# PapersCutA shortcut to recent security papers

### Arxiv

#### Reconstruction of training samples from loss functions

Authors: Akiyoshi Sannai

Abstract: This paper presents a new mathematical framework to analyze the loss functions of deep neural networks with ReLU functions. Furthermore, as as application of this theory, we prove that the loss functions can reconstruct the inputs of the training samples up to scalar multiplication (as vectors) and can provide the number of layers and nodes of the deep neural network. Namely, if we have all input and output of a loss function (or equivalently all possible learning process), for all input of each training sample $x_i \in \mathbb{R}^n$, we can obtain vectors $x'_i\in \mathbb{R}^n$ satisfying $x_i=c_ix'_i$ for some $c_i \neq 0$. To prove theorem, we introduce the notion of virtual polynomials, which are polynomials written as the output of a node in a deep neural network. Using virtual polynomials, we find an algebraic structure for the loss surfaces, called semi-algebraic sets. We analyze these loss surfaces from the algebro-geometric point of view. Factorization of polynomials is one of the most standard ideas in algebra. Hence, we express the factorization of the virtual polynomials in terms of their active paths. This framework can be applied to the leakage problem in the training of deep neural networks. The main theorem in this paper indicates that there are many risks associated with the training of deep neural networks. For example, if we have N (the dimension of weight space) + 1 nonsmooth points on the loss surface, which are sufficiently close to each other, we can obtain the input of training sample up to scalar multiplication. We also point out that the structures of the loss surfaces depend on the shape of the deep neural network and not on the training samples.

Comment: 11 pages, 3 figures

Date: 18 May 2018

#### Security Vulnerabilities Against Fingerprint Biometric System

Authors: Mahesh Joshi, Bodhisatwa Mazumdar, Somnath Dey

Abstract: The biometric system is an automatic identification and authentication system that uses unique biological traits, such as fingerprint, face, iris, voice, retina, etc. of an individual. Of all these systems, fingerprint biometric system is the most widely used because of its low cost, high matching speed, and relatively high matching accuracy. Due to the high efficiency of fingerprint biometric system in verifying a legitimate user, numerous government and private organizations are using this system for security purpose. This paper provides an overview of the fingerprint biometric system and gives details about various current security aspects related to the system. The security concerns that we address include multiple attacks on the system, associated threat models, biometric cryptosystems, current issues, challenges, opportunities, and open problems that exist in present day fingerprint biometric systems

Date: 18 May 2018

#### Catering to Your Concerns: Automatic Generation of Personalised Security-Centric Descriptions for Android Apps

Authors: Tingmin Wu, Lihong Tang, Zhiyu Xu, Sheng Wen, Cecile Paris, Surya Nepal, Marthie Grobler, Yang Xiang

Abstract: Android users are increasingly concerned with the privacy of their data and security of their devices. To improve the security awareness of users, recent automatic techniques produce security-centric descriptions by performing program analysis. However, the generated text does not always address users' concerns as they are generally too technical to be understood by ordinary users. Moreover, different users have varied linguistic preferences, which do not match the text. Motivated by this challenge, we develop an innovative scheme to help users avoid malware and privacy-breaching apps by generating security descriptions that explain the privacy and security related aspects of an Android app in clear and understandable terms. We implement a prototype system, PERSCRIPTION, to generate personalised security-centric descriptions that automatically learn users' security concerns and linguistic preferences to produce user-oriented descriptions. We evaluate our scheme through experiments and user studies. The results clearly demonstrate the improvement on readability and users' security awareness of PERSCRIPTION's descriptions compared to existing description generators.

Date: 18 May 2018

#### A Secret Key Generation Scheme for Internet of Things using Ternary-States ReRAM-based Physical Unclonable Functions

Authors: Ashwija Reddy Korenda, Fatemeh Afghah, Bertrand Cambou

Abstract: Some of the main challenges towards utilizing conventional cryptographic techniques in Internet of Things (IoT) include the need for generating secret keys for such a large-scale network, distributing the generated keys to all the devices, key storage as well as the vulnerability to security attacks when an adversary gets physical access to the devices. In this paper, a novel secret key generation method is proposed for IoTs that utilize the intrinsic randomness embedded in the devices' memories introduced in the manufacturing process. A fuzzy extractor structure using serially concatenated BCH-Polar codes is proposed to generate reproducible keys from a ReRAM-based \emph{ternary-state} Physical Unclonable Functions (PUFs) for device authentication and secret key generation. The ReRAM based PUFs are the most practical choice for authentication and key generation in IoT, as they operate at or below the systems' noise level and therefore are less vulnerable to side channel attacks compared to the alternative memory technologies. However, the current ReRAM-based PUFs present a high false negative authentication rate since the behavior of these devices can vary in different physical conditions that results in a low probability of regenerating the same response in different attempts. In this paper, we propose a secret key generation scheme for ternary state PUFs that enables reliable reconstruction of the desired secret keys utilizing a serially concatenated BCH-Polar fuzzy extractor. The experimental results show that the proposed model can offer a significantly lower probability of mismatch between the original key and the regenerated ones, while a less number of \textit{Helper data} bits were used to extract the \textit{Key} when compared to previously proposed fuzzy extractor techniques.

