Network and System Security

There are an enormous number of security anomalies that occur across the Internet on a daily basis. These anomalies are typically viewed as individual security events that are manually analyzed in order to detect an attack and take action. Important characteristics of an attack may go unnoticed due to limited manual resources. Mobile attacks introduce further complexity by typically traversing multiple types of networks making correlation and detection even more challenging. In this paper, we propose a system Dandelion, which aims to automatically correlate individual security anomalies together to reveal an entire mobile attack campaign. The system also identifies previously unknown malicious network entities that are highly correlated. Our prototype system correlates thousands of network anomalies across both the SMS and IP networks of a large US tier-1 mobile service provider, reducing them to approximately $$20\sim 30$$ groups of interest a day. To demonstrate Dandelion’s value, we show how our system has provided the critical information necessary to human analysts in detecting and mitigating previously unknown mobile attacks.

Wireless Sensor Networks (WSNs) have been substituting for human senses to make human lives better by monitoring the environment and providing intelligence. Collected sensor data are used to make decisions as a human does. Therefore, providing trustworthy sensor data is crucial to make correct decisions. However, faulty sensors can give incorrect information. In addition, since sensors are usually deployed in unattended areas and can be compromised, cryptographic approaches are insufficient. To address this problem, we propose a distance-based trustworthiness assessment scheme. In our scheme, a centralized trust assessment module outputs an absolute trust score of each sensed value and the trust score of each sensor. The trust scores of sensed values are calculated based on the differences of sensed values provided by a sensor and its neighbors and the physical distances from the neighbors. Our simulation results show that our scheme outputs practical and accurate trust scores in a realistic environment where the sensed values of interest gradually change over the monitored areas.

Many mobile wireless networks unintentionally provide opportunity for attackers to launch anonymous attacks or spoof other users, often without fear of being caught. It’s often ideal for network carriers to block all traffic from an attacker, not just the attack traffic, for example to stop any concurrent attacks which cannot be detected by the carrier. We present an approach to detect common attacks at the access point, and leverage this with packet clustering to block all traffic originating from attackers during an attack. To achieve packet clustering, we utilize received signal strength at the access point to properly cluster attack packets according to each unique attacker, and further classify all other packets according to these clusters. Our approach is designed with attacker and legitimate user mobility in mind, low memory overhead, and is scalable to many simultaneous attackers. Our experimental results show very high classification accuracy, sensitivity and specificity.

News reports of the last few years indicated that several intelligence agencies are able to monitor large networks or entire portions of the Internet backbone. Such a powerful adversary has only recently been considered by the academic literature.In this paper, we propose a new adversary model for Location Based Services (LBSs). The model takes into account an unauthorized third party, different from the LBS provider itself, that wants to infer the location and monitor the movements of a LBS user. We show that such an adversary can extrapolate the position of a target user by just analyzing the size and the timing of the encrypted traffic exchanged between that user and the LBS provider. We performed a thorough analysis of a widely deployed location based app that comes pre-installed with many Android devices: GoogleNow. The results are encouraging and highlight the importance of devising more effective countermeasures against powerful adversaries to preserve the privacy of LBS users.

Some smartphone platforms such as Android have a distinctive message passing system that allows for sophisticated interactions among app components, both within and across app boundaries. This gives rise to various security and privacy risks, including not only intentional collusion attacks via permission re-delegation but also inadvertent disclosure of information and service misuse through confused deputy attacks. In this paper, we revisit the perils of app coexistence in the same platform and propose a risk mitigation mechanism based on segregating apps into isolated groups following classical security compartmentation principles. Compartments can be implemented using lightweight approaches such as Inter-Component Communication (ICC) firewalling or through virtualization, effectively fencing off each group of apps. We then leverage recent works on quantified risk metrics for Android apps to couch compartmentation as a combinatorial optimization problem akin to the classical bin packing or knapsack problems. We study a number of simple yet effective numerical optimization heuristics, showing that very good compartmentation solutions can be obtained for the problem sizes expected in current’s mobile environments.

