ASSS '23: Proceedings of the Third International Symposium on Advanced Security on Software and Systems

Full Citation in the ACM Digital Library

SECBlock-IIoT: A Secure Blockchain-enabled Edge Computing Framework for Industrial Internet of Things

The IoT is widely used in a number of industries and generates large amounts of data. The data are processed, computed, and stored through distributed computing for analytical purposes. This invokes serious security and privacy concerns, and presents scalability issues. This paper describes a secure P2P and group communication supportive edge computing framework for IIoT systems, a consortium blockchain, and IPFS-based immutable data storage system, and an intelligent threat detection model to protect confidential data and identify cyber-attacks. Secure communications were ensured using a hybrid security scheme that included modified ECC, PUF, and Lagrange interpolation. We utilized a modified PoV consensus algorithm to resolve latency issues due to overhead and point of failure errors during block mining. The threat intelligence model used an autoencoder to transform data into a new format which was then fed into an RNN-DL to identify cyber-attacks. The model detected normal and anomalous activity, and then identified the category of detected malicious activity. We evaluated the framework according to various metrics and compared it with ECC, PoV, and ML-based classifiers. The results showed that the proposed system demonstrated a higher efficiency and improved scalability than conventional frameworks.

WinkFuzz: Model-based Script Synthesis for Fuzzing

Kernel fuzzing is important for finding critical kernel vulnerabilities. Close-source (e.g., Windows) operating system kernel fuzzing is even more challenging due to the lack of source code. Existing approaches fuzz the kernel by modeling syscall sequences from traces or static analysis of system codes. However, a common limitation is that they do not learn and mutate the syscall sequences to reach different kernel states, which can potentially result in more bugs or crashes.

In this paper, we propose WinkFuzz, an approach to learn and mutate traced syscall sequences in order to reach different kernel states. WinkFuzz learns syscall dependencies from the trace, identifies potential syscalls in the trace that can have dependent subsequent syscalls, and applies the dependencies to insert more syscalls while preserving the dependencies into the trace. Then WinkFuzz fuzzes the synthesized new syscall sequence to find system crashes.

We applied WinkFuzz to four seed applications and found a total increase in syscall number of 70.8%, with a success rate of 61%, within three insert levels. The average time for tracing, dependency analysis, recovering model script, and synthesizing script was 600, 39, 34, and 129 seconds respectively. The instant fuzzing rate is 3742 syscall executions per second. However, the average fuzz efficiency dropped to 155 syscall executions per second when the initializing time, waiting time, and other factors were taken into account. We fuzzed each seed application for 24 seconds and, on average, obtained 12.25 crashes within that time frame.

Blockchain-Based and Fuzzy Logic-Enabled False Data Discovery for the Intelligent Autonomous Vehicular System

Since the beginning of this decade, several incidents report that false data injection attacks targeting intelligent connected vehicles cause huge industrial damage and loss of lives. Data Theft, Flooding, Fuzzing, Hijacking, Malware Spoofing and Advanced Persistent Threats have been immensely growing attack that leads to end-user conflict by abolishing trust on autonomous vehicle. Looking after those sensitive data that contributes to measure the localisation factors of the vehicle, conventional centralised techniques can be misused to update the legitimate vehicular status maliciously. As investigated, the existing centralized false data detection approach based on state and likelihood estimation has a reprehensible trade-off in terms of accuracy, trust, cost, and efficiency. Blockchain with Fuzzy-logic Intelligence has shown its potential to solve localisation issues, trust and false data detection challenges encountered by today’s autonomous vehicular system. The proposed Blockchain-based fuzzy solution demonstrates a novel false data detection and reputation preservation technique. The illustrated proposed model filters false and anomalous data based on the vehicles’ rules and behaviours. Besides improving the detection accuracy and eliminating the single point of failure, the contributions include appropriating fuzzy AI functions within the Road-side Unit node before authorizing status data by a Blockchain network. Finally, thorough experimental evaluation validates the effectiveness of the proposed model.

BDFL: A Blockchain-Enabled FL Framework for Edge-based Smart UAV Delivery Systems

In recent years, edge-based smart unmanned aerial vehicle (UAV) delivery systems have attracted a lot of attention by both academia and industry given its promising business value and also as an ideal testbed for many emerging technologies such as edge computing, blockchain and machine learning. At the moment, one of the critical challenges for smart UAV delivery systems is data privacy since the massive amount of data is being generated by both users and UAVs and the data is used for training machine learning models to support various smart applications such as autonomous navigation, facial recognition, and person re-identification (ReID). To tackle such a challenge, federated learning (FL) has been widely used as a promising solution since it only needs to share and update model parameters with the centralised server without transmitting the raw data. However, conventional FL still faces the issue of the single-point-of-failure. To address these issues, in this paper, we propose BDFL, a Blockchain-enabled decentralised FL framework for edge-based smart UAV delivery systems. In our framework, Blockchain provides a decentralised network for FL to eliminate the need for a centralised server and store private data in the decentralised permissioned Blockchain to avoid the single-point-of-failure. To motivate our study and analyse the privacy concerns, we employ the person ReID application in smart UAV delivery systems as a typical example. In addition, we also provide the customised proof of quality factor (cPoQF) consensus protocol to address the scalability issue of the Blockchain in order to support the increasing number of smart applications in UAV delivery system. The effectiveness of the framework is demonstrated through experiments on energy efficiency, confirmation time and throughput, with further discussion on the impact of the incentive mechanism, and the analysis of its resiliency under various security attacks.