Information Security Applications

Fast implementations of block cipher is fundamental building block to achieve the high-speed and secure communication between IT platforms. Even though the communication is securely encrypted, the system can be exploited by malicious users if the attackers inject fault signal to the system and extract the user’s secret information. For this reason, we need to ensure the high performance encryption together with secure countermeasures against side channel attacks. In this paper, we present a novel countermeasure against fault attack on Single Instruction Multiple Data (SIMD) architecture (e.g., ARM–NEON, INTEL–SSE, INTEL–AVX2). The methods achieved the fault attack resistance with intra-instruction redundancy feature in SIMD instruction set. Finally, we applied the new fault attack countermeasures on the block cipher LEA and achieved the intra-instruction redundancy and high performance over modern ARM-NEON architectures.

Previous digital image forensics focused on the low-level features that include traces of the image modifying history. In this paper, we present a framework to detect the manipulation of images through a contextual violation. First, we proposed a context learning convolutional neural networks (CL-CNN) that detects the contextual violation in the image. In combination with a well-known object detector such as R-CNN, the proposed method can evaluate the contextual scores according to the combination of objects in the image. Through experiments, we showed that our method effectively detects the contextual violation in the target image.

Collusion attack is one of the techniques used for unauthorized removal of embedded marks. In this paper, we propose a robust 3D mesh fingerprinting scheme for an anti-collusion code. In contrast to the existing robust mesh watermarking which provides unsuitable primitives for anti-collusion code, the proposed method has well-operated capacity to carry the anti-collusion fingerprint code. In order to minimize the detection error, we also modeled the response of the detector and herein present optimized thresholds for our method. Based on the experiments, the proposed method outperformed conventional robust mesh watermarking against collusion attack in all cases.

The shortest vector problem (SVP) and the shortest independent vectors problem (SIVP) are two famous problems in lattices, which are usually used to evaluate the hardness of some computational problems related to lattices. It is well known that the search-SVP is equivalent to its optimization version. However, it seems very difficult to prove the equivalence between search-SIVP and optimization-SIVP. In this paper, we revisit the Successive Minima Problem (SMP), which is proved the equivalence relation with SIVP. Naturally we will consider its optimization version as to find all successive minima of a given lattice, and finally we will prove that it is equivalent to its search version.

In this paper, we propose an improved algorithm to solve the univariate modular equations with mutually co-prime moduli problem. This problem was first proposed in Håstad’s original RSA broadcast attack. At PKC 2008, May and Ritzenhofen improved Håstad’s result by using a slightly different transformation from polynomial systems to a single polynomial. In this work, we propose a new construction method to combine all the k equations into a single equation \(f(x)\equiv 0 \mod \prod _{i=1}^{k}N_i\). Our improved algorithm possesses two advantages compared with the two previous ones. Compared with Håstad’s approach, our algorithm only needs fewer number of equations which suffice for a recovery of all common roots. Compared with May and Ritzenhofen’s, our method obtains the single equation f(x) with a smaller degree. The benefit is that this new algorithm will find the small solution \(x_0\) more efficiently when we invoke Coppersmith’s algorithm.

Off-the-record (OTR) is a security protocol that can be used in privacy preserving instant messaging (IM) systems. However, the conventional OTR is not applicable in some practical scenarios (e.g., when communication network became disconnected) because OTR requires both parties to be online at the same time. To address this limitation, we extend the conventional OTR into a new protocol named offline OTR (O\(^2\)TR). O\(^2\)TR makes the conversation parties be able to handle an offline message even when a session connection is lost. To show the feasibility of the proposed protocol, we implemented a prototype to support O\(^2\)TR based on the Gajim XMMP instant messaging platform. Our experiments showed that O\(^2\)TR can reliably be used when a network party is broken down. Moreover, O\(^2\)TR provides an efficient session refreshment which is about \(34\%\) faster than the original OTR.

