CIFS 2019: International Workshop on Cloud, Fog and IoT Security

Programme

The workshop programme is now available. The workshop will run on Monday, December 2, from ~~14.00~~ 14.25 in room WG404 in the UCC 2019 venue Sir Paul Reeves Building (WG), AUT City Campus. Plan your visit!

~~14.00~~ 14.25: Workshop Opening

~~14.05~~ 14.30: Intelligent Price Alert System for Digital Assets - Cryptocurrencies ⁕ Sronglong Chhem, Ashiq Anjum, Bilal Arshad

With the features of public verifiability without compromising privacy, Blockchain enables a wide variety of use cases like online payment, food and supply chain. These applications operate using their specific digital assets. These assets are tradable on exchanges forming a cryptocurrency market. However, this market is very volatile; for some digital currencies trading prices can experience a sudden spike up or downturn in a matter of minutes. Traders are facing difficulties catching up with all the price movements unless they are monitoring them manually. Hence, we propose a real-time alert system for monitoring those trading prices, sending notifications to users if any target prices match or an anomaly occurs. We adopt a streaming platform as the backbone of our system. It can handle thousands of messages per second with low latency rate at around 19 seconds on our testing environment. We use Long-Short-Term-Memory (LSTM) model as an anomaly detector and normalisation to improve LSTM’s performance. We compare the impact of five different data normalisation approaches on Bitcoin and Etherum price dataset. Result shows that decimal scaling produces only MAPE of 8.4 per cent, and 6.39 per cent prediction error rate on daily price data for both currencies respectively, which is the best performance achieved compared to other observed methods. However, with one-minute interval dataset, our model produces higher prediction error making it impractical to distinguish between normal and anomaly points of price movement.

~~14.30~~ 15.00: MEML: Resource-aware MQTT-based Machine Learning for Network Attacks Detection on IoT Edge Devices ⁕ Andrii Shalaginov, Oleksandr Semeniuta, Mamoun Alazab

Growing number of Smart Applications in recent years bring a completely new landscape of cyber-attacks and exploitation scenario that have not been seen in wild before. Devices in Edge commonly have very limited computational resources and corresponding power source reducing the number of conventional cybersecurity measures available for deployment. This also puts strict requirements on how the signatures of malicious actions can be updated and actualized. It has been proved efficiency of Machine Learning models, Neural Networks in particular, in multiple tasks related to cybersecurity due to the high-abstract precise models and training from historical data. However, when it comes to the devices in Edge, it is clear that the extensive training of the model is not possible, while testing of new unseen data can be successfully done. In addition to the conventional understanding of off-line and on-line model training, this contribution looks into how the Machine Learning can be successfully deployed on IoT while putting unnecessary computations off-chip through parameters transfer over MQTT network, reducing computational footprint on micro-controllers. We believe that proposed approach will be beneficial for many applications in resource-constrained environment.

~~15.00~~ 15.30: Blockchain as a Trusted Component in Cloud SLA Verification ⁕ Amir Teshome Wonjiga, Sean Peisert, Louis Rilling, Christine Morin

Migrating an application from local compute resources to commercial cloud compute resources involves giving up full control of the physical infrastructure, as the cloud service provider (CSP) is responsible for managing the physical infrastructure, including its security. The reliance of a tenant on a service provider can create a trust issue around whether the CSP is upholding its end of the bargain. CSPs acknowledge this and provide a guarantee through a Service Level Agreement (SLA). SLAs need to be verified for satisfaction of the defined objectives. Such a verification procedure needs to be unbiased and independently achievable i.e. both tenants and CSPs should be allowed to run the verification without relying on the other party, otherwise the trust issue can be raised again. In this paper, we consider an SLA offered by the provider that guarantees the integrity of tenants’ data, and propose a verification method, i.e. an integrity checking method, which is based on a distributed ledger. Specifically, our proposed method allows both CSPs and tenants to perform integrity checking without one party relying on the other. The method uses a blockchain, a distributed ledger, to store evidence of data integrity. Assuming the ledger as a secure, trusted source of information, the evidence can be used to resolve conflicts between providers and tenants. In addition, we present a prototype implementation and an experimental evaluation to show the feasibility of our verification method and to measure the time overhead.

16.00: Afternoon Tea (room WG 201)

~~15.30~~ 16.30: CORP: An Algorithm to Prevent Unauthorised Data Modification using Collaborative Nodes ⁕ Alan T Litchfield, Monjur Ahmed

The COllaborative Redundant Processing (CORP) algorithm is an approach to prevent unauthorised modification of data in a decentralised and distributed computing environment. Built on Ki-Ngā-Kōpuku, a distributed and decentralised security model for Cloud Computing, where redundant nodes are functionally identical, the nodes collectively maintain consistency and integrity of processed data. If a single node is compromised and acts maliciously to modify data, other nodes detect the action. CORP extends the functionality of Ki-Ngā-Kōpuku and is developed mainly for a Cloud Computing context, but the concept can be used in any distributed and decentralised environment to provide consistency, integrity, and availability.

