QR Codes 2022 - Poor hospital care in Peru is responsible for the constant dissatisfaction and time delays in care in a large number of patients who go to public hospitals. In this work, the development of a system was carried out to optimize the process of medical consultations using QR codes in the Hospitals of Peru that would allow the reduction of time in care and the increase in patient satisfaction. The implementation of the proposed system was supported by a new medical care process diagram, as well as the development of a mobile application for scheduling and managing appointments, complemented by the use of QR codes to display information. The validation process was carried out among a selected group of patients, determining that the time spent in medical attention decreased compared to that of a current medical appointment, in the same sense, satisfaction was increased.

QR Codes 2022 - This study examines a method of refining a low-resolution QR code image photographed from a distance into a decodable code image by using pix2pix, a deep learning technique. The experimental results confirm that the method can decode a 5.2 cm-square QR code taken from a distance of 4 m.

QR Codes 2022 - The study was conducted to model Wi-Fi password resource assets in a platform that can be shared and collaborated publicly securely and support dynamic data changes with online repository shortcuts documented in access support via dedicated search engines and QR CODE. This study uses 3 methods, namely the one-way SHA-256 HASH function which was formulated with the addition of sowing techniques and reversing techniques so as to produce a long String named Keycode, the second method uses modern cryptographic techniques, namely Digital Signature, which collects keycodes in Path the identity of the resource asset, and the last one is a QR CODE used as an access shortcut that collects digital signature access data. This study used testing data from comparator application contributors, namely wifimap.io randomly, the results of which the formulation results were then disassembled using the brute force technique using hashcat. The results of the research of password data from resources were successfully formulated into a combination of Strings with high confidentiality that cannot be disassembled to the original data but are still accessible to the owner and holder of the keycode that is balanced with the limitations of access control.

QR Codes 2022 - In this invited paper, the theory of quick response (QR) coded metasurfaces along with the realization of such kind of metasurfaces will be presented to the audience. The proposed metasurfaces can achieve more than 10-dB of RCS reduction over wide frequency band. The proposed 1-bit QR-coded metasurfaces can be designed without the need for any complicated and/or time-consuming algorithms to obtain the 1-bit phase distribution map required for low scattering and significant RCS reduction. The 1-bit phase coding sequence of the QR coded metasurfaces were generated using 1-bit QR code generator in MATLAB which are fast and efficient. It will be shown in this talk that a metasurfaces with their unit cells individual phase assigned according to 1-bit QR codes, are very powerful in achieving more than 10-dB RCS reduction with low-level diffusive scattering patterns. At microwave frequencies, 25 × 25 unit cells QR coded metasurface was designed with 1-bit phase distribution being similar to the QR code of the sentence “Radar Cross Section Reduction”, and more than 10-dB RCS reduction is preserved from 13.3 GHz to 24.5 GHz. At millimeter waves, 25 × 25 unit cells 1-bit metasurfaces were designed and their 1-bit phase distributions being same as the 1-bit QR codes of the words “Metasurface” and “IEEE” and more than 10-dB RCS reduction is preserved from 60 GHz to 120 GHz. It will be shown that such class of QR coded metasurfaces would reduce the design complexities associated with the conventional coding metasurfaces. The invited talk then will conclude with a discussion, design problems, and future challenges related with the proposed QR coded metasurfaces.

QR Codes 2022 - QR code is a typical two-dimensional code tag consisting of square symbols, which is widely used in social life due to the advantages of high readability and large storage capacity. However, its security performance is low, which has caused widespread concern among scholars in various industries. This paper proposes a three-level QR code scheme based on superpixel segmentation in response. Public information can be scanned directly from shares using any standard QR code scanner. Moreover, secret information can only be obtained by the dissimilarity of shares. The reconstructed secret image in this paper retains the main features of the embedded image, and the scheme is resistant to deformation, high load, and robust because it retains the advantages of visual ciphers and QR codes. Experimental results and analysis show this scheme has many advantages over other schemes.