Many modern mobile processors support new SIMD extensions (e.g. NEON engine) and previous applications (e.g. image processing, cryptography) written in SISD are accelerated by re-writing the previous implementations in SIMD instruction sets. Particularly, integer multiplication and squaring operations are the most expensive in Public Key Cryptography (PKC). Many works have been conducted to reduce the execution timing in NEON instruction set. However, ARM–NEON processor also supports powerful ARM instruction set as well. By exploiting the ARM instruction together with NEON engine, we can achieve further improved performance. After this observation, we introduce new parallel approach for integer multiplication and squaring operations on ARM–NEON processors. Unlike previous implementations, we mix-use both ARM and NEON instructions to hide computation latency for ARM into NEON. Since ARM and NEON modules are separated units, the assignments are successfully issued independently. The integer multiplication and squaring are finely divided into several sub-tasks and the sub-tasks are properly assigned to ARM and NEON in order to balance the workloads. Finally, the proposed implementations outperform the best-known results on the identical ARM–NEON processors by 22.4% and 18.3% for 2048-bit integer multiplication and squaring, respectively.

Location-related data is one of the most sensitive data for user privacy. Theft of location-related information on mobile device poses serious threats to users. Even though the extant confirmation of permissions feature on modern smart devices can prevent direct leakage of information from location-related sensors, recent research has shown that leakage of location-related information is possible through indirect, side-channel attacks. In this paper, we show that the travel path of a vehicle can be inferred without acknowledging the user using a zero-permission smart watch application. The sensor we used in our experiment is the accelerometer sensor on Apple Watch. We find that a targeted user can be traced with 83% accuracy. We suggest that our approach may be used to successfully attack other smart phone devices because it was successful on Apple Watch, which is considered as the most constrained device in the market. This result shows that the zero-permission application on a smart watch, if manipulated adequately, can transform into a high-threat malware.

Defence techniques against spamming attack have been introduced and developed in many different areas, such as e-mail, web, and even social network service, over the past decades. Whereas, we have still been suffering from the attack though the service vendors as well as academia have been making best effort on winning such arms race. Such being the case, Facebook have also been inevitable to confront spamming campaign in order not to be overwhelmed by massive junk messages. Certain spamming patterns have recently been remarkably common on Facebook which collaborates with other social network messenger. We study such the advanced spamming campaign so as to demystify how it has been worked and settled down on Facebook ecosystem. We build a crawler and analyser which collect 0.6 million of comments; afterwards, extracts the targeted spams. Our data shows that the spams are systematic, well-structured, obfuscated and even localized.

One of the major issues in security is how to protect the privacy of multimedia big data on cloud systems. Homomorphic Encryption (HE) is increasingly regarded as a way to maintain user privacy on the untrusted cloud. However, HE is not widely used in machine learning and signal processing communities because the HE libraries are currently supporting only simple operations like integer addition and multiplication. It is known that division and other advanced operations cannot feasibly be designed and implemented in HE libraries. Therefore, we propose a novel approach to building a practical matrix inversion operation using approximation theory on HE. The approximated inversion operation is applied to reduce unwanted noise on encrypted images. Our research also suggests the efficient computation techniques for encrypted matrices. We conduct the experiment with real binary images using open source library of HE.

In cloud environments, the typical response to a malware attack is to snapshot and shutdown the virtual machine (VM), and revert it to a prior state. This approach often leads to service disruption and loss of availability, which can have much more damaging consequences than the original attack. Critical evidence needed to understand and permanently remedy the original vulnerability may also be lost. In this work, we propose an alternative solution, which seeks to automatically identify and disable rootkit malware by restoring normal system control flows. Our approach employs virtual machine introspection (VMI), which allows a privileged VM to view and manipulate the physical memory of other VMs with the aid of the hypervisor. This opens up the opportunity to identify common attacks on the integrity of kernel data structures and code, and to restore them to their original state.

