Showing papers in "Security and Communication Networks in 2017"
TL;DR: A comprehensive survey of authentication protocols for Internet of Things (IoT) is presented in this article, where more than forty authentication protocols developed for or applied in the context of the IoT are selected and examined in detail.
Abstract: In this paper, a comprehensive survey of authentication protocols for Internet of Things (IoT) is presented. Specifically more than forty authentication protocols developed for or applied in the context of the IoT are selected and examined in detail. These protocols are categorized based on the target environment: (1) Machine to Machine Communications (M2M), (2) Internet of Vehicles (IoV), (3) Internet of Energy (IoE), and (4) Internet of Sensors (IoS). Threat models, countermeasures, and formal security verification techniques used in authentication protocols for the IoT are presented. In addition a taxonomy and comparison of authentication protocols that are developed for the IoT in terms of network model, specific security goals, main processes, computation complexity, and communication overhead are provided. Based on the current survey, open issues are identified and future research directions are proposed.
179 citations
TL;DR: The comparative experimental results demonstrate that the proposed model can achieve considerably high performance which meets the demand of high accuracy and adaptability of network intrusion detection systems (NIDSs) and is quite potential and promising to apply in the large-scale and real-world network environments.
Abstract: Network intrusion detection is one of the most important parts for cyber security to protect computer systems against malicious attacks. With the emergence of numerous sophisticated and new attacks, however, network intrusion detection techniques are facing several significant challenges. The overall objective of this study is to learn useful feature representations automatically and efficiently from large amounts of unlabeled raw network traffic data by using deep learning approaches. We propose a novel network intrusion model by stacking dilated convolutional autoencoders and evaluate our method on two new intrusion detection datasets. Several experiments were carried out to check the effectiveness of our approach. The comparative experimental results demonstrate that the proposed model can achieve considerably high performance which meets the demand of high accuracy and adaptability of network intrusion detection systems (NIDSs). It is quite potential and promising to apply our model in the large-scale and real-world network environments.
130 citations
TL;DR: A comprehensive analysis of phishing attacks, their exploitation, some of the recent visual similarity based approaches for phishing detection, and its comparative study is presented.
Abstract: Phishing is one of the major problems faced by cyber-world and leads to financial losses for both industries and individuals. Detection of phishing attack with high accuracy has always been a challenging issue. At present, visual similarities based techniques are very useful for detecting phishing websites efficiently. Phishing website looks very similar in appearance to its corresponding legitimate website to deceive users into believing that they are browsing the correct website. Visual similarity based phishing detection techniques utilise the feature set like text content, text format, HTML tags, Cascading Style Sheet (CSS), image, and so forth, to make the decision. These approaches compare the suspicious website with the corresponding legitimate website by using various features and if the similarity is greater than the predefined threshold value then it is declared phishing. This paper presents a comprehensive analysis of phishing attacks, their exploitation, some of the recent visual similarity based approaches for phishing detection, and its comparative study. Our survey provides a better understanding of the problem, current solution space, and scope of future research to deal with phishing attacks efficiently using visual similarity based approaches.
128 citations
TL;DR: The first benchmark results of symmetric cryptography for the Intel Edison IoT platform are given and a methodology of how to measure energy consumption on that platform is described.
Abstract: The deployment of security services over Wireless Sensor Networks (WSN) and IoT devices brings significant processing and energy consumption overheads. These overheads are mainly determined by algorithmic efficiency, quality of implementation, and operating system. Benchmarks of symmetric primitives exist in the literature for WSN platforms but they are mostly focused on single platforms or single operating systems. Moreover, they are not up to date with respect to implementations and/or operating systems versions which had significant progress. Herein, we provide time and energy benchmarks of reference implementations for different platforms and operating systems and analyze their impact. Moreover, we not only give the first benchmark results of symmetric cryptography for the Intel Edison IoT platform but also describe a methodology of how to measure energy consumption on that platform.
