-
A detailed examination of polysilicon resistivity incorporating the grain size distribution
Authors:
Mikael Santonen,
Antti Lahti,
Zahra Jahanshah Rad,
Mikko Miettinen,
Masoud Ebrahimzadeh,
Juha-Pekka Lehtiö,
Enni Snellman,
Pekka Laukkanen,
Marko Punkkinen,
Kalevi Kokko,
Katja Parkkinen,
Markus Eklund
Abstract:
Current transport in polysilicon is a complicated process with many factors to consider. The inhomogeneous nature of polysilicon with its differently shaped and sized grains is one such consideration. We have developed a method that enhances existing resistivity models with a two-dimensional extension that incorporates the grain size distribution using a Voronoi-based resistor network. We obtain g…
▽ More
Current transport in polysilicon is a complicated process with many factors to consider. The inhomogeneous nature of polysilicon with its differently shaped and sized grains is one such consideration. We have developed a method that enhances existing resistivity models with a two-dimensional extension that incorporates the grain size distribution using a Voronoi-based resistor network. We obtain grain size distributions both from our growth simulations (700 K, 800 K, and 900 K) and experimental analysis. Applying our method, we investigate the effect that variation in grain size produces with cases of different average grain sizes (2 nm to 3 $μ$m). For example, the resistivity of polysilicon with an average grain size of 175 nm drops from 11 k$Ω$ $\cdot$ cm to 4.5 k$Ω$ $\cdot$ cm when compared to conventional one-dimensional modeling. Our study highlights the strong effect of grain size variation on resistivity, revealing that wider distributions result in significant resistivity reductions of up to more than 50%. Due to the larger grains present with a grain size distribution, current transport encounters fewer grain boundaries while the average grain size remains the same resulting in fewer barriers along the current transport path. Incorporating the grain structure into the resistivity modeling facilitates a more detailed and comprehensive characterization of the electrical properties of polysilicon.
△ Less
Submitted 20 December, 2024;
originally announced December 2024.
-
Quantifying the efficiency of principal signal transmission modes in proteins
Authors:
Anil Kumar Sahoo,
Richard Schwarzl,
Markus S. Miettinen,
Roland R. Netz
Abstract:
On the microscopic level, biological signal transmission relies on coordinated structural changes in allosteric proteins that involve sensor and effector modules. The timescales and microscopic details of signal transmission in proteins are often unclear, despite a plethora of structural information on signaling proteins. Based on linear-response theory, we develop a theoretical framework to defin…
▽ More
On the microscopic level, biological signal transmission relies on coordinated structural changes in allosteric proteins that involve sensor and effector modules. The timescales and microscopic details of signal transmission in proteins are often unclear, despite a plethora of structural information on signaling proteins. Based on linear-response theory, we develop a theoretical framework to define frequency-dependent force and displacement transmit functions through proteins and, more generally, viscoelastic media. Transmit functions quantify the fraction of a local time-dependent perturbation at one site, be it a deformation, a force, or a combination thereof, that survives at a second site. They are defined in terms of equilibrium fluctuations from simulations or experimental observations. We apply the framework to our all-atom molecular dynamics simulation data of a parallel, homodimeric coiled-coil (CC) motif that connects sensor and effector modules of a blue-light-regulated histidine kinase from bacterial signaling systems extensively studied in experiments. Our analysis reveals that signal transmission through the CC is possible via shift, splay, and twist deformation modes. Based on the results of mutation experiments, we infer that the most relevant mode for the biological function of the histidine kinase protein is the splay deformation.
△ Less
Submitted 18 March, 2024;
originally announced March 2024.
-
Unleashing IoT Security: Assessing the Effectiveness of Best Practices in Protecting Against Threats
Authors:
Philipp Pütz,
Richard Mitev,
Markus Miettinen,
Ahmad-Reza Sadeghi
Abstract:
The Internet of Things (IoT) market is rapidly growing and is expected to double from 2020 to 2025. The increasing use of IoT devices, particularly in smart homes, raises crucial concerns about user privacy and security as these devices often handle sensitive and critical information. Inadequate security designs and implementations by IoT vendors can lead to significant vulnerabilities.
To addre…
▽ More
The Internet of Things (IoT) market is rapidly growing and is expected to double from 2020 to 2025. The increasing use of IoT devices, particularly in smart homes, raises crucial concerns about user privacy and security as these devices often handle sensitive and critical information. Inadequate security designs and implementations by IoT vendors can lead to significant vulnerabilities.