To produce an automated solution, we monitor a pool of VMs running the same kernel version to identify kernel invariants, and deviations from them, and use the observed invariants to restore the normal state of the kernel. In the process, we automatically handle address space layout randomization, and are able to protect critical kernel data structures and all kernel code. We evaluate a proof-of-concept prototype of the proposed system, called Nixer, against real-world malware samples in different scenarios. The results show that changes caused by the rootkits are properly identified and patched at runtime, and that the malware functionality has been disabled. We were able to repair kernel memory in all scenarios considered with no impairment of the functionality and minimal performance impact on the infected VMs.

As the IoT era comes to the full-fledged, hardware Trojans that involve malicious modifications of circuitry are becoming a growing security concern. To avoid a detection mechanism, hardware Trojans may need a stealthy nature in their existence for being dormant, and even when triggered. In this paper, we devise a new hardware Trojan concept that exploits natural glitches and their control mechanisms for information leakage in a stealthy manner. We indeed reversely exploit the glitch control mechanisms to be bypassed when triggered, and try to recall the natural glitches for the purpose. An adversary who triggered the hardware Trojan may infer multiple input values from a single output of the target logic, thereby obtaining multiple outputs of the preceding logics, by monitoring the existence of the natural glitches. We perform experiments and discuss the results and threats, not to be neglected, along with a possible mitigation.

Security companies have been struggling with malware analysis for many years as they become more and more intelligent. In order to yield better analysis result, the analysis environment must be well-equipped to cover wide range of applications. For instance, applications are analyzed dynamically in a period of time in various environments, including a virtual environment and a real device. Yet many intelligent Android malware still find a way to stop running when they inspect the environment. In order to solve this problem, Android container technology has been studied, but there is still a lack of research on monitoring server that can analyze operation information in malicious application. This paper proposes a server-agent model to monitor application behaviors in Android container. We design and implement agents that collect behavioral information from malicious applications running in the Android containers, and monitoring server that organizes these information for further analyses.

A new approach for authentication, side-channel authentication, has been proposed. In side-channel authentication, the authenticity of the device is confirmed with high accuracy by using electromagnetic radiation from the device and response in the conventional challenge–response authentication. The side-channel model or profiled template is used as one of the inputs of the distinguisher when authenticated. The performance of side-channel authentication is greatly affected by the precision of the model or template. In this paper, we evaluate the authentication performance when using profile- and non-profile-based HD models and a profile-based XOR model. We report the results of the experiment in detail using FPGA.

Tracking the history of products and its parts has become a common way to detect many incidents of counterfeit. However, once a product leaves the manufacturing process, reliably capturing changes that a product undergoes becomes even more challenging. Anti-counterfeit solutions using blockchain technology promise several benefits. For example, updating the blockchain is only possible if a transaction is signed with the correct private key. To assure the confidentiality of such a key, it can be stored on an NFC tag in a way that only the tag can read it. By incorporating such a tag into a product, anyone possessing the product can connect with it and transactions for the blockchain can be signed by the tag. To regulate which kind of updates a user can perform, we suggest that users must be verified and to update a product’s history on the blockchain valid user credentials must be provided. This way various actors such as service providers or authorities can be enabled to report changes of a product to the blockchain and the capabilities of other user groups can be restricted at the same time. As a result, holistic tracking of products throughout their lifespan can be achieved.

Among DoS attack techniques, abusing UDP-based public servers like DNS or NTP for reflective amplification attack is continued to pose a great threat. Recent studies show that attacker can also use TCP retransmission before the three-way-handshake completion to perform this kind of attack. In this paper, we focus on the virtual environment, in which we evaluate the potential of abusing the virtual switch system to perform amplification attack. We created a virtual network that able to connect to an external network and observed the virtual switch system’s behavior while receiving TCP packets from outside the network. We show that the virtual switch system itself can retransmit TCP packets and therefore can be abused for amplification attack by an internal attacker. In other words, he/she can make amplification using TCP hosts from outside the network and the virtual switch system’s retransmission ability. Furthermore, we test the endurance of different OS and show that Windows OS family and macOS are more vulnerable than Linux Ubuntu OS against this kind of attack.

