liu.seSearch for publications in DiVA
Change search
Link to record
Permanent link

Direct link
Nadjm-Tehrani, Simin, ProfessorORCID iD iconorcid.org/0000-0002-1485-0802
Alternative names
Publications (10 of 138) Show all publications
Sivaraman, N., Nadjm-Tehrani, S. & Johansson, T. (2024). Formal Analysis of Julia Key Agreement Protocol. In: 26th International Conference, ICICS 2024, Proceedings, Part II: . Paper presented at 26th International Conference on Information and Communications Security, Mytilene, Greece, August 26–28, 2024. Springer Nature
Open this publication in new window or tab >>Formal Analysis of Julia Key Agreement Protocol
2024 (English)In: 26th International Conference, ICICS 2024, Proceedings, Part II, Springer Nature, 2024Conference paper, Published paper (Refereed)
Abstract [en]

The evolution of the fifth-generation network (5G) increases the demand and use of Internet of Things (IoT) devices extensively. The increased number of IoT devices increases the possibility of new attack surfaces, and thus even resource-constrained IoT devices need secure communication. In this work, we consider the Julia Key Agreement (JKA) protocol, which has been proposed as a secure and efficient protocol for communication among resource-constrained IoT devices. We formally model two variants of the JKA protocol and verify the intended security requirements, such as mutual authentication, forward secrecy, backward secrecy, and resilience to key impersonation attacks, using the Tamarin prover. Our formal analysis shows that the JKA protocol is susceptible to replay attacks under the Dolev-Yao threat model. We also expand the threat model by including several strong threat assumptions to discover interesting attack vectors.

Place, publisher, year, edition, pages
Springer Nature, 2024
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 15057
Keywords
Key Agreement protocol, IoT security, Formal verification, Tamarin
National Category
Communication Systems
Identifiers
urn:nbn:se:liu:diva-211016 (URN)10.1007/978-981-97-8801-9_9 (DOI)9789819788002 (ISBN)9789819788019 (ISBN)
Conference
26th International Conference on Information and Communications Security, Mytilene, Greece, August 26–28, 2024
Available from: 2025-01-16 Created: 2025-01-16 Last updated: 2025-01-22
Colaco, V. & Nadjm-Tehrani, S. (2023). Formal Verification of Tree Ensembles against Real-World Composite Geometric Perturbations. In: Pedroza G., Huang X., Chen X.C., Theodorou A., Hernandez-Orallo J., Castillo-Effen M., Mallah R., McDermid J. (Ed.), Proceedings of the Workshop on Artificial Intelligence Safety 2023 (SafeAI 2023) co-located with the Thirty-Seventh AAAI Conference on Artificial Intelligence (AAAI 2023): . Paper presented at The AAAI-23 Workshop on Artificial Intelligence Safety (SafeAI 2023), Washington DC, USA, February 13-14, 2023. CEUR-WS, 3381, Article ID 38.
Open this publication in new window or tab >>Formal Verification of Tree Ensembles against Real-World Composite Geometric Perturbations
2023 (English)In: Proceedings of the Workshop on Artificial Intelligence Safety 2023 (SafeAI 2023) co-located with the Thirty-Seventh AAAI Conference on Artificial Intelligence (AAAI 2023) / [ed] Pedroza G., Huang X., Chen X.C., Theodorou A., Hernandez-Orallo J., Castillo-Effen M., Mallah R., McDermid J., CEUR-WS , 2023, Vol. 3381, article id 38Conference paper, Published paper (Refereed)
Abstract [en]

Since machine learning components are now being considered for integration in safety-critical systems, safety stakeholdersshould be able to provide convincing arguments that the systems are safe for use in realistic deployment settings. In the caseof vision-based systems, the use of tree ensembles calls for formal stability verification against a host of composite geometricperturbations that the system may encounter. Such perturbations are a combination of an affine transformation like rotation,scaling, or translation and a pixel-wise transformation like changes in lighting. However, existing verification approachesmostly target small norm-based perturbations, and do not account for composite geometric perturbations. In this work,we present a novel method to precisely define the desired stability regions for these types of perturbations. We propose afeature space modelling process that generates abstract intervals which can be passed to VoTE, an efficient formal verificationengine that is specialised for tree ensembles. Our method is implemented as an extension to VoTE by defining a new propertychecker. The applicability of the method is demonstrated by verifying classifier stability and computing metrics associatedwith stability and correctness, i.e., robustness, fragility, vulnerability, and breakage, in two case studies. In both case studies,targeted data augmentation pre-processing steps were applied for robust model training. Our results show that even modelstrained with augmented data are unable to handle these types of perturbations, thereby emphasising the need for certifiedrobust training for tree ensembles.