To address these IoT device vulnerabilities, institutions, and organizations have published IoT security best practices (BPs) to guide manufacturers in ensuring the security of their products. However, there is currently no standardized approach for evaluating the effectiveness of individual BP recommendations. This leads to manufacturers investing effort in implementing less effective BPs while potentially neglecting measures with greater impact.
In this paper, we propose a methodology for evaluating the security impact of IoT BPs and ranking them based on their effectiveness in protecting against security threats. Our approach involves translating identified BPs into concrete test cases that can be applied to real-world IoT devices to assess their effectiveness in mitigating vulnerabilities. We applied this methodology to evaluate the security impact of nine commodity IoT products, discovering 18 vulnerabilities. By empirically assessing the actual impact of BPs on device security, IoT designers and implementers can prioritize their security investments more effectively, improving security outcomes and optimizing limited security budgets.
△ Less
Submitted 23 August, 2023;
originally announced August 2023.
-
ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks
Authors:
Phillip Rieger,
Marco Chilese,
Reham Mohamed,
Markus Miettinen,
Hossein Fereidooni,
Ahmad-Reza Sadeghi
Abstract:
IoT application domains, device diversity and connectivity are rapidly growing. IoT devices control various functions in smart homes and buildings, smart cities, and smart factories, making these devices an attractive target for attackers. On the other hand, the large variability of different application scenarios and inherent heterogeneity of devices make it very challenging to reliably detect ab…
▽ More
IoT application domains, device diversity and connectivity are rapidly growing. IoT devices control various functions in smart homes and buildings, smart cities, and smart factories, making these devices an attractive target for attackers. On the other hand, the large variability of different application scenarios and inherent heterogeneity of devices make it very challenging to reliably detect abnormal IoT device behaviors and distinguish these from benign behaviors. Existing approaches for detecting attacks are mostly limited to attacks directly compromising individual IoT devices, or, require predefined detection policies. They cannot detect attacks that utilize the control plane of the IoT system to trigger actions in an unintended/malicious context, e.g., opening a smart lock while the smart home residents are absent.
In this paper, we tackle this problem and propose ARGUS, the first self-learning intrusion detection system for detecting contextual attacks on IoT environments, in which the attacker maliciously invokes IoT device actions to reach its goals. ARGUS monitors the contextual setting based on the state and actions of IoT devices in the environment. An unsupervised Deep Neural Network (DNN) is used for modeling the typical contextual device behavior and detecting actions taking place in abnormal contextual settings. This unsupervised approach ensures that ARGUS is not restricted to detecting previously known attacks but is also able to detect new attacks. We evaluated ARGUS on heterogeneous real-world smart-home settings and achieve at least an F1-Score of 99.64% for each setup, with a false positive rate (FPR) of at most 0.03%.
△ Less
Submitted 16 February, 2023; v1 submitted 15 February, 2023;
originally announced February 2023.
-
CrowdGuard: Federated Backdoor Detection in Federated Learning
Authors:
Phillip Rieger,
Torsten Krauß,
Markus Miettinen,
Alexandra Dmitrienko,
Ahmad-Reza Sadeghi
Abstract:
Federated Learning (FL) is a promising approach enabling multiple clients to train Deep Neural Networks (DNNs) collaboratively without sharing their local training data. However, FL is susceptible to backdoor (or targeted poisoning) attacks. These attacks are initiated by malicious clients who seek to compromise the learning process by introducing specific behaviors into the learned model that can…
▽ More
Federated Learning (FL) is a promising approach enabling multiple clients to train Deep Neural Networks (DNNs) collaboratively without sharing their local training data. However, FL is susceptible to backdoor (or targeted poisoning) attacks. These attacks are initiated by malicious clients who seek to compromise the learning process by introducing specific behaviors into the learned model that can be triggered by carefully crafted inputs. Existing FL safeguards have various limitations: They are restricted to specific data distributions or reduce the global model accuracy due to excluding benign models or adding noise, are vulnerable to adaptive defense-aware adversaries, or require the server to access local models, allowing data inference attacks.
This paper presents a novel defense mechanism, CrowdGuard, that effectively mitigates backdoor attacks in FL and overcomes the deficiencies of existing techniques. It leverages clients' feedback on individual models, analyzes the behavior of neurons in hidden layers, and eliminates poisoned models through an iterative pruning scheme. CrowdGuard employs a server-located stacked clustering scheme to enhance its resilience to rogue client feedback. The evaluation results demonstrate that CrowdGuard achieves a 100% True-Positive-Rate and True-Negative-Rate across various scenarios, including IID and non-IID data distributions. Additionally, CrowdGuard withstands adaptive adversaries while preserving the original performance of protected models. To ensure confidentiality, CrowdGuard uses a secure and privacy-preserving architecture leveraging Trusted Execution Environments (TEEs) on both client and server sides.