As the Russian government is revealed that it had intervened in the US presidential election by hacking, the social confusion caused by cyber attacks increased. This incident has led to the impeachment of the president by the dismissal of FBI director James Comey. In the French presidential election held in 2017, the social confusion created because of fake news during the period of election silence. The past cyber attacks were used as deception tactics, like the Georgian war. Nowadays, these attacks are concentrated in the period of social issues. In other words, these recent changes in cyber attacks have begun to have an adverse effect on systems in the real world, such as hybrid battlefields. This attack is called cyber influence attacks. This paper identifies the weaknesses of the basic democratic election system and classifies it against cyber influence attacks. In addition, we analyze the cyber influence attacks in Russia during the US presidential election in 2016 as a case study.

This paper focuses on security problems of password-based authentication systems and password exposure by login users following image-based authentication protocols requiring a mouse HID. One of these systems consists of on-screen virtual keyboard authentication protocol, which is commonly utilized by Internet banking services and electronic payment services. Nevertheless, this protocol presents the vulnerability of mouse coordinate data exposure through the GetCursorPos() API. Authentication information involving image-based authentication systems is thus still vulnerable to attacker’s attacks and theft. Accordingly, we propose a security protection technique that utilizes the SetCursorPos() function to introduce random irrelevant mouse coordinate data.

In the era of cloud computing, searchable encryption is an essential technology to provide security measure to protect the outsource data security and meanwhile support the desired computation on the ciphertexts. In this paper, we focus on the following cases: if the plaintext messages are considered as integers, given the ciphertexts of \(M_{1}\) and \(M_{2}\), how to enable the server to test (1) whether \(aM_{1}+bM_{2}+c=0\), (2) whether \(M_{1}^{a}M_{2}^{b}c=1\), where a, b and c are integers. Under the extension, this equation queries could be used as a building block for range join queries on encrypted data. In order to overcome offline message guessing attack as an inherent vulnerability of searchable encryption, we consider the setting of two non-colluded servers and propose a general public-key cryptosystem based on smooth projective hash function (SPHF) with linear and homomorphic properties. Thanks to the efficient SPHF instantiations without any pairing, our scheme would have many interesting applications.

Fast modular multiplication on the state-of-the-art digital signal processor (DSP) is studied in this work. More specifically, Montgomery multiplication over a prime field for an arbitrary 256-bit p is implemented on TMS320C6678 DSP by Texas Instruments. Two implementations optimized for latency and throughput are designed. The implementations are based on the k-bit divided Montgomery modular multiplication algorithm by Kornerup. The algorithm is extended to run two independent Montgomery multiplication in parallel thereby running efficiently on the target DSP by exploiting its symmetric functional units. The proposed implementations are advantageous than the previous implementation proposed by Itoh et al. in terms of latency and throughput. The latency of 0.496 [\(\upmu \)s] of the proposed implementation is only 17% of 2.86 [\(\upmu \)s] for the implementation proposed by Itoh et al. Moreover, the throughput \(4.03 \times 10^6\) [Montgomery multiplication(MM)/s] in the present case is more than \(\times \)10 the value of \(0.37 \times 10^6\) [MM/s] from the previous work.

In the underwater environment, it is difficult to use the RF signal used on the ground due to the characteristics of the medium different from the terrestrial. Therefore, when communicating with each node, acoustic communication is performed instead. Since the acoustic communication environment is poor in various aspects such as transmission speed and bandwidth compared to RF communication, it is difficult to apply the existing security method used in RF communication as it is. In this paper, we propose a key management method between entities considering underwater environment.