63 citations
TL;DR: A new verifiable outsourcing scheme with constant ciphertext length that is adaptable for various limited bandwidth and computation-constrained devices, such as mobile phone and it is secure against selectively chosen-plaintext attack in the standard model.
Abstract: Outsourced decryption ABE system largely reduces the computation cost for users who intend to access the encrypted files stored in cloud. However, the correctness of the transformation ciphertext cannot be guaranteed because the user does not have the original ciphertext. Lai et al. provided an ABE scheme with verifiable outsourced decryption which helps the user to check whether the transformation done by the cloud is correct. In order to improve the computation performance and reduce communication overhead, we propose a new verifiable outsourcing scheme with constant ciphertext length. To be specific, our scheme achieves the following goals. Our scheme is verifiable which ensures that the user efficiently checks whether the transformation is done correctly by the CSP. The size of ciphertext and the number of expensive pairing operations are constant, which do not grow with the complexity of the access structure. The access structure in our scheme is AND gates on multivalued attributes and we prove our scheme is verifiable and it is secure against selectively chosen-plaintext attack in the standard model. We give some performance analysis which indicates that our scheme is adaptable for various limited bandwidth and computation-constrained devices, such as mobile phone.
60 citations
TL;DR: It is shown that, only by using the data collected from the embedded sensors in mobile devices instead of GPS data, one can infer a user’s location information with high accuracy.
Abstract: Mobile devices bring benefits as well as the risk of exposing users’ location information, as some embedded sensors can be accessed without users’ permission and awareness. In this paper, we show that, only by using the data collected from the embedded sensors in mobile devices instead of GPS data, we can infer a user’s location information with high accuracy. Three issues are addressed which are route identification, user localization in a specific route, and user localization in a bounded area. The Dynamic Time Warping based technique is designed and we develop a Hidden Markov Model to solve the localization problem. Real experiments are performed to evaluate our proposed methods.
52 citations
TL;DR: A survey on the security issues in WBAN, including securing internal communication inWBAN and securing communication between WBAN and external users is conducted and the security goals to be achieved are identified.
Abstract: Combining tiny sensors and wireless communication technology, wireless body area network (WBAN) is one of the most promising fields Wearable and implantable sensors are utilized for collecting the physiological data to achieve continuously monitoring of people’s physical conditions However, due to the openness of wireless environment and the significance and privacy of people’s physiological data, WBAN is vulnerable to various attacks; thus, strict security mechanisms are required to enable a secure WBAN In this article, we mainly focus on a survey on the security issues in WBAN, including securing internal communication in WBAN and securing communication between WBAN and external users For each part, we discuss and identify the security goals to be achieved Meanwhile, relevant security solutions in existing research on WBAN are presented and their applicability is analyzed
51 citations
TL;DR: A measurement—expectation of packet size—that is based on the distribution difference of the packet size to distinguish two typical low-rate DDoS attacks, the constant attack and the pulsing attack, from legitimate traffic is proposed.
Abstract: Low-rate Distributed Denial-of-Service (low-rate DDoS) attacks are a new challenge to cyberspace, as the attackers send a large amount of attack packets similar to normal traffic, to throttle legitimate flows. In this paper, we propose a measurement—expectation of packet size—that is based on the distribution difference of the packet size to distinguish two typical low-rate DDoS attacks, the constant attack and the pulsing attack, from legitimate traffic. The experimental results, obtained using a series of real datasets with different times and different tolerance factors, are presented to demonstrate the effectiveness of the proposed measurement. In addition, extensive experiments are performed to show that the proposed measurement can detect the low-rate DDoS attacks not only in the short and long terms but also for low packet rates and high packet rates. Furthermore, the false-negative rates and the adjudication distance can be adjusted based on the detection sensitivity requirements.
50 citations
TL;DR: The key-insulated mechanism is introduced into GSC and a concrete scheme without bilinear pairings in the certificateless cryptosystem setting is proposed and it is proved that the scheme is confidential under the computational Diffie-Hellman (CDH) assumption and unforgeable under the elliptic curve discrete logarithm (EC-DL) assumption.