Botnets have traditionally been seen as a threat to personal computers; however, the recent shift to mobile platforms resulted in a wave of new botnets. Due to its popularity, Android mobile Operating System became the most targeted platform. In spite of rising numbers, there is a significant gap in understanding the nature of mobile botnets and their communication characteristics. In this paper, we address this gap and provide a deep analysis of Command and Control (C&C) and built-in URLs of Android botnets detected since the first appearance of the Android platform. By combining both static and dynamic analyses with visualization, we uncover the relationships between the majority of the analyzed botnet families and offer an insight into each malicious infrastructure. As a part of this study we compile and offer to the research community a dataset containing 1929 samples representing 14 Android botnet families.

Extensive use of third party IP cores (e.g., HDL, netlist) and open source tools in the FPGA application design and development process in conjunction with the inadequate bitstream protection measures have raised crucial security concerns in the past for reconfigurable hardware systems. Designing high fidelity and secure methodologies for FPGAs are still infancy and in particular, there are almost no concrete methods/techniques that can ensure trust in FPGA applications not entirely designed and/or developed in a trusted environment. This work strongly suggests the need for an anomaly detection capability within the FPGAs that can continuously monitor the behavior of the underlying FPGA IP cores and the communication activities of IP cores with other IP cores or peripherals for any abnormalities. To capture this need, we propose a technique called FIDelity Enhancing Security (FIDES) methodology for FPGAs that uses a combination of access control policies and behavior learning techniques for anomaly detection.FIDES essentially comprises of two components: (i) Trusted Wrappers, a layer of monitors with sensing capabilities distributed across the FPGA fabric; these wrappers embed the output of each IP core i with a tag $$\tau _i$$ according to the pre-defined security policy $$\varPi $$ and also verifies the embeddings of each input to the IP core to detect any violation of policies. The use of tagging and tracking enables us to capture the normal interactions of each IP core with its environment (e.g., other IP cores, memory, OS or I/O ports). Trusted Wrappers also monitors the statistical properties exhibited by each IP core module on execution such as power consumption, number of clock cycles and timing variations to detect any anomalous operations; (ii) a Trusted Anchor that monitors the communication between the IP cores and the peripherals with regard to the centralized security policies $$\varPsi $$ as well as the statistical properties produced by the peripherals. To thwart an adversary from tampering or disabling the proposed security components during the deployment stage, our architecture generates a secure bitstream blob consisting of the IP cores, Trusted Wrappers and Trusted Anchor, secured using public key cryptography. We implemented FIDES architecture on a Xilinx Zynq 7020 device running a red-black system comprising of sensitive and non-sensitive IP cores. Our results show that the FIDES implementation leads to only 1-2% overhead in terms of the logic resources per wrapper and incurs minimal latency per wrapper for tag verification and embedding. On the other hand, as compared to the baseline implementation, when all the communications within the system are routed to the Trusted Anchor for centralized policy checking and verification, a latency of 1.5X clock cycles is observed; this clearly manifests the advantage of using distributed wrappers as opposed to centralized policy checking.

Security of embedded devices today is a critical requirement for the Internet of Things (IoT) as these devices will access sensitive information such as social security numbers and health records. This makes these devices a lucrative target for attacks exploiting vulnerabilities to inject malicious code or reuse existing code to alter the execution of their software. Existing defense techniques have major drawbacks such as requiring source code or symbolic debugging information, and high overhead, limiting their applicability. In this paper we propose a novel defense technique, DisARM, that protects against both code-injection and code-reuse based buffer overflow attacks by breaking the ability for attackers to manipulate the return address of a function. Our approach operates on arbitrary executable binaries and thus does not require compiler support. In addition it does not require user interactions and can thus be automatically applied. Our experimental results show that our approach incurs low overhead and significantly increases the level of security against both code-injection and code-reuse based attacks.

We analyze the threat of DDoS-for-hire services to low and medium power cloud-based servers or home users. We aim to investigate popularity and availability of such services, their payment models, subscription pricing, complexity of the generated attack traffic and performance.

Graphical passwords (GPs) are considered as one promising solution to replace traditional text-based passwords. Many GP schemes have been proposed in the literature such as PassPoints, DAS, Cued Click Points, GeoPass and so on. These schemes reported promising performance in their studies in the aspects of security and usability, however, we notice that these GP schemes may suffer from the issue of multiple password memory. In our first user study, it is identified that this issue has indeed become a big challenge. In real-world applications, users usually have to remember and maintain more than one password in different scenarios, thus, it is very essential to develop a better GP scheme to solve this issue. In this paper, we focus on map-based GPs and propose a scheme of RouteMap for better multiple password memory, which allows users to draw a route on a map as their secrets. In our second user study with 60 participants, it is found that users can achieve better performance using RouteMap in terms of multiple password memory, as compared with two similar schemes. Our effort attempts to complement existing studies and stimulate more research on this issue.