△ Less
Submitted 22 August, 2023; v1 submitted 14 October, 2022;
originally announced October 2022.
-
Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges
Authors:
Thien Duc Nguyen,
Markus Miettinen,
Alexandra Dmitrienko,
Ahmad-Reza Sadeghi,
Ivan Visconti
Abstract:
The COVID-19 pandemic has caused many countries to deploy novel digital contact tracing (DCT) systems to boost the efficiency of manual tracing of infection chains. In this paper, we systematically analyze DCT solutions and categorize them based on their design approaches and architectures. We analyze them with regard to effectiveness, security, privacy, and ethical aspects and compare prominent s…
▽ More
The COVID-19 pandemic has caused many countries to deploy novel digital contact tracing (DCT) systems to boost the efficiency of manual tracing of infection chains. In this paper, we systematically analyze DCT solutions and categorize them based on their design approaches and architectures. We analyze them with regard to effectiveness, security, privacy, and ethical aspects and compare prominent solutions with regard to these requirements. In particular, we discuss the shortcomings of the Google and Apple Exposure Notification API (GAEN) that is currently widely adopted all over the world. We find that the security and privacy of GAEN have considerable deficiencies as it can be compromised by severe, large-scale attacks. We also discuss other proposed approaches for contact tracing, including our proposal TRACECORONA, that are based on Diffie-Hellman (DH) key exchange and aim at tackling shortcomings of existing solutions. Our extensive analysis shows thatTRACECORONA fulfills the above security requirements better than deployed state-of-the-art approaches. We have implementedTRACECORONA, and its beta test version has been used by more than 2000 users without any major functional problems, demonstrating that there are no technical reasons requiring to make compromises with regard to the requirements of DCTapproaches.
△ Less
Submitted 26 October, 2022; v1 submitted 14 February, 2022;
originally announced February 2022.
-
DeepSight: Mitigating Backdoor Attacks in Federated Learning Through Deep Model Inspection
Authors:
Phillip Rieger,
Thien Duc Nguyen,
Markus Miettinen,
Ahmad-Reza Sadeghi
Abstract:
Federated Learning (FL) allows multiple clients to collaboratively train a Neural Network (NN) model on their private data without revealing the data. Recently, several targeted poisoning attacks against FL have been introduced. These attacks inject a backdoor into the resulting model that allows adversary-controlled inputs to be misclassified. Existing countermeasures against backdoor attacks are…
▽ More
Federated Learning (FL) allows multiple clients to collaboratively train a Neural Network (NN) model on their private data without revealing the data. Recently, several targeted poisoning attacks against FL have been introduced. These attacks inject a backdoor into the resulting model that allows adversary-controlled inputs to be misclassified. Existing countermeasures against backdoor attacks are inefficient and often merely aim to exclude deviating models from the aggregation. However, this approach also removes benign models of clients with deviating data distributions, causing the aggregated model to perform poorly for such clients.
To address this problem, we propose DeepSight, a novel model filtering approach for mitigating backdoor attacks. It is based on three novel techniques that allow to characterize the distribution of data used to train model updates and seek to measure fine-grained differences in the internal structure and outputs of NNs. Using these techniques, DeepSight can identify suspicious model updates. We also develop a scheme that can accurately cluster model updates. Combining the results of both components, DeepSight is able to identify and eliminate model clusters containing poisoned models with high attack impact. We also show that the backdoor contributions of possibly undetected poisoned models can be effectively mitigated with existing weight clipping-based defenses. We evaluate the performance and effectiveness of DeepSight and show that it can mitigate state-of-the-art backdoor attacks with a negligible impact on the model's performance on benign data.
△ Less
Submitted 3 January, 2022;
originally announced January 2022.