Abstract: Generalized signcryption (GSC) can be applied as an encryption scheme, a signature scheme, or a signcryption scheme with only one algorithm and one key pair. A key-insulated mechanism can resolve the private key exposure problem. To ensure the security of cloud storage, we introduce the key-insulated mechanism into GSC and propose a concrete scheme without bilinear pairings in the certificateless cryptosystem setting. We provide a formal definition and a security model of certificateless key-insulated GSC. Then, we prove that our scheme is confidential under the computational Diffie-Hellman (CDH) assumption and unforgeable under the elliptic curve discrete logarithm (EC-DL) assumption. Our scheme also supports both random-access key update and secure key update. Finally, we evaluate the efficiency of our scheme and demonstrate that it is highly efficient. Thus, our scheme is more suitable for users who communicate with the cloud using mobile devices.
50 citations
TL;DR: A novel Broadcast based Secure Mobile Agent Protocol (BROSMAP) for distributed service applications that provides mutual authentication, authorization, accountability, nonrepudiation, integrity, and confidentiality and proved the efficiency of the proposed protocol through formal verification with Scyther verification tool.
Abstract: Mobile agents are smart programs that migrate from one platform to another to perform the user task. Mobile agents offer flexibility and performance enhancements to systems and service real-time applications. However, security in mobile agent systems is a great concern. In this paper, we propose a novel Broadcast based Secure Mobile Agent Protocol (BROSMAP) for distributed service applications that provides mutual authentication, authorization, accountability, nonrepudiation, integrity, and confidentiality. The proposed system also provides protection from man in the middle, replay, repudiation, and modification attacks. We proved the efficiency of the proposed protocol through formal verification with Scyther verification tool.
44 citations
TL;DR: This paper uses coset diagram for the action of on projective line over the finite field to construct proposed S-box and applies a bijective map on each element of the matrix to evolve proposedS-box.
Abstract: The substitution box is a basic tool to convert the plaintext into an enciphered format. In this paper, we use coset diagram for the action of on projective line over the finite field to construct proposed S-box. The vertices of the cost diagram are elements of which can be represented by powers of , where is the root of irreducible polynomial over . Let denote the elements of which are of the form of even powers of . In the first step, we construct a matrix with the elements of in a specific order, determined by the coset diagram. Next, we consider defined by to destroy the structure of . In the last step, we apply a bijective map on each element of the matrix to evolve proposed S-box. The ability of the proposed S-box is examined by different available algebraic and statistical analyses. The results are then compared with the familiar S-boxes. We get encouraging statistics of the proposed box after comparison.
TL;DR: This article proposes a two-factor (password and smart-card) user authentication protocol with the RSA cryptosystem for multiserver environments and offers security resilience against known attacks and provides lower computation complexities than existing protocols.
Abstract: The concept of two-factor multiserver authentication protocol was developed to avoid multiple number of registrations using multiple smart-cards and passwords. Recently, a variety of two-factor multiserver authentication protocols have been developed. It is observed that the existing RSA-based multiserver authentication protocols are not suitable in terms of computation complexities and security attacks. To provide lower complexities and security resilience against known attacks, this article proposes a two-factor (password and smart-card) user authentication protocol with the RSA cryptosystem for multiserver environments. The comprehensive security discussion proved that the known security attacks are eliminated in our protocol. Besides, our protocol supports session key agreement and mutual authentication between the application server and the user. We analyze the proof of correctness of the mutual authentication and freshness of session key using the BAN logic model. The experimental outcomes obtained through simulation of the Automated Validation of Internet Security Protocols and Applications (AVISPA) S/W show that our protocol is secured. We consider the computation, communication, and storage costs and the comparative explanations show that our protocol is flexible and efficient compared with protocols. In addition, our protocol offers security resilience against known attacks and provides lower computation complexities than existing protocols. Additionally, the protocol offers password change facility to the authorized user.
TL;DR: A new feature selection method is proposed that combines the scores of multiple known methods to minimize discrepancies in feature selection results and is applied to the problem of website phishing classification to show its pros and cons in identifying relevant features.