Comment: 6 pages, 8 figures, International Wireless Communications and Mobile Computing Conference, 2018

Date: 17 May 2018

#### Quantum-enhanced Logic-based Blochchain I: Quantum Honest-success Byzantine Agreement and Qulogicoin

Authors: Xin Sun, Quanlong Wang, Piotr Kulicki, Xishun Zhao

Abstract: We proposed a framework of quantum-enhanced logic-based blockchain, which improves the efficiency and power of quantum-secured blockchain. The efficiency is improved by using a new quantum honest-success Byzantine agreement protocol to replace the classical Byzantine agreement protocol, while the power is improved by incorporating quantum protection and quantum certificate into the syntax of transactions. Our quantum-secured logic-based blockchain can already be implemented by the current technology. The cryptocurrency created and transferred in our blockchain is called qulogicoin. Incorporating quantum protection and quantum certificates into blockchain makes it possible to use blockchain to overcome the limitations of some quantum cryptographic protocols. As an illustration, we show that a significant shortcoming of cheat-sensitive quantum bit commitment protocols can be overcome with the help of our blockchain and qulogicoin.

Comment: 15 pages

Date: 17 May 2018

#### Test for penetration in Wi-Fi network: attacks on WPA2-PSK and WPA2-Enterprise

Authors: Tamara Radivilova, Hassan Ali Hassan

Abstract: In this work the wireless networks security algorithms were analyzed. The fundamentals of the WPA and WPA2 safety algorithms, their weaknesses and ways of attacking WPA and WPA2 Enterprise Wireless Networks are described. Successful attack on the WPA2-PSK and WPA2-Enterprise was carried out during the performance of work. The progress of this attack and its results were described.

Comment: 4 pages

Date: 17 May 2018

#### Detecting cyber threats through social network analysis: short survey

Authors: Lyudmyla Kirichenko, Tamara Radivilova, Anders Carlsson

Abstract: This article considers a short survey of basic methods of social networks analysis, which are used for detecting cyber threats. The main types of social network threats are presented. Basic methods of graph theory and data mining, that deals with social networks analysis are described. Typical security tasks of social network analysis, such as community detection in network, detection of leaders in communities, detection experts in networks, clustering text information and others are considered.

Date: 17 May 2018

#### Translation of Algorithmic Descriptions of Discrete Functions to SAT with Applications to Cryptanalysis Problems

Authors: Alexander Semenov, Ilya Otpuschennikov, Irina Gribanova, Oleg Zaikin, Stepan Kochemazov

Abstract: In the present paper we describe the technology for translating algorithmic descriptions of discrete functions to SAT. The proposed methods and algorithms of translation are aimed at application to the problems of SAT-based cryptanalysis. In the theoretical part of the paper we justify the main principles of general reduction to SAT for discrete functions from a class containing the majority of functions employed in cryptography. Based on these principles we describe the Transalg software system, developed with SAT-based cryptanalysis specifics in mind. We show the results of applications of Transalg to construction of a number of attacks on various cryptographic functions. Some of the corresponding attacks are state of the art. In the paper we also present the vast experimental data, obtained using the SAT-solvers that took first places at the SAT-competitions in the recent several years.

Comment: arXiv admin note: text overlap with arXiv:1802.06940 by other authors

Date: 17 May 2018

#### DroidMark: A Tool for Android Malware Detection using Taint Analysis and Bayesian Network

Authors: Dhruv Rathi, Rajni Jindal

Abstract: With the increasing user base of Android devices and advent of technologies such as Internet Banking, delicate user data is prone to be misused by malware and spyware applications. As the app developer community increases, the quality reassurance could not be justified for every application and a possibility of data leakage arises. In this research, with the aim to ensure the application authenticity, Deep Learning methods and Taint Analysis are deployed on the applications. The detection system named DroidMark looks for possible sinks and sources of data leakage in the application by modelling Android lifecycle and callbacks, which is done by Reverse Engineering the APK, further monitoring the suspected processes and collecting data in different states of the application. DroidMark is thus designed to extract features from the applications which are fed to a trained Bayesian Network for classification of Malicious and Regular applications. The results indicate a high accuracy of 96.87% and an error rate of 3.13% in the detection of Malware in Android devices.

Comment: 5 Pages, Journal

Date: 17 May 2018

#### Supersingular Isogeny Oblivious Transfer

Authors: Paulo Barreto, Glaucio Oliveira, Waldyr Benits

Abstract: We present an oblivious transfer (OT) protocol that combines the OT scheme of Chou and Orlandi together with thesupersingular isogeny Diffie-Hellman (SIDH) primitive of De Feo, Jao, and Pl\^ut. Our construction is a candidate for post-quantum secure OT and demonstrates that SIDH naturally supports OT functionality. We consider the protocol in the simplest configuration of $\binom{2}{1}$-OT and analyze the protocol to verify its security.

Comment: 26 pages, 4 figures, Submitted

Date: 17 May 2018