Contributions published at Communication Systems Group (Burkhard Stiller)

In online marketing, everything is about the Customer Acquisition Costs (CAC), which indicate how much money has to be spent to acquire a new customer. Especially in the software industry, CAC are high and increasing. Therefore, solutions are required to reduce the CAC and keep them low as quickly as possible after a product launch. In this thesis, it was researched what data can be exported from online marketing ad platforms (e.g., Google Ads) and how it can be connected to the data collected by the promoted mobile application. With this knowledge, the goal was to find out whether and to what extent analyses and predictions regarding the performance of future online mobile app campaigns can be made by using the aggregated data and calculated Key Performance Indicators (KPI) based on the connected data from the different sources. With the implementation of a prototype, the system operating costs were evaluated and several challenges encountered in implementing such a system were identified. The main challenge is that the export of data from mobile app campaigns is restricted in several ways, and therefore the data volume is too low to train the machine learning models in most cases. The designed prediction system component is affordable in terms of operation costs and therefore worth a try if enough data is available. Future work could test the system on data from campaigns that promote web applications, as the data extraction capabilities are better for non-app campaigns and the low data volume might be less of an issue.

In the course of the global digitization in recent decades, the Internet has become one of the most important and ubiquitous communication means. However, being based on an end-to-end connectivity principle, existing internet infrastructure is not optimal for data, resp., content delivery use cases (such as Video-on-Demand): For such applications it is key to make the distribution of data from content producers towards multiple content consumers as efficient as possible. This fact has lead to the development of future Internet architectures part of the ICN (Information Centric Networking) family: ICN architectures, such as NDN (Named Data Networking), can improve content delivery on a systemic level, by - contrary to the classical internet - focusing on identified data and deploying in-network caching techniques. Replacing the entire established internet with a novel architecture is however a non-trivial task, which is why this thesis considers a layered network architecture consisting of several smaller NDN-based mobile networks (resp., domains): Thereby, independent domains are inter-connected using a Chord Peer-to-peer network running as an overlay on top of existing internet infrastructure. By using the NS-3 framework to develop a network simulation, which models real-world network characteristics, the performance of the proposed architecture is evaluated: This includes a comparison with a plainly NDN-based reference architecture, which reveals that the layered NDN & Chord approach is a valid and efficient alternative, if a global spanning NDN network cannot be realized, or, if NDN routing is subject to difficult conditions.

In the Internet-of-Things (IoT), Low Power Wide Area Networks (LPWAN) enable IoT applications to cover large areas and operate with low energy consumption. Long Range (LoRa) Wide Area Network (WAN) is a known LPWAN technology that uses LoRa modulation on the physical layer. The performance of LoRa networks, i.e., energy efficiency, network scalability, and throughput, is typically improved with Adaptive Data Rate (ADR) algorithms. This thesis provides implementation and evaluation of State-of-the-Art (SotA) ADR algorithms in the Network Simulator 3 (ns-3) framework. The simulations revealed problems of SoTA ADRs in highly congested networks. The solutions to those problems led to the specification, implementation, and evaluation of novel ADR techniques that further improve the network performance. Several ADR schemes are compared and show that the newly developed ADR algorithms enable substantially higher network scalability, throughput, and reliability in comparison to the SotA techniques.

Brain-computer interfaces (BCIs) started being used in clinical scenarios, reaching nowadays new fields such as entertainment or learning. Using BCIs, neuronal activity can be monitored for various purposes, with the study of the central nervous system response to certain stimuli being one of them, being the case of evoked potentials. However, due to the sensitivity of these data, the transmissions must be protected, with blockchain being an interesting approach to ensure the integrity of the data. This work focuses on the visual sense, and its relationship with the P300 evoked potential, where several open challenges related to the privacy of subjects’ information and thoughts appear when using BCI. The first and most important challenge is whether it would be possible to extract sensitive information from evoked potentials. This aspect becomes even more challenging and dangerous if the stimuli are generated when the subject is not aware or conscious that they have occurred. There is an important gap in this regard in the literature, with only one work existing dealing with subliminal stimuli and BCI and having an unclear methodology and experiment setup. As a contribution of this paper, a series of experiments, five in total, have been created to study the impact of visual stimuli on the brain tangibly. These experiments have been applied to a heterogeneous group of ten subjects. The experiments show familiar visual stimuli and gradually reduce the sampling time of known images, from supraliminal to subliminal. The study showed that supraliminal visual stimuli produced P300 potentials about 50% of the time on average across all subjects. Reducing the sample time between images degraded the attack, while the impact of subliminal stimuli was not confirmed. Additionally, younger subjects generally presented a shorter response latency. This work corroborates that subjects’ sensitive data can be extracted using visual stimuli and P300.

