PapersCut A shortcut to recent security papers

Sensor-based Continuous Authentication of Smartphones' Users Using Behavioral Biometrics: A Survey

Authors: Mohammed Abuhamad, Ahmed Abusnaina, DaeHun Nyang, David Mohaisen

Abstract: Mobile devices and technologies have become increasingly popular, offering comparable storage and computational capabilities to desktop computers allowing users to store and interact with sensitive and private information. The security and protection of such personal information are becoming more and more important since mobile devices are vulnerable to unauthorized access or theft. User authentication is a task of paramount importance that grants access to legitimate users at the point-of-entry and continuously through the usage session. This task is made possible with today's smartphones' embedded sensors that enable continuous and implicit user authentication by capturing behavioral biometrics and traits. In this paper, we survey more than 140 recent behavioral biometric-based approaches for continuous user authentication, including motion-based methods (27 studies), gait-based methods (23 studies), keystroke dynamics-based methods (20 studies), touch gesture-based methods (29 studies), voice-based methods (16 studies), and multimodal-based methods (33 studies). The survey provides an overview of the current state-of-the-art approaches for continuous user authentication using behavioral biometrics captured by smartphones' embedded sensors, including insights and open challenges for adoption, usability, and performance.

Comment: 17 pages

Date: 23 Jan 2020

PDF »Main page »


Crushing the Wave -- new Z-Wave vulnerabilities exposed

Authors: Noureddine Boucif, Frederik Golchert, Alexander Siemer, Patrick Felke, Frederik Gosewehr

Abstract: This paper describes two denial of service attacks against the Z-Wave protocol and their effects on smart home gateways. Both utilize modified unencrypted packets, which are used in the inclusion phase and during normal operation. These are the commands Nonce Get/S2 Nonce Get and Find Nodes In Range. This paper shows how both can be manipulated and used to block a Z-Wave gateway's communication processing which in turn disables the whole Z-Wave network connected to it

Date: 23 Jan 2020

PDF »Main page »


Information set decoding of Lee-metric codes over finite rings

Authors: Violetta Weger, Massimo Battaglioni, Paolo Santini, Franco Chiaraluce, Marco Baldi, Edoardo Persichetti

Abstract: Information set decoding (ISD) algorithms are the best known procedures to solve the decoding problem for general linear codes. These algorithms are hence used for codes without a visible structure, or for which efficient decoders exploiting the code structure are not known. Classically, ISD algorithms have been studied for codes in the Hamming metric. In this paper we switch from the Hamming metric to the Lee metric, and study ISD algorithms and their complexity for codes measured with the Lee metric over finite rings.

Date: 23 Jan 2020

PDF »Main page »


Talek: Private Group Messaging with Hidden Access Patterns

Authors: Raymond Cheng, William Scott, Elisaweta Masserova, Irene Zhang, Vipul Goyal, Thomas Anderson, Arvind Krishnamurthy, Bryan Parno

Abstract: Talek is a private group messaging system that sends messages through potentially untrustworthy servers, while hiding both data content and the communication patterns among its users. Talek explores a new point in the design space of private messaging; it guarantees access sequence indistinguishability, which is among the strongest guarantees in the space, while assuming an anytrust threat model, which is only slightly weaker than the strongest threat model currently found in related work. Our results suggest that this is a pragmatic point in the design space, since it supports strong privacy and good performance: we demonstrate a 3-server Talek cluster that achieves throughput of 9,433 messages/second for 32,000 active users with 1.7-second end-to-end latency. To achieve its security goals without coordination between clients, Talek relies on information-theoretic private information retrieval. To achieve good performance and minimize server-side storage, Talek introduces new techniques and optimizations that may be of independent interest, e.g., a novel use of blocked cuckoo hashing and support for private notifications. The latter provide a private, efficient mechanism for users to learn, without polling, which logs have new messages.

Date: 22 Jan 2020

PDF »Main page »


Nonlinear Blockchain Scalability: a Game-Theoretic Perspective

Authors: Lin Chen, Lei Xu, Zhimin Gao, Keshav Kasichainula, Weidong Shi

Abstract: Recent advances in the blockchain research have been made in two important directions. One is refined resilience analysis utilizing game theory to study the consequences of selfish behaviors of users (miners), and the other is the extension from a linear (chain) structure to a non-linear (graphical) structure for performance improvements, such as IOTA and Graphcoin. The first question that comes to people's minds is what improvements that a blockchain system would see by leveraging these new advances. In this paper, we consider three major metrics for a blockchain system: full verification, scalability, and finality-duration. We { establish a formal framework and} prove that no blockchain system can achieve full verification, high scalability, and low finality-duration simultaneously. We observe that classical blockchain systems like Bitcoin achieves full verification and low finality-duration, Harmony and Ethereum 2.0 achieve low finality-duration and high scalability. As a complementary, we design a non-linear blockchain system that achieves full verification and scalability. We also establish, for the first time, the trade-off between scalability and finality-duration.