Place, publisher, year, edition, pages
CEUR-WS, 2023
Series
CEUR Workshop Proceedings, ISSN 1613-0073 ; 3381
Keywords
Machine Learning, Formal Verification, Tree Ensembles, Composite Perturbations, Geometric Perturbations, Random Forests, Gradient Boosting Machines, Semantic Perturbations, Stability, Robustness, Trustworthy AI, Trustworthy Computing
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-195996 (URN)2-s2.0-85159287306 (Scopus ID)
Conference
The AAAI-23 Workshop on Artificial Intelligence Safety (SafeAI 2023), Washington DC, USA, February 13-14, 2023
Funder
Wallenberg AI, Autonomous Systems and Software Program (WASP)
Available from: 2023-06-30 Created: 2023-06-30 Last updated: 2024-10-28Bibliographically approved
Eckhart, M., Ekelhart, A., Allison, D., Almgren, M., Ceesay-Seitz, K., Janicke, H., . . . Yampolskiy, M. (2023). Security-Enhancing Digital Twins: Characteristics, Indicators, and Future Perspectives. IEEE Security and Privacy, 21(6), 64-75
Open this publication in new window or tab >>Security-Enhancing Digital Twins: Characteristics, Indicators, and Future Perspectives
Show others...
2023 (English)In: IEEE Security and Privacy, ISSN 1540-7993, E-ISSN 1558-4046, Vol. 21, no 6, p. 64-75Article in journal (Refereed) Published
Abstract [en]

The term "digital twin" (DT) has become a key theme of the cyber-physical systems (CPSs) area, while remaining vaguely defined as a virtual replica of an entity. This article identifies DT characteristics essential for enhancing CPS security and discusses indicators to evaluate them.

Place, publisher, year, edition, pages
IEEE COMPUTER SOC, 2023
Keywords
Security; Behavioral sciences; Emulation; Testing; Mathematical models; Network systems; Digital twins
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-195770 (URN)10.1109/MSEC.2023.3271225 (DOI)001005921400001 ()
Note

Funding Agencies|Federal Ministry for Climate Action, Environment, Energy, Mobility, Innovation and Technology (BMK); Federal Ministry for Labor and Economy (BMAW); federal state of Vienna; FFG via the BRIDGE 1 program [880609]; CDL-SQI; Christian Doppler Research Association; Austrian Federal Ministry for Digital and Economic Affairs; National Foundation for Research, Technology and Development; RICS Center on Resilient Information; Swedish Civil Contingencies Agency (MSB); U.S. Department of Commerce; National Institute of Standards and Technology [NIST-70NANB21H121, NIST-70NANB19H170]

Available from: 2023-06-27 Created: 2023-06-27 Last updated: 2024-10-10Bibliographically approved
Saar de Moraes, R. & Nadjm-Tehrani, S. (2022). Concept Level Explorationof IMA-based Networked Platforms with Mixed Time-Sensitive Communication Requirements. In: 33rd Congress of the International Council of the Aeronautical Sciences, Stockholm, Sweden, 2022: . Paper presented at ICAS2022, Stockholm, Sweden, 4-9 September, 2022.
Open this publication in new window or tab >>Concept Level Explorationof IMA-based Networked Platforms with Mixed Time-Sensitive Communication Requirements
2022 (English)In: 33rd Congress of the International Council of the Aeronautical Sciences, Stockholm, Sweden, 2022, 2022Conference paper, Published paper (Refereed)
Abstract [en]

In this paper, we apply a grammar-based approach to generate computation and communication platforms for avionic applications with mixed classes of time-sensitive communication messages. Then, we propose an evolutionary algorithm to schedule communication in the platform considering the interaction between timetriggered and bandwidth-constrained traffic. Together, the platform generation approach and the scheduling algorithm support the exploration of avionic systems at the concept level.