null

Over the last decades, the number and severity of cyber-attacks worldwide have grown, and are increasingly affecting networks, systems, businesses, and customers. The harm they cause is rising exponentially every year. Recently, researchers and companies have developed frameworks for assessing cybersecurity risk in order to identify, estimate and prioritize cyber-risks and minimize their impact. However, traditional approaches often struggle to find indicators of unpredictable cyber-risks, thus limiting the ability to perform accurate risk assessments. Taking this into account, this thesis explores the applicability of machine learning on cybersecurity risk assessment. For this purpose, various machine learning algorithms were trained, tested and evaluated on synthetic datasets of different sizes. Besides that, the current version of the prototype also capable of supporting the user through the cybersecurity investment decision process, by integrating MENTOR, a protection service recommender system. To demonstrate the feasibility of the proposed solution, a quantitative as well as a qualitative evaluation have been conducted. The quantitative evaluation showed that the prototype is able to achieve very accurate results. On the other hand, the qualitative evaluation proved the effectiveness and reliability of the solution.

In the novel paradigm of federated learning, collectives of devices are able to collabora- tively machine learn over sensitive data. The collaborators - clients - never have to share their private datasets. Depending on the distribution of the data amongst the clients, fed- erated learning can be classified into one of three scenarios: horizontal federated learning, vertical federated learning, and federated transfer learning. Each of these scenarios comes with a unique set of algorithms, as well as unique targets for adversarial attacks. Adversarial attacks in federated learning can have a wide variety of goals. They may aim to disrupt the training process, corrupt the learned model with a backdoor, prevent a model being learned at all, or even infer confidential information from participants. The robustness of a system is its resiliency to such attacks. The experiments in this work evaluate the robustness of a system through the lens of the metrics of accuracy, confusion matrices, and relative importance. Current works focus on these scenarios individually, comparing robustness against each scenario’s respective baseline. This work offers two main contributions: (a) a visual taxonomy of the attacks and countermeasures of these scenarios and (b) a federated learning simulation that tests its robustness against the two most common types of attacks: data- and gradient poisoning attacks. The simulation uses the same dataset, distributed appropriately, the same model architecture, and the same number of participants for both scenarios’ implementations. This work investigates two neural network model architectures for the task of learning from the MNIST dataset. The experiments detailed in this work show that when adversaries poison even as little as 0.5% of the data samples available to them, both the peer-to- peer horizontal and the SplitNN-based vertical implementations are prone to an entirely successful backdoor attack. When the adversary attacks the system with a gradient poisoning attack in which the applied gradients are first multiplied by some nonpositive value, the horizontal implementation proved more robust. While the vertical system was prevented from learning a model even with a gradient multiplier of -1, the only experiment in which the horizontal implementation was thwarted similarly was with a gradient multiplier of -10.

Cyber incidents are increasing in numbers and are becoming a problem that can not easily be ignored by companies that rely on technology to operate. Even with high cyber security investments a residual risk remains, mostly due to the dynamic and evolving nature of software and new attack techniques coming up. Hence, to mitigate the costs of cyber attacks, Cyber Insurance has been in discussion for a while now. Besides that, blockchain-based Cyber Insurance approaches are receiving increasing attention as the technology brings several advantages along the way, for example immutability. One of such systems is the recently proposed SC4CyberInsurance which deploys Cyber Insurance agreements as Smart Contracts. However, the system is yet in a state where provided functionalities are not executable in an intuitive and simple manner. This thesis therefore aims to improve the feasibility when it comes to addressing real-world scenarios and the ability to use the system interactively as a tool between insurers and customers, by designing and developing Web-based Interfaces and improving the underlying processes. The core functions are adapted and upgraded to meet stakeholder requirements.

null

The increasing number of IoT devices is bringing to reality new and disruptive application scenarios and paradigms. This situation can be seen in crowdsensing platforms, like ElectroSense, where IoT sensors monitor spectrum data, which is sent to a backend platform where it is processed and shared with users. The increment in IoT usage also raises the number of malware affecting IoT devices every year due to vulnerabilities coming from poor user knowledge and limited resource capabilities. These vulnerabilties were exploited by the botnet Mirai in 2016 which demonstrated how powerful small devices like cameras, TVs, and other internet-connected devices can be when combined [5]. Although malware such as viruses, worms, or spyware are affecting computers for a very long time, the evolution of hybrid malware like botnets is concerning [18]. Especially IoT devices with almost no security measurements are at big risk. To prevent IoT devices from such big attacks, malware detection solutions are needed. However, traditional malware detection techniques can detect well-known malware but are not capable of detecting unknown attacks. Therefore, it is crucial to have new mechanisms based on Machine and Deep Learning (ML and DL, respectively), especially to detect zeroday attacks. These algorithms try to detect anomalies and need datasets consisting of the internal behavior of IoT devices to be trained and improved. However, there is still a lack of datasets modeling the behavior of botnets from the device perspective. To improve the previous limitations, the goal of this thesis is to create datasets that contain the internal behavior of an ElectroSense spectrum sensor running on a Raspberry Pi that is infected with the two well-known botnets Mirai and Bashlite. After executing the malware successfully, Distributed Denial of Service (DDoS) attacks are launched. During these attacks, the device is monitored using a monitoring script. This thesis tries to give a basis for malware detection algorithms to be trained and used for detecting malware, especially botnets, on IoT devices. To conclude the thesis the created datasets are evaluated and important results are shared.

