• • Jayamine Alupotha

  • Sanduni Prasadi

  • Mohamed Fawsan

Header compression is desirable for network applications as it saves bandwidth and reduces latency. However, when data is compressed before being encrypted, the amount of compression leaks information about the amount of redundancy in the plaintext. In web requests, headers contain secret web cookies. Therefore, compression of headers before encryption will reveal the information about the secret web cookies. This side-channel has led to Compression Ratio Info-leak Made Easy (CRIME) attack on web traffic protected by the SSL/TLS protocols. In order to mitigate the CRIME attack, compression is completely disabled at the TLS/SSL layer, which in return increases the bandwidth consumption and latency. In a previous work (Financial Cryptography and Data Security 2015), two countermeasures are presented with formal security proofs, against compression side-channel attacks, namely (1)–separating secret cookies from user inputs and (2)–using a static compression dictionary. In this work we create a test environment to replicate the CRIME attack and verify the attack. Moreover, we implement a proven-secure countermeasure against the CRIME attack, in a real world client/server setup, following the aforementioned two countermeasures. Our implementation achieves better compression ratio (closer to the original TLS/SSL compression), and hence reduces the bandwidth usage and latency significantly (therefore cost-effective). To the best of our knowledge, this is the first proven-secure and cost-effective countermeasure implementation against the CRIME attack.

Publications:

• Alupotha, J.; Prasadi, S.; Fawzan, M.; Alawatugoda, J. and Ragel, R. Implementing a Proven-secure and Cost-effective Countermeasure against the Compression Ratio Info- leak Mass Exploitation (CRIME) Attack. In Proceedings of the 12th IEEE International Conference on Industrial and Information Systems (ICIIS 2017), IEEE Press, 2017. Funding: NRC 16-020

• • Thilini Dahanayaka

  • Rajitha Ramanayake

Caching is used as means to bridge the performance gap between processors and memory and multithreading is used to minimize the CPU idle time caused by the lower speeds of IO and memory tasks. However, when both these concepts are applied in a system, the total benefit of caching is not achieved due to the loss of cached data during context switches. As a solution, we propose to use thread specific caches, where the cache would be made of a group of small cache units and each thread is assigned a distinct cache core for its use.Over the last fifty years, the performance of computers evolved exponentially and continuously, closely following Moores (1). However, while microprocessor speed has been improving at roughly 60 percent per year, the memory access time has improved only by less than 10 percent per year(2). This performance gap between processor and memory has posed a threat to the exponential improvement of the overall performance of computers. In order to bridge this CPU-Memory performance gap, and also to reduce the energy consumption for memory accesses, cache memories are used.

• • Avindu Hendawitharana

  • Mayuri Illesinghe

  • Jayani Sumudini

  • Dr. Pantaleon Perera

Timetable scheduling is a very important process in any university or academic institution. The courses should be arranged to a set of timeslots satisfying hard and soft constraints. Manual creation of timetables is an expertise work also it consumes lot of time and human effort. To address all these problems, we introduce an automatic timetable generator which is a web application. The proposed system will take different inputs among lecturers, students and the others such as, number of students, lecture halls, lecturers, capacity of lecture halls, etc. Then it will create feasible timetable making excellent application of all resources which will be best suited for the constraints. In this research paper we will discuss how to automate the timetable scheduling process using Genetic algorithm which is a heuristic approach. Furthermore this paper deals with how to select the

algorithm and how to design the conceptual architecture of a timetable generator.

• • Lakshitha Deshapriya

  • Ishan Madhusanka

  • Ishani Paranawithana

  • Titus Nandakumara

The complex process of training placement process for undergraduates was handled by manually over the past years. Collecting students CVS and preferences for companies, collecting company requirements, grouping students for companies and scheduling interviews were the main activities of

the process. Handling the process manually consumes a considerable amount of time and result is also not much accurate. Therefore, as the solution, an intelligent training portal with the characteristics of recommendation engine was introduced to automate the process. The system consists two significant components; the front-end implementation and the back-end implementation. The back-end implementation includes both the

authentication server and resource server where important decisions are made through machine learning. Various classification algorithms and data that was collected throughout past years were used to train the system to classify the students for companies which have a higher probability of accepting them.