Keywords
platform architecture exploration; time-sensitive networks; mixed-critical communication; communication scheduling; timeliness analysis
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-203165 (URN)
Conference
ICAS2022, Stockholm, Sweden, 4-9 September, 2022
Available from: 2024-04-30 Created: 2024-04-30 Last updated: 2024-04-30Bibliographically approved
Lin, C.-Y. & Nadjm-Tehrani, S. (2021). A Comparative Analysis of Emulated and Real IEC-104 Spontaneous Traffic in Power System Networks. In: Abie, Habtamu; Ranise, Silvio; Verderame, Luca; Cambiaso, Enrico; Ugarelli, Rita; Giunta, Gabriele; Praça, Isabel; Battisti, Federica (Ed.), Cyber-Physical Security for Critical Infrastructures Protection: First International Workshop, CPS4CIP 2020, Guildford, UK, September 18, 2020, Revised Selected Papers. Paper presented at International Workshop on Cyber-Physical Security for Critical Infrastructures Protection (pp. 207-223). Springer
Open this publication in new window or tab >>A Comparative Analysis of Emulated and Real IEC-104 Spontaneous Traffic in Power System Networks
2021 (English)In: Cyber-Physical Security for Critical Infrastructures Protection: First International Workshop, CPS4CIP 2020, Guildford, UK, September 18, 2020, Revised Selected Papers / [ed] Abie, Habtamu; Ranise, Silvio; Verderame, Luca; Cambiaso, Enrico; Ugarelli, Rita; Giunta, Gabriele; Praça, Isabel; Battisti, Federica, Springer, 2021, p. 207-223Conference paper, Published paper (Refereed)
Abstract [en]

Supervisory and Data Acquisition (SCADA) systems control and monitor modern power networks. As attacks targeting SCADA systems are increasing, significant research is conducted to defend SCADA networks including variations of anomaly detection. Due to the sensitivity of real data, many defence mechanisms have been tested only in small testbeds or emulated traffic that were designed with assumptions on how SCADA systems behave. This work provides a timing characterization of IEC-104 spontaneous traffic and compares the results from emulated traffic and real traffic to verify if the network characteristics appearing in testbeds and emulated traffic coincide with real traffic. Among three verified characteristics, two of them appear in the real dataset but in a less regular way, and one does not appear in the collected real data. The insights from these observations are discussed in terms of presumed differences between emulated and real traffic and how those differences are generated.

Place, publisher, year, edition, pages
Springer, 2021
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349
Keywords
SCADA, Traffic characterization, IEC-104, Timing analysis
National Category
Computer Engineering
Identifiers
urn:nbn:se:liu:diva-189696 (URN)10.1007/978-3-030-69781-5_14 (DOI)2-s2.0-85102736813 (Scopus ID)9783030697808 (ISBN)9783030697815 (ISBN)
Conference
International Workshop on Cyber-Physical Security for Critical Infrastructures Protection
Funder
Swedish Civil Contingencies Agency
Available from: 2022-11-03 Created: 2022-11-03 Last updated: 2024-08-27
Saar de Moraes, R., Bernardi, S. & Nadjm-Tehrani, S. (2021). A model-based approach for analysing network communication timeliness in IMA systems at concept level. In: Proceedings of the 29th International Conference on Real-Time Networks and Systems: . Paper presented at RTNS'2021: 29th International Conference on Real-Time Networks and Systems NANTES France April 7 - 9, 2021 (pp. 78-88). Association for Computing Machinery
Open this publication in new window or tab >>A model-based approach for analysing network communication timeliness in IMA systems at concept level
2021 (English)In: Proceedings of the 29th International Conference on Real-Time Networks and Systems, Association for Computing Machinery , 2021, p. 78-88Conference paper, Published paper (Refereed)
Abstract [en]

