Information Systems Security

Car insurance companies worldwide have launched reward programs that provide benefits (e.g., cash-back) to good drivers. However, two issues may arise from these programs. First, drivers cannot easily verify whether their insurer is properly following the program rules upon computing their rewards. The second issue is that privacy can be violated when sensing data is collected from policyholders’ cars to identify whether they are good drivers. This paper proposes a smart contract-based solution that trades off user privacy for reward transparency. A smart contract computes rewards based on sensing data policyholders provide to the Ethereum blockchain. To preserve privacy, a policyholder can (i) select what sensing data is sent to the blockchain, (ii) use distinct pseudonyms to hide his or her real identity, (iii) choose what accuracy sensing data has, and (iv) verify whether his or her sensing data allows him or her to remain indistinguishable from other drivers whose data has been already disclosed in the blockchain.

Cryptocurrencies such as Bitcoin [1], Ethereum [2] are becoming very popular among people due to their properties such as pseudo-anonymity which can be used for both good and bad. In this paper, we show how smart contracts can be used to build criminal applications. Here we construct an application that allows contractors to get the stolen private key of a target user from perpetrators in an end to end encrypted message application.

We present a mechanism to trustworthy isolate I/O devices with Direct Memory Access (DMA), which ensures that an isolated I/O device cannot access sensitive memory regions. As a demonstrating platform, we use the Network Interface Controller (NIC) of an embedded system. We develop a run-time monitor that forces NIC reconfigurations, defined by untrusted software, to satisfy a security rule. We formalized the NIC in the HOL4 interactive theorem prover and we verified the design of the isolation mechanism. The verification is based on an invariant that is proved to be preserved by all NIC operations and that ensures that all memory accesses address allowed memory regions only. We demonstrate our approach by extending an existing Virtual Machine Introspection (VMI) with the monitor. The resulting platform prevents code injection in a connected and untrusted Linux (The HOL4 proofs and the source code of the monitor are published at https://​github.​com/​kth-step/​NIC-formalization-monitor.).

Role-Based Access Control (RBAC) restricts unauthorized user accesses by ensuring that only the permissions necessary for executing the respective tasks by the users are available through the roles assigned to them. In order to effectively deploy and sustain RBAC in an organization, a set of roles needs to be designed. This can be done using an approach known as role mining. In many cases, it may be essential to limit the accessibility of the roles to certain locations and time periods. Such kind of location and time dependent availability of roles can be enforced by the spatio-temporal extensions of the RBAC model. The implementation of these extended models requires the creation of spatially and temporally constrained roles which cannot be directly done using the traditional role mining algorithms. In this paper, we propose an approach known as spatio-temporal role mining to generate the roles for setting up spatio-temporal RBAC. We describe a suitable representation for depicting the input to spatio-temporal role mining, formally define the Spatio-Temporal Role Mining Problem (STRMP) and propose an algorithm for solving it. Experimental results obtained from synthetic and real-world datasets provide the performance evaluation of our proposed approach.

Policy mining has been identified as one of the most challenging tasks towards deployment of Attribute-Based Access Control (ABAC) in any organization. This work introduces a novel approach for visual mining of ABAC policies. The fundamental objective is to graphically portray the existing accesses to facilitate visual elucidation and mining of meaningful authorization rules. We represent the existing accesses in the form of a binary matrix and formulate the problem of finding the best representation of the binary matrix as a minimization problem. The authorization rules are then extracted from the visual representation of the access control matrix in such a way that the number of rules required to satisfy all the existing accesses is minimum. The problem is shown to be NP-Complete and hence, heuristic solution is proposed. We experimentally evaluate our proposed approach on a number of synthetically generated data sets to study its robustness and scalability in a variety of situations.

Today, organizations do not work in silos, but rather collaborate, work jointly and share data resources for various business benefits such as storage, management, analytics, etc. In this scenario, organizations want to ensure that their own security requirements are always met, even though they may be sharing/moving their resources to another organization. Hence, there is a need to evaluate the extent to which their policies are similar (or equivalent) i.e., to what extent do they both agree on a common set of security requirements (policy)? When the policies are not identical, there is also a need to evaluate the differences and see how these differences can be reconciled so that the organizations can be brought to agreement in terms of their security requirements.

To address this issue, in this paper, we first propose the notion of policy equivalence and develop methods to evaluate the policy similarity. We also propose two different approaches for accomplishing policy reconciliation where one is based on ABAC mining and the other is based on finding maximal common subsets. Both of the approaches guarantee that the organization’s policies are never violated as they are both conservative in nature. Further, it is also possible that the organizations in the collaboration decide to pick one organization and each of them migrates to the policy. We propose a migration approach for organizations in this setting which will incur least migration cost for all the organizations. We compare both the reconciliation approaches and policy migration with respect to their reconciliation results as well as performance.