Abstract: Phishing is one of the serious web threats that involves mimicking authenticated websites to deceive users in order to obtain their financial information. Phishing has caused financial damage to the different online stakeholders. It is massive in the magnitude of hundreds of millions; hence it is essential to minimize this risk. Classifying websites into “phishy” and legitimate types is a primary task in data mining that security experts and decision makers are hoping to improve particularly with respect to the detection rate and reliability of the results. One way to ensure the reliability of the results and to enhance performance is to identify a set of related features early on so the data dimensionality reduces and irrelevant features are discarded. To increase reliability of preprocessing, this article proposes a new feature selection method that combines the scores of multiple known methods to minimize discrepancies in feature selection results. The proposed method has been applied to the problem of website phishing classification to show its pros and cons in identifying relevant features. Results against a security dataset reveal that the proposed preprocessing method was able to derive new features datasets which when mined generate high competitive classifiers with reference to detection rate when compared to results obtained from other features selection methods.
TL;DR: This research work proposes a novel idea of integrating number theoretic approach with Henon map for secure and efficient encryption and results confirm the strength of the proposed design towards statistical and differential crypt analysis.
Abstract: The advancements in telecommunication and networking technologies have led to the increased popularity and widespread usage of telemedicine. Telemedicine involves storage and exchange of large volume of medical records for remote diagnosis and improved health care services. Images in medical records are characterized by huge volume, high redundancy, and strong correlation among adjacent pixels. This research work proposes a novel idea of integrating number theoretic approach with Henon map for secure and efficient encryption. Modular exponentiation of the primitive roots of the chosen prime in the range of its residual set is employed in the generation of two-dimensional array of keys. The key matrix is permuted and chaotically controlled by Henon map to decide the encryption keys for every pixel of DICOM image. The proposed system is highly secure because of the randomness introduced due to the application of modular exponentiation key generation and application of Henon maps for permutation of keys. Experiments have been conducted to analyze key space, key sensitivity, avalanche effect, correlation distribution, entropy, and histograms. The corresponding results confirm the strength of the proposed design towards statistical and differential crypt analysis. The computational requirements for encryption/decryption have been reduced significantly owing to the reduced number of computations in the process of encryption/decryption.
TL;DR: The MB-CI (Merging Barrels and Consistency Inference) strategy to protect weighted social graphs by viewing the edge-weight sequence as an unattributed histogram, differential privacy for edge weights can be implemented based on the histogram.
Abstract: Social networks can be analyzed to discover important social issues; however, it will cause privacy disclosure in the process. The edge weights play an important role in social graphs, which are associated with sensitive information (e.g., the price of commercial trade). In the paper, we propose the MB-CI (Merging Barrels and Consistency Inference) strategy to protect weighted social graphs. By viewing the edge-weight sequence as an unattributed histogram, differential privacy for edge weights can be implemented based on the histogram. Considering that some edges have the same weight in a social network, we merge the barrels with the same count into one group to reduce the noise required. Moreover, -indistinguishability between groups is proposed to fulfill differential privacy not to be violated, because simple merging operation may disclose some information by the magnitude of noise itself. For keeping most of the shortest paths unchanged, we do consistency inference according to original order of the sequence as an important postprocessing step. Experimental results show that the proposed approach effectively improved the accuracy and utility of the released data.
TL;DR: A framework of text-based CAPTCHA breaking technique mainly consists of preprocessing, segmentation, combination, recognition, postprocessing, and other modules and some typical methods of segmentation and recognition are outlined.
Abstract: The CAPTCHA has become an important issue in multimedia security. Aimed at a commonly used text-based CAPTCHA, this paper outlines some typical methods and summarizes the technological progress in text-based CAPTCHA breaking. First, the paper presents a comprehensive review of recent developments in the text-based CAPTCHA breaking field. Second, a framework of text-based CAPTCHA breaking technique is proposed. And the framework mainly consists of preprocessing, segmentation, combination, recognition, postprocessing, and other modules. Third, the research progress of the technique involved in each module is introduced, and some typical methods of segmentation and recognition are compared and analyzed. Lastly, the paper discusses some problems worth further research.