Analyzing the resource adequacy of complex cyber-physical systems at concept development stage can be a challenging task since there are a lot of uncertainties about the system at this stage. In Integrated Modular Avionics (IMA) systems, with a life-cycle over several decades and potential functionality changes, we need to estimate resource needs at the early stage but leave capacity to absorb future modifications. Given an envisaged set of functions and a mapping to a candidate platform, one needs to assure that the selected network configuration will provide adequate resources to meet communication timeliness. In particular, whether the set of switches, the topology, and the available bandwidth are sufficient to meet the envisaged needs. In this paper, timeliness requirements are expressed as constraints on the freshness of data and a strict bounding of end-to-end latency. We support generation of UML/MARTE-based specifications by creating a domain-specific meta-model for IMA systems and a resource modelling approach for the study of time-critical systems. The instances of this model then specify the application requirements and various network configurations that can be formally analyzed. We present a tool, M2NC, for automatic derivation of a network calculus model through model transformation, and use the state-of-art NC tools for deriving the bounds for end-to-end timeliness. The approach is illustrated on an example avionics case study, consisting of 91 computational processes that exchange 629 different types of messages. The results of the analysis show that our approach can efficiently provide feedback on configurations that are compliant with the requirements imposed by the application and the toolchain provides a systematic mechanism to quickly identify potential future bottlenecks.

Place, publisher, year, edition, pages
Association for Computing Machinery, 2021
Series
RTNS ’21
Keywords
UML-MARTE, Real-Time Systems, Network Resource Adequacy, Model Verification, Concept Analysis
National Category
Computer Systems
Identifiers
urn:nbn:se:liu:diva-203160 (URN)10.1145/3453417.3453427 (DOI)000933139900008 ()9781450390019 (ISBN)
Conference
RTNS'2021: 29th International Conference on Real-Time Networks and Systems NANTES France April 7 - 9, 2021
Note

Funding: This work was supported by the Swedish Governmental Agency for Innovation Systems- Vinnova, as part of the national projects on aeronautics, NFFP7, project CLASSICS (NFFP7 2017-04890). Simona Bernardi was partially supported by the project Medrese (RTI2018098543-B-I00) by the Spanish Ministry of Science, Innovation and Universities.

Available from: 2024-04-30 Created: 2024-04-30 Last updated: 2024-11-22
Toczé, K. & Nadjm-Tehrani, S. (2021). Corrigendum to “A Taxonomy for Management and Optimization of Multiple Resources in Edge Computing” (vol 2018, 7476201, 2018). Wireless Communications & Mobile Computing, 2021, Article ID 9876126.
Open this publication in new window or tab >>Corrigendum to “A Taxonomy for Management and Optimization of Multiple Resources in Edge Computing” (vol 2018, 7476201, 2018)
2021 (English)In: Wireless Communications & Mobile Computing, ISSN 1530-8669, E-ISSN 1530-8677, Vol. 2021, article id 9876126Article in journal (Other academic) Published
Abstract [en]

n/a

Place, publisher, year, edition, pages
Wiley Hindawi, 2021
National Category
Communication Systems
Identifiers
urn:nbn:se:liu:diva-184115 (URN)10.1155/2021/9876126 (DOI)000770932000008 ()
Available from: 2022-04-11 Created: 2022-04-11 Last updated: 2022-06-20
Lin, C.-Y., Fundin, A., Westring, E., Gustafsson, T. & Nadjm-Tehrani, S. (2021). RICSel21 Data Collection: Attacks in a Virtual Power Network. In: 2021 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm): . Paper presented at IEEE International Conference on Smart Grid Communications (SmartGridComm), Aachen, Germany, 25-28 October, 2021 (pp. 201-206). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>RICSel21 Data Collection: Attacks in a Virtual Power Network
Show others...
2021 (English)In: 2021 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), Institute of Electrical and Electronics Engineers (IEEE), 2021, p. 201-206Conference paper, Published paper (Refereed)
Abstract [en]