Internet applications use SSL to provide data confidentiality to communicating entities. The use of encryption in SSL makes it impossible to distinguish between benign and malicious connections as the content cannot be inspected. Therefore, we propose and evaluate a set of indicators for malicious SSL connections, which is based on the unencrypted part of SSL (i.e., the SSL handshake protocol). We provide strong evidence for the strength of our indicators to identify malicious connections by cross-checking on blacklists from professional services. Besides the confirmation of prior research results through our indicators, we also found indications for a potential (not yet blacklisted) botnet on SSL. We consider the analysis of such SSL threats as highly relevant and hope that our findings stimulate the research community to further study this direction.

Fingerprint orientation field, representing the fingerprint ridge-valley structure direction, plays an essential role in fingerprint preprocessing tasks. Orientation field is able to be reconstructed by either non-parameterized or parameterized methods. In this paper, we propose a new parameterized approach for orientation field modeling. The proposed algorithm minimizes a composite model including three constraints corresponding to a least square data fitting term, a total variation regularization and a $$L_1$$ sparse regularization. This model has been shown to be very effective for fingerprint orientation field reconstruction. Furthermore, its effectiveness has been proven by several experiments. First, the experiments on poor-quality fingerprint images are conducted. Visual comparisons demonstrate the robustness of the proposed method when processing noisy fingerprint images. Then, as another application of the proposed model, its resultant sparse representation is employed for fingerprint indexing. The experiments on FVC 2000 DB2a and FVC 2002 DB1a datasets show the superior performance of the proposed model for fingerprint indexing.

Access control facilitates controlled sharing and protection of resources in an enterprise. However, given the ubiquity of collaborative applications and scenarios, enterprises no longer function in isolation. Being able to measure policy similarity and integrate heterogeneous policies appropriately is an essential step towards secure interoperation. Existing approaches for measuring policy similarity are based on computing similarity between different components of the access control policy. However, this does not provide a pathway for integrating policies, and may not sufficiently take the security context into account. In this paper, we propose a holistic change detection approach that enables policy similarity evaluation and policy migration. Our approach more comprehensively takes into account different access control semantics to compute policy similarity and finds the common organizational policy with the least cost.

A major barrier to the adoption of cloud Infrastructure-as-a-Service (IaaS) is collaboration, where multiple tenants engage in collaborative tasks requiring resources to be shared across tenant boundaries. Currently, cloud IaaS providers focus on multi-tenant isolation, and offer limited or no cross-tenant access capabilities in their IaaS APIs. In this paper, we present a novel attribute-based access control (ABAC) model to enable collaboration between tenants in a cloud IaaS, as well as more generally. Our approach allows cross-tenant attribute assignment to provide access to shared resources across tenants. Particularly, our tenant-trust authorizes a trustee tenant to assign its attributes to users from a trustor tenant, enabling access to the trustee tenant’s resources. We designate our multi-tenant attribute-based access control model as MT-ABAC. Previously, a multi-tenant role-based access control (MT-RBAC) model has been defined in the literature wherein a trustee tenant can assign its roles to users from a trustor tenant. We demonstrate that MT-ABAC can be configured to enforce MT-RBAC thus subsuming it as a special case.

Over the last several years, sophisticated access control models have been proposed to take into account different dimensions such as time, space, role, context, attribute, etc. These enable specification of fine grained access control policies that can better express evolving organizational needs. However, there is no comprehensive solution that can uniformly specify, evaluate, maintain and analyze this multitude of policies in a consistent fashion. In this paper, we show that specifying and enforcing access control policies of multiple granularities and dimensions can be transformed into the problem of storing and querying data at multiple granularities and dimensions. Specifically, we develop a unified schema to represent several standard access control policies and show how they can be automatically evaluated. We have implemented the system in Oracle, and evaluated its scalability.

