Kazuhide Fukushima

Bio: Kazuhide Fukushima is an academic researcher from Kyushu University. The author has contributed to research in topics: Computer science & Encryption. The author has an hindex of 11, co-authored 74 publications receiving 611 citations.

A New (k,n)-Threshold Secret Sharing Scheme and Its Extension

Abstract: In Shamir's (k,n)-threshold secret sharing scheme (threshold scheme), a heavy computational cost is required to make nshares and recover the secret. As a solution to this problem, several fast threshold schemes have been proposed. This paper proposes a new (k,n)-threshold scheme. For the purpose to realize high performance, the proposed scheme uses just EXCLUSIVE-OR(XOR) operations to make shares and recover the secret. We prove that the proposed scheme is a perfectsecret sharing scheme, every combination of kor more participants can recover the secret, but every group of less than kparticipants cannot obtain any information about the secret. Moreover, we show that the proposed scheme is an idealsecret sharing scheme similar to Shamir's scheme, which is a perfectscheme such that every bit-size of shares equals that of the secret. We also evaluate the efficiency of the scheme, and show that our scheme realizes operations that are much faster than Shamir's. Furthermore, from the aspect of both computational cost and storage usage, we also introduce how to extend the proposed scheme to a new (k,L,n)-threshold rampscheme similar to the existing rampscheme based on Shamir's scheme.

A Formal Model to Analyze the Permission Authorization and Enforcement in the Android Framework

Abstract: This paper proposes a formal model of the Android permission scheme. We describe the scheme specifying entities and relationships, and provide a state-based model which includes the behavior specification of permission authorization and the interactions between application components. We also show how we can logically confirm the security of the specified system. Utilizing a theorem prover, we can verify security with given security requirements based on mechanically checked proofs. The proposed model can be used as a reference model when the scheme is implemented in a different embedded platform, or when we extend the current scheme with additional constraints or elements. We demonstrate the use of the verifiable specification through finding a security vulnerability in the Android system. To our knowledge, this is the first formalization of the permission scheme enforced by the Android framework.

Run-Time Enforcement of Information-Flow Properties on Android

Abstract: Recent years have seen a dramatic increase in the number and importance of mobile devices The security properties that these devices provide to their applications, however, are inadequate to protect against many undesired behaviors A broad class of such behaviors is violations of simple information-flow properties This paper proposes an enforcement system that permits Android applications to be concisely annotated with information-flow policies, which the system enforces at run time Information-flow constraints are enforced both between applications and between components within applications, aiding developers in implementing least privilege We model our enforcement system in detail using a process calculus, and use the model to prove noninterference Our system and model have a number of useful and novel features, including support for Android’s single- and multiple-instance components, floating labels, declassification and endorsement capabilities, and support for legacy applications We have developed a prototype of our system on Android 404 and tested it on a Nexus S phone, verifying that it can enforce practically useful policies that can be implemented with minimal modification to off-the-shelf applications

Towards Formal Analysis of the Permission-Based Security Model for Android

Abstract: Since the source code of Android was released to the public, people have concerned about the security of the Android system. Whereas the insecurity of a system can be easily exaggerated even with few minor vulnerabilities, the security is not easily demonstrated. Formal methods have been favorably applied for the purpose of ensuring security in different contexts to attest whether the system meets the security goals or not by relying on mathematical proofs. In order to commence the security analysis of Android, we specify the permission mechanism for the system. We represent the system in terms of a state machine, elucidate the security needs, and show that the specified system is secure over the specified states and transitions. We expect that this work will provide the basis for assuring the security of the Android system. The specification and verification were carried out using the Coq proof assistant.

A Small But Non-negligible Flaw in the Android Permission Scheme

Abstract: This paper presents a flaw in the permission scheme of Android. The Android framework enforces a permission-based security policy where an application can access the other parts of the system only when the application is explicitly permitted. The security of the framework depends to a large extent on the owner of a device since the authorization decisions are mainly made by the user. As a result, the permission scheme imposes much of the administrative burden on the user instead of keeping it simple. Moreover, the framework does not impose enough controls nor support dynamic adjustment in the following respects: No naming rule or constraint is applied for a new permission declaration; once an application acquires a permission, the permission is never revoked during the lifetime of the application, two different permissions can be in use having the same name. These features of the framework can result in a security flaw. We explain how we found the flaw, demonstrate an exploit example, and discuss the solution.

Crowdroid: behavior-based malware detection system for Android

Abstract: The sharp increase in the number of smartphones on the market, with the Android platform posed to becoming a market leader makes the need for malware analysis on this platform an urgent issue.In this paper we capitalize on earlier approaches for dynamic analysis of application behavior as a means for detecting malware in the Android platform. The detector is embedded in a overall framework for collection of traces from an unlimited number of real users based on crowdsourcing. Our framework has been demonstrated by analyzing the data collected in the central server using two types of data sets: those from artificial malware created for test purposes, and those from real malware found in the wild. The method is shown to be an effective means of isolating the malware and alerting the users of a downloaded malware. This shows the potential for avoiding the spreading of a detected malware to a larger community.

Privilege escalation attacks on android

Abstract: Android is a modern and popular software platform for smartphones. Among its predominant features is an advanced security model which is based on application-oriented mandatory access control and sandboxing. This allows developers and users to restrict the execution of an application to the privileges it has (mandatorily) assigned at installation time. The exploitation of vulnerabilities in program code is hence believed to be confined within the privilege boundaries of an application's sandbox. However, in this paper we show that a privilege escalation attack is possible. We show that a genuine application exploited at runtime or a malicious application can escalate granted permissions. Our results immediately imply that Android's security model cannot deal with a transitive permission usage attack and Android's sandbox model fails as a last resort against malware and sophisticated runtime attacks.

FlowFence: practical data protection for emerging IoT application frameworks

Abstract: Emerging IoT programming frameworks enable building apps that compute on sensitive data produced by smart homes and wearables. However, these frameworks only support permission-based access control on sensitive data, which is ineffective at controlling how apps use data once they gain access. To address this limitation, we present FlowFence, a system that requires consumers of sensitive data to declare their intended data flow patterns, which it enforces with low overhead, while blocking all other undeclared flows. FlowFence achieves this by explicitly embedding data flows and the related control flows within app structure. Developers use Flow-Fence support to split their apps into two components: (1) A set of Quarantined Modules that operate on sensitive data in sandboxes, and (2) Code that does not operate on sensitive data but orchestrates execution by chaining Quarantined Modules together via taint-tracked opaque handles-references to data that can only be dereferenced inside sandboxes. We studied three existing IoT frameworks to derive key functionality goals for Flow-Fence, and we then ported three existing IoT apps. Securing these apps using FlowFence resulted in an average increase in size from 232 lines to 332 lines of source code. Performance results on ported apps indicate that FlowFence is practical: A face-recognition based door-controller app incurred a 4.9% latency overhead to recognize a face and unlock a door.