TL;DR: In this article, the main threats against privacy-preserving biometric authentication systems and possible countermeasures are described and discussed in order to design secure and privacypreserving authentication protocols.
Abstract: An emerging direction for authenticating people is the adoption of biometric authentication systems. Biometric credentials are becoming increasingly popular as a means of authenticating people due to the wide range of advantages that they provide with respect to classical authentication methods (e.g., password-based authentication). The most characteristic feature of this authentication method is the naturally strong bond between a user and her biometric credentials. This very same advantageous property, however, raises serious security and privacy concerns in case the biometric trait gets compromised. In this article, we present the most challenging issues that need to be taken into consideration when designing secure and privacy-preserving biometric authentication protocols. More precisely, we describe the main threats against privacy-preserving biometric authentication systems and give directions on possible countermeasures in order to design secure and privacy-preserving biometric authentication protocols.
TL;DR: A cost and energy aware data placement method, named CEDP, for privacy-aware applications over big data in hybrid cloud is proposed and designed to accomplish the cost saving for renting the public cloud services and energy savings for task execution within the private cloud platforms.
Abstract: Nowadays, a large number of groups choose to deploy their applications to cloud platforms, especially for the big data era. Currently, the hybrid cloud is one of the most popular computing paradigms for holding the privacy-aware applications driven by the requirements of privacy protection and cost saving. However, it is still a challenge to realize data placement considering both the energy consumption in private cloud and the cost for renting the public cloud services. In view of this challenge, a cost and energy aware data placement method, named CEDP, for privacy-aware applications over big data in hybrid cloud is proposed. Technically, formalized analysis of cost, access time, and energy consumption is conducted in the hybrid cloud environment. Then a corresponding data placement method is designed to accomplish the cost saving for renting the public cloud services and energy savings for task execution within the private cloud platforms. Experimental evaluations validate the efficiency and effectiveness of our proposed method.
TL;DR: A novel lightweight data integrity protection scheme based on fragile watermark is proposed to solve the contradiction between the security and restricted resource of perception layer and can effectively ensure the integrity of the data at low cost.
Abstract: Since its introduction, IoT (Internet of Things) has enjoyed vigorous support from governments and research institutions around the world, and remarkable achievements have been obtained. The perception layer of IoT plays an important role as a link between the IoT and the real world; the security has become a bottleneck restricting the further development of IoT. The perception layer is a self-organizing network system consisting of various resource-constrained sensor nodes through wireless communication. Accordingly, the costly encryption mechanism cannot be applied to the perception layer. In this paper, a novel lightweight data integrity protection scheme based on fragile watermark is proposed to solve the contradiction between the security and restricted resource of perception layer. To improve the security, we design a position random watermark (PRW) strategy to calculate the embedding position by temporal dynamics of sensing data. The digital watermark is generated by one-way hash function SHA-1 before embedding to the dynamic computed position. In this way, the security vulnerabilities introduced by fixed embedding position can not only be solved effectively, but also achieve zero disturbance to the data. The security analysis and simulation results show that the proposed scheme can effectively ensure the integrity of the data at low cost.
TL;DR: This paper proposes a secure and fine-grained health data and social data sharing and collaboration scheme in MHSN with attribute-based encryption and identity-based broadcast encryption techniques, respectively, which allows patients to share their private personal data securely.
Abstract: Mobile healthcare social networks (MHSN) integrated with connected medical sensors and cloud-based health data storage provide preventive and curative health services in smart cities. The fusion of social data together with real-time health data facilitates a novel paradigm of healthcare big data analysis. However, the collaboration of healthcare and social network service providers may pose a series of security and privacy issues. In this paper, we propose a secure health and social data sharing and collaboration scheme in MHSN. To preserve the data privacy, we realize secure and fine-grained health data and social data sharing with attribute-based encryption and identity-based broadcast encryption techniques, respectively, which allows patients to share their private personal data securely. In order to achieve enhanced data collaboration, we allow the healthcare analyzers to access both the reencrypted health data and the social data with authorization from the data owner based on proxy reencryption. Specifically, most of the health data encryption and decryption computations are outsourced from resource-constrained mobile devices to a health cloud, and the decryption of the healthcare analyzer incurs a low cost. The security and performance analysis results show the security and efficiency of our scheme.
