ways. Hosting illegal sites for selling drugs, hosting command and control servers for botnets, and distributing censored content are a few examples. As a result, various parties, including governments and law enforcement agencies, are interested in techniques that assist in de-anonymising the Tor network, disrupting its operations, and bypassing its censorship circumvention mechanisms. However, the encrypted traffic used by Tor makes the de-anonymisation more difficult. In this thesis, we focus on three distinct but interrelated tasks carried out to monitor anonymity network traffic (with a focus on the Tor network), which can help detect potential security threats and malicious actors. In the first work, we try to identify the classifiability of hidden service traffic. Hidden services refer to web services that can only be accessed via the Tor network and are responsible for a significant portion of the dark web. We employ machine learning to distinguish this hidden service traffic from other Tor traffic with >99% accuracy. Then, we investigate how certain modifications done to Tor traffic to obfuscate its information leakage affect our techniques while identifying the most influential feature combinations for our classification task. In the second work, we explore website fingerprinting, which is one of the main de-anonymisation techniques against Tor users. It can be used to confirm the online activities of target users over Tor. In our experiments, we identified that Decentralised applications (DApps) are harder to fingerprint compared to conventional websites and reload traffic can reduce the accuracy of current website fingerprinting techniques considerably (more than 40% in some cases). We also propose two new Graph Neural Network-based website fingerprinting techniques that outperform existing techniques when applied to reloading traffic and DApp traffic. In the final work, we focus on one of the most concerning but less studied areas related to Tor, in which we try to investigate the existence of malware traffic concealed in Tor and classify this malware into different classes. We utilise machine learning techniques to improve the accuracy of malware class identification. The techniques we use improved the micro-average precision and recall of existing techniques by ~20% and ~10%, respectively. In addition, we try to use Explainable Artificial Intelligence (XAI) techniques to interpret our results and investigate the resilience of the classifiers against evasion attacks. Last but not least, we develop a testbed to simulate botnet communications in Tor and collect a new dataset for future research.