-
FLAME: Taming Backdoors in Federated Learning (Extended Version 1)
Authors:
Thien Duc Nguyen,
Phillip Rieger,
Huili Chen,
Hossein Yalame,
Helen Möllering,
Hossein Fereidooni,
Samuel Marchal,
Markus Miettinen,
Azalia Mirhoseini,
Shaza Zeitouni,
Farinaz Koushanfar,
Ahmad-Reza Sadeghi,
Thomas Schneider
Abstract:
Federated Learning (FL) is a collaborative machine learning approach allowing participants to jointly train a model without having to share their private, potentially sensitive local datasets with others. Despite its benefits, FL is vulnerable to backdoor attacks, in which an adversary injects manipulated model updates into the model aggregation process so that the resulting model will provide tar…
▽ More
Federated Learning (FL) is a collaborative machine learning approach allowing participants to jointly train a model without having to share their private, potentially sensitive local datasets with others. Despite its benefits, FL is vulnerable to backdoor attacks, in which an adversary injects manipulated model updates into the model aggregation process so that the resulting model will provide targeted false predictions for specific adversary-chosen inputs. Proposed defenses against backdoor attacks based on detecting and filtering out malicious model updates consider only very specific and limited attacker models, whereas defenses based on differential privacy-inspired noise injection significantly deteriorate the benign performance of the aggregated model. To address these deficiencies, we introduce FLAME, a defense framework that estimates the sufficient amount of noise to be injected to ensure the elimination of backdoors while maintaining the model performance. To minimize the required amount of noise, FLAME uses a model clustering and weight clipping approach. Our evaluation of FLAME on several datasets stemming from application areas including image classification, word prediction, and IoT intrusion detection demonstrates that FLAME removes backdoors effectively with a negligible impact on the benign performance of the models. Furthermore, following the considerable attention that our research has received after its presentation at USENIX SEC 2022, FLAME has become the subject of numerous investigations proposing diverse attack methodologies in an attempt to circumvent it. As a response to these endeavors, we provide a comprehensive analysis of these attempts. Our findings show that these papers (e.g., 3DFed [36]) have not fully comprehended nor correctly employed the fundamental principles underlying FLAME, i.e., our defense mechanism effectively repels these attempted attacks.
△ Less
Submitted 5 August, 2023; v1 submitted 6 January, 2021;
originally announced January 2021.
-
Decoupling of dipolar and hydrophobic motions in biological membranes
Authors:
Hanne S. Antila,
Anika Wurl,
O. H. Samuli Ollila,
Markus S. Miettinen,
Tiago M. Ferreira
Abstract:
Cells use homeostatic mechanisms to maintain an optimal composition of distinct types of phospholipids in cellular membranes. The hydrophilic dipolar layer at the membrane interface, composed of phospholipid headgroups, regulates the interactions between cell membranes and incoming molecules, nanoparticles, and viruses. On the other hand, the membrane hydrophobic core determines membrane thickness…
▽ More
Cells use homeostatic mechanisms to maintain an optimal composition of distinct types of phospholipids in cellular membranes. The hydrophilic dipolar layer at the membrane interface, composed of phospholipid headgroups, regulates the interactions between cell membranes and incoming molecules, nanoparticles, and viruses. On the other hand, the membrane hydrophobic core determines membrane thickness and forms an environment for membrane-bound molecules such as transmembrane proteins. A fundamental open question is to what extent the motions of these regions are coupled and, consequently, how strongly the interactions of lipid headgroups with other molecules depend on the properties and composition of the membrane hydrophobic core. We combine advanced solid-state nuclear magnetic resonance spectroscopy methodology with high-fidelity molecular dynamics simulations to demonstrate how the rotational dynamics of choline headgroups remain nearly unchanged (slightly faster) with incorporation of cholesterol into a phospholipid membrane, contrasting the well known extreme slowdown of the other phospholipid segments. Notably, our results suggest a new paradigm where phospholipid headgroups interact as quasi-freely rotating flexible dipoles at the interface, independent of the properties in the hydrophobic region.
△ Less
Submitted 12 July, 2021; v1 submitted 14 September, 2020;
originally announced September 2020.
-
LeakyPick: IoT Audio Spy Detector
Authors:
Richard Mitev,
Anna Pazii,
Markus Miettinen,
William Enck,
Ahmad-Reza Sadeghi
Abstract:
Manufacturers of smart home Internet of Things (IoT) devices are increasingly adding voice assistant and audio monitoring features to a wide range of devices including smart speakers, televisions, thermostats, security systems, and doorbells. Consequently, many of these devices are equipped with microphones, raising significant privacy concerns: users may not always be aware of when audio recordin…
▽ More
Manufacturers of smart home Internet of Things (IoT) devices are increasingly adding voice assistant and audio monitoring features to a wide range of devices including smart speakers, televisions, thermostats, security systems, and doorbells. Consequently, many of these devices are equipped with microphones, raising significant privacy concerns: users may not always be aware of when audio recordings are sent to the cloud, or who may gain access to the recordings. In this paper, we present the LeakyPick architecture that enables the detection of the smart home devices that stream recorded audio to the Internet without the user's consent. Our proof-of-concept is a LeakyPick device that is placed in a user's smart home and periodically "probes" other devices in its environment and monitors the subsequent network traffic for statistical patterns that indicate audio transmission. Our prototype is built on a Raspberry Pi for less than USD40 and has a measurement accuracy of 94% in detecting audio transmissions for a collection of 8 devices with voice assistant capabilities. Furthermore, we used LeakyPick to identify 89 words that an Amazon Echo Dot misinterprets as its wake-word, resulting in unexpected audio transmission. LeakyPick provides a cost effective approach for regular consumers to monitor their homes for unexpected audio transmissions to the cloud.
