Showing papers on "Vulnerability (computing) published in 2018"

Mitigating Sybils in Federated Learning Poisoning.

Abstract: Machine learning (ML) over distributed multi-party data is required for a variety of domains. Existing approaches, such as federated learning, collect the outputs computed by a group of devices at a central aggregator and run iterative algorithms to train a globally shared model. Unfortunately, such approaches are susceptible to a variety of attacks, including model poisoning, which is made substantially worse in the presence of sybils. In this paper we first evaluate the vulnerability of federated learning to sybil-based poisoning attacks. We then describe \emph{FoolsGold}, a novel defense to this problem that identifies poisoning sybils based on the diversity of client updates in the distributed learning process. Unlike prior work, our system does not bound the expected number of attackers, requires no auxiliary information outside of the learning process, and makes fewer assumptions about clients and their data. In our evaluation we show that FoolsGold exceeds the capabilities of existing state of the art approaches to countering sybil-based label-flipping and backdoor poisoning attacks. Our results hold for different distributions of client data, varying poisoning targets, and various sybil strategies. Code can be found at: this https URL

Automated Vulnerability Detection in Source Code Using Deep Representation Learning

Abstract: Increasing numbers of software vulnerabilities are discovered every year whether they are reported publicly or discovered internally in proprietary code. These vulnerabilities can pose serious risk of exploit and result in system compromise, information leaks, or denial of service. We leveraged the wealth of C and C++ open-source code available to develop a largescale function-level vulnerability detection system using machine learning. To supplement existing labeled vulnerability datasets, we compiled a vast dataset of millions of open-source functions and labeled it with carefully-selected findings from three different static analyzers that indicate potential exploits. Using these datasets, we developed a fast and scalable vulnerability detection tool based on deep feature representation learning that directly interprets lexed source code. We evaluated our tool on code from both real software packages and the NIST SATE IV benchmark dataset. Our results demonstrate that deep feature representation learning on source code is a promising approach for automated software vulnerability detection.

National Vulnerability Database

Abstract: security automation reference data is currently housed within the nvd the nvd is the u s government repository of security automation data based on security automation specifications this data provides a standards based foundation for the automation of software asset vulnerability and security configuration management security measurement and compliance activities this data supports security automation efforts based on the security content automation protocols scap the nvd includes databases of security configuration checklists for the ncp listings of publicly known software flaws product names and impact metrics a formal validation program tests the ability of vendor products to use some forms of security automation data based on a product s conformance in support of specific enterprise capabilities

Spectre returns! speculation attacks using the return stack buffer

Abstract: The recent Spectre attacks exploit speculative execution, a pervasively used feature of modern microprocessors, to allow the exfiltration of sensitive data across protection boundaries. In this paper, we introduce a new Spectreclass attack that we call SpectreRSB. In particular, rather than exploiting the branch predictor unit, SpectreRSB exploits the return stack buffer (RSB), a common predictor structure in modern CPUs used to predict return addresses. We show that both local attacks (within the same process such as Spectre 1) and attacks on SGX are possible by constructing proof of concept attacks. We also analyze additional types of the attack on the kernel or across address spaces and show that under some practical and widely used conditions they are possible. Importantly, none of the known defenses including Retpoline and Intel's microcode patches stop all SpectreRSB attacks. We believe that future system developers should be aware of this vulnerability and consider it in developing defenses against speculation attacks. In particular, on Core-i7 Skylake and newer processors (but not on Intel's Xeon processor line), a patch called RSB refilling is used to address a vulnerability when the RSB underfills; this defense interferes with SpectreRSB's ability to launch attacks that switch into the kernel. We recommend that this patch should be used on all machines to protect against SpectreRSB.

Automated Vulnerability Detection in Source Code Using Deep Representation Learning

Abstract: Increasing numbers of software vulnerabilities are discovered every year whether they are reported publicly or discovered internally in proprietary code. These vulnerabilities can pose serious risk of exploit and result in system compromise, information leaks, or denial of service. We leveraged the wealth of C and C++ open-source code available to develop a large-scale function-level vulnerability detection system using machine learning. To supplement existing labeled vulnerability datasets, we compiled a vast dataset of millions of open-source functions and labeled it with carefully-selected findings from three different static analyzers that indicate potential exploits. The labeled dataset is available at: this https URL. Using these datasets, we developed a fast and scalable vulnerability detection tool based on deep feature representation learning that directly interprets lexed source code. We evaluated our tool on code from both real software packages and the NIST SATE IV benchmark dataset. Our results demonstrate that deep feature representation learning on source code is a promising approach for automated software vulnerability detection.

