Computer Science - Cryptography and Security Publications (50)


Computer Science - Cryptography and Security Publications

In this paper, we improve the previously best known regret bound to achieve $\epsilon$-differential privacy in oblivious adversarial bandits from $\mathcal{O}{(T^{2/3}/\epsilon)}$ to $\mathcal{O}{(\sqrt{T} \ln T /\epsilon)}$. This is achieved by combining a Laplace Mechanism with EXP3. We show that though EXP3 is already differentially private, it leaks a linear amount of information in $T$. Read More

The robustness and security of the biometric watermarking approach can be improved by using a multiple watermarking. This multiple watermarking proposed for improving security of biometric features and data. When the imposter tries to create the spoofed biometric feature, the invisible biometric watermark features can provide appropriate protection to multimedia data. Read More

Traditional approaches to Quantitative Information Flow (QIF) represent the adversary's prior knowledge of possible secret values as a single probability distribution. This representation may miss important structure. For instance, representing prior knowledge about passwords of a system's users in this way overlooks the fact that many users generate passwords using some strategy. Read More

Physical unclonable functions (PUF), as hardware security primitives, exploit manufacturing randomness to extract instance-specific challenge (input) response (output) pairs (CRPs). Since its emergence, the community started pursuing a strong PUF primitive that is with large CRP space and resilient to modeling building attacks. A practical realization of a strong PUF is still challenging to date. Read More

In an algorithmic complexity attack, a malicious party takes advantage of the worst-case behavior of an algorithm to cause denial-of-service. A prominent algorithmic complexity attack is regular expression denial-of-service (ReDoS), in which the attacker exploits a vulnerable regular expression by providing a carefully-crafted input string that triggers worst-case behavior of the matching algorithm. This paper proposes a technique for automatically finding ReDoS vulnerabilities in programs. Read More

Due to the rapid increase of digitization within our society, digital identities gain more and more importance. Provided by the German eID solution, every citizen has the ability to identify himself against various governmental and private organizations with the help of his personal electronic ID card and a corresponding card reader. While there are several solutions available for desktop use of the eID infrastructure, mobile approaches have to be payed more attention. Read More

The fundamental attack against blockchain systems is the double-spend attack. In this tutorial, we provide a very detailed explanation of just one section of Satoshi Nakamoto's original paper where the attack's probability of success is stated. We show the derivation of the mathematics relied upon by Nakamoto to create a model of the attack. Read More

Ethereum contracts can be designed to function as fully decentralized applications called DAPPs. Many DAPPs have already been fielded, including an online marketplace, a role playing game, a prediction market, and an Internet service provider. Unfortunately, DAPPs can be hacked, and the assets they control can be stolen. Read More

Channel-reciprocity based key generation (CRKG) has gained significant importance as it has recently been proposed as a potential lightweight security solution for IoT devices. However, the impact of the attacker's position in close range has only rarely been evaluated in practice, posing an open research problem about the security of real-world realizations. Furthermore, this would further bridge the gap between theoretical channel models and their practice-oriented realizations. Read More

In this paper, we describe ongoing work that focuses on improving the strength of the answers to security questions. The ultimate goal of the proposed research is to evaluate the possibility of nudging users towards strong answers for ubiquitous security questions. In this research we are proposing a user interface design for fallback authentication to encourage users to design stronger answers. Read More

We show a simple example of a secret sharing scheme encoding classical secret to quantum shares that can realize an access structure impossible by classical information processing with limitation on the size of each share. The example is based on quantum stabilizer codes. Read More

In this paper, a scheme for the encryption and decryption of colored images by using the Lorenz system and the discrete cosine transform in two dimensions (DCT2) is proposed. Although chaos is random, it has deterministic features that can be used for encryption; further, the same sequences can be produced at the transmitter and receiver under the same initial conditions. Another property of DCT2 is that the energy is concentrated in some elements of the coefficients. Read More

There are many occasions in which the security community is interested to discover the authorship of malware binaries, either for digital forensics analysis of malware corpora or for thwarting live threats of malware invasion. Such a discovery of authorship might be possible due to stylistic features inherent to software codes written by human programmers. Existing studies of authorship attribution of general purpose software mainly focus on source code, which is typically based on the style of programs and environment. Read More