• • Pranavan Somaskandhan

  • Gihan Wijesinghe

  • Leshan Bashitha Wijegunawardana

IPL is a franchise system based, annual cricket tournament. IPL deals with millions of dollars. This imposes high pressure on team owners to search victories, which depends on team performance. The aim of this research is to assemble an optimal cricket team within a given budget to enhance the winnability. Several efforts have already been taken to address this problem without much success. They focused on identifying different performance metrics based on their domain knowledge of cricket. Essentially, it is critical to find the right set of metrics that would lead to assemble a team with

the highest chance of winning. The proposed solution is, rely on statistical analysis and machine learning while minimizing the use of domain knowledge. This study has started with gathering and refining necessary data. Then an optimal set of attributes has been identified, which impose the high impact on the end results of a cricket match. For this, Classification algorithms have been used and SVM gave the best accuracy. Thereafter, a

bid value prediction system has been implemented to predict bid values of players. Regression techniques used for this. Finally, a mathematical equation formed to calculate the winnability of a team. This equation is a linear relationship between a team’s winnability and a weighted sum of players’ performances. Using this equation we can then assemble an optimal cricket team to enhance the winnability by using constraint optimization

techniques where the budget is the constraint.

• • Seralahthan Vivekaananthan

  • Nishen Peiris

  • Chamith Shanaka

Security models for two-party authenticated key exchange (AKE) protocols have developed over time to capture the security of AKE protocols even when the adversary learns certain secret values by some means (leakage due to weak random number generators, malware attacks, man-in-the-middle attacks, insider attacks etc). LaMacchia, Lauter and Mityagin presented a strong security model for AKE protocols, namely the extended Canetti–Krawczyk (eCK) model  (ProvSec 2007), addressing wide range of real-world attack scenarios. They constructed a protocol, known as the NAXOS protocol. In order to satisfy the definition of eCK security, the NAXOS protocol uses a hash function to combine the longterm and the ephemeral secret keys, which is widely known as NAXOS-trick. However, for protocols based on the NAXO-Strick, the way of leakage modelled in the eCK security model leads to an unnatural assumption of leak-free computation of the hash of the long-term secret key and the ephemeral secret key; because the eCK model allows the attacker to reveal ephemeral key while the NAXOS-trick computation output remains safe. In a recent work of Alawatugoda, Stebila and Boyd (IMA Cryptography and Coding 2015), a NAXOS- trick-free eCK-secure AKE protocol is presented, namely the protocol P1. In this work we implement the protocol P1 to be used with the widely-used cryptographic library, the OpenSSL library. OpenSSL implementations are widely used with the real-world security protocol suites, such as Security Socket Layer (SSL) and Transport Layer Security (TLS). As per best of our knowledge, this implementation is the first OpenSSL implementation of an eCK-secure key exchange protocol. Thus, we open up the direction to use the recent advancements of cryptography for real-world Internet communication.

Publications:

• Alawatugoda, J.; Seralathan, V.; Peiris, N.; Wickramasinghe, C. and Chuah, C.W. Implementation of an eCK-secure Key Exchange Protocol for OpenSSL. In International Journal on Advanced Science, Engineering and Information Technology, Volume 8, Issue 5, pages 2205-2210, INSIGHT – Indonesian Society for Knowledge and Human Development, 2018. Funding: H082