△ Less
Submitted 12 November, 2020; v1 submitted 1 July, 2020;
originally announced July 2020.
-
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps
Authors:
Lars Baumgärtner,
Alexandra Dmitrienko,
Bernd Freisleben,
Alexander Gruler,
Jonas Höchst,
Joshua Kühlberg,
Mira Mezini,
Richard Mitev,
Markus Miettinen,
Anel Muhamedagic,
Thien Duc Nguyen,
Alvar Penning,
Dermot Frederik Pustelnik,
Filipp Roos,
Ahmad-Reza Sadeghi,
Michael Schwarz,
Christian Uhl
Abstract:
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We demonstrate that in real-world scenarios the current GAP design is vulnerable to (i) profiling and possibly de-anonymizing infected persons, and (ii) relay-based wormhole…
▽ More
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We demonstrate that in real-world scenarios the current GAP design is vulnerable to (i) profiling and possibly de-anonymizing infected persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts with the potential of affecting the accuracy of an app-based contact tracing system. For both types of attack, we have built tools that can easily be used on mobile phones or Raspberry Pis (e.g., Bluetooth sniffers). The goal of our work is to perform a reality check towards possibly providing empirical real-world evidence for these two privacy and security risks. We hope that our findings provide valuable input for developing secure and privacy-preserving digital contact tracing systems.
△ Less
Submitted 6 November, 2020; v1 submitted 10 June, 2020;
originally announced June 2020.
-
Baseline functionality for security and control of commodity IoT devices and domain-controlled device lifecycle management
Authors:
Markus Miettinen,
Paul C. van Oorschot,
Ahmad-Reza Sadeghi
Abstract:
The emerging Internet of Things (IoT) drastically increases the number of connected devices in homes, workplaces and smart city infrastructures. This drives a need for means to not only ensure confidentiality of device-related communications, but for device configuration and management---ensuring that only legitimate devices are granted privileges to a local domain, that only authorized agents hav…
▽ More
The emerging Internet of Things (IoT) drastically increases the number of connected devices in homes, workplaces and smart city infrastructures. This drives a need for means to not only ensure confidentiality of device-related communications, but for device configuration and management---ensuring that only legitimate devices are granted privileges to a local domain, that only authorized agents have access to the device and data it holds, and that software updates are authentic. The need to support device on-boarding, ongoing device management and control, and secure decommissioning dictates a suite of key management services for both access control to devices, and access by devices to wireless infrastructure and networked resources. We identify this core functionality, and argue for the recognition of efficient and reliable key management support---both within IoT devices, and by a unifying external management platform---as a baseline requirement for an IoT world. We present a framework architecture to facilitate secure, flexible and convenient device management in commodity IoT scenarios, and offer an illustrative set of protocols as a base solution---not to promote specific solution details, but to highlight baseline functionality to help domain owners oversee deployments of large numbers of independent multi-vendor IoT devices.
△ Less
Submitted 9 August, 2018;
originally announced August 2018.
-
Peek-a-Boo: I see your smart home activities, even encrypted!