Keyword search on encrypted data enables one to search keyword ciphertexts without compromising keyword security. We further investigate this problem and propose a novel variant, dubbed certificateless keyword search on encrypted data (CLKS). CLKS not only supports keyword search on encrypted data, but also brings promising features due to the certificateless cryptography. In contrast to the certificated-based keyword search, CLKS requires no validation on the trustworthy of the public key before encrypting keywords; in contrast to the identity-based keyword search, CLKS prevents the key issuer (e.g., key generator center) from penetrating any information on keyword ciphertexts by leveraging the capability of accessing all data users’ (partial) private keys. Specifically, we rigorously define the syntax and security definitions for CLKS, and present the construction that is provably secure in the standard model under the Decisional Linear assumption. We implemented the proposed CLKS scheme and evaluated its performance. To the best of our knowledge, this is the first attempt to integrate certificateless cryptography with keyword search on encrypted data.

We propose the first secure cloud storage system with public audit for dynamic group, which achieves identity privacy-preserving and privilege control among mobile users. We utilize multi-key ciphertext policy attribute-based key encapsulation mechanisms (MCP-AB-KEMs) to achieve privileges of operations on the cloud data and the anonymity among the mobile users, and we utilize proxy re-signatures to update tags efficiently. In addition, a third party auditor (TPA) helps to check data integrity without the knowledge of users’ identities. We also give a security model and present the security analysis within the model.

Oblivious RAM (ORAM) is a provable technique to protect a user’s access pattern to outsourced data. Recently, many ORAM constructions have been proposed, but most of them are impractical due to high communication and user-side storage costs. Motivated by Partition ORAM (P-ORAM) [15], a state-of-the-art communication-efficient ORAM construction, this paper proposes GP-ORAM (Generalized Partition ORAM) as a new framework to assemble multiple ORAM partitions together while overcoming the limitations of the P-ORAM construction. GP-ORAM allows smaller and adjustable number of partitions, fully utilizes the available user-side storage to reduce communication cost, and can efficiently export the index table to the server. As a result, GP-ORAM incurs low bandwidth cost (i.e., $$O(\log N)$$ data blocks per query in practice) and has significantly less user-side storage cost than P-ORAM. We demonstrate the security and practicality of GP-ORAM through extensive performance analysis.

We present a pragmatic evaluation system, where privacy of each evaluator is guaranteed in a cryptographic way. Each evaluation report is signed with a domain signature that is related to the anonymous signer and to the evaluation subject in the way that (a) a given user cannot appear under different pseudonym for a given evaluation subject (no Sybil attack possible), (b) it is infeasible to decide whether the signatures for different subjects have been created by the same evaluator, (c) each evaluator holds a single private key.Unlike available anonymous credential systems and domain signatures proposed so far, our scheme is based on standard operations available on most cryptographic smart cards and easy to implement in the scenarios where the set of evaluators is determined. We describe one application scenario – a university evaluation system with courses feedback from the students.

Gentry, Sahai and Waters constructed the first identity-based fully homomorphic encryption schemes from identity-based encryption schemes in CRYPTO 2013. In this work, we focus on improving their IBFHE schemes, using Micciancio and Peikert’s novel and powerful trapdoor in conjunction with Alperin-Sheriff and Peikert’s simple and tight noise analysis technique when performing homomorphic evaluation.

Recent years have witnessed significant increase in number of side-channel attacks on the cryptographic algorithms and hence the attempts to defend them. Note that Differential Power Analysis (DPA) is the most powerful attack which belongs to the class of side channel attacks. In order to defend against DPA attacks, there is a growing demand for the construction of Boolean functions and S-boxes. In this regard, we develop three effective algorithms that are based on evolutionary computing techniques. As a result, three 8-bit highly nonlinear balanced Boolean functions have been evolved in this work that have higher DPA resistance than others published previously.

Khudra is a block cipher proposed in the SPACE’2014 conference, whose main design goal is to achieve suitability for the increasingly popular Field Programmable Gate Array (FPGA) implementation. It is an 18-round lightweight cipher based on recursive Feistel structure, with a 64-bit block size and 80-bit key size. In this paper, we compute the minimum number of active F-functions in differential characteristics in the related-key setting, and give a more accurate measurement of the resistance of Khudra against related-key differential cryptanalysis. We construct a related-key boomerang quartet with probability $$2^{-48}$$ for the 14-round Khudra, which is better than the highest probability related-key boomerang quartet of the 14-round Khudra of probability at most $$2^{-72}$$ claimed by the designers. Then we propose a related-key rectangle attack on the 16-round Khudra without whitening key by constructing a related-key rectangle distinguisher for 12-round Khudra with a probability of $$2^{-23.82}$$. The attack has time complexity of $$2^{78.68}$$ memory accesses and data complexity of $$2^{57.82}$$ chosen plaintexts, and requires only four related keys. This is the best known attack on the round-reduced Khudra.