In recent years, the emerging Internet-of-Things (IoT) has led to rising concerns about the security of networked embedded devices. In this work, we focus on the adaptation of Honeypots for improving the security of IoTs. Low-interaction honeypots are used so far in the context of IoT. Read More

Mobile network operators can track subscribers via passive or active monitoring of device locations. The recorded trajectories offer an unprecedented outlook on the activities of large user populations, which enables developing new networking solutions and services, and scaling up studies across research disciplines. Yet, the disclosure of individual trajectories raises significant privacy concerns: thus, these data are often protected by restrictive non-disclosure agreements that limit their availability and impede potential usages. Read More

Intrusion detection has attracted a considerable interest from researchers and industries. The community, after many years of research, still faces the problem of building reliable and efficient IDS that are capable of handling large quantities of data, with changing patterns in real time situations. The work presented in this manuscript classifies intrusion detection systems (IDS). Read More

Privacy issues of recommender systems have become a hot topic for the society as such systems are appearing in every corner of our life. In contrast to the fact that many secure multi-party computation protocols have been proposed to prevent information leakage in the process of recommendation computation, very little has been done to restrict the information leakage from the recommendation results. In this paper, we apply the differential privacy concept to neighborhood-based recommendation methods (NBMs) under a probabilistic framework. Read More

In this paper, we study the problems in the discrete Fourier transform (DFT) test included in NIST SP 800-22 released by the National Institute of Standards and Technology (NIST), which is a collection of tests for evaluating both physical and pseudo-random number generators for cryptographic applications. The most crucial problem in the DFT test is that its reference distribution of the test statistic is not derived mathematically but rather numerically estimated, the DFT test for randomness is based on a pseudo-random number generator (PRNG). Therefore, the present DFT test should not be used unless the reference distribution is mathematically derived. Read More

Mobile Crowdsensing is a promising paradigm for ubiquitous sensing, which explores the tremendous data collected by mobile smart devices with prominent spatial-temporal coverage. As a fundamental property of Mobile Crowdsensing Systems, temporally recruited mobile users can provide agile, fine-grained, and economical sensing labors, however their self-interest cannot guarantee the quality of the sensing data, even when there is a fair return. Therefore, a mechanism is required for the system server to recruit well-behaving users for credible sensing, and to stimulate and reward more contributive users based on sensing truth discovery to further increase credible reporting. Read More

Schoof's classic algorithm allows point-counting for elliptic curves over finite fields in polynomial time. This algorithm was subsequently improved by Atkin, using factorizations of modular polynomials, and by Elkies, using a theory of explicit isogenies. Moving to Jacobians of genus-2 curves, the current state of the art for point counting is a generalization of Schoof's algorithm. Read More

Mobile Crowdsourcing is a promising service paradigm utilizing ubiquitous mobile devices to facilitate largescale crowdsourcing tasks (e.g. urban sensing and collaborative computing). Read More

User-generated social media data are exploding and also of high demand in public and private sectors. The disclosure of complete and intact social media data exacerbates the threats to user privacy. In this paper, we first identify a text-based user-linkage attack on current social media data publishing practices, in which the real users of anonymous IDs in a published dataset can be pinpointed based on the users' unprotected text data. Read More

Risk management is today a major steering tool for any organization wanting to deal with Information System (IS) security. However, IS Security Risk Management (ISSRM) remains difficult to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with Enterprise Architecture Management (EAM) contributes to deal with these issues. Read More

This paper focuses on Byzantine attack detection for Gaussian two-hop one-way relay network, where an amplify-and-forward relay may perform Byzantine attacks by forwarding altered symbols to the destination. For facilitating attack detection, we utilize the openness of wireless medium to make the destination observe some secured signals that are not attacked. Then, a detection scheme is developed for the destination by using its secured observations to statistic check other observations from the relay. Read More