Authors:
Abbas Acar,
Hossein Fereidooni,
Tigist Abera,
Amit Kumar Sikder,
Markus Miettinen,
Hidayet Aksu,
Mauro Conti,
Ahmad-Reza Sadeghi,
Selcuk Uluagac
Abstract:
A myriad of IoT devices such as bulbs, switches, speakers in a smart home environment allow users to easily control the physical world around them and facilitate their living styles through the sensors already embedded in these devices. Sensor data contains a lot of sensitive information about the user and devices. However, an attacker inside or near a smart home environment can potentially exploi…
▽ More
A myriad of IoT devices such as bulbs, switches, speakers in a smart home environment allow users to easily control the physical world around them and facilitate their living styles through the sensors already embedded in these devices. Sensor data contains a lot of sensitive information about the user and devices. However, an attacker inside or near a smart home environment can potentially exploit the innate wireless medium used by these devices to exfiltrate sensitive information from the encrypted payload (i.e., sensor data) about the users and their activities, invading user privacy. With this in mind,in this work, we introduce a novel multi-stage privacy attack against user privacy in a smart environment. It is realized utilizing state-of-the-art machine-learning approaches for detecting and identifying the types of IoT devices, their states, and ongoing user activities in a cascading style by only passively sniffing the network traffic from smart home devices and sensors. The attack effectively works on both encrypted and unencrypted communications. We evaluate the efficiency of the attack with real measurements from an extensive set of popular off-the-shelf smart home IoT devices utilizing a set of diverse network protocols like WiFi, ZigBee, and BLE. Our results show that an adversary passively sniffing the traffic can achieve very high accuracy (above 90%) in identifying the state and actions of targeted smart home devices and their users. To protect against this privacy leakage, we also propose a countermeasure based on generating spoofed traffic to hide the device states and demonstrate that it provides better protection than existing solutions.
△ Less
Submitted 13 May, 2020; v1 submitted 8 August, 2018;
originally announced August 2018.
-
DÏoT: A Federated Self-learning Anomaly Detection System for IoT
Authors:
Thien Duc Nguyen,
Samuel Marchal,
Markus Miettinen,
Hossein Fereidooni,
N. Asokan,
Ahmad-Reza Sadeghi
Abstract:
IoT devices are increasingly deployed in daily life. Many of these devices are, however, vulnerable due to insecure design, implementation, and configuration. As a result, many networks already have vulnerable IoT devices that are easy to compromise. This has led to a new category of malware specifically targeting IoT devices. However, existing intrusion detection techniques are not effective in d…
▽ More
IoT devices are increasingly deployed in daily life. Many of these devices are, however, vulnerable due to insecure design, implementation, and configuration. As a result, many networks already have vulnerable IoT devices that are easy to compromise. This has led to a new category of malware specifically targeting IoT devices. However, existing intrusion detection techniques are not effective in detecting compromised IoT devices given the massive scale of the problem in terms of the number of different types of devices and manufacturers involved. In this paper, we present DÏoT, an autonomous self-learning distributed system for detecting compromised IoT devices effectively. In contrast to prior work, DÏoT uses a novel self-learning approach to classify devices into device types and build normal communication profiles for each of these that can subsequently be used to detect anomalous deviations in communication patterns. DÏoT utilizes a federated learning approach for aggregating behavior profiles efficiently. To the best of our knowledge, it is the first system to employ a federated learning approach to anomaly-detection-based intrusion detection. Consequently, DÏoT can cope with emerging new and unknown attacks. We systematically and extensively evaluated more than 30 off-the-shelf IoT devices over a long term and show that DÏoT is highly effective (95.6% detection rate) and fast (~257 ms) at detecting devices compromised by, for instance, the infamous Mirai malware. DÏoT reported no false alarms when evaluated in a real-world smart home deployment setting.
△ Less
Submitted 10 May, 2019; v1 submitted 20 April, 2018;
originally announced April 2018.
-
Breaking Fitness Records without Moving: Reverse Engineering and Spoofing Fitbit
Authors:
Hossein Fereidooni,
Jiska Classen,
Tom Spink,
Paul Patras,
Markus Miettinen,
Ahmad-Reza Sadeghi,
Matthias Hollick,
Mauro Conti
Abstract:
Tens of millions of wearable fitness trackers are shipped yearly to consumers who routinely collect information about their exercising patterns. Smartphones push this health-related data to vendors' cloud platforms, enabling users to analyze summary statistics on-line and adjust their habits. Third-parties including health insurance providers now offer discounts and financial rewards in exchange f…
▽ More
Tens of millions of wearable fitness trackers are shipped yearly to consumers who routinely collect information about their exercising patterns. Smartphones push this health-related data to vendors' cloud platforms, enabling users to analyze summary statistics on-line and adjust their habits. Third-parties including health insurance providers now offer discounts and financial rewards in exchange for such private information and evidence of healthy lifestyles. Given the associated monetary value, the authenticity and correctness of the activity data collected becomes imperative. In this paper, we provide an in-depth security analysis of the operation of fitness trackers commercialized by Fitbit, the wearables market leader. We reveal an intricate security through obscurity approach implemented by the user activity synchronization protocol running on the devices we analyze. Although non-trivial to interpret, we reverse engineer the message semantics, demonstrate how falsified user activity reports can be injected, and argue that based on our discoveries, such attacks can be performed at scale to obtain financial gains. We further document a hardware attack vector that enables circumvention of the end-to-end protocol encryption present in the latest Fitbit firmware, leading to the spoofing of valid encrypted fitness data. Finally, we give guidelines for avoiding similar vulnerabilities in future system designs.