In this digital world, numerous credit card-based transactions take place all over the world. Concomitantly, gaps in process flows and technology result in many fraudulent transactions. Owing to the spurt in the number of reported fraudulent transactions, customers and credit card service providers incur significant financial and reputation losses respectively. Therefore, building a powerful fraud detection system is paramount. It is noteworthy that fraud detection datasets, by nature, are highly unbalanced. Consequently, almost all of the supervised classifiers, when built on the unbalanced datasets, yield high false negative rates. But, the extant oversampling methods while reducing the false negatives, increase the false positives. In this paper, we propose a novel data oversampling method using Generative Adversarial Network (GAN). We use GAN and its variant to generate synthetic data of fraudulent transactions. To evaluate the effectiveness of the proposed method, we employ machine learning classifiers on the data balanced by GAN. Our proposed GAN-based oversampling method simultaneously achieved high precision, F1-score and dramatic reduction in the count of false positives compared to the state-of-the-art synthetic data generation based oversampling methods such as Synthetic Minority Oversampling Technique (SMOTE), Adaptive Synthetic Sampling (ADASYN) and random oversampling. Moreover, an ablation study involving the oversampling based on the ensemble of SMOTE and GAN/WGAN generated datasets indicated that it is outperformed by the proposed methods in terms of F1 score and false positive count.

This note is a brief introduction to CellTree, a new architecture for distributed data repositories, drawing liberally from our article which introduces the concept in greater detail [15].

A CellTree allows data to be stored in largely independent, and highly programmable cells, which are “assimilated” into a tree structure. The data in the cells are allowed to change over time, subject to each cell’s own policies; a cell’s policies also govern how the policies themselves can evolve. A design goal of the architecture is to let a CellTree evolve organically over time, and adapt itself to multiple applications. Different parts of the tree may be maintained by different sets of parties and the core mechanisms used for maintaining the tree can also vary across the tree and over time.

We outline the architecture of a CellTree, along with provable guarantees of liveness, correctness and consistency that can be achieved in a typical instantiation of the architecture. These properties can be guaranteed for individual cells that satisfy requisite trust assumptions, even if these assumptions don’t hold for other cells in the tree. We also discuss several features of a CellTree that can be exploited by applications. Finally, we briefly outline a sample application that can be built upon the CellTree, leveraging its many features.

Secure information flow checks whether sensitive information leak to public outputs of a program or not. It has been widely used to analyze the security of various programs and protocols and guarantee their confidentiality and robustness.

In this paper, the problem of verifying secure information flow of concurrent probabilistic programs is discussed. Programs are modeled by Markovian processes and secure information flow is specified by observational determinism. Then, two algorithms are proposed to verify observational determinism in the Markovian model. The algorithms employ a trace-based approach to traverse the model and check for satisfiability of observational determinism. The proposed algorithms have been implemented into a tool called PRISM-Leak, which is constructed on the PRISM model checker. An anonymity protocol, the dining cryptographers, is discussed as a case study to show how PRISM-Leak can be used to evaluate the security of programs. The scalability of the tool is demonstrated by comparing it to the state-of-the-art information flow tools.

Cloud-based services enable easy-to-use data-sharing between multiple parties, and, therefore, have been widely adopted over the last decade. Storage services by large cloud providers such as Dropbox or Google Drive as well as federated solutions such as Nextcloud have amassed millions of users. Nevertheless, privacy challenges hamper the adoption of such services for sensitive data: Firstly, rather than exposing their private data to a cloud service, users desire end-to-end confidentiality of the shared files without sacrificing usability, e.g., without repeatedly encrypting when sharing the same data set with multiple receivers. Secondly, only being able to expose complete (authenticated) files may force users to expose overmuch information. The receivers, as well as the requirements, might be unknown at issue-time, and thus the issued data set does not exactly match those requirements. This mismatch can be bridged by enabling cloud services to selectively disclose only relevant parts of a file without breaking the parts’ authenticity. While both challenges have been solved individually, it is not trivial to combine these solutions and maintain their security intentions.

Cloud-based storage services, such as Dropbox, Google Drive, or NextCloud, are broadly used to share data with others or between the individual devices of one user due to their convenience. Various end-to-end encryption mechanisms can be applied to protect the confidentiality of sensitive data in a not fully trusted cloud environment. As all such encryption mechanisms require to store keys on the client’s device, losing a device (and key) might lead to catastrophic consequences: Losing access to all outsourced data. Strategies to recover from key-loss have various trade-offs. For example, storing the key on a flash drive burdens the user to keep it secure and available, while encrypting the key with a password before uploading it to the cloud requires users to remember a complex password. These strategies also require that the key can be extracted from the device’s hardware, which risks the confidentiality of the key and data once a curious person finds a lost device or a thief steals it.

In this paper, we propose and implement a cloud-based data sharing system that supports recovery after key-loss while binding the keys to the devices’ hardware. By using multi-use proxy re-encryption, we build a network of re-encryption keys that enables users to use any of their devices to access data or share it with other users. In case of device-loss, we amend this network of re-encryption keys – potentially with the help of one or more user-selected recovery users – to restore data access to the user’s new device. Our implementation highlights the system’s feasibility and underlines its practical performance.

