Browsing by Author "Safavi-Naini, Rei"
Now showing 1 - 7 of 7
Results Per Page
Sort Options
Item Open Access Bandit-based Delay-Aware Service Function Chain Orchestration at the Edge(2021-04-21) Wang, Lei; Ghaderi, Majid; Krishnamurthy, Diwakar; Safavi-Naini, ReiMobile Edge Computing (MEC) enables both cloud computing and edge computing for mobile users, providing them with intensive computing resources and proximity to the data sources. When combined with network function virtualization (NFV), MEC provides users with promising end-to-end latency and management for mobile applications that requires multiple computing resources. Such applications are often handled in a fashion of service function chain (SFC), which designates a sequence of virtual network functions (VNF) for users’ traffic to traverse in order to realize their network application. In order to provide the user a tolerated perceived latency for a SFC-based application, many existing works have taken aim at optimal system-wide placement for SFC in heterogeneous scenarios yet fewer works have studied user-managed placement. In this paper, we formulate the user-managed SFC placement in MEC as a contextual combinatorial multi-arm bandit (C2MAB) problem and proposed BandEdge, a bandit-based algorithm for online SFC placement on edge, which consider user’s mobility and service preference while jointly optimizing their perceived latency and service migration delay, and then propose an offline exact approach for the role of performance benchmark. To fit the SFC placement problem in a bandit framework, we model the nodes and links to be arms by viewing them as delays and selects them according to a strategy that balances exploration and exploitation. Finally, we evaluate the proposed algorithm in extensive simulation and Mininet-WiFi emulation experiments, numeric simulation results show that the proposed algorithm can achieve close-to-optimum performance and outperform the greedy learning algorithms by at least 50 percent in terms of scalability. We further validate the superior performance of our proposed method in Mininet-WiFi emulation under different environmental parameters.Item Open Access Facial Attribute Recognition and its Application in Drug Abuse Detection(2019-07-04) Tekkam Gnanasekar, Sudarsini; Yanushkevich, Svetlana; Curiel, Laura; Safavi-Naini, ReiFace attribute analysis is a valuable aide in biometric-based human identification. This is a challenging task due to variations in lighting, occlusion, pose and other variables. This work proposes an effective and robust approach to detect up to 40 face attributes using deep machine learning models such as Convolutional Neural Networks(CNNs). The focus is on using different pretrained CNNs to extract features from the intermediate CNN layers for face attribute recognition. Also, feature level fusion is proposed by concatenating the features extracted from the intermediate layers of the CNNs, thus using ensemble features. Classification of face attributes was performed using a linear Support Vector Machine (SVM) and end-to-end training of using CNN for both feature extraction and classification was also considered. The proposed face attribute recognition is also applied in this study for the purpose of detection of the selected attributes that are indicative of the prolonged illicit drug abuse, using the public database FacesOfMeth. Both the deep neural networks for feature extraction and attribute detection, and machine reasoning performed using Bayesian networks are applied. The feasibility and performance of the proposed approach on the public databases of faces with labeled attributes is evaluated in terms of accuracy, precision, sensitivity and specificity.Item Open Access HCAP: A History-Based Capability System for IoT Devices(2018-01-23) Tandon, Lakshya; Fong, Philip W.L.; Safavi-Naini, Rei; Jacobson, Michael J. JrPermissions are highly sensitive in Internet-of-Things (IoT) applications, as IoT devices collect our personal data and control the safety of our environment. Rather than simply granting permissions, further constraints shall be imposed on permission usage so as to realize the Principle of Least Privilege. Since IoT devices are physically embedded, they are often accessed in a particular sequence based on their relative physical positions. Monitoring if such sequencing constraints are honoured when IoT devices are accessed provides a means to fence off malicious accesses. This thesis proposes a history-based capability system, HCAP, for enforcing permission sequencing constraints in a distributed authorization environment. It formally establishes the security guarantees of HCAP, and empirically evaluates its performance.Item Open Access Personalized Privacy Preservation in IoT(2022-03) Onu, Emmanuel; Barker, Ken; Patrick Keenan, Thomas; Henry, Ryan; Hengartner, Urs; Safavi-Naini, ReiThe widespread use and deployment of the Internet of Things (IoT) devices have been instrumental in automating many of our everyday tasks. Its ability to seamlessly integrate and improve the activities in our daily lives has created a wide application for it in several domains, such as smart buildings and cities. However, despite the numerous benefits associated with the integration of the IoT, there are some privacy challenges. These privacy challenges result from the ability of IoT devices to pervasively collect data about their surroundings, which could reveal sensitive information. Though the data may be collected for genuine purposes such as service personalization, previous research has identified two fundamental causes of privacy concern with data collection: 1) the lack of awareness of the presences and practices of data collecting IoT devices, and 2) the lack of control over data collected by these devices. Current efforts to address the issue of privacy awareness raise a new problem of how to deal with the cognitive burden associated with making several privacy decisions across different contexts. In addition, very little work has developed approaches for giving users control over their privacy in a smart environment. To address the privacy challenges with the IoT, it is vital to create a privacy-sensitive smart environment. A core tool required for such an environment is an intelligent personalized privacy assistant that will mediate the interactions between users and IoT devices around them. Some of the essential requirements for this privacy assistant include notification about data collecting IoT devices, user preference capturing, and privacy recommendations. In this research, we focus on some of the vital requirements for this privacy-preserving smart environment, which include IoT privacy policy modeling, user preference evaluation, user privacy preference prediction, and privacy contract negotiation. Privacy policy modeling is essential for creating privacy awareness and capturing users' preferences. We present important privacy dimensions that should be contained within an IoT privacy policy. Additionally, an understanding of people's privacy preferences is key to giving them control over