PapersCut A shortcut to recent security papers

Arxiv

Deep Adversarial Learning on Google Home devices

Authors: Andrea Ranieri, Davide Caputo, Luca Verderame, Alessio Merlo, Luca Caviglione

Abstract: Smart speakers and voice-based virtual assistants are core components for the success of the IoT paradigm. Unfortunately, they are vulnerable to various privacy threats exploiting machine learning to analyze the generated encrypted traffic. To cope with that, deep adversarial learning approaches can be used to build black-box countermeasures altering the network traffic (e.g., via packet padding) and its statistical information. This letter showcases the inadequacy of such countermeasures against machine learning attacks with a dedicated experimental campaign on a real network dataset. Results indicate the need for a major re-engineering to guarantee the suitable protection of commercially available smart speakers.

Date: 25 Feb 2021

PDF »Main page »


Dual MINE-based Neural Secure Communications under Gaussian Wiretap Channel

Authors: Jingjing Li, Zhuo Sun, Lei Zhang, Hongyu Zhu

Abstract: Recently, some researches are devoted to the topic of end-to-end learning a physical layer secure communication system based on autoencoder under Gaussian wiretap channel. However, in those works, the reliability and security of the encoder model were learned through necessary decoding outputs of not only legitimate receiver but also the eavesdropper. In fact, the assumption of known eavesdropper's decoder or its output is not practical. To address this issue, in this paper we propose a dual mutual information neural estimation (MINE) based neural secure communications model. The security constraints of this method is constructed only with the input and output signal samples of the legal and eavesdropper channels and benefit that training the encoder is completely independent of the decoder. Moreover, since the design of secure coding does not rely on the eavesdropper's decoding results, the security performance would not be affected by the eavesdropper's decoding means. Numerical results show that the performance of our model is guaranteed whether the eavesdropper learns the decoder himself or uses the legal decoder.

Comment: 6 pages, 6 figures, ICC 2021

Date: 25 Feb 2021

PDF »Main page »


Understanding Worldwide Private Information Collection on Android

Authors: Yun Shen, Pierre-Antoine Vervier, Gianluca Stringhini

Abstract: Mobile phones enable the collection of a wealth of private information, from unique identifiers (e.g., email addresses), to a user's location, to their text messages. This information can be harvested by apps and sent to third parties, which can use it for a variety of purposes. In this paper we perform the largest study of private information collection (PIC) on Android to date. Leveraging an anonymized dataset collected from the customers of a popular mobile security product, we analyze the flows of sensitive information generated by 2.1M unique apps installed by 17.3M users over a period of 21 months between 2018 and 2019. We find that 87.2% of all devices send private information to at least five different domains, and that actors active in different regions (e.g., Asia compared to Europe) are interested in collecting different types of information. The United States (62% of the total) and China (7% of total flows) are the countries that collect most private information. Our findings raise issues regarding data regulation, and would encourage policymakers to further regulate how private information is used by and shared among the companies and how accountability can be truly guaranteed.

Date: 25 Feb 2021

PDF »Main page »


On the Estimation of the Number of Unreachable Peers in the Bitcoin P2P Network by Observation of Peer Announcements

Authors: Matthias Grundmann, Hedwig Amberg, Hannes Hartenstein

Abstract: Bitcoin is based on a P2P network that is used to propagate transactions and blocks. While the P2P network design intends to hide the topology of the P2P network, information about the topology is required to understand the network from a scientific point of view. Thus, there is a natural tension between the 'desire' for unobservability on the one hand, and for observability on the other hand. On a middle ground, one would at least be interested on some statistical features of the Bitcoin network like the number of peers that participate in the propagation of transactions and blocks. This number is composed of the number of reachable peers that accept incoming connections and unreachable peers that do not accept incoming connections. While the number of reachable peers can be measured, it is inherently difficult to determine the number of unreachable peers. Thus, the number of unreachable peers can only be estimated based on some indicators. In this paper, we first define our understanding of unreachable peers and then propose the PAL (Passive Announcement Listening) method which gives an estimate of the number of unreachable peers by observing ADDR messages that announce active IP addresses in the network. The PAL method allows for detecting unreachable peers that indicate that they provide services useful to the P2P network. In conjunction with previous methods, the PAL method can help to get a better estimate of the number of unreachable peers. We use the PAL method to analyze data from a long-term measurement of the Bitcoin P2P network that gives insights into the development of the number of unreachable peers over five years from 2015 to 2020. Results show that about 31,000 unreachable peers providing useful services were active per day at the end of the year 2020. An empirical validation indicates that the approach finds about 50 % of unreachable peers that provide useful services.