In this paper, we revisited the parallel implementation of SIMON and SPECK block ciphers. The performances of SIMON and SPECK are significantly improved by using ARM NEON SIMD (Single Instruction Multiple Data) parallel computing and OpenMP SIMT (Single Instruction Multiple Thread). We optimized the implementation on ARM NEON architecture. For optimized NEON, we reduced the number of registers for round key and increased the number of registers for plaintexts. Furthermore, we proposed the efficient forward and backward alignment methods. Finally, we maximize the performance by using SIMT (Single Instruction Multiple Threads). In the case of performance of proposed methods and proposed methods with SIMT, SIMON 128/128 encryption within 32.4, 14.3 cycles/byte, SIMON 128/192 encryption within 30.1, 15.9 cycles/byte, SIMON 128/256 encryption within 32.4, 16.9 cycles/byte, SPECK 128/128 encryption within 9.7, 5.1 cycles/byte, SPECK 128/192 encryption within 10.4, 5.6 cycles/byte, SPECK 128/256 encryption within 11.0, and 5.6 cycles/byte respectively on ARM Cortex-A53 environment.

We propose an online game money chargeback fraud detection method using operation sequence, gradient of charge/purchase amount, time and country as features of a transaction. We model the sequence of transactions with a recurrent neural network which also combines charge and purchase transaction features in single feature vector. In experiments using real data (a 483,410 transaction log) from a famous online game company in Korea, the proposed method shows a 78% recall rate with a 0.057% false positive rate. This recall rate is 7% better than current methodology utilizing transaction statistics as features.

In general, game players want their own characters that project themselves to have stronger power and honor in a virtual world. Their aspiration is achieved by pulling up character’s level or accumulating wealth in game. Some players, thus, cheat at games in a variety of ways to skip the repetitive and tedious process of gaining experience and wealth that consumes a considerable amount of time and effort. Cheatings are regarded as harmful behaviors toward both game producers and players in good faith, and if the rate of the cheating players exceeds a certain threshold, the game producers will not be able to provide fair and successful services anymore. Therefore, the game producers make various efforts to detect and impose a sanction on the cheaters. In this paper, we propose a method to estimate population size of the cheaters more quickly and accurately, in a relatively shorter time and lower cost than traditional methods, by using the method which is used frequently by ecologists. Among the various ecological estimation methods, Jolly-Seber estimator, based on capture and recapture method, was selected to estimate the characteristics of players in virtual world. Moreover, the video footage recorded for estimation is expected to become a legal evidence for game producers to impose sanctions such as permanent account suspension. Based on the estimated population size, the ratio of the cheaters among ordinary players can be estimated, and this ratio is expected to help the game producers to make swift decisions on the timing of sanctions. In this paper, we estimate the population size of cheating players in Blade & Soul, a popular MMORPG game. The total number of cheating players was estimated to be 274,639 players in four selected areas. In 2012, according to official press release of the game producer (NCSOFT Corporation), Blade & Soul had 230,000 concurrent users at every second. The number of active users is approximately estimated to be 2,300,000. Using the method proposed in this paper, the rate of cheating players in the game is approximately 11.94%.

Artificial Intelligence (AI) technology is being used throughout the industry due to the introduction of the era of the Fourth Industrial Revolution. In the financial industry, AI technology is used in sales and marketing, fraud and illegality prevention, credit evaluation and screening, chat-bot and etc. The robo-advisor can apply the AI technology in case of investment advisory to provide a large and cost-effective portfolio of investment information. It also has positive function to the field in the fact that it has ability to generate popular investors and create new customers and services. However, robo-advisor that uses AI is still at its initial stage in introducing the technology and there are currently legal, institutional and policy limitations in providing comprehensive and customized advisory services. Thus, at first, this paper will consider the area of legal argument on the issues related to AI on the legal status and liability, financial IT, security and privacy. And focused on robo-advisor, the main issues concerning the current legal system and security self-regulatory method are elucidated and analyzed to provide the basic direction of regulation for development of utilization of AI technology in financial sector. In an environment that is shifting from ex-ante regulation to ex-post regulation, which is a current paradigm of financial IT security regulation, in order to modernize the regulations for the digital age, we propose specific measures to strengthen the use of regulatory sandbox as an autonomous regulatory scheme for the use of new technologies such as AI.