TL;DR: The traditional pixel value differencing (PVD) steganographical schemes are easily detected by pixel difference histogram (PDH) analysis but this problem could be addressed by adding two tricks: utilizing horizontal, vertical, and diagonal edges and using adaptive quantization ranges.
Abstract: The traditional pixel value differencing (PVD) steganographical schemes are easily detected by pixel difference histogram (PDH) analysis. This problem could be addressed by adding two tricks: (i) utilizing horizontal, vertical, and diagonal edges and (ii) using adaptive quantization ranges. This paper presents an adaptive PVD technique using 6-pixel blocks. There are two variants. The proposed adaptive PVD for -pixel blocks is known as variant 1, and the proposed adaptive PVD for -pixel blocks is known as variant 2. For every block in variant 1, the four corner pixels are used to hide data bits using the middle column pixels for detecting the horizontal and diagonal edges. Similarly, for every block in variant 2, the four corner pixels are used to hide data bits using the middle row pixels for detecting the vertical and diagonal edges. The quantization ranges are adaptive and are calculated using the correlation of the two middle column/row pixels with the four corner pixels. The technique performs better as compared to the existing adaptive PVD techniques by possessing higher hiding capacity and lesser distortion. Furthermore, it has been proven that the PDH steganalysis and RS steganalysis cannot detect this proposed technique.
TL;DR: This paper analyzes the underlying relations among these particular data objects, introduces the concept of the sensitive data set constraint, and proposes a CP-ABE access control scheme with hidden attributes for the sensitiveData set constraint that incorporates extensible, partially hidden constraint policy.
Abstract: CP-ABE (Ciphertext-Policy Attribute-Based Encryption) with hidden access control policy enables data owners to share their encrypted data using cloud storage with authorized users while keeping the access control policies blinded. However, a mechanism to prevent users from achieving successive access to a data owner’s certain number of data objects, which present a conflict of interest or whose combination thereof is sensitive, has yet to be studied. In this paper, we analyze the underlying relations among these particular data objects, introduce the concept of the sensitive data set constraint, and propose a CP-ABE access control scheme with hidden attributes for the sensitive data set constraint. This scheme incorporates extensible, partially hidden constraint policy. In our scheme, due to the separation of duty principle, the duties of enforcing the access control policy and the constraint policy are divided into two independent entities to enhance security. The hidden constraint policy provides flexibility in that the data owner can partially change the sensitive data set constraint structure after the system has been set up.
TL;DR: This paper quantitatively convert attack threat into security situation and proposes two algorithms, namely, attack prediction algorithm using dynamic Bayesian attack graph and security situation quantification algorithm based on attack prediction.
Abstract: Multistep attack prediction and security situation awareness are two big challenges for network administrators because future is generally unknown. In recent years, many investigations have been made. However, they are not sufficient. To improve the comprehensiveness of prediction, in this paper, we quantitatively convert attack threat into security situation. Actually, two algorithms are proposed, namely, attack prediction algorithm using dynamic Bayesian attack graph and security situation quantification algorithm based on attack prediction. The first algorithm aims to provide more abundant information of future attack behaviors by simulating incremental network penetration. Through timely evaluating the attack capacity of intruder and defense strategies of defender, the likely attack goal, path, and probability and time-cost are predicted dynamically along with the ongoing security events. Furthermore, in combination with the common vulnerability scoring system (CVSS) metric and network assets information, the second algorithm quantifies the concealed attack threat into the surfaced security risk from two levels: host and network. Examples show that our method is feasible and flexible for the attack-defense adversarial network environment, which benefits the administrator to infer the security situation in advance and prerepair the critical compromised hosts to maintain normal network communication.