Date: 25 Feb 2021

PDF »Main page »


Blockchained Federated Learning for Threat Defense

Authors: Konstantinos Demertzis

Abstract: Given the increasing complexity of threats in smart cities, the changing environment, and the weakness of traditional security systems, which in most cases fail to detect serious threats such as zero-day attacks, the need for alternative more active and more effective security methods keeps increasing. Such approaches are the adoption of intelligent solutions to prevent, detect and deal with threats or anomalies under the conditions and the operating parameters of the infrastructure in question. This research paper introduces the development of an intelligent Threat Defense system, employing Blockchain Federated Learning, which seeks to fully upgrade the way passive intelligent systems operate, aiming at implementing an Advanced Adaptive Cooperative Learning (AACL) mechanism for smart cities networks. The AACL is based on the most advanced methods of computational intelligence while ensuring privacy and anonymity for participants and stakeholders. The proposed framework combines Federated Learning for the distributed and continuously validated learning of the tracing algorithms. Learning is achieved through encrypted smart contracts within the blockchain technology, for unambiguous validation and control of the process. The aim of the proposed Framework is to intelligently classify smart cities networks traffic derived from Industrial IoT (IIoT) by Deep Content Inspection (DCI) methods, in order to identify anomalies that are usually due to Advanced Persistent Threat (APT) attacks.

Date: 25 Feb 2021

PDF »Main page »


Swivel: Hardening WebAssembly against Spectre

Authors: Shravan Narayan, Craig Disselkoen, Daniel Moghimi, Sunjay Cauligi, Evan Johnson, Zhao Gang, Anjo Vahldiek-Oberwagner, Ravi Sahita, Hovav Shacham, Dean Tullsen, Deian Stefan

Abstract: We describe Swivel, a new compiler framework for hardening WebAssembly (Wasm) against Spectre attacks. Outside the browser, Wasm has become a popular lightweight, in-process sandbox and is, for example, used in production to isolate different clients on edge clouds and function-as-a-service platforms. Unfortunately, Spectre attacks can bypass Wasm's isolation guarantees. Swivel hardens Wasm against this class of attacks by ensuring that potentially malicious code can neither use Spectre attacks to break out of the Wasm sandbox nor coerce victim code-another Wasm client or the embedding process-to leak secret data. We describe two Swivel designs, a software-only approach that can be used on existing CPUs, and a hardware-assisted approach that uses extension available in Intel 11th generation CPUs. For both, we evaluate a randomized approach that mitigates Spectre and a deterministic approach that eliminates Spectre altogether. Our randomized implementations impose under 10.3% overhead on the Wasm-compatible subset of SPEC 2006, while our deterministic implementations impose overheads between 3.3% and 240.2%. Though high on some benchmarks, Swivel's overhead is still between 9x and 36.3x smaller than existing defenses that rely on pipeline fences.

Comment: Accepted at USENIX 21

Date: 25 Feb 2021

PDF »Main page »