Attacks against Supervisory Control and Data Acquisition (SCADA) systems operating critical infrastructures have increased since the appearance of Stuxnet. To defend critical infrastructures, security researchers need realistic datasets to evaluate and benchmark their defense mechanisms such as Anomaly Detection Systems (ADS). However, real-world data collected from critical infrastructures are too sensitive to share openly. Therefore, testbed datasets have become a viable option to balance the requirement of openness and realism. This study provides a data generation framework based on a virtual testbed with a commercial SCADA system and presents an openly available dataset called RICSel21, with packets in IEC-60870-5-104 protocol streams. The dataset is the result of performing 12 attacks, identifying the impact of attacks on a power management system and recording the logs of the seven successful attacks.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2021
Keywords
Computers, Protocols, Computer worms, Power system management, Conferences, SCADA systems, Benchmark testing
National Category
Computer Systems
Identifiers
urn:nbn:se:liu:diva-189699 (URN)10.1109/SmartGridComm51999.2021.9632328 (DOI)2-s2.0-85123913802 (Scopus ID)9781665430449 (ISBN)9781665415026 (ISBN)
Conference
IEEE International Conference on Smart Grid Communications (SmartGridComm), Aachen, Germany, 25-28 October, 2021
Funder
Swedish Civil Contingencies Agency
Available from: 2022-11-03 Created: 2022-11-03 Last updated: 2022-11-09Bibliographically approved
Toczé, K., Lindqvist, J. & Nadjm-Tehrani, S. (2020). Characterization and modeling of an edge computing mixed reality workload. Journal of Cloud Computing: Advances, Systems and Applications, 9(1), Article ID 46.
Open this publication in new window or tab >>Characterization and modeling of an edge computing mixed reality workload
2020 (English)In: Journal of Cloud Computing: Advances, Systems and Applications, E-ISSN 2192-113X, Vol. 9, no 1, article id 46Article in journal (Refereed) Published
Abstract [en]

The edge computing paradigm comes with a promise of lower application latency compared to the cloud. Moreover, offloading user device computations to the edge enables running demanding applications on resource-constrained mobile end devices. However, there is a lack of workload models specific to edge offloading using applications as their basis.In this work, we build upon the reconfigurable open-source mixed reality (MR) framework MR-Leo as a vehicle to study resource utilisation and quality of service for a time-critical mobile application that would have to rely on the edge to be widely deployed. We perform experiments to aid estimating the resource footprint and the generated load by MR-Leo, and propose an application model and a statistical workload model for it. The idea is that such empirically-driven models can be the basis of evaluations of edge algorithms within simulation or analytical studies.A comparison with a workload model used in a recent work shows that the computational demand of MR-Leo exhibits very different characteristics from those assumed for MR applications earlier.

Place, publisher, year, edition, pages
Springer, 2020
Keywords
Edge; fog computing; Mixed reality; Open-source; Empirical performance evaluation; Workload characterization and modeling; Application instrumentation for data collection; Resource footprint
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-169226 (URN)10.1186/s13677-020-00190-x (DOI)000560710500001 ()2-s2.0-85089493866 (Scopus ID)
Note

Funding Agencies|Swedish National Graduate School in Computer Science (CUGS)

Available from: 2020-09-12 Created: 2020-09-12 Last updated: 2024-09-02Bibliographically approved
Törnblom, J. & Nadjm-Tehrani, S. (2020). Formal Verification of Input-Output Mappings of Tree Ensembles. Science of Computer Programming, 194
Open this publication in new window or tab >>Formal Verification of Input-Output Mappings of Tree Ensembles
2020 (English)In: Science of Computer Programming, ISSN 0167-6423, E-ISSN 1872-7964, Vol. 194Article in journal (Refereed) Published
Abstract [en]

Recent advances in machine learning and artificial intelligence are now beingconsidered in safety-critical autonomous systems where software defects maycause severe harm to humans and the environment. Design organizations in thesedomains are currently unable to provide convincing arguments that their systemsare safe to operate when machine learning algorithms are used to implement theirsoftware.

In this paper, we present an efficient method to extract equivalence classes from decision trees and tree ensembles, and to formally verify that their input-output mappings comply with requirements. The idea is that, given that safety requirements can be traced to desirable properties on system input-output patterns, we can use positive verification outcomes in safety arguments.

This paper presents the implementation of the method in the tool VoTE (Verifier of Tree Ensembles), and evaluates its scalability on two case studies presented in current literature. We demonstrate that our method is practical for tree ensembles trained on low-dimensional data with up to 25 decision trees and tree depths of up to 20.Our work also studies the limitations of the method with high-dimensionaldata and preliminarily investigates the trade-off between large number of trees and time taken for verification.

Keywords
Formal verification, Decision tree, Tree ensemble, Random forest, Gradient boosting machine
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-164563 (URN)10.1016/j.scico.2020.102450 (DOI)000528192400002 ()
Funder
Wallenberg AI, Autonomous Systems and Software Program (WASP)
Note

Funding agencies: Wallenberg AI, Autonomous Systems and Software Program (WASP) - Knut and Alice Wallenberg Foundation

Available from: 2020-03-24 Created: 2020-03-24 Last updated: 2022-03-19
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-1485-0802

Search in DiVA

Show all publications