Date: 22 Jan 2020

PDF »Main page »


New Framework Model to Secure Cloud Data Storage

Authors: Leila Beldjezzar, Abdelhafid Zitouni, Mahieddine Djoudi, Beldjezzar Leila, Zitouni Abdelhafid, Djoudi Mahieddine

Abstract: Nowadays companies are increasingly adopting the technology ofcloud computing. This technology is subject to a lot of research and continuousadvances are made. The use of cloud computing in the companies advantagessuch as: reducing costs, sharing and exchange of information between institutions,but the data in the Cloud computing are susceptible to be compromisedand the companies are exposing to see their data loss. In this study, we addressthe subject of security in cloud computing; we expose and discuss someresearches that had been proposed to secure the data stored in the cloud. Andthen we will present our new frameworks that ensure confidentiality of datastorage in the cloud environment

Comment: arXiv admin note: substantial text overlap with arXiv:1902.00542

Date: 22 Jan 2020

PDF »Main page »


Security and Privacy in Vehicular Social Networks

Authors: Hongyu Jin, Mohammad Khodaei, Panos Papadimitratos

Abstract: We surveyed and presented the state-of-the-art VC systems, security and privacy architectures and technologies, emphasizing on security and privacy challenges and their solutions for P2P interactions in VSNs towards standardization and deployment. We note that beyond safety applications that have drawn a lot of attention in VC systems, there is significant and rising interest in vehicle-to-vehicle interaction for a range of transportation efficiency and infotainment applications, notably LBS as well as a gamut of services by mobile providers. While this enriches the VC systems and the user experience, security and privacy concerns are also intensified. This is especially so, considering (i) the privacy risk from the exposure of the users to the service providers, and (ii) the security risk from the interaction with malicious or selfish and thus misbehaving users or infrastructure. We showed existing solutions can in fact evolve and address the VSN-specific challenges, and improve or even accelerate the adoption of VSN applications.

Comment: A chapter for the book "Vehicular Social Networks"

Date: 22 Jan 2020

PDF »Main page »


100Mbps Reconciliation for Quantum Key Distribution Using a Single Graphics Processing Unit

Authors: Yu Guo, Chaohui Gao, Dong Jiang, Lijun Chen

Abstract: An efficient error reconciliation scheme is important for post-processing of quantum key distribution (QKD). Recently, a multi-matrix low-density parity-check codes based reconciliation algorithm which can provide remarkable perspectives for high efficiency information reconciliation was proposed. This paper concerns the improvement of reconciliation performance. Multi-matrix algorithm is implemented and optimized on the graphics processing unit (GPU) to obtain high reconciliation throughput. Experimental results indicate that GPU-based algorithm can highly improve reconciliation throughput to an average 85.67 Mbps and a maximum 102.084 Mbps with typical code rate and efficiency. This is the best performance of reconciliation on GPU platform to our knowledge.

Comment: 8pages, 3figures, 4tables

Date: 22 Jan 2020

PDF »Main page »


Preventive and Reactive Cyber Defense Dynamics with Ergodic Time-dependent Parameters Is Globally Attractive

Authors: Yujuan Han, Wenlian Lu, Shouhuai Xu

Abstract: Cybersecurity dynamics is a mathematical approach to modeling and analyzing cyber attack-defense interactions in networks. In this paper, we advance the state-of-the-art in characterizing one kind of cybersecurity dynamics, known as preventive and reactive cyber defense dynamics, which is a family of highly nonlinear system models. We prove that this dynamics in its general form with time-dependent parameters is globally attractive when the time-dependent parameters are ergodic, and is (almost) periodic when the time-dependent parameters have the stronger properties of being (almost) periodic. Our results supersede the state-of-the-art ones, including that the same type of dynamics but with time-independent parameters is globally convergent.

Date: 22 Jan 2020

PDF »Main page »


Adversarial Attack on Community Detection by Hiding Individuals

Authors: Jia Li, Honglei Zhang, Zhichao Han, Yu Rong, Hong Cheng, Junzhou Huang

Abstract: It has been demonstrated that adversarial graphs, i.e., graphs with imperceptible perturbations added, can cause deep graph models to fail on node/graph classification tasks. In this paper, we extend adversarial graphs to the problem of community detection which is much more difficult. We focus on black-box attack and aim to hide targeted individuals from the detection of deep graph community detection models, which has many applications in real-world scenarios, for example, protecting personal privacy in social networks and understanding camouflage patterns in transaction networks. We propose an iterative learning framework that takes turns to update two modules: one working as the constrained graph generator and the other as the surrogate community detection model. We also find that the adversarial graphs generated by our method can be transferred to other learning based community detection models.

Comment: In Proceedings of The Web Conference 2020, April 20-24, 2020, Taipei, Taiwan. 11 pages

Date: 22 Jan 2020

PDF »Main page »


Loading ...