Julian Jang-Jaccard

Effective Security Analysis for Combinations of MTD Techniques on Cloud Computing (Short Paper)

Moving Target Defense (MTD) is an emerging security solution based on continuously changing attack surface thus makes it unpredictable for attackers. Cloud computing could leverage such MTD approaches to prevent its resources and services being compromised from an increasing number of attacks. Most of the existing MTD methods so far have focused on devising subtle strategies for attack surface mitigation, and only a few have evaluated the effectiveness of different MTD techniques deployed in systems. We conducted an in-depth study, based on realistic simulations done on a cloud environment, on the effects of security and reliability for three different MTD techniques: (i) Shuffle, (ii) Redundancy, and (iii) the combination of Shuffle and Redundancy. For comparisons, we use a formal scalable security model to analyse the effectiveness of the MTD techniques. Moreover, we adopt Network Centrality Measures to enhance the performance of security analysis to overcome the exponential computational complexity which is often seen in a large networked mode.

A Privacy Preserving Platform for MapReduce

Big data applications typically require a large number of clusters, running in parallel, to process data fast and more efficiently. This is typically controlled and managed by MapReduce. In MapReduce operations, Mappers transform input original key/value pairs to a set of intermediate key/value pairs while Reducers aggregate a set of intermediate values, compute and write to the output. The output however can bring serious privacy concerns. Firstly, the output can directly leak sensitive information because it contains the global view of the final computation. Secondly, the output can also indirectly leak information via composite attacks where the adversary can link it with public information published via different sources such as Facebook or Twitter. To address such privacy concerns, we propose a privacy preserving platform which can prevent privacy leakage in MapReduce. Our platform can be plugged into the Reduce phase to sanitize the final output in such a way that the privacy is preserved while it yet provides a high data utility. We demonstrate the feasibility of our platform by providing empirical studies and highlights that our proposal can be used for real life applications.

Towards privacy-preserving classification in neural networks

The requirement for data privacy is limiting to exploit the full potential of what modern data analytic capability could offer. To address such privacy concern, a number of techniques based on homomorphic encryption (HE) have been proposed to allow analytic computation, such as classification based on machine learning techniques, to run on encrypted data. However, these HE-based techniques suffer from a heavy computation overhead due to cryptographic computations having to be done on the encrypted data. We propose a non-colluding dual cloud system that utilizes Paillier cryptosystem. We illustrate how our proposal could reduce inherent computation overhead many similar techniques suffer. Such reduction could make our proposed system to be an ideal solution to use in the real world application.

Privacy Issues in Big Data Mining Infrastructure, Platforms, and Applications

1Department of Electrical and Computer Engineering, The University of Auckland, Auckland 1023, New Zealand 2Institute of Natural and Mathematical Sciences, Massey University, Auckland 0632, New Zealand 3School of Information Science and Engineering, Chinese Academy of Education Big Data, Qufu Normal University, Qufu 276826, China 4Department of Computer and Information Sciences, Fordham University, JMH 328A, Bronx, NY, USA 5School of Computing Science, Newcastle University, Newcastle NE4 5TG, UK

Comprehensive Security Assessment of Combined MTD Techniques for the Cloud

Moving Target Defense (MTD) is a proactive security solution, which can be utilized by cloud computing in order to thwart cyber attacks. Many MTD techniques have been proposed, but there is still a lack of systematic evaluation methods for assessing the effectiveness of the proposed MTD techniques, especially when multiple MTD techniques are to be used in combinations. In this paper, we aim to address the aforementioned issue by proposing an approach for modeling and analysis of MTD techniques. We consider four security metrics: system risk, attack cost, return on attack, and availability to quantify the security of the cloud before and after deploying MTD techniques. Moreover, we propose a Diversity MTD technique to deploy OS diversification with various variants on multiple VMs and also combined Shuffle, Diversity, and Redundancy MTD techniques to improve the security of the cloud. We analyze the security metrics before and after deploying the proposed techniques to show the effectiveness of them. We also utilize importance measures based on network centrality measures into security analysis phase to improve the scalability of the MTD evaluation.

Anonymizing k-NN Classification on MapReduce

Data analytics scenario such as a classification algorithm plays an important role in data mining to identify a category of a new observation and is often used to drive new knowledge. However, classification algorithm on a big data analytics platform such as MapReduce and Spark, often runs on plain text without an appropriate privacy protection mechanism. This leaves user’s data to be vulnerable from unauthorized access and puts the data at a great privacy risk. To address such concern, we propose a new novel k-NN classifier which can run on an anonymized dataset on MapReduce platform. We describe new Map and Reduce algorithms to produce different anonymized datasets for k-NN classifier. We also illustrate the details of experiments we performed on the multiple anonymized data sets to understand the effects between the level of privacy protection (data privacy) and the high-value insights (data utility) trade-off before and after data anonymization.

A Secure Server-Based Pseudorandom Number Generator Protocol for Mobile Devices

Mobile devices play an essential role in telecommunication era. The need for securing this type of communications is inevitable. The majority of security and cryptographic protocols require unpredictable random numbers. However, mobile computing devices have difficulty in generating random numbers due to constraints in terms of power and computing resources. We propose a novel pseudorandom number generator protocol to enable secure communication between mobile devices and a trusted centralized server. The trusted centralized server generates qualified random numbers based on the location of mobile device specified by geographical latitude and longitude. We evaluate the quality of generated random bit sequences through the National Institute of Standards and Technology (NIST) tests, and compare them with other methods in regard to security and quality of generated random numbers. The quality of the randomness of generated numbers is comparable to that from the existing methods and more superior than them found in use in mobile devices today.