Identifying ECUs Using Inimitable Characteristics of Signals in Controller Area Networks

Abstract: As the functions of vehicles are more computerized for the safety and convenience of drivers, attack surfaces of vehicle are accordingly increasing. Many attack results have shown that an attacker could intentionally control vehicles. Most of them exploit the vulnerability that controller area network (CAN) protocol, a de-facto standard for the in-vehicle networks, does not support message origin authentication. Although a number of methods to resolve this security vulnerability have been suggested, they have their each limitation to be applied into the current system. They have required either the modification of the CAN standard or dramatical communication load increase, which is infeasible in practice. In this paper, we propose a novel identification method, which works in the physical layer of the in-vehicle CAN network. Our method identifies electronic control units (ECUs) using inimitable characteristics of electrical CAN signals enabling detection of a malicious ECU. Unlike previous attempts to address the security problem in the in-vehicle CAN network, our method works by simply adding a monitoring unit to the existing network, making it deployable in current systems and compliant with required CAN standards. Our experimental results show that our method is able to correctly identify ECUs. In case of misclassfication rate for ECU idnetification, our method yields 0.36% in average which is approximate four times lower than the method proposed by P.-S. Murvay et al. This paper is also the first to identify potential attack models that systems should be able to detect.

Rendered Insecure: GPU Side Channel Attacks are Practical

Abstract: Graphics Processing Units (GPUs) are commonly integrated with computing devices to enhance the performance and capabilities of graphical workloads. In addition, they are increasingly being integrated in data centers and clouds such that they can be used to accelerate data intensive workloads. Under a number of scenarios the GPU can be shared between multiple applications at a fine granularity allowing a spy application to monitor side channels and attempt to infer the behavior of the victim. For example, OpenGL and WebGL send workloads to the GPU at the granularity of a frame, allowing an attacker to interleave the use of the GPU to measure the side-effects of the victim computation through performance counters or other resource tracking APIs. We demonstrate the vulnerability using two applications. First, we show that an OpenGL based spy can fingerprint websites accurately, track user activities within the website, and even infer the keystroke timings for a password text box with high accuracy. The second application demonstrates how a CUDA spy application can derive the internal parameters of a neural network model being used by another CUDA application, illustrating these threats on the cloud. To counter these attacks, the paper suggests mitigations based on limiting the rate of the calls, or limiting the granularity of the returned information.

Cross-Project Transfer Representation Learning for Vulnerable Function Discovery

Abstract: Machine learning is now widely used to detect security vulnerabilities in the software, even before the software is released. But its potential is often severely compromised at the early stage of a software project when we face a shortage of high-quality training data and have to rely on overly generic hand-crafted features. This paper addresses this cold-start problem of machine learning, by learning rich features that generalize across similar projects. To reach an optimal balance between feature-richness and generalizability, we devise a data-driven method including the following innovative ideas. First, the code semantics are revealed through serialized abstract syntax trees (ASTs), with tokens encoded by Continuous Bag-of-Words neural embeddings. Next, the serialized ASTs are fed to a sequential deep learning classifier (Bi-LSTM) to obtain a representation indicative of software vulnerability. Finally, the neural representation obtained from existing software projects is then transferred to the new project to enable early vulnerability detection even with a small set of training labels. To validate this vulnerability detection approach, we manually labeled 457 vulnerable functions and collected 30 000+ nonvulnerable functions from six open-source projects. The empirical results confirmed that the trained model is capable of generating representations that are indicative of program vulnerability and is adaptable across multiple projects. Compared with the traditional code metrics, our transfer-learned representations are more effective for predicting vulnerable functions, both within a project and across multiple projects.

Automated software vulnerability detection with machine learning.