Statistical saturation attack is one of the powerful attacks against block ciphers, however, the requirement of identifying the weak permutation somehow restrict its wide applications. Integral attack can be considered as the deterministic version of the statistical saturation attack, which works by tracing the properties of the integral sets after certain rounds of encryption. It aims to build an integral characteristic path for a large number of rounds. By searching within the message space, it expects to find a characteristic path in a deterministic way assuming the random behavior of the cipher. In this paper, we provide the first study on how to take advantage of the integral attack and apply it to cryptanalysis by using statistical approach, and our new approach does not rely on identifying weak permutations. One of our contributions is to firstly apply the internal collision of a set as the evaluated statistics and show how this property can be efficiently propagated in the General Feistel Structure (GFS) with bijective map S-Box. Secondly, we provide a simple statistical framework to evaluate the data complexity. Finally, we evaluate several GFS and find out for some of the designs, our approach provide a better result compared with other statistical attack such as differential and linear attack.

We propose an encryption scheme with the following properties:1.it has an “all-optical” implementation, thus preserving ultra-high communication speed of recently deployed optical networks;2.sender and receiver only share a short key; that is, a key of length constant with respect to the message length.

PGP is built upon a Distributed Web of Trust in which a user’s trustworthiness is established by others who can vouch through a digital signature for that user’s identity. Preventing its wholesale adoption are a number of inherent weaknesses to include (but not limited to) the following: 1) Trust Relationships are built on a subjective honor system, 2) Only first degree relationships can be fully trusted, 3) Levels of trust are difficult to quantify with actual values, and 4) Issues with the Web of Trust itself (Certification and Endorsement). Although the security that PGP provides is proven to be reliable, it has largely failed to garner large scale adoption. In this paper, we propose several novel contributions to address the aforementioned issues with PGP and associated Web of Trust. To address the subjectivity of the Web of Trust, we provide a new certificate format based on Bitcoin which allows a user to verify a PGP certificate using Bitcoin identity-verification transactions - forming first degree trust relationships that are tied to actual values (i.e., number of Bitcoins transferred during transaction). Secondly, we present the design of a novel Distributed PGP key server that leverages the Bitcoin transaction blockchain to store and retrieve our certificates.

Both scalability and flexibility become crucial for privacy preserving protocols in the age of Big Data. Private Set Intersection (PSI) is one of important privacy preserving protocols. Usually, PSI is executed by 2-parties, a client and a server, where both a client and a server compute jointly the intersection of their private sets and at the end only the client learns the intersection and the server learns nothing. From the scalable point of view, however, the number of parties are not limited to two. In this paper, we propose a scalable and flexible multiparty PSI (MPSI) for the first time: the data size of each party is independent to each other and the computational complexity is independent to the number of parties. We also propose d-and-over MPSI for the first time.

Electronic contract signing allows two potentially dis-trustful parties to digitally sign an electronic document “simultaneously” across a network. Existing solutions for electronic contract signing either require the involvement of a trusted third party (TTP), or are complex and expensive in communication and computation. In this paper we propose an electronic contract signing protocol between two parties with the following advantages over existing solutions: 1) it is practical and scalable due to its simplicity and high efficiency; 2) it does not require any trusted third party as the mediator; and 3) it guarantees fairness between the two signing parties. We achieve these properties by employing a trustworthy timestamping service in our protocol, where the timestamping service can be either centralized or decentralized. We also provide a detailed analysis on security and performance of our scheme.

After the concept of the active wiretapper was proposed, integrity protection became more important than ever before. Therefore, message authentication code, a method that protects the message from being modified in an undetectable way, attracts more attention. In this paper, we propose a new message authentication code based on APN functions and stream ciphers. This new construction has provable security, which proves that the probability of successful substitution forgery attacks against our new message authentication code is upper bounded by a negligible value. We implement our algorithm, and compare its time consumption with the time consumption of EIA1, the message authentication code used in the 4G LTE system. The results show that our algorithm is much faster than EIA1. Moreover, our new construction is resistant to cycling and linear forgery attacks, which can be applied to EIA1.