Crowdsensing techniques have been proven as a cheap and effective way to collect and analyse data, allowing the introduction of platforms such as ElectroSense, where people can collaborate in the generation of a large-scale radio spectrum monitoring solution. Thanks to these applications, resource-constrained devices, such as IoT devices, have seen their increased adoption in both the industry and general population. However, their security has often been neglected, incentivising adversaries to implement malware targeting these platforms. Ransomware in particular, can be extremely dangerous in a crowdsensing context, being able to encrypt precious data in the sensors and disrupt crowdsensing platforms and services. In such a scenario, it is crucial to develop novel anti-malware, and specifically, anti-ransomware techniques aimed at protecting IoT devices from adversaries. Recent literature has shown promising results in malware detection by fingerprinting the device behaviour and introducing novel dynamic analysis approaches on ransomware detection. However, current solutions focus on well-known Windows Operating System using complex machine learning approaches, with Linux-based and resource-constrained systems being overlooked. Consequently, there is a necessity for malware detection research, specifically ransomware, targeting resource-constrained and Linux-based devices. With the goal of improving the previous limitations, this Thesis introduces an automatic and policy-based framework capable of identifying abnormal behaviour on a Raspberry Pi hosting an ElectroSense sensor. Heterogeneous events from different device dimensions such as hardware usage (i.e. CPU, memory and IO), kernel tracepoints and HPCs, have been considered to identify both an abnormal behaviour and ransomware infections. As a proof-of-concept and to evaluate the framework performance in the ElectroSense platform, two ransomware families were considered and three policies were developed. After that, six experiments evaluating the performance of the framework and its policies provided promising results when recognising normal, abnormal, ransomware1, and ransomware2 behaviors.

The integrity and validity of elections are cornerstones in each modern democracy. With the introduction of e-voting systems, and in particular, remote electronic voting (REV) systems, completely new and unique challenges arise. REV systems allow citizen to cast their votes from a remote, uncontrolled device. To securely provide such a system, high privacy and verifiability requirements need to be fulfilled. As privacy and verifiability requirements are in direct opposition, wide research has already been conducted to provide cryptographic protocols in order to fulfill these requirements. However, as research mainly focuses on theoretical protocols and on proving the fulfillment of these requirements, less effort is made to provide implementations or productional deployments of such systems. Since the security of an application is only as strong as its weakest component, all aspects need to be carefully analyzed. In particular, a reproducible deployment of a REV system can provide a starting point to test the security, scalability, and usability of voting protocols in an end-to-end fashion. This work focuses on the deployment of Provotum, a decentralized REV system. To provide a reproducible and testable application, a modular deployment framework was designed and implemented. This framework allows configuring and setting up the whole infrastructure with infrastructure-as-a-code (IAAC) and consists of a continuous integration/continuous delivery (CI/CD) pipeline, a private Docker registry, a vulnerability scanner, and a monitoring service. Within this infrastructure, it is possible to build Provotum securely and deploy it in a decentralized environment. Finally, the infrastructure and the deployed application are evaluated according to security, scalability, and usability. In addition, a literature research was carried out to identify core privacy and verifiability properties of REV systems.

Remote Electronic Voting (REV) becomes an increasing topic of interest, since citizens are used to complete many other tasks online. But REV systems need to provide a very high level of security, hindering deployment of adequate solutions. The Communication Systems Group at the University of Zurich implements the REV system Provotum. This thesis explores deployment of a USB dongle in the Remote Electronic Voting (REV) system Provotum to improve security. This work proposes a design centered around a set of 6 - mostly mutually exclusive - functions running on a USB dongle that provide additional protection against theft and selling of private keys, as well as against manipulation by malware on the voter's computer. A USB dongle is selected and all functions are implemented in a firmware running on that dongle, as well as additional system components to constitute a Proof-of-Concept that demonstrates end-to-end integration of the functionality. All finite-field cryptography of the Provotum system (except RSA signatures) is changed to Elliptic Curve Cryptography (ECC) to achieve better firmware runtime performance. The implementation overcomes several challenges that are documented in this work and achieves to oer a strong baseline codebase that facilitates future development of further dongle-enabled Provotum functionality. Additionally, since all proposed dongle functions are implemented in firmware, varying levels of a tradeoff between security and usability can be controlled in the system.