QR Codes 2022 - Due to the high adoption rate of QR codes across the world, researchers have been attempting to improve classical QR codes by either improving their appearance to be more meaningful to human perception or improving their capability to store more messages. In this work, we propose dual image QR codes that aim to improve both aspects while preserving the ability to scan by standard QR code readers. We improve the appearance of the QR code using the halftone QR principle and increase the capacity of the QR code with the lenticular imaging technique. To test the robustness of the proposed QR code, we evaluated six important parameters and searched for appropriate conditions through 24, 000 combinations. From the experiments, we found 3, 714 appropriate conditions that achieved 100\% successful scanning rate. Lastly, we also list examples of use cases to use in real-world situations for the proposed dual image QR codes.

QR Codes 2022 - In order to enhance the security of the watermark and to ensure the stability of the algorithm against attacks and the concealment of the watermark, a NSCT-DWTSVD composite digital watermarking algorithm based on QR code is proposed. First, QR code encoding is conducted on the original watermark image to generate a QR code watermark image. In order to ensure the security of the watermark information, Arnold scrambling and encryption is performed on the QR code watermark information. Second, the original Lena image is carried out NSCT transform. The low frequency part that stores more information are selected for DWT. Then the low-frequency images with strong image resistance are performed SVD. The encrypted watermark information are embedded into the decomposed singular values. Through the experimental verification of the algorithm, the algorithm has strong concealment and strong resistance to conventional attacks on the basis of ensuring the security of watermarking. Especially for the rotation attack and JPEG compression attack, the NC values are above 0.92 and 1, respectively.

QR Codes 2022 - One of many challenges created by COVID-19 pandemic is to reduce need of contact. Quick Response (QR) codes offered a readily available solution to this challenge with offer to support contact less processes. Wide adaption of smart mobile devices like smart phones and tablets and huge number of mobile applications available in the respective application stores, which support QR code scanning acted as a catalyst in rapid adaption of QR codes to support contact less processes. Support of QR code-based processing rapidly increased during the pandemic, penetrated all processes like sales and marketing, authentication, and digital payments to name some. On one hand, this served the cause in terms of reducing contact, on other hand, factors like rapid adaption and using it in smart mobile devices, which are existing to cater to the larger purpose of human usage, scanning QR codes was not in that list to start with is bringing in the series of security issues which can arise starting from the human factor, software, misuse and hacking factors. This paper focuses on the QR code processes, differences in terms of security while using a smart device for QR codes when compared to the rugged devicebased barcode scanners, the kind of security issues such process can encounter while using smart devises for QR code scanning, factors that must be considered by the applications development as well as the consumers of such functionality and the way to ensure security of consumers of such functionality.

QR Codes 2022 - Quick Response code (QR code) is a 2-D matrix barcode which stores data in four different encoding modes (numeric, alphanumeric, kanji, binary). They are widely used nowadays and can be seen almost everywhere whether it is on cosmetics products, general stores, billboards and so on. It has become an important part of day to day activities. As an information sharing medium, it has become so user friendly and mobile-friendly that with just one scan through smart phones you get the information stored in it. The main intent of this work is to secure QR code from unauthorized access by allowing only those who have authorization to access it by using cryptography (by encrypting and decrypting the QR code using a key value). And further security was enhanced by applying ‘k’ out of ‘n’ visual cryptography scheme on the QR code. It creates ‘n’ no. of share of the QR code out of which ‘k’ no. of shares is required to restore it. This work will briefly explain how cryptography and visual cryptography were used to secure the QR code. The experimental results showed that there was no data loss during this process. Also, if at the time of decryption wrong key is entered then the QR code will not be generated. And also it is required to input minimum k number of generated shares of the QR code for the successful retrieval of QR code. Quality of the reconstructed QR code was also measured using PSNR and SSIM which showed that reconstructed QR code was of good quality as well as original QR code and reconstructed QR code were identical.

Provenance 2022 - The food market is changing dramatically in the last century as the world population is growing with the unprecedented pace. The wine industry is recognized as part of both agriculture and food industry, but also as a commodity. Developments in information technology and digitalization are playing a major role in the introduction of new solutions in agriculture and food production. The idea is to improve productivity of farms and vineyards, improve quality of agriculture products by optimizing irrigation, pesticide usage, and overall efficiency of the process. Furthermore, the consumer awareness about food products, its quality and origin, is on the constant rise. The information about the product throughout the whole “farm-to-fork”, or in this case “vineyard-to-glass”, value chain needs to be collected and utilized by all the participating stakeholders, in order to get a better, healthier, and more affordable product. This paper address the considerations related to implementation of a blockchain-based transparency and data provenance in the food value chain, more specifically with a focus on the wine industry.