TL;DR: The major focus in this manuscript is to establish the cryptographic schemes on the extra special group (ESG), one of the most appropriate noncommutative platforms for the solution of an open problem.
Abstract: Noncommutative cryptography (NCC) is truly a fascinating area with great hope of advancing performance and security for high end applications. It provides a high level of safety measures. The basis of this group is established on the hidden subgroup or subfield problem (HSP). The major focus in this manuscript is to establish the cryptographic schemes on the extra special group (ESG). ESG is showing one of the most appropriate noncommutative platforms for the solution of an open problem. The working principle is based on the random polynomials chosen by the communicating parties to secure key exchange, encryption-decryption, and authentication schemes. This group supports Heisenberg, dihedral order, and quaternion group. Further, this is enhanced from the general group elements to equivalent ring elements, known by the monomials generations for the cryptographic schemes. In this regard, special or peculiar matrices show the potential advantages. The projected approach is exclusively based on the typical sparse matrices, and an analysis report is presented fulfilling the central cryptographic requirements. The order of this group is more challenging to assail like length based, automorphism, and brute-force attacks.
TL;DR: Two novel noncooperative MAC layer fingerprinting and tracking techniques for Wi-Fi (802.11) enabled mobile devices are presented and it is shown how existing mitigation strategies such as MAC address randomization can be circumvented.
Abstract: We present two novel noncooperative MAC layer fingerprinting and tracking techniques for Wi-Fi (802.11) enabled mobile devices. Our first technique demonstrates how a per-bit entropy analysis of a single captured frame allows an adversary to construct a fingerprint of the transmitter that is 80.0 to 67.6 percent unique for 50 to 100 observed devices and 33.0 to 15.1 percent unique for 1,000 to 10,000 observed devices. We show how existing mitigation strategies such as MAC address randomization can be circumvented using only this fingerprint and temporal information. Our second technique leverages peer-to-peer 802.11u Generic Advertisement Service (GAS) requests and 802.11e Block Acknowledgement (BA) requests to instigate transmissions on demand from devices that support these protocols. We validate these techniques using two datasets, one of which was recorded at a music festival containing 28,048 unique devices and the other at our research lab containing 138 unique devices. Finally, we discuss a number of countermeasures that can be put in place by mobile device vendors in order to prevent noncooperative tracking through the discussed techniques.
TL;DR: A novel approach that leverages parallel machine learning and information fusion techniques for better Android malware detection, which is named Mlifdect and is capable of achieving higher detection accuracy as well as a remarkable run-time efficiency compared to the existing malware detection solutions.
Abstract: In recent years, Android malware has continued to grow at an alarming rate. More recent malicious apps’ employing highly sophisticated detection avoidance techniques makes the traditional machine learning based malware detection methods far less effective. More specifically, they cannot cope with various types of Android malware and have limitation in detection by utilizing a single classification algorithm. To address this limitation, we propose a novel approach in this paper that leverages parallel machine learning and information fusion techniques for better Android malware detection, which is named Mlifdect. To implement this approach, we first extract eight types of features from static analysis on Android apps and build two kinds of feature sets after feature selection. Then, a parallel machine learning detection model is developed for speeding up the process of classification. Finally, we investigate the probability analysis based and Dempster-Shafer theory based information fusion approaches which can effectively obtain the detection results. To validate our method, other state-of-the-art detection works are selected for comparison with real-world Android apps. The experimental results demonstrate that Mlifdect is capable of achieving higher detection accuracy as well as a remarkable run-time efficiency compared to the existing malware detection solutions.
TL;DR: A consensus framework is proposed for mitigation of zero-day attacks in IoT networks that uses context behavior of IoT devices as a detection mechanism followed by alert message protocol and critical data sharing protocol for reliable communication during attack mitigation.