Data is continuously generated by modern data sources, and a recent challenge in machine learning has been to develop techniques that perform well in an incremental (streaming) setting. In this paper, we investigate the problem of private machine learning, where as common in practice, the data is not given at once, but rather arrives incrementally over time. We introduce the problems of private incremental ERM and private incremental regression where the general goal is to always maintain a good empirical risk minimizer for the history observed under differential privacy. Read More

Application security traditionally strongly relies upon security of the underlying operating system. However, operating systems often fall victim to software attacks, compromising security of applications as well. To overcome this dependency, Intel introduced SGX, which allows to protect application code against a subverted or malicious OS by running it in a hardware-protected enclave. Read More

We analyze the secrecy outage probability in the downlink for wireless networks with spatially (Poisson) distributed eavesdroppers (EDs) under the assumption that the base station employs transmit antenna selection (TAS) to enhance secrecy performance. We compare the cases where the receiving user equipment (UE) operates in half-duplex (HD) mode and full-duplex (FD) mode. In the latter case, the UE simultaneously receives the intended downlink message and transmits a jamming signal to strengthen secrecy. Read More

Deep neural networks (DNN) trained in a supervised way suffer from two known problems. First, the minima of the objective function used in learning correspond to data points (also known as rubbish examples or fooling images) that lack semantic similarity with the training data. Second, a clean input can be changed by a small, and often imperceptible for human vision, perturbation, so that the resulting deformed input is misclassified by the network. Read More

In an endeavor to reach the vision of ubiquitous computing where users are able to use pervasive services without spatial and temporal constraints, we are witnessing a fast growing number of mobile and sensor-enhanced devices becoming available. However, in order to take full advantage of the numerous benefits offered by novel mobile devices and services, we must address the related security issues. In this paper, we present results of a systematic literature review (SLR) on security-related topics in ubiquitous computing environments. Read More

Government statistical agencies collect enormously valuable data on the nation's population and business activities. Wide access to these data enables evidence-based policy making, supports new research that improves society, facilitates training for students in data science, and provides resources for the public to better understand and participate in their society. These data also affect the private sector. Read More

Very recently, we are witnessing the emergence of a number of start-ups that enables individuals to sell their private data directly to brokers and businesses. While this new paradigm may shift the balance of power between individuals and companies that harvest data, it raises some practical, fundamental questions for users of these services: how they should decide which data must be vended and which data protected, and what a good deal is. In this work, we investigate a mechanism that aims at helping users address these questions. Read More

Privacy has become a serious concern for modern Information Societies. The sensitive nature of much of the data that are daily exchanged or released to untrusted parties requires that responsible organizations undertake appropriate privacy protection measures. Nowadays, much of these data are texts (e. Read More

Wireless Sensor Network (WSN) is consisting of independent and distributed sensors to monitor physical or environmental conditions, such as temperature, sound, pressure, etc. The most crucial and fundamental challenge facing WSN is security. Due to minimum capacity in-term of memory cost, processing and physical accessibility to sensors devices the security attacks are problematic. Read More

Today, smartphone devices are owned by a large portion of the population and have become a very popular platform for accessing the Internet. Smartphones provide the user with immediate access to information and services. However, they can easily expose the user to many privacy risks. Read More

Wireless Sensor Network (WSN) is consisting of independent and distributed sensors to monitor physical or environmental conditions, such as temperature, sound, pressure, etc. However, the limited resources of sensors and hostile environments in which they could be deployed, make this type of networks vulnerable to several types of attacks similar to those occurring in ad hoc networks. The most crucial and fundamental challenge that WSN is facing is security. Read More

A partial password is a mode of password-based authentication that is widely used, especially in the financial sector. It is based on a challenge-response protocol, where at each login attempt, a challenge requesting characters from randomly selected positions of a pre-shared secret is presented to the user. This model could be seen as a cheap way of preventing for example a malware or a key-logger installed on a user's device to learn the full password in a single step. Read More

Thanks to the advent of the Internet, it is now possible to easily share vast amounts of electronic information and computer resources (which include hardware, computer services, etc.) in open distributed environments. These environments serve as a common platform for heterogeneous users (e. Read More