Abstract: Thousands of security vulnerabilities are discovered in production software each year, either reported publicly to the Common Vulnerabilities and Exposures database or discovered internally in proprietary code. Vulnerabilities often manifest themselves in subtle ways that are not obvious to code reviewers or the developers themselves. With the wealth of open source code available for analysis, there is an opportunity to learn the patterns of bugs that can lead to security vulnerabilities directly from data. In this paper, we present a data-driven approach to vulnerability detection using machine learning, specifically applied to C and C++ programs. We first compile a large dataset of hundreds of thousands of open-source functions labeled with the outputs of a static analyzer. We then compare methods applied directly to source code with methods applied to artifacts extracted from the build process, finding that source-based models perform better. We also compare the application of deep neural network models with more traditional models such as random forests and find the best performance comes from combining features learned by deep models with tree-based models. Ultimately, our highest performing model achieves an area under the precision-recall curve of 0.49 and an area under the ROC curve of 0.87.

On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags

Abstract: Recently, Tewari and Gupta proposed a ultra-lightweight mutual authentication protocol in IoT environments for RFID tags. Their protocol aims to provide secure communication with least cost in both storage and computation. Unfortunately, in this paper, we exploit the vulnerability of this protocol. In this attack, an attacker can obtain the key shared between a back-end database server and a tag. We also explore the possibility in patching the system with some modifications.

Spectre Returns! Speculation Attacks using the Return Stack Buffer

Abstract: The recent Spectre attacks exploit speculative execution, a pervasively used feature of modern microprocessors, to allow the exfiltration of sensitive data across protection boundaries. In this paper, we introduce a new Spectre-class attack that we call SpectreRSB. In particular, rather than exploiting the branch predictor unit, SpectreRSB exploits the return stack buffer (RSB), a common predictor structure in modern CPUs used to predict return addresses. We show that both local attacks (within the same process such as Spectre 1) and attacks on SGX are possible by constructing proof of concept attacks. We also analyze additional types of the attack on the kernel or across address spaces and show that under some practical and widely used conditions they are possible. Importantly, none of the known defenses including Retpoline and Intel's microcode patches stop all SpectreRSB attacks. We believe that future system developers should be aware of this vulnerability and consider it in developing defenses against speculation attacks. In particular, on Core-i7 Skylake and newer processors (but not on Intel's Xeon processor line), a patch called RSB refilling is used to address a vulnerability when the RSB underfills; this defense interferes with SpectreRSB's ability to launch attacks that switch into the kernel. We recommend that this patch should be used on all machines to protect against SpectreRSB.

Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes

Abstract: Identifying security vulnerabilities in software is a critical task that requires significant human effort. Currently, vulnerability discovery is often the responsibility of software testers before release and white-hat hackers (often within bug bounty programs) afterward. This arrangement can be ad-hoc and far from ideal; for example, if testers could identify more vulnerabilities, software would be more secure at release time. Thus far, however, the processes used by each group — and how they compare to and interact with each other — have not been well studied. This paper takes a first step toward better understanding, and eventually improving, this ecosystem: we report on a semi-structured interview study (n=25) with both testers and hackers, focusing on how each group finds vulnerabilities, how they develop their skills, and the challenges they face. The results suggest that hackers and testers follow similar processes, but get different results due largely to differing experiences and therefore different underlying knowledge of security concepts. Based on these results, we provide recommendations to support improved security training for testers, better communication between hackers and developers, and smarter bug bounty policies to motivate hacker participation.

A Survey of Side-Channel Attacks on Caches and Countermeasures

Abstract: With the increasing proliferation of Internet-of-Things (IoT) in our daily lives, security and trustworthiness are key considerations in designing computing devices. A vast majority of IoT devices use shared caches for improved performance. Unfortunately, the data sharing introduces the vulnerability in these systems. Side-channel attacks in shared caches have been explored for over a decade. Existing approaches utilize side-channel (non-functional) behaviors such as time, power, and electromagnetic radiation to attack encryption schemes. In this paper, we survey the widely used target encryption algorithms, the common attack techniques, and recent attacks that exploit the features of cache. In particular, we focus on the cache timing attacks against the cloud computing and embedded systems. We also survey existing countermeasures at different abstraction levels.

A Vulnerability Assessment Method in Industrial Internet of Things Based on Attack Graph and Maximum Flow

Abstract: To solve the low attack path quantification degree and complex path finding in the industrial Internet of Things, a vulnerability assessment method based on attack graph and maximum flow is proposed. The method takes into account the factors influencing the attack behavior and relationship between network nodes. The attack risk is calculated by common vulnerability scoring system, which increases the attack path quantification degree. The maximum loss flow describes the attack path, evaluates the network vulnerability by maximum loss flow and loss saturation and represents the vulnerability relevance. Avoiding the repeat calculation and obtaining the potential key vulnerability path fast, the augmented road algorithm is used to find optimal attack path within global path. The result shows that the method is feasible and can evaluate the vulnerability and risk path objectively.