△ Less
Submitted 28 June, 2017;
originally announced June 2017.
-
IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT
Authors:
Markus Miettinen,
Samuel Marchal,
Ibbad Hafeez,
N. Asokan,
Ahmad-Reza Sadeghi,
Sasu Tarkoma
Abstract:
With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing…
▽ More
With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach: applying necessary protection measures within the network so that potentially vulnerable devices can coexist without endangering the security of other devices in the same network. In this paper, we present IOT SENTINEL, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise. We show that IOT SENTINEL is effective in identifying device types and has minimal performance overhead.
△ Less
Submitted 13 December, 2016; v1 submitted 15 November, 2016;
originally announced November 2016.
-
Towards atomistic resolution structure of phosphatidylcholine glycerol backbone and choline headgroup at different ambient conditions
Authors:
Alexandru Botan,
Andrea Catte,
Fernando Favela,
Patrick Fuchs,
Matti Javanainen,
Waldemar Kulig,
Antti Lamberg,
Markus S. Miettinen,
Luca Monticelli,
Jukka Määttä,
Vasily S. Oganesyan,
O. H. Samuli Ollila,
Marius Retegan,
Hubert Santuz,
Joona Tynkkynen
Abstract:
Phospholipids are essential building blocks of biological membranes. Despite of vast amount of accurate experimental data the atomistic resolution structures sampled by the glycerol backbone and choline headgroup in phoshatidylcholine bilayers are not known. Atomistic resolution molecular dynamics simulation model would automatically resolve the structures giving an interpretation of experimental…
▽ More
Phospholipids are essential building blocks of biological membranes. Despite of vast amount of accurate experimental data the atomistic resolution structures sampled by the glycerol backbone and choline headgroup in phoshatidylcholine bilayers are not known. Atomistic resolution molecular dynamics simulation model would automatically resolve the structures giving an interpretation of experimental results, if the model would reproduce the experimental data. In this work we compare the C-H bond vector order parameters for glycerol backbone and choline headgroup between 14 different atomistic resolution models and experiments in fully hydrated lipid bilayer. The current models are not accurately enough to resolve the structure. However, closer inspection of three best performing models (CHARMM36, GAFFlipid and MacRog) suggest that improvements in the sampled dihedral angle distributions would potentilly lead to the model which would resolve the structure. Despite of the inaccuracy in the fully hydrated structures, the response to the dehydration, i.e. P-N vector tilting more parallel to membrane normal, is qualitatively correct in all models. The CHARMM36 and MacRog models describe the interactions between lipids and cholesterol better than Berger/Höltje model. This work has been, and continues to be, progressed and discussed through the blog: nmrlipids.blogspot.fi. Everyone is invited to join the discussion and make contributions through the blog. The manuscript will be eventually submitted to an appropriate scientific journal. Everyone who has contributed to the work through the blog will be offered coauthorship. For more details see: nmrlipids.blogspot.fi.
△ Less
Submitted 14 January, 2015; v1 submitted 9 September, 2013;
originally announced September 2013.
-
ConXsense - Automated Context Classification for Context-Aware Access Control
Authors:
Markus Miettinen,
Stephan Heuser,
Wiebke Kronz,
Ahmad-Reza Sadeghi,
N. Asokan
Abstract:
We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework tha…
▽ More
We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context sensing and machine learning to automatically classify contexts according to their security and privacy-related properties. We apply the framework to two important smartphone-related use cases: protection against device misuse using a dynamic device lock and protection against sensory malware. We ground our analysis on a sociological survey examining the perceptions and concerns of users related to contextual smartphone security and analyze the effectiveness of our approach with real-world context data. We also demonstrate the integration of our framework with the FlaskDroid architecture for fine-grained access control enforcement on the Android platform.
△ Less
Submitted 5 June, 2014; v1 submitted 13 August, 2013;
originally announced August 2013.