Abstract: “Internet of Things” (IoT) bridges the communication barrier between the computing entities by forming a network between them. With a common solution for control and management of IoT devices, these networks are prone to all types of computing threats. Such networks may experience threats which are launched by exploitation of vulnerabilities that are left unhandled during the testing phases. These are often termed as “zero-day” vulnerabilities, and their conversion into a network attack is named as “zero-day” attack. These attacks can affect the IoT devices by exploiting the defense perimeter of the network. The existing solutions are capable of detecting such attacks but do not facilitate communication, which affects the performance of the network. In this paper, a consensus framework is proposed for mitigation of zero-day attacks in IoT networks. The proposed approach uses context behavior of IoT devices as a detection mechanism followed by alert message protocol and critical data sharing protocol for reliable communication during attack mitigation. The numerical analysis suggests that the proposed approach can serve the purpose of detection and elimination of zero-day attacks in IoT network without compromising its performance.
TL;DR: A fingerprint hopping method (FPH) is proposed based on software-defined networks to defend against fingerprinting attacks, which introduces the idea of moving target defense to show a hopping fingerprint toward the fingerprinting attackers.
Abstract: Fingerprinting attacks are one of the most severe threats to the security of networks. Fingerprinting attack aims to obtain the operating system information of target hosts to make preparations for future attacks. In this paper, a fingerprint hopping method (FPH) is proposed based on software-defined networks to defend against fingerprinting attacks. FPH introduces the idea of moving target defense to show a hopping fingerprint toward the fingerprinting attackers. The interaction of the fingerprinting attack and its defense is modeled as a signal game, and the equilibriums of the game are analyzed to develop an optimal defense strategy. Experiments show that FPH can resist fingerprinting attacks effectively.
TL;DR: A novel Stealth algorithm is designed and implemented, which makes the automatic detector blind to the existence of objects in an image, by crafting a kind of adversarial examples, which finds that the processed images have transferability property; that is, the adversarial images generated for one particular DNN will influence the others as well.
Abstract: Online image sharing in social platforms can lead to undesired privacy disclosure. For example, some enterprises may detect these large volumes of uploaded images to do users’ in-depth preference analysis for commercial purposes. And their technology might be today’s most powerful learning model, deep neural network (DNN). To just elude these automatic DNN detectors without affecting visual quality of human eyes, we design and implement a novel Stealth algorithm, which makes the automatic detector blind to the existence of objects in an image, by crafting a kind of adversarial examples. It is just like all objects disappear after wearing an “invisible cloak” from the view of the detector. Then we evaluate the effectiveness of Stealth algorithm through our newly defined measurement, named privacy insurance. The results indicate that our scheme has considerable success rate to guarantee privacy compared with other methods, such as mosaic, blur, and noise. Better still, Stealth algorithm has the smallest impact on image visual quality. Meanwhile, we set a user adjustable parameter called cloak thickness for regulating the perturbation intensity. Furthermore, we find that the processed images have transferability property; that is, the adversarial images generated for one particular DNN will influence the others as well.
TL;DR: A novel image encryption technique based on multiple right translated AES Gray S-boxes (RTSs) and phase embedding technique and performance comparison with state-of-the-art security systems show that the newly developed cryptosystem is more secure.
Abstract: This paper presents a novel image encryption technique based on multiple right translated AES Gray S-boxes (RTSs) and phase embedding technique. First of all, a secret image is diffused with a fuzzily selected RTS. The fuzzy selection of RTS is variable and depends upon pixels of the secret image. Then two random masks are used to enhance confusion in the spatial and frequency domains of the diffused secret image. These random masks are generated by applying two different RTSs on a host image. The decryption process of the proposed cryptosystem needs the host image for generation of masks. It is therefore, necessary, to secure the host image from unauthorized users. This task is achieved by diffusing the host image with another RTS and embedding the diffused secret image into the phase terms of the diffused host image. The cryptographic strength of the proposed security system is measured by implementing it on several images and applying rigorous analyses. Performance comparison of the proposed security technique with some of the state-of-the-art security systems, including S-box cryptosystem and steganocryptosystems, is also performed. Results and comparison show that the newly developed cryptosystem is more secure.