Provenance 2022 - Scientific Workflow Management Systems (SWfMS) systematically capture and store diverse provenance information at various phases. Scientists compose multitude of queries on this information. The support of integrated query composition and visualization in existing SWfMS is limited. Most systems do not support any custom query composition. VisTrails and Taverna introduced custom query languages vtPQL and TriQL to support limited workflow monitoring. Galaxy only tracks histories of operations and displays in lists. No SWfMS supports a scientistfriendly user interface for provenance query composition and visualization. In this paper, we propose a domain-specific composition environment for provenance query of scientific workflows. As a proof of concept, we developed a provenance system for bioinformatics workflow management system and evaluated it in multiple dimensions, one for measuring the subjective perception of participants on the usability of it using NASA-TLX and SUS survey instruments and the other for measuring the flexibility through plugin integration using NASA-TLX.

Provenance 2022 - The Function-as-a-Service cloud computing paradigm has made large-scale application development convenient and efficient as developers no longer need to deploy or manage the necessary infrastructure themselves. However, as a consequence of this abstraction, developers lose insight into how their code is executed and data is processed. Cloud providers currently offer little to no assurance of the integrity of customer data. One approach to robust data integrity verification is the analysis of data provenance—logs that describe the causal history of data, applications, users, and non-person entities. This paper introduces ProProv, a new domain-specific language and graphical user interface for specifying policies over provenance metadata to automate provenance analyses.

Provenance 2022 - Traditional Intrusion Detection Systems (IDS) are struggling to keep up with the increase in sophisticated cyberattacks such as Advanced Persistent Threats (APT) over the past years. Provenance-based Intrusion Detection Systems (PIDS) utilize data provenance concepts to enable fine-grained event correlation, and the results show increased detection accuracy and reduced false-alarm rates compared to traditional IDS. Especially, rule-based approaches for the PIDS have demonstrated high detection accuracy, low false alarm, and fast detection time. However, rules are manually created by security experts, which is time-consuming and doesn’t ensure high-quality rule standards. To address this issue, we propose an automated rule generation framework to generate robust rules to describe malicious files automatically. As a result, high-quality rules can be used in PIDS to identify similar attacks and other affected systems promptly.

Provenance 2022 - Connected vehicles (CVs) have facilitated the development of intelligent transportation system that supports critical safety information sharing with minimum latency. However, CVs are vulnerable to different external and internal attacks. Though cryptographic techniques can mitigate external attacks, preventing internal attacks imposes challenges due to authorized but malicious entities. Thwarting internal attacks require identifying the trustworthiness of the participating vehicles. This paper proposes a trust management framework for CVs using interaction provenance that ensures privacy, considers both in-vehicle and vehicular network security incidents, and supports flexible security policies. For this purpose, we present an interaction provenance recording and trust management protocol. Different events are extracted from interaction provenance, and trustworthiness is calculated using fuzzy policies based on the events.

Provenance 2022 - Advanced Persistent Threats (APTs) are typically sophisticated, stealthy and long-term attacks that are difficult to be detected and investigated. Recently proposed provenance graph based on system audit logs has become an important approach for APT detection and investigation. However, existing provenance-based approaches that either require rules based on expert knowledge or cannot pinpoint attack events in a provenance graph still cannot effectively mitigate APT attacks. In this paper, we present Deepro, a provenance-based APT campaign detection approach that not only effectively detects attack-relevant entities in a provenance graph but also precisely recovers APT campaigns based on the detected entities. Specifically, Deepro first customizes a general purpose GNN (Graph Neural Network) model to represent and detect process nodes in a provenance graph through automatically learning different patterns of attack behaviors and benign behaviors using the rich contextual information in the provenance graph. Then, Deepro further detects attack-relevant file and network entities according to their data dependencies with the detected process nodes. Finally, Deepro recovers APT campaigns through correlating detected entities based on their causality relationships in the provenance graph. We evaluated Deepro with ten real-world APT attacks. The evaluation result shows that Deepro can effectively detect attack events with an average 98.81\% F1-score and thus produces precise provenance sub-graphs of APT attacks.