-
Aspects of Duality and Confining Strings
Authors:
Mauri Miettinen,
Antti J. Niemi,
Yuri Stroganov
Abstract:
We inspect the excitation energy spectrum of a confining string in terms of solitons in an effective field theory model. The spectrum can be characterized by a spectral function, and twisting and bending of the string is manifested by the invariance of this function under a duality transformation. Both general considerations and numerical simulations reveal that the spectral function can be appr…
▽ More
We inspect the excitation energy spectrum of a confining string in terms of solitons in an effective field theory model. The spectrum can be characterized by a spectral function, and twisting and bending of the string is manifested by the invariance of this function under a duality transformation. Both general considerations and numerical simulations reveal that the spectral function can be approximated by a simple rational form, which we propose becomes exact in the Yang-Mills theory.
△ Less
Submitted 1 September, 1999; v1 submitted 27 August, 1999;
originally announced August 1999.
-
On the Arnold Conjecture and the Atiyah-Patodi-Singer Index Theorem
Authors:
Mauri Miettinen,
Antti J. Niemi
Abstract:
The Arnold conjecture yields a lower bound to the number of periodic classical trajectories in a Hamiltonian system. Here we count these trajectories with the help of a path integral, which we inspect using properties of the spectral flow of a Dirac operator in the background of a $\Sp(2N)$ valued gauge field. We compute the spectral flow from the Atiyah-Patodi-Singer index theorem, and apply th…
▽ More
The Arnold conjecture yields a lower bound to the number of periodic classical trajectories in a Hamiltonian system. Here we count these trajectories with the help of a path integral, which we inspect using properties of the spectral flow of a Dirac operator in the background of a $\Sp(2N)$ valued gauge field. We compute the spectral flow from the Atiyah-Patodi-Singer index theorem, and apply the results to evaluate the path integral using localization methods. In this manner we find a lower bound to the number of periodic classical trajectories which is consistent with the Arnold conjecture.
△ Less
Submitted 25 August, 1999; v1 submitted 20 August, 1999;
originally announced August 1999.
-
Weil Algebras and Supersymmetry
Authors:
Mauri Miettinen
Abstract:
We give a new interpretation for the super loop space that has been used to formulate supersymmetry. The fermionic coordinates in the super loop space are identified as the odd generators of the Weil algebra. Their bosonic superpartners are the auxiliary fields. The general N=1 supermultiplet is interpreted in terms of Weil algebras. As specific examples we consider supersymmetric quantum mechan…
▽ More
We give a new interpretation for the super loop space that has been used to formulate supersymmetry. The fermionic coordinates in the super loop space are identified as the odd generators of the Weil algebra. Their bosonic superpartners are the auxiliary fields. The general N=1 supermultiplet is interpreted in terms of Weil algebras. As specific examples we consider supersymmetric quantum mechanics, Wess-Zumino model and supersymmetric Yang-Mills theory in four dimensions. Some comments on the formulation of constrained systems and integrable models and non-Abelian localization are given.
△ Less
Submitted 20 December, 1996;
originally announced December 1996.
-
Antibrackets, Supersymmetric $σ$-Model and Localization
Authors:
Mauri Miettinen
Abstract:
We consider supersymmetrization of Hamiltonian dynamics via antibrackets for systems whose Hamiltonian generates an isometry of the phase space. We find that the models are closely related to the supersymmetric non-linear $σ$-model. We interpret the corres\-ponding path integrals in terms of super loop space equivariant cohomology. It turns out that they can be evaluated exactly using localizati…
▽ More
We consider supersymmetrization of Hamiltonian dynamics via antibrackets for systems whose Hamiltonian generates an isometry of the phase space. We find that the models are closely related to the supersymmetric non-linear $σ$-model. We interpret the corres\-ponding path integrals in terms of super loop space equivariant cohomology. It turns out that they can be evaluated exactly using localizations techniques.
△ Less
Submitted 14 June, 1996;
originally announced June 1996.
-
On Localization and Regularization
Authors:
Mauri Miettinen
Abstract:
Different regularizations are studied in localization of path integrals. We discuss the effect of the choice of regularization by evaluating the partition functions for the harmonic oscillator and the Weyl character for SU(2). In particular, we solve the Weyl shift problem that arises in path integral evaluation of the Weyl character by using the Atiyah-Patodi-Singer $η$-invariant and the Borel-…
▽ More
Different regularizations are studied in localization of path integrals. We discuss the effect of the choice of regularization by evaluating the partition functions for the harmonic oscillator and the Weyl character for SU(2). In particular, we solve the Weyl shift problem that arises in path integral evaluation of the Weyl character by using the Atiyah-Patodi-Singer $η$-invariant and the Borel-Weil theory.
△ Less
Submitted 24 August, 1995;
originally announced August 1995.