Safeguarding privacy of ratings assigned by users is an important issue for recommender systems. There are several existing protocols that allow a server to generate recommendations from homomorphically encrypted ratings, thereby ensuring privacy of rating data. After collecting the encrypted ratings, the server may require further interaction with each user, which is problematic in case some users were to go offline. To solve the offline user problem previous solutions use additional semi-honest third parties. In this paper, we propose a privacy-preserving recommender system that does not suffer from the offline user problem. Unlike previous works, our proposal does not require any additional third party. We demonstrate with the help of experiments that the time required to generate recommendations is efficient for practical applications.

In this paper, we initiated a degree evaluation technique for the NFSR based stream cipher like Grain family where the degree of the NFSR update bits is higher than the degree of the output function. Here, we have applied the technique on Grain-v1 to evaluate degree NFSR update bit and output bit during key scheduling phase of reduced round. We are trying to improve this technique and correctness for the full paper.

Social network data analysts can retrieve improved results if mining operations are performed on collaborative social network data instead of independent social network data. The collaborative social network can be constructed by joining data of all social networking sites. This data may contain sensitive information about individuals in its original form and sharing of such data, as it is, may violate individual privacy. Hence, various techniques are discussed in literature for privacy preserving publishing of social network data. However, these techniques suffer from the insider attack, performed by colluding data provider(s) to breach the privacy of the social network data contributed by other data providers. In this paper, we propose an approach that offers protection against the insider attack in the collaborative social network data publishing scenario. Experimental results demonstrate that our approach preserves data utility while protecting collaborated social network data against the insider attack.

Visual Cryptography is an image encryption technique which reconstructs the image using human visual system. Presently used size invariant visual cryptography schemes (VCS) does not preserves both security and contrast conditions. In this paper we proposed a new method for size invariant block wise encoding VCS based on perfect reconstruction of white pixels which provides perfect security and retains the contrast. Here we have discussed an outline of size invariant VCS based on random basis column pixel expansion, block wise encoding and random basis VCS with perfect reconstruction of white pixels (PRWP) which have been demonstrated based on various research studies. We have also discussed the demerits of the existing models and made an experimental analysis between previous models and the proposed model. From the analysis we proved that the proposed method enhances the security and maintain the contrast.

The growth in the internet has paved the way for an increase in digital communication. Cryptography and data hiding provide security of the data being communicated. In cryptography, the fact that the information is hidden is not concealed, whereas, in data hiding, it is hard to tell if a cover media contains embedded information. Data hiding can be used for covert communication, or to embed extra information about the image. Often the original cover image cannot be restored once the embedded data has been extracted. However, for certain applications like those belonging to medical and military, the data hiding process cannot distort the cover image. Medical images contain important diagnostic information, and military images serve some legal purpose. Any change in these images can lead to negative consequences. Therefore, a data hiding mechanism is needed for applications in which both the image as well as the data being hidden are important to hide data in such a way which will enable the extraction of embedded data and also restore the original image. Reversible data hiding (RDH) techniques have been proposed to embed data in such sensitive images. In this paper, we discuss a histogram shifting based two pass RDH scheme. Experimental results illustrate that the proposed technique, other than being reversible provides fairly high quality marked image along with high embedding capacity.

Bianchi et al. proposed a method to detect the non-aligned double JPEG (NAD-JPEG) compression using the presence of distortions in the Integer Periodicity Map (IPM) of DC coefficients of any JPEG image. However, we found that the IPM can be easily altered without affecting the visual quality of an image. In this paper, we propose a new anti-forensics scheme that alters the IPM to deceive the Bianchi et al. scheme. In our proposed method, a statistical model of the DC coefficients from singly compressed JPEG image is used to generate an estimated image which is free from quantization artifacts that are present in the IPM. The estimated image is subjected to NAD-JPEG compression. It was found that the DC values of NAD-JPEG image are no longer be the multiples of the corresponding primary quantization step size \(q_1\). As a result, the DCT coefficients do not cluster around the lattice related to the \(q_1\) and the IPM of the double JPEG compressed image seems to be the IPM of a singly compressed JPEG image. Experimental results show the effectiveness of the proposed anti-forensics scheme as the accuracy of the said forensics method get reduced to less than \(50\%\) in case of anti-forensically modified images.

Assessing change in an attack surface of dynamic computer networks is a formidable challenge. Researchers have previously looked into the problem of measuring network risk and used an attack graph (AG) for network hardening. However, such AG-based approaches do not consider the likely variations in the attack surface. Further, even though it is possible to generate attack graphs for a realistic network efficiently, resulting graphs poses a severe challenge to human comprehension. To overcome such problems, in this paper, we present a differential attack graph-based change detection technique. We proposed a change distribution matrix-based technique to discern differences in the network attack surface. Our method not only detects the degree of change in the network attack surface but also finds the root causes in a time-efficient manner. We use a synthetic network to illustrate the approach and perform a set of simulations to evaluate the performance. Experimental results show that our technique is capable of assessing changes in the attack surface, and thus can be used in practice for network hardening.