Provenance 2022 - Data provenance is meta–information about the origin and processing history of data. We demonstrate the provenance analysis of SQL queries and use it for query debugging. How–provenance determines which query expressions have been relevant for evaluating selected pieces of output data. Likewise, Where– and Why–provenance determine relevant pieces of input data. The combined provenance notions can be explored visually and interactively. We support a feature–rich SQL dialect with correlated subqueries and focus on bag semantics. Our fine–grained provenance analysis derives individual data provenance for table cells and SQL expressions.

Provable Security - Recent research has shown that hackers can efficiently infer sensitive user activities only by observing the network traffic of smart home devices. To protect users’ privacy, researchers have designed several traffic obfuscation methods. However, existing methods usually consume high bandwidth or provide weak privacy protection. In this paper, we conduct thorough research on smart home traffic obfuscation. We first propose a fixed-value obfuscation scheme and prove that it is perfectly secure by showing the indistinguishability of user activities. Yet, fixed-value obfuscation has high bandwidth consumption. To further reduce the bandwidth consumption, we propose combining fixed-value obfuscation with Multipath TCP transmission. The security and performance of the proposed multipath fixed-value obfuscation method are theoretically analyzed. We have implemented the proposed methods and tested them on public packet traces and simulated smart home networks. The experimental results match well with the theoretical analysis.

Provable Security - Design-hiding techniques are a central piece of academic and industrial efforts to protect electronic circuits from being reverse-engineered. However, these techniques have lacked a principled foundation to guide their design and security evaluation, leading to a long line of broken schemes. In this paper, we begin to lay this missing foundation.

Provable Security - The Industrial Internet of Things (IIoT) has brought about enormous changes in both our individual ways of life and the ways in which our culture works, transforming them into an unique electronic medium. This has enormous implications for almost every facet of life, including clever logistical, smart grids, and smart cities. In particular, the amount of gadgets that are part of the Industrial Internet of Things (IIoT) is increasing at such a fast pace that numerous gadgets and sensors are constantly communicating with one another and exchanging a substantial quantity of data. The potential of spying and hijacked assaults in messaging services has grown as a result of the creation; as a direct consequence of this, protecting data privacy and security has become two key problems at the current moment. In recent years, a protocol known as certificateless signature (LCS), which is both better secured and lighter, has been more popular for use in the development of source of energy IIoT protocols. The Schnorr signature serves as the foundation for this method s underlying mechanism. In spite of this, we found that the vast majority of the currently implemented CLS schemes are susceptible to a number of widespread security flaws. These flaws include man-in-the-middle (MITM) attacks, key generation centre (KGC) compromised attacks, and distributed denial of service (DDoS) attacks. As a potential solution to the issues that have been discussed in the preceding paragraphs, we, the authors of this work, suggest an unique pairing-free provable data approach. In order to develop a revolutionary LCS scheme that is dependable and efficient, this plan takes use of the most cutting-edge blockchain technology as well as smart contracts. After that, in order to verify the dependability of our system, we simulate both Type-I and Type-II adversary and run the results through a series of tests. The findings of a system security and a summative assessment have shown that our design is capable of providing more reliable security assurance at a lower overall cost of computation (for illustration, limited by around 40.0\% at most) and transmission time (for example, reduced by around 94.7\% at most) like other proposed scheme.

Provable Security - Unlike coverage-based fuzzing that gives equal attention to every part of a code, directed fuzzing aims to direct a fuzzer to a specific target in the code, e.g., the code with potential vulnerabilities. Despite much progress, we observe that existing directed fuzzers are still not efficient as they often symbolically or concretely execute a lot of program paths that cannot reach the target code. They thus waste a lot of computational resources. This paper presents BEACON, which can effectively direct a greybox fuzzer in the sea of paths in a provable manner. That is, assisted by a lightweight static analysis that computes abstracted preconditions for reaching the target, we can prune 82.94\% of the executing paths at runtime with negligible analysis overhead (ă5h) but with the guarantee that the pruned paths must be spurious with respect to the target. We have implemented our approach, BEACON, and compared it to five state-of-the-art (directed) fuzzers in the application scenario of vulnerability reproduction. The evaluation results demonstrate that BEACON is 11.50x faster on average than existing directed grey-box fuzzers and it can also improve the speed of the conventional coverage-guided fuzzers, AFL, AFL++, and Mopt, to reproduce specific bugs with 6.31x ,11.86x, and 10.92x speedup, respectively. More interestingly, when used to test the vulnerability patches, BEACON found 14 incomplete fixes of existing CVE-identified vulnerabilities and 8 new bugs while 10 of them are exploitable with new CVE ids assigned.