Package dependency has been considered in many vulnerability assessment systems. However, existing approaches are either coarse-grained and do not accurately reveal the influence and severity of vulnerabilities, or do not provide comprehensive (both incoming and outgoing) analysis of attack surface through package dependency. We propose a systematic approach of measuring attack surface exposed by individual vulnerabilities through component level dependency analysis. The metric could potentially extended to calculate attack surfaces at component, package, and system levels. It could also be used to calculate both incoming and outgoing attack surfaces, which enables system administrators to accurately evaluate how much risk that a vulnerability, a component or a package to the complete system, and the risk that is injected to a component or package by packages it depends on in a given system. To our best knowledge, our approach is the first to quantitatively assess attack surfaces of vulnerabilities, components, packages, and systems through component level dependency.

Complex interactions between two organizations, involving sensible information and resources, requires to honor each organization’s security policy. This implies to make compatible and combine different sets of policy rules that were designed for different organizations, and, therefore, different subjects, actions, and objects, classified and organized in different manners. However, finding out what is the security policy that emerges from the combination of all the organization-level policies and the higher-level interoperability policy is not an easy task. In this paper we provide a methodology based on Finite State Transducers to analyse this situation modelling policy-rules, mapping entities, combine them, and automatically generate an interoperability set of security policies.

As SoCs have become more complex, on-chip interconnect has transformed into the point of integration for a variety of system level functions, including security. Integrators have begun to rely on distributed access control hardware to protect resources that are shared between IP cores executing both trusted and untrusted software. Existing solutions cover enforcement of on-chip access control policies but they don’t secure the programming interface nor the hardware against possible attacks. As the embedded content increases in theft value, the on-chip access enforcement will need to consider both software and hardware directed attacks. We introduce a secure on-chip access device that enables secure and programmable allocation of resources in an SoC by offering cryptographically signed programming, fault detection and key integrity. Synthesis results are shown in both ASIC and FPGA implementations.

In this paper, we propose a distributed PCA-based method for detecting anomalies in the network traffic, which, by means of multi-party computation techniques, is also able to face the different privacy constraints that arise in a multi-domain network scenario, while preserving the same performance of the centralised implementation (with only a limited overhead).

The rapid technology upgrades of mobile devices and the popularity of wireless networks significantly drive the emergence and development of Location-based Services (LBSs), thus greatly expanding the business of online services and enriching the user experience. However, the personal location data shared with the service providers also leave hidden risks on location privacy. Location anonymization techniques transform the exact location of a user into a cloaking area by including the locations of multiple users in the exposed area such that the exposed location is indistinguishable from that of the other users. However in such schemes, location information once perturbed cannot be recovered from the cloaking region and as a result, users of the location cannot obtain fine granular information even when they have access to it. In this paper, we propose Dynamic Reversible Cloaking (DRC) a new de-anonymziable location cloaking mechanism that allows to restore the actual location from the perturbed information through the use of an anonymization key. Extensive experiments using realistic road network traces show that the proposed scheme is efficient, effective and scalable.

Mobile social networks (MSNs) consist of many mobile users (individuals) with social characteristics, that provide a variety of data delivery services involving the social relationship among mobile individuals. Because mobile users move around based on their common interests and contact with each other more frequently if they have more social features in common in MSNs. In this paper, we first propose the first-priority relation graph, say FPRG, of MSNs. However, some users in MSNs may be malicious. Malicious users can break the data delivery through terminating the data delivery or tampering with the data. Therefore, malicious users will be detected in the process of looking for the data delivery routing to obtain efficient and reliable data delivery routing along the first-priority relation graph. Secondly, we propose one hamiltonian cycle decomposition of FPRG-based adaptive detection algorithm based on in MSNs under the PMC detection model (the system-level detection model).

Numerous Android applications use the Internet to share and exchange data. Such data can range from posting simple status updates to private sensitive information such as the users’ location or business contacts. Popular Android applications from Google Play have been identified leaking private data to remote third party servers. Existing works focuses on protecting sensitive information from leaving the smartphone, or detecting which applications leak information based on API calls or the permission requests in their Manifest file. In this work, we propose to leverage the combination of static analysis and dynamic analysis to understand ultimately the network domain to which the Android applications are interacting. Network graphs are constructed and demonstrate implicitly the relation of application developers and the network domains used in the applications.