IIoT Cybersecurity Risk Modeling for SCADA Systems

Abstract: Urban critical infrastructure such as electric grids, water networks, and transportation systems are prime targets for cyberattacks. These systems are composed of connected devices which we call the Industrial Internet of Things (IIoT). An attack on urban critical infrastructure IIoT would cause considerable disruption to society. Supervisory control and data acquisition (SCADA) systems are typically used to control IIoT for urban critical infrastructure. Despite the clear need to understand the cyber risk to urban critical infrastructure, there is no data-driven model for evaluating SCADA software risk for IIoT devices. In this paper, we compare non-SCADA and SCADA systems and establish, using cosine similarity tests, that SCADA as a software subclass holds unique risk attributes for IIoT. We then disprove the commonly accepted notion that the common vulnerability scoring system risk metrics of exploitability and impact are not correlated with attack for the SCADA subclass of software. A series of statistical models are developed to identify SCADA risk metrics that can be used to evaluate the risk that a SCADA-related vulnerability is exploited. Based on our findings, we build a customizable SCADA risk prioritization schema that can be used by the security community to better understand SCADA-specific risk. Considering the distinct properties of SCADA systems, a data-driven prioritization schema will help researchers identify security gaps specific to this software subclass that is essential to our society’s operations.

FPGAhammer: Remote Voltage Fault Attacks on Shared FPGAs, suitable for DFA on AES

Abstract: With each new technology generation, the available resources on Field Programmable Gate Arrays increase, making them more attractive for partial access from multiple users. They get increasingly adopted as accelerators in various application domains, embedded in shared Systems on Chip or remote cloud services. Thus, some recent works have already explored Denial-of-Service and side-channel attacks, where an FPGA fabric is shared among multiple users. In this work, we show how fault attacks can be launched within an FPGA, through software-provided bitstreams alone. Excessive voltage drops can be generated from legitimate logic mapped into the FPGA to cause timing faults, reaching from spatially and logically isolated partitions of one to another user of the FPGA fabric. To cause this voltage drop, we first show how specific patterns to activate Ring Oscillators can cause timing failures in simple test designs on various FPGA boards. Subsequently, we analyze and adapt an existing fault model for the Advanced Encryption Standard to match the accuracy of our fault attack. In the same multi-user scenario, we show as a proof-of-concept how a successful Differential Fault Analysis attack on an AES module can be launched. We perform experiments on three FPGA boards of the same model and confirm that the attack adapts to all systems and is successful under process variation, but with different susceptibility to faults. The paper is concluded by validating the attack on another platform, and analyzing the vulnerability based on a timing analysis, proving the applicability to different devices.

SAIL: Machine Learning Guided Structural Analysis Attack on Hardware Obfuscation

Abstract: Obfuscation is a technique for protecting hardware intellectual property (IP) blocks against reverse engineering, piracy, and malicious modifications. Current obfuscation efforts mainly focus on functional locking of a design to prevent black-box usage. They do not directly address hiding design intent through structural transformations, which is an important objective of obfuscation. We note that current obfuscation techniques incorporate only: (1) local, and (2) predictable changes in circuit topology. In this paper, we present SAIL, a structural attack on obfuscation using machine learning (ML) models that exposes a critical vulnerability of these methods. Through this attack, we demonstrate that the gate-level structure of an obfuscated design can be retrieved in most parts through a systematic set of steps. The proposed attack is applicable to all forms of logic obfuscation, and significantly more powerful than existing attacks, e.g., SAT-based attacks, since it does not require the availability of golden functional responses (e.g., an unlocked IC). Evaluation on benchmark circuits show that we can recover an average of about 84% (up to 95%) transformations introduced by obfuscation. We also show that this attack is scalable, flexible, and versatile.