• • Rosen Silva

  • Asela Rukmal

  • Nadith Malinda

Wireless Sensor Networks (WSN) are being widely used for sensing physical parameters in a broad geographical area. The person who needs WSN will only have a pictorial idea about how many sensor nodes are needed and what are they going to measure and how are they should be connected. The problem in the traditional method is that the person who needs the WSN should explain the pictorial view of the sensor network to a commercial vendor and buy it from them or they should design it from the scratch. What we proposed in our solution is that to create a platform so that the person who needs the WSN can directly draw the pictorial view on a canvas and then the platform will automatically generate all the required firmware

for the microcontrollers and wiring diagrams. The user is required only to follow few instructions to complete the real world implementation of the WSN. So basically this project is about developing a visual platform to design WSN. The WSN designing platform was built as a web application, so it can

manage a large number of supported sensors and microcontrollers, which means if one user adds the device driver for any a sensor or a microcontroller the rest of the world can directly use it from the platform without worrying about the hardware programming. Also if anyone needs a new sensor or microcontroller to be supported by this visual design platform, this will have interfaces to directly add new sensors and microcontrollers. Also, the designers will be able to switch the networking technology as per the requirement. This method is affordable to develop custom wireless sensor networks and increase the productivity, health, and economy accordingly.

• • Sanjeewa Kumara

  • Chamini Prashakthi

  • Sasitha Rajapaksha

  • Titus Nandakumara

In this paper, we examine how the Biofeedback can be used to improve user experience while playing the first person shooter game. Biofeedback is used to feed the body information of a real person to the game. Therefore, we are going to control and enhance a FPS game using some physiological functions of a human by mapping with the game character. We demonstrate the concept through a simple video game using two sensors to

detect the physiological states of the real player. Those two sensor devices are called as OpenBCI, which catches the Electrocardiography (ECG) signal and the Electrooculography (EOG) signal and Galvanic skin response sensor, which capture the skin conductance. Using these measurements, we can check the player’s excitement, eye movement, and the tiredness at the moment. If the excitement level become higher and the tiredness

become lower, the speed of the player will be increase, targeting for an aim will be high and generating enemies per time will be increase. If the excitement level became lower and the tiredness become higher, all the previous results will be happen in opposite way. If player looks left side, the screen will rotate left side by 15 degrees and for right side screen will rotate right side by 15 degrees. The major aim of this project is leads players to feel as real life experience while playing. Moreover, the game become addictive when it has this kind of features. In addition, another goal of adding this feature to the game is to control our body ourselves.

• • Prageeth Wanigasekara

  • Subhani Munasinghe

  • Pavinaa Thavapalan

  • Mr.Malintha Adikari

In recent years, social media emerged as a powerful resource to improve the management of crisis situations such as disasters triggered by natural hazards. In this project we focus on disasters triggered by natural hazards like floods, tsunami and cyclones. The objective of the work is to develop a

system that can be employed in natural disaster management. Disaster management is the creation of plans through which communities reduce vulnerability to hazards and cope with disasters. A disaster management model, which implements social media data mining techniques, can help the house holders in protecting their lives and properties from severe damages, based on the data retrieved from social media like facebook and

twitter. Data mining is a powerful technology for the extraction of hidden predictive and actionable information from large databases that can be used to gain deep and novel insights. Using data mining techniques on social media, the area which is going to be affected by a disaster, the spreading direction of a disaster and some other very useful features can be predicted.

• • Vimukthi Perera

  • Ching Shi

  • Brian Udugama

  • Titus Nanda Kumara

A major research focus in automobile development is improvement of safety. The main cause for road accidents is the distractions to the driver. Most distractions are in the form of emotional changes that result in unfitting states of mind. Existing methods of detecting a sleepy driver using image processing are proven to be challenging in practice due to the variations in the lighting condition. Further, it is insufficient to detect sleepiness

and fatigue as there are several other emotional conditions which could cause a driver to be in an unfitting state for driving. Such states of the driver could be identified using basic parameters of an ECG. In this research, different patterns in the ECG of the driver and patterns in the motion of the vehicle were identified for each emotional state to predict the driver’s emotional condition and warn if it tends to unsafe driving. Patterns in the

motion of the vehicle were analyzed in terms of the vehicle speed and the change in the acceleration. A Heart and Brain SpikerShield was used to obtain the ECG of the driver and an MPU-6050 IMU was used to gather the acceleration data of the vehicle. Collected data is sent to an Android device via Bluetooth for further processing. We were able to recognize the changes in the ECG and the driving pattern of a drowsy driver and an

aggressive driver. Accuracy of the emotion detection was verified by comparing the results against known methods.