File fragment recognition based on content and statistical features

Authors: Marzieh Masoumi, Ahmad Keshavarz, Reza Fotohi

Abstract: Nowadays, the speed up development and use of digital devices such as smartphones have put people at risk of internet crimes. The evidence of present crimes in a computer file can be easily unreachable by changing the prefix of a file or other algorithms. In more complex cases, either file divided into different parts or the parts of a file that has information about the file type are deleted, where the file fragment recognition issue is discussed. The known files are divided into different fragments, and different classification algorithms are used to solve the problems of file fragment recognition. The issue of identifying the type of file fragment due to its importance in cybercrime issues as well as antivirus has been highly emphasized and has been addressed in many articles. Increasing the accuracy in this field on the types of widely used files due to the sensitivity of the subject of recognizing the type of file under study is the main goal of researchers in this field. Failure to identify the correct type of file will lead to deviations of the results and evidence from the main issue or failure to conclude. In this paper, first, the file is divided into different fragments. Then, the file fragment features, which are obtained from Binary Frequency Distribution, are reduced by 2 feature reduction algorithms; Sequential Forward Selection algorithm as well as Sequential Floating Forward Selection algorithm to delete sparse features that result in increased accuracy and speed. Finally, the reduced features are given to 3 Multiclass classifier algorithms, Multilayer Perceptron, Support Vector Machines, and K-Nearest Neighbor for classification and comparison of the results. The proposed recognition algorithm can recognize 6 types of useful files and may distinguish a type of file fragments with higher accuracy than the similar works done.

Comment: 16 pages, 7 figures, 8 tables. Multimed Tools Appl (2021)

Date: 25 Feb 2021

PDF »Main page »


Discrete Distribution Estimation with Local Differential Privacy: A Comparative Analysis

Authors: Ba Dung Le, Tanveer Zia

Abstract: Local differential privacy is a promising privacy-preserving model for statistical aggregation of user data that prevents user privacy leakage from the data aggregator. This paper focuses on the problem of estimating the distribution of discrete user values with Local differential privacy. We review and present a comparative analysis on the performance of the existing discrete distribution estimation algorithms in terms of their accuracy on benchmark datasets. Our evaluation benchmarks include real-world and synthetic datasets of categorical individual values with the number of individuals from hundreds to millions and the domain size up to a few hundreds of values. The experimental results show that the Basic RAPPOR algorithm generally performs best for the benchmark datasets in the high privacy regime while the k-RR algorithm often gives the best estimation in the low privacy regime. In the medium privacy regime, the performance of the k-RR, the k-subset, and the HR algorithms are fairly competitive with each other and generally better than the performance of the Basic RAPPOR and the CMS algorithms.

Comment: Accepted for publication to SPT-IoT 2021: The Fifth Workshop on Security, Privacy and Trust in the Internet of Things

Date: 25 Feb 2021

PDF »Main page »


Analyzing Confidentiality and Privacy Concerns: Insights from Android Issue Logs

Authors: Sherlock A. Licorish, Stephen G. MacDonell, Tony Clear

Abstract: Context: Post-release user feedback plays an integral role in improving software quality and informing new features. Given its growing importance, feedback concerning security enhancements is particularly noteworthy. In considering the rapid uptake of Android we have examined the scale and severity of Android security threats as reported by its stakeholders. Objective: We systematically mine Android issue logs to derive insights into stakeholder perceptions and experiences in relation to certain Android security issues. Method: We employed contextual analysis techniques to study issues raised regarding confidentiality and privacy in the last three major Android releases, considering covariance of stakeholder comments, and the level of consistency in user preferences and priorities. Results: Confidentiality and privacy concerns varied in severity, and were most prevalent over Jelly Bean releases. Issues raised in regard to confidentiality related mostly to access, user credentials and permission management, while privacy concerns were mainly expressed about phone locking. Community users also expressed divergent preferences for new security features, ranging from more relaxed to very strict. Conclusion: Strategies that support continuous corrective measures for both old and new Android releases would likely maintain stakeholder confidence. An approach that provides users with basic default security settings, but with the power to configure additional security features if desired, would provide the best balance for Android's wide cohort of stakeholders.

Comment: Conference paper, 10 pages, 3 figures, 7 tables

Date: 24 Feb 2021

PDF »Main page »


Attestation Infrastructures for Private Wallets

Authors: Thomas Hardjono

Abstract: In this paper we focus on one part of the trust infrastructures needed for the future virtual assets industry, namely the attestation infrastructure related to key management in private wallet systems. Our focus is on regulated private wallets utilizing trusted hardware, and the capability of the wallet to yield attestation evidence suitable to address requirements in several use-cases, such as asset insurance and regulatory compliance. We argue that attestation services will be needed as a core part of the key management lifecycle for private wallets in true decentralized systems.

Comment: 9 pages; 2 figures

Date: 24 Feb 2021

PDF »Main page »


Loading ...