~~16.30~~ via video: Concurrent Failure Recovery for MSR Regenerating Code via Product Matrix Construction ⁕ Jingyao Zhang

Abstract: Node failures are very common in distributed storage systems. Regenerating codes can minimize the network bandwidth required to recover the data lost on the failed nodes. Minimum Storage Regenerating (MSR) code is a class of regenerating codes that can maximize the storage efficiency, meanwhile minimizing the repair bandwidth. The original MSR code via Product Matrix (PM) provides a means for single failed node recovery. In this work, an algorithm of recovering multiple failed nodes concurrently with the minimum feasible bandwidth will be proposed, extending the framework of the original PM MSR code. Based on the proposed strategy, the needed bandwidth for centralized and distributed recovery policies, which are the two major categories of repairing policies, will be explicitly expressed against the coding parameters and the number of failed nodes, hence numerical comparison can be made between them. Moreover, the impact of Repairing Degree (the number of surviving nodes from which the assistant data are downloaded ) on the bandwidth cost will be studied to help make optimal decision in practical storage systems.

17.00: Techniques for Mutual Auditability in a Cloud Environment ⁕ Daniel Ladouceur, Bimmy Pujari, Edward Gleeck, Joel Coffman

Mutual auditability offers visibility between a cloud service provider (CSP) and cloud service customer (CSC), informing both of the risks posed by their association with the other. In this work, we develop and experiment with two systems designed to enable such auditability: a specialized network-based intrusion detection system (NIDS) implementation, traditional-based intrusion system (TBIS), that gives CSPs insight into the malicious activity by clients’ virtual machines (VMs) without undermining the CSC’s privacy, and a complementary system, hypervisor-based intrusion system (HBIS), that provides visibility into malicious activities of co-resident CSCs by detecting side channel-based attacks. In order to ensure that our design does not introduce new vulnerabilities into the cloud environment, we examine the potential of using these auditing tools as attack vectors themselves and potential mitigations if such vulnerabilities are found.

17.30: Novel Applications of Stealth Computing ⁕ J. Spillner (impulse talk)

In information-sensitive environments, such as cloud application hosting for banks and insurance companies, multiple competing requirements need to be fulfilled: The information processing needs to be fast, secure, failsafe, scalable, and economically viable. For information search and data analytics applications, specifically, the resulting trade-offs are complicated further by having additional requirements on precision, absence of false positives, and regulatory compliance. In this impulse talk, we present the problem domain and motivate to consider the use and advancement of stealth computing algorithms. The talk will not talk about solutions, but rather instigate a critical discussion in the context of increasingly complex cloud and fog deployments.

18.00: Workshop Closing

Description

The processing of sensitive information is a cross-cutting topic unimpressed by imaginary system boundaries. In many scenarios, sensors or actors are connected to on-site compute units and fog systems which themselves are connected to clouds. The transmission, processing and storage of information needs to be secured across the entire chain or network, using diverse mechanisms often outside the control of the application developer. This workshop aims to discuss recent advances around holistic security aspects involving availability, integrity, confidentiality, non-repudiability and other guaranteeable properties.

Topics of Interest

We solicit research papers (up to 6p) and technical industry reports (typically 3-6p) on the following topics:

Secure cloud computing concepts (homomorphic encryption, enclaves, hardware security modules, stealth computing among others)
Long-term distributed data storage security and proof-of-ownership/provision/retrievability
End-to-end security concepts across IoT-fog-cloud continuums
Physical and digital security of IoT deployments, smart meters and other end devices
Privacy and economics considerations as well as trade-offs
Risks and threats including spoofing, identity manipulation and distortion
Audit facilities and compliance mechanisms
Cross-border, cross-provider and cross-stack security issues
Human factors: simplicity and controllability of security measures
Applications in digitalised health care, ecology, agriculture and other fields

Submission Information

Submitted papers should contain results or reports not already published or submitted elsewhere, in ACM format. All papers will be peer reviewed by at least three programme committee members. The evaluation will be based on originality, relevance of the problem to the workshop topics, technical strength, quality of results, and clarity of the presentation. The publication of the workshop proceeding with all accepted papers will be by the ACM and will appear in the same volume as the UCC 2019 and BDCAT 2019 conferences. At least one author of each accepted submission must register in full and attend the workshop to present and all workshop participants must pay the ACM conference or workshop registration fee.

CIFS 2019 submission @ HotCRP

Important Dates

Submission ~~September 15~~ September 23, 2019 (hard deadline)
Notification ~~October 1~~ October 14, 2019
Camera-ready & registration ~~October 15~~ October 27, 2019

All deadlines are indicated as AOE - Anywhere On Earth.

Technical Programme Committee (under construction)

Bryce Antony, Auckland University of Technology, New Zealand
Nitin Auluck, Indian Institute of Technology Ropar, India
Martin Beck, Huawei, Germany
Andrey Brito, UFCG, Brazil
Ciarán Bryce, HES-SO, Switzerland
Mozhdeh Farhadi, U-Hopper, Italy
Martin Garriga, JADS, The Netherlands
Gürkan Gür, ZHAW, Switzerland
Piyush Harsh, ZHAW, Switzerland
Jens Jensen, Science and Technology Facilities Council, UK
Stephen Kirkman, Regis University, USA
Marc Lacoste, Orange Labs, France
Glenford Mapp, Middlesex University, UK
Maghsoud Morshedi, EyeNetworks, Norway
Hani Nemati, Polytechnique Montréal, Canada
Abid Shahzad, ICL Graduate Business School, New Zealand
Massimo Villari, Università di Messina, Italy
Zichuan Xu, Dalian University of Technology, China

Workshop Organisers

Josef Spillner, Zurich University of Applied Sciences, Switzerland
Manar Abu Talib, University of Sharjah, United Arab Emirates
Qassim Nasir, University of Sharjah, United Arab Emirates
Farhad Khalilnia, Penta