Comparison analysis on vulnerability of metro networks based on complex network

Abstract: This paper analyzes the networked characteristics of three metro networks, and two malicious attacks are employed to investigate the vulnerability of metro networks based on connectivity vulnerability and functionality vulnerability. Meanwhile, the networked characteristics and vulnerability of three metro networks are compared with each other. The results show that Shanghai metro network has the largest transport capacity, Beijing metro network has the best local connectivity and Guangzhou metro network has the best global connectivity, moreover Beijing metro network has the best homogeneous degree distribution. Furthermore, we find that metro networks are very vulnerable subjected to malicious attacks, and Guangzhou metro network has the best topological structure and reliability among three metro networks. The results indicate that the proposed methodology is feasible and effective to investigate the vulnerability and to explore better topological structure of metro networks.

Analysis of LoRaWAN v1.1 security: research paper

Abstract: LoRa and the LoRaWAN specification is a technology for Low Power Wide Area Networks (LPWAN) designed to allow connectivity for connected objects, such as remote sensors. Several previous works revealed various weaknesses regarding the security of LoRaWAN v1.0 (the official 1st draft) and these led to improvements included in LoRaWAN v1.1, released on Oct 11, 2017. In this work, we provide the first look into the security of LoRaWAN v1.1. We present an overview of the protocol and, importantly, present several threats to this new version of the protocol. Besides, we propose our own ramification strategies for the mentioned threats, to be used in developing next version of LoRaWAN. The threats presented were not previously discussed, they are possible even within the security assumptions of the specification and are relevant for practitioners implementing LoRa-based applications as well researchers and the future evolution of the LoRaWAN specification.

Can the Common Vulnerability Scoring System be Trusted? A Bayesian Analysis

Abstract: The Common Vulnerability Scoring System (CVSS) is the state-of-the art system for assessing software vulnerabilities. However, it has been criticized for lack of validity and practitioner relevance. In this paper, the credibility of the CVSS scoring data found in five leading databases-NVD, X-Force, OSVDB, CERT-VN, and Cisco-is assessed. A Bayesian method is used to infer the most probable true values underlying the imperfect assessments of the databases, thus circumventing the problem that ground truth is not known. It is concluded that with the exception of a few dimensions, the CVSS is quite trustworthy. The databases are relatively consistent, but some are better than others. The expected accuracy of each database for a given dimension can be found by marginalizing confusion matrices. By this measure, NVD is the best and OSVDB is the worst of the assessed databases.

Encrypt Flip-Flop: A Novel Logic Encryption Technique For Sequential Circuits.

Abstract: Logic Encryption is one of the most popular hardware security techniques which can prevent IP piracy and illegal IC overproduction. It introduces obfuscation by inserting some extra hardware into a design to hide its functionality from unauthorized users. Correct functionality of an encrypted design depends upon the application of correct keys, shared only with the authorized users. In the recent past, extensive efforts have been devoted in extracting the secret key of an encrypted design. At the same time, several countermeasures have also been proposed by the research community to thwart different state-of-the-art attacks on logic encryption. However, most of the proposed countermeasures fail to prevent the powerful SAT attack. Although a few researchers have proposed different solutions to withstand SAT attack, those solutions suffer from several drawbacks such as high design overheads, low output corruptibility, and vulnerability against removal attack. Almost all the known logic encryption strategies are vulnerable to scan based attack. In this paper, we propose a novel encryption technique called Encrypt Flip-Flop, which encrypts the outputs of selected flip-flops by inserting multiplexers (MUX). The proposed strategy can thwart all the known attacks including SAT and scan based attacks. The scheme has low design overhead and implementation complexity. Experimental results on several ISCAS'89 and ITC'99 benchmarks show that our proposed method can produce reasonable output corruption for wrong keys.

Smart Contract-Based Review System for an IoT Data Marketplace.

Abstract: Internet of Things (IoT)-based devices, especially those used for home automation, consist of their own sensors and generate many logs during a process. Enterprises producing IoT devices convert these log data into more useful data through secondary processing; thus, they require data from the device users. Recently, a platform for data sharing has been developed because the demand for IoT data increases. Several IoT data marketplaces are based on peer-to-peer (P2P) networks, and in this type of marketplace, it is difficult for an enterprise to trust a data owner or the data they want to trade. Therefore, in this study, we propose a review system that can confirm the reputation of a data owner or the data traded in the P2P data marketplace. The traditional server-client review systems have many drawbacks, such as security vulnerability or server administrator's malicious behavior. However, the review system developed in this study is based on Ethereum smart contracts; thus, this system is running on the P2P network and is more flexible for the network problem. Moreover, the integrity and immutability of the registered reviews are assured because of the blockchain public ledger. In addition, a certain amount of gas is essential for all functions to be processed by Ethereum transactions. Accordingly, we tested and analyzed the performance of our proposed model in terms of gas required.