Mobile devices have long been targets of malware attacks, exploiting the inherent trust that users place in them. They possess unique features, such as continuous internet connectivity, the ability to make premium phone calls and send premium SMS messages, storing sensitive information, and programmatically turning on the camera or microphone. Compromising these features opens up new attack possibilities and enlarges revenue streams for attackers. Despite various existing solutions for detecting mobile malware through binary analysis techniques, mobile malware infections have steadily been on the rise. This paper presents a novel system for detecting the malicious behavior based on smartphone sensor measurements. The system identifies various unique trigger events that should only occur via user action, such as sending SMS messages or turning on the camera or microphone, and determines whether the user initiated them. It can detect various categories of malware, including spamming botnets, premium service fraud, and spyware. The initial version of the prototype is implemented by modifying the default Android SMS messaging app to show that malware sending malicious messages can be detected based on smartphone sensor measurements.

Over the past few years cloud computing has skyrocketed in popularity with the IT industry. Connected to this growing popularity is an increasing level of concern over the security of the cloud computing infrastructure. Despite this concern, cloud providers do not disclose any information about their security precautions. With no information on the security precautions, a provider’s clients cannot be certain that their applications are safe from attack. Furthermore, clients are not granted access to the network level of the system to implement any of their own security features.In this paper we approach cloud security transparency constraints from a game theoretic perspective. Specifically, we model the security transparency problem as a dynamic non-cooperative game theoretic problem, whereby the provider and client are modelled as the players in the game. A theoretical analysis through which the provider or client can compute his/her best strategy to reach the Nash equilibrium is presented.

Over-the-air (OTA) firmware update is available in some systems such as mobile networks. Security plays a vital role to ensure that the firmware update process is successful despite possible threats against it. Therefore mobile devices may be useful to support the OTA firmware update process for other devices such as those used for automotive applications. Using a mobile device as a tool can offer added security features as well as giving flexibility to the process. Automotive security is of high importance as it is critically related to the safety and reliability of the vehicle. We propose a secure OTA firmware update (FOTA) protocol to offer flexibility to the firmware update process, while meeting the required security requirements. The protocol was formally analysed using Scyther and CasperFDR and no known attack was found.

In this paper, we present VICI, a system for auditing and authentication in contact center scenarios. The technique we present exploits the widespread use of smartphones and other camera-enabled devices to allow a user (caller) to upload their picture, which can be verified automatically or by an agent before processing a transaction. The method can be configured for different levels of security, ensures that the image(s) are fresh, and relies on the computational complexity of image processing. We present our technique, the various configurable options available to the system/agent, and describe a prototype implementation of our system.

As network data rates continue to increase, implementing real-time network security applications requires a scalable computing platform. Multicore and manycore parallel processing systems provide a way to scale network security applications. The focus of this study are network covert timing channels (CTCs) that provide secret communication between hosts by modulating the inter-packet delays of an overt application. In this paper, we present an implementation of a parallel CTC detection tool in a Massively Parallel Processing Array (MPPA) architecture. We examine the effectiveness of our tool for detecting model-based CTCs using parallel implementation of four common detection techniques, namely, the Kullback-Liebler Divergence (KLD), Kolmogorov-Smirnov (K-S), regularity and first order entropy tests. We evaluate the performance of the algorithms using classification rates and study the scalability by varying the number of cores. Results show that while parallelization provides benefit, the scalability is limited by the memory available in each core and the ability to stream in large number of flows to different cores.

Electrocardiogram (ECG) sensor is one of the most commonly available and medically important sensors in a Body Sensor Network (BSN). Compromise of the ECG sensor can have severe consequences for the user as it monitors the user’s cardiac process. In this paper, we propose an approach called SIgnal Feature-correlation-based Testing (SIFT) which is used to detect temporal alteration of ECG sensors in a BSN. The novelty of SIFT lies in the fact that it does not require redundant ECG sensors nor the subject’s historical ECG data to detect the temporal alteration. SIFT works by leveraging multiple physiological signals based on the same underlying physiological process (e.g., cardiac process) – arterial blood pressure and respiration. Analysis of our case study demonstrates promising results with $$\sim $$98% accuracy in detecting even subtle alterations in the temporal properties of an ECG signal.