Micro-blogs are contemporary broadcasting services for exchanging small elements of content, including video and images. Despite its popularity, micro-blogging is not without issues. So far, various security concerns, such as: privacy and confidentiality of micro-blogging systems have attracted the interest of the scientific community. Read More

In this paper, we identify a new form of attack, called the Balance attack, against proof-of-work blockchain systems. The novelty of this attack consists of delaying network communications between multiple subgroups of nodes with balanced mining power. Our theoretical analysis captures the precise tradeoff between the network delay and the mining power of the attacker needed to double spend in Ethereum with high probability. Read More

The current research with EEG devices in the user authentication context has some deficiencies that address expensive equipment, the requirement of laboratory conditions and applicability. In this paper we address this issue by using widely available and inexpensive EEG device to verify its capability for authentication. As a part of this research, we developed two phase authentication that enables users to enhance their password with the mental state by breaking the password into smaller, marry them with mental state, and generate one time pad for a secure session. Read More

The cloud computing model is rapidly transforming the IT landscape. Cloud computing is a new computing paradigm that delivers computing resources as a set of reliable and scalable internet-based services allowing customers to remotely run and manage these services. Infrastructure-as-a-service (IaaS) is one of the popular cloud computing services. Read More

A feasible, secure and collusion-attack-free quantum sealed-bid auction protocol is proposed using a modified scheme for multi-party circular quantum key agreement. In the proposed protocol, the set of all ($n$) bidders is grouped in to $l$ subsets (sub-circles) in such a way that only the initiator (who prepares the quantum state to be distributed for a particular round of communication and acts as the receiver in that round) is a member of all the subsets (sub-circles) prepared for a particular round, while any other bidder is part of only a single subset. All $n$ bidders and auctioneer initiate one round of communication, and each of them prepares $l$ copies of a $\left(r-1\right)$-partite entangled state (one for each sub-circle), where $r=\frac{n}{l}+1$. Read More

Privacy-preserving record linkage (PPRL), the problem of identifying records that correspond to the same real-world entity across several data sources held by different parties without revealing any sensitive information about these records, is increasingly being required in many real-world application areas. Examples range from public health surveillance to crime and fraud detection, and national security. Various techniques have been developed to tackle the problem of PPRL, with the majority of them considering linking data from only two sources. Read More

Growth in research collaboration has caused an increased need for sharing of data. However, when this data is private, there is also an increased need for maintaining security and privacy. Secure multi-party computation enables any function to be securely evaluated over private data without revealing any unintended data. Read More

Both authentication and deauthentication are instrumental for preventing unauthorized access to computer and data assets. While there are obvious motivating factors for using strong authentication mechanisms, convincing users to deauthenticate is not straight-forward, since deauthentication is not considered mandatory. A user who leaves a logged-in workstation unattended (especially for a short time) is typically not inconvenienced in any way; in fact, the other way around: no annoying reauthentication is needed upon return. Read More

In the age of cloud computing, cloud users with a limited amount of storage can outsource their data to remote servers. The cloud servers, in lieu of monetary benefits, offer retrievability of their clients' data at any point of time. Secure cloud storage protocols ensure the integrity of the outsourced data that can be dynamic (or static) in nature depending on whether the client can (or cannot) update the uploaded data as needed. Read More

Conventional wireless security assumes wireless communications are rightful and aims to protect them against malicious eavesdropping and jamming attacks. However, emerging infrastructure-free mobile communication networks are likely to be illegally used (e.g. Read More

Atom is an anonymity system that protects against traffic-analysis attacks and avoids the scalability bottlenecks of traditional mix-net- and DC-net-based anonymity systems. Atom consists of a distributed network of mix servers connected with a carefully structured link topology. Unlike many anonymous communication system with traffic-analysis protection, each Atom server touches only a small a fraction of the total messages routed through the network. Read More

Operations on a pair of entangled qubits are conventionally presented as the application of the tensor product of operations. The tensor product is linearly extended to act synchronously across the entire entangled system. When simulating an entangled system, the conventional approach is possible and practical if both parts of the entangled system exist within the same physical simulator. Read More