The increasing demand for IoT devices and services leads to an ever growing number of IoT concepts, platforms and networks, such as crowdsensing. IoT platforms are often vulnerable to cyber attacks due to their exposition to the internet and their resource constrained capabilities. Cyber attacks can be conducted by different malware families, being spyware and backdoors two of the most dangerous ones. The goal of backdoors and spyware is in many cases the data being stored on and handled by IoT devices. Since backdoor development is evolving, traditional detection solutions are often not able to detect zero-day attacks. Nowadays, the trend to address this challenge is to apply behavioral fingerprinting analysis in combination with machine and deep learning models. In order to apply machine and deep learning models eeffectively, datasets containing clean and infected device behavior are required. However, there are open challenges regarding existing datasets. In many cases, these datasets do not concern themselves with resource constrained devices. Also, many existing datasets are too old and do not focus on the internal behavior. Thus, the present thesis' main contribution is the creation of FabIoT, a dataset modeling the internal behavior of a resource-constrained device while being infected by backdoors as well as the normal behavior. The test device is part of a real-world IoT crowdsensing platform, ElectroSense. Three real-world backdoors exhibiting a wide variety of attack behaviors were used to conduct the attacks. The data collection process involves the design and implementation of a custom monitoring software to examine and record the internal device behavior. After performing statistical analysis on the collected data, we were able to detect differences between the normal behavior and the behavior under attack and therefore, illustrate the value that FabIoT provides. Finally, we make the dataset freely available for research purposes.

null

This article presents eight neural cyberattacks affecting spontaneous neural activity, inspired by well-known cyberattacks from the computer science domain: Neural Flooding, Neural Jamming, Neural Scanning, Neural Selective Forwarding, Neural Spoofing, Neural Sybil, Neural Sinkhole and Neural Nonce. These cyberattacks are based on the exploitation of vulnerabilities existing in the new generation of Brain-Computer Interfaces. After presenting their formal definitions, the cyberattacks have been implemented over a neuronal simulation. To evaluate the impact of each cyberattack, they have been implemented in a Convolutional Neural Network (CNN) simulating a portion of a mouse's visual cortex. This implementation is based on existing literature indicating the similarities that CNNs have with neuronal structures from the visual cortex. Some conclusions are also provided, indicating that Neural Nonce and Neural Jamming are the most impactful cyberattacks for short-term effects, while Neural Scanning and Neural Nonce are the most damaging for long-term effects.

Remote Electronic Voting (REV) systems introduce new challenges that do not exist in the in-person or postal voting process. The right of ballot secrecy poses one of its core challenges. Identity verification is closely coupled with the voters' privacy and plays a crucial role in REV systems. However, the digital identities that are used for most online services today, do not respect data protection. Most applications outsource identity management to third parties such as Google and Facebook, allowing them to track their users across many other services. The convenience of only having one account for most online interactions comes at a price in the form of privacy intrusion. The problem is that users do not own their digital identity but Identity Providers (IdPs) are responsible for issuing, storing and verifying credentials. As a consequence of having a single entity in charge of all three duties, IdPs aggregate vast amount of sensitive data and become a popular target with cyber criminals. Another challenge for a digital identity is that many credential are issued in the form of physical documents. Analyzing, evaluating and verifying the security features of physical credentials in the digital world results in a probabilistic outcome. Thus, physical credentials are considered non-native to the web and require slow, expensive and error-prone verification methods. Self-Sovereign Identity (SSI) is a form of digital identity that allows users to regain control by maintaining the credentials and selectively disclose them with trusted entities without the need of a Trusted Third Party (TTP) and without a cumbersome certificate verification process. This thesis focuses on Identity Management (IdM) systems of REV applications and conducts a security analysis on Provotum's authentication and authorization process. The result of the audit discloses several vulnerabilities in terms of privacy and security due to the trusted role of the IdP and the usage of email addresses as identifiers. An SSI-based authentication and authorization system is designed and implemented addressing the privacy and security concerns. The new design radically changes the processes of credentials issuance, storage and disclosure which is crucial for providing privacy to voters. Instead of using a predefined list of eligible identifiers from an internal IdM system, an election is configured such that voters can only participate if the necessary credentials are presented. The digital certificates used in the new architecture are cryptographically linked to Decentralized Identifier (DID) which are maintained on a public permissionless ledger. The combination of self-certifying, ledger-based identiers and credentials that can selectively be disclosed and veried by anyone without the need of a TTP, guarantees a higher degree of privacy and security by design.