Can Attackers With Limited Information Exploit Historical Data to Mount Successful False Data Injection Attacks on Power Systems

Abstract: This paper studies physical consequences of unobservable false data injection (FDI) attacks designed only with information inside a subnetwork of the power system. The goal of this attack is to overload a chosen target line without being detected via measurements. To overcome the limited information, a multiple linear regression model is developed to learn the relationship between the external network and the attack subnetwork from historical data. The worst possible consequences of such FDI attacks are evaluated by solving a bi-level optimization problem wherein the first level models the limited attack resources, while the second level formulates the system response to such attacks via dc optimal power flow (OPF). The attack model with limited information is reflected in the dc OPF formulation that only takes into account the system information for the attack subnetwork. The vulnerability of this attack model is illustrated on the IEEE 24-bus reliability test system and the IEEE 118-bus systems.

oo7: Low-overhead Defense against Spectre Attacks via Program Analysis

Abstract: The Spectre vulnerability in modern processors has been widely reported. The key insight in this vulnerability is that speculative execution in processors can be misused to access the secrets. Subsequently, even though the speculatively executed instructions are squashed, the secret may linger in micro-architectural states such as cache, and can potentially be accessed by an attacker via side channels. In this paper, we propose oo7, a static analysis approach that can mitigate Spectre attacks by detecting potentially vulnerable code snippets in program binaries and protecting them against the attack by patching them. Our key contribution is to balance the concerns of effectiveness, analysis time and run-time overheads. We employ control flow extraction, taint analysis, and address analysis to detect tainted conditional branches and speculative memory accesses. oo7 can detect all fifteen purpose-built Spectre-vulnerable code patterns, whereas Microsoft compiler with Spectre mitigation option can only detect two of them. We also report the results of a large-scale study on applying oo7 to over 500 program binaries (average binary size 261 KB) from different real-world projects. We protect programs against Spectre attack by selectively inserting fences only at vulnerable conditional branches to prevent speculative execution. Our approach is experimentally observed to incur around 5.9% performance overheads on SPECint benchmarks.

Empirical Analysis of MAVLink Protocol Vulnerability for Attacking Unmanned Aerial Vehicles

Abstract: Recently, unmanned aerial vehicles (UAVs), or the so-called drones, have been used in various applications In particular, UAVs are used for rescue systems, disaster detection, and military purposes, as well as for leisure and commercial purposes UAVs that are controlled over networks by ground control stations (GCS) can provide various services with expanded activity area It is thus of critical importance to investigate the vulnerability of the drone system In this paper, we focus on UAVs controlled by GCS over networks We analyze the vulnerability of the micro-air-vehicle communication (MAVLink) protocol, which is one of the most widely adopted communication protocols for GCS-based control of UAVs Then, by exploiting the vulnerability of the MAVLink protocol, we propose an attack methodology that can disable an ongoing mission of a UAV Our empirical study confirms that the proposed attack can stop the attacked UAV and disable the mission

Continuous Security in IoT Using Blockchain

Abstract: The two major roadblocks for state of the art Internet of Things (IoT) infrastructure like smart buildings, smart cities, etc. are lack of trust between various entities of system and single point of failure which is a vulnerability causing extreme damage to the whole system. This paper proposes a blockchain based IoT security solution where, trust is established through the immutable and decentralized nature of blockchain. The distributed nature of blockchain makes the system more robust and immune to single point of failure. We propose a mechanism to establish continuous security in the system by evaluating legitimate presence of user in valid IoT-Zone continuously without user intervention. Every user interaction in an IoT environment is stored in blockchain as a transaction and series of these transactions represent a user's IoT-trail. A unique digital crypto-token is required for a user interaction to be legitimate. This token is used as an access control mechanism to prevent any unauthorized access to the system. Tokens are pre-generated using a prediction model based on user's IoT-trail in the blockchain. By using blockchain as an underlying framework in IoT environment and through the method of continuous security, we made the system more secure, robust and interoperable.