their privacy and creating a more privacy-sensitive environment. We propose a workflow for analyzing three key preferences of people in an IoT environment: Notification, Control, and Permission. Furthermore, we offer a novel approach for predicting people's privacy preferences using a hybrid of Knowledge-based and Collaborative Filtering (CF), an approach commonly employed in recommender systems. Our approach is based on the premise that people share similar privacy preferences. Therefore, we predict the privacy decisions of a person by considering the privacy decisions made by people who are like them and have made privacy decisions in a similar context. The semantic similarity between two IoT contexts is established through the help of a taxonomy defined over each variable that composes the context. We then evaluate the efficiency of our approach using a dataset that contains the privacy preferences of 172 participants obtained in a simulated campus-wide IoT environment. Finally, we present a privacy contract negotiation protocol for the IoT based on the infrastructures in our privacy-preserving smart environment framework.Item Open Access Scoping and Execution Monitoring for IoT Middleware(2018-01-23) Fuentes Carranza, Juan Carlos; Fong, Philip; Cockett, Robin; Safavi-Naini, Rei; Fong, PhilipExisting Internet of Things architectures rely on middleware (cloud services) to host coordination logic among devices. This middleware is based on Event Based Systems where the Broker architecture and the Publish/Subscribe design pattern are used to deal with heterogeneous environments and for decoupling purposes, being the MQTT protocol one of the most extensively used Event Based Systems for Internet of Things Solutions. Two prominent security issues in these type middleware are: possible network interruptions between devices and the middleware, and potentially compromised devices. This thesis proposes Scoping and Execution Monitoring in Event Based Systems to cope with possible network disconnections, and to deal with misbehavior of faulty or compromised devices. I define a mathematical model for Event Based Systems where the interplay between Scoping and Execution monitoring is formalized, and empirically evaluate the performance of these security mechanisms.Item Open Access Secret Key Agreement over Two-Way Broadcast Channels(2009-11-19T17:46:24Z) Ahmadi, Hadi; Safavi-Naini, ReiWyner, and later Csisz´ar-and-K¨orner, studied the problem of secure communication over noisy channels. They proved that positive rates for one-way secure communication are achievable provided that the eavesdropper’s channel is noisier than the main channel. This paper considers the problem of information-theoretically secure key agreement when Alice and Bob are connected by a two-way noisy broadcast channel: that is, each party has access to a noisy broadcast channel that they can use for sending messages. We define secrecy capacity (for key agreement) of twoway broadcast channels and obtain a lower bound by presenting three key agreement protocols. In the first two protocols the key is effectively determined by one of the parties and securely delivered over the noisy channels. The third protocol, however, uses a novel interactive channel coding technique that results in a shared key which is a noisy version of the initiator’s message. We apply our results to the case that the noisy channels are binary symmetric and derive expressions for the secrecy capacities of the three protocols. We show that by using interactive coding, in some cases, it is possible to establish a secure key even if the main channel is 10 times noisier than the eavesdropper’s channels. Our results have theoretical and practical significance. We discuss our results and future work.Item Open Access Secure Distance Bounding(2015-02-03) Zheng, Xifan; Safavi-Naini, ReiLocation (or distance) information of a device plays a significant role in current location-based systems. How to determine the location of a device or verify the location claims made by a device is challenging, as devices are untrusted and may have an incentive to claim a false location. In secure localization and positioning system, the trusted verifier(s) interact with the untrusted prover to determine its location or validate its location claim. In this thesis, we mainly focus on one of the prominent areas of such systems: distance bounding. Distance (upper) bounding (DUB) allows a verifier to verify whether a proving party is located within a certain distance bound. DUB protocols have many applications in secure authentication and location-based services. This thesis has two main contributions. The first is that we consider the dual problem of distance lower bounding (DLB), where the prover proves it is outside a distance bound from the verifier. We motivate this problem through a number of application scenarios and model security against distance fraud (DF), Man-in-the-Middle (MiM), and collusion fraud (CF) attacks. We prove impossibility of security against these attacks without making physical assumptions. We propose approaches to the construction of secure protocols under reasonable physical assumptions and give detailed design of a DLB protocol with security analysis using our proposed model. This is the first treatment of the DLB problem in the untrusted prover setting with a number of applications, raising new research directions and opportunities in location based services. We discuss our results and propose directions for future research. One of the main assumptions which DUB protocols rely on is that the time that the prover spends in receiving the challenge, processing, and sending the response is negligible compared to the propagation time of the signal between the prover and verifier. This strict requirement poses difficulties on the implementation of DUB protocols and limits the possible development of applications for distance bounding as well. The second contribution in this thesis is that we design a novel one-round DUB protocol that uses one-way transmission time to estimate the distance instead of round-trip time, so that the assumption of negligible processing time is not required any longer. In order to prove the security, we formalize the notion of time in a distributed environment with adversarial users. In this model, time is implemented by a trusted party broadcasting unpredictable timestamps at a high frequency. We show that the timestamp is proved to be fresh and unpredictable. We then extend the time model to formalize DUB protocols and define corresponding attacks. Finally, we prove the security of our proposed distance bounding protocol and discuss potential issues when implementing such protocol. Besides these two main contributions, we also have the following two contributions: (1) we identify and analyze a new attack: false rejection attack, which poses serious threat to proximity-based authentications that uses distance bounding protocol for proximity evaluation; (2) We investigate the feasibility of replay attack in context-based proximity authentication using real-world data.