Provable Security - We address logic locking, a mechanism for securing digital Integrated Circuits (ICs) from piracy by untrustworthy foundries. We discuss previous work and the state-of-the-art, and observe that, despite more than a decade of research that has gone into the topic (resulting in both powerful attacks and subsequent defenses), there is no consensus on what it means for a particular locking mechanism to be secure. This paper attempts to remedy this situation. Specifically, it formulates a definition of security for a logic locking mechanism based on indistinguishability and relates the definition to security from actual attackers in a precise and unambiguous manner. We then describe a mechanism that satisfies the definition, thereby achieving (provable) security from all prior attacks. The mechanism assumes the existence of both a puncturable pseudorandom function family and an indistinguishability obfuscator, two cryptographic primitives that exist under well-founded assumptions. The mechanism builds upon the Stripped-Functionality Logic Locking (SFLL) framework, a state-of-the-art family of locking mechanisms whose potential for ever achieving security is currently in question. Along the way, partly as motivation, we present additional results, such as a reason founded in average-case complexity for why benchmark circuits locked with a prior scheme are susceptible to the wellknown SAT attack against such schemes, and why provably thwarting the SAT attack is insufficient as a meaningful notion of security for logic locking.

Provable Security - This paper studies provable security guarantees for cyber-physical systems (CPS) under actuator attacks. Specifically, we consider safety for CPS and propose a new attack-detection mechanism based on a zeroing control barrier function (ZCBF) condition. To reduce the conservatism in its implementation, we design an adaptive recovery mechanism based on how close the state is to violating safety. We show that the attack-detection mechanism is sound, i.e., there are no false negatives for adversarial attacks. Finally, we use a Quadratic Programming (QP) approach for online recovery (and nominal) control synthesis. We demonstrate the effectiveness of the proposed method in a case study involving a quadrotor with an attack on its motors.

Provable Security - Spectre vulnerabilities violate our fundamental assumptions about architectural abstractions, allowing attackers to steal sensitive data despite previously state-of-the-art countermeasures. To defend against Spectre, developers of verification tools and compiler-based mitigations are forced to reason about microarchitectural details such as speculative execution. In order to aid developers with these attacks in a principled way, the research community has sought formal foundations for speculative execution upon which to rebuild provable security guarantees.

Provable Security - With the rapid development of cloud storage technology, effectively verifying the cloud data’s integrity becomes a major issue in cloud storage. Recently, Nayak and Tripathy proposed their cloud auditing protocol. Although the protocol is efficient, the protocol is not secure as Yu et al’s attack shows. Even if the server does not store the users’ data, it is possible to forge the provable data possession proof and pass the integrity audit. We point out the issue in their article and describe in detail the process by which the cloud server forging the proof. We finally give an improved and more secure scheme and analysis its security also.

Provable Security - The data are stored as multiple copies on different cloud servers for improving the constancy and availability as the data are being outsourced. For proving the integrity of the data of multiple copies Provable Data Possession (PDP) protocol is used. Beforehand all of the PDP protocol will be storing copies in single cloud storage server. Public key infrastructure was depended by many PDP protocols which lacks security and leads to vulnerabilities. For storing various copies on multiple different cloud server identity based provable data possession has been used. By using the homomorphic tags data are stored in multiple cloud and its integrity will be simultaneously checked. Computation Diffie-Hellman hard problem was base for our scheme. Our scheme has been the premier for the provable data possession of multifold copies on multiple various cloud. The given system model, security model was given and this experimental research proved that our PDP scheme is applicable as well as practical.