• arXiv.cs.CR Pub Date : 2020-01-17
Chien-Ying Chen; Sibin Mohan; Rodolfo Pellizzoni; Rakesh B. Bobba

While the existence of scheduler side-channels has been demonstrated recently for fixed-priority real-time systems (RTS), there have been no similar explorations for dynamic-priority systems. The dynamic nature of such scheduling algorithms, e.g., EDF, poses a significant challenge in this regard. In this paper we demonstrate that side-channels exist in dynamic priority real-time systems. Using this side-channel, our proposed DyPS algorithm is able to effectively infer, with high precision, critical task information from the vantage point of an unprivileged (user space) task. Apart from demonstrating the effectiveness of DyPS, we also explore the various factors that impact such attack algorithms using a large number of synthetic task sets. We also compare against the state-of-the-art and demonstrate that our proposed DyPS algorithms outperform the ScheduLeak algorithms in attacking the EDF RTS.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-17
Shahab Asoodeh; Mario Diaz; Flavio P. Calmon

We investigate the framework of privacy amplification by iteration, recently proposed by Feldman et al., from an information-theoretic lens. We demonstrate that differential privacy guarantees of iterative mappings can be determined by a direct application of contraction coefficients derived from strong data processing inequalities for $f$-divergences. In particular, by generalizing the Dobrushin's contraction coefficient for total variation distance to an $f$-divergence known as $E_{\gamma}$-divergence, we derive tighter bounds on the differential privacy parameters of the projected noisy stochastic gradient descent algorithm with hidden intermediate updates.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-18
Stjepan Groš

Cyber threat intelligence is a relatively new field that has grown from two distinct fields, cyber security and intelligence. As such, it draws knowledge from and mixes the two fields. Yet, looking into current scientific research on cyber threat intelligence research, it is relatively scarce, which opens up a lot of opportunities. In this paper we define what cyber threat intelligence is, briefly review some aspects for cyber threat intelligence. Then, we analyze existing research fields that are much older that cyber threat intelligence but related to it. This opens up an opportunity to draw knowledge and methods from those older field, and in that way advance cyber threat intelligence much faster than it would by following its own path. With such an approach we effectively give a research directions for CTI.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-18
Gabriele Costa; Enrico Russo; Alessandro Armando

A cyber range is an environment used for training security experts and testing attack and defence tools and procedures. Usually, a cyber range simulates one or more critical infrastructures that attacking (red) and defending (blue) teams must compromise and protect, respectively. The infrastructure can be physically assembled, but much more convenient is to rely on the Infrastructure as a Service (IaaS) paradigm. Although some modern technologies support the IaaS, the design and deployment of scenarios of interest is mostly a manual operation. As a consequence, it is a common practice to have a cyber range hosting few (sometimes only one), consolidated scenarios. However, reusing the same scenario may significantly reduce the effectiveness of the training and testing sessions. In this paper, we propose a framework for automating the definition and deployment of arbitrarily complex cyber range scenarios. The framework relies on the virtual scenario description language (VSDL), i.e., a domain-specific language for defining high-level features of the desired infrastructure while hiding low-level details. The semantics of VSDL is given in terms of constraints that must be satisfied by the virtual infrastructure. These constraints are then submitted to an SMT solver for checking the satisfiability of the specification. If satisfiable, the specification gives rise to a model that is automatically converted to a set of deployment scripts to be submitted to the IaaS provider.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-18
Cihan Emre Kement

Fine-grained energy usage data collected by Smart Meters (SM) is one of the key components of the smart grid (SG). While collection of this data enhances efficiency and flexibility of SG, it also poses a serious threat to the privacy of consumers. Through techniques such as nonintrusive appliance load monitoring (NALM), this data can be used to identify the appliances being used, and hence disclose the private life of the consumer. Various methods have been proposed in the literature to preserve the consumer privacy. This paper focuses on load shaping (LS) methods, which alters the consumption data by means of household amenities in order to ensure privacy. An overview of the privacy protection techniques, as well as heuristics of the LS methods, privacy measures, and household amenities used for privacy protection are presented in order to thoroughly analyze the effectiveness and applicability of these methods to smart grid systems. Finally, possible research directions related to privacy protection in smart grids are discussed.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-18
Yangdi Lyu; Prabhat Mishra

Assertions are widely used for functional validation as well as coverage analysis for both software and hardware designs. Assertions enable runtime error detection as well as faster localization of errors. While there is a vast literature on both software and hardware assertions for monitoring functional scenarios, there is limited effort in utilizing assertions to monitor System-on-Chip (SoC) security vulnerabilities. In this paper, we identify common SoC security vulnerabilities by analyzing the design. To monitor these vulnerabilities, we define several classes of assertions to enable runtime checking of security vulnerabilities. Our experimental results demonstrate that the security assertions generated by our proposed approach can detect all the inserted vulnerabilities while the functional assertions generated by state-of-the-art assertion generation techniques fail to detect most of them.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-18
Nimisha Limaye; Ozgur Sinanoglu

Outsourcing in semiconductor industry opened up venues for faster and cost-effective chip manufacturing. However, this also introduced untrusted entities with malicious intent, to steal intellectual property (IP), overproduce the circuits, insert hardware Trojans, or counterfeit the chips. Recently, a defense is proposed to obfuscate the scan access based on a dynamic key that is initially generated from a secret key but changes in every clock cycle. This defense can be considered as the most rigorous defense among all the scan locking techniques. In this paper, we propose an attack that remodels this defense into one that can be broken by the SAT attack, while we also note that our attack can be adjusted to break other less rigorous (key that is updated less frequently) scan locking techniques as well.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-18
Zhihui Shao; Mohammad A. Islam; Shaolei Ren

Attacks based on power analysis have been long existing and studied, with some recent works focused on data exfiltration from victim systems without using conventional communications (e.g., WiFi). Nonetheless, prior works typically rely on intrusive direct power measurement, either by implanting meters in the power outlet or tapping into the power cable, thus jeopardizing the stealthiness of attacks. In this paper, we propose NoDE (Noise for Data Exfiltration), a new system for stealthy data exfiltration from enterprise desktop computers. Specifically, NoDE achieves data exfiltration over a building's power network by exploiting high-frequency voltage ripples (i.e., switching noises) generated by power factor correction circuits built into today's computers. Located at a distance and even from a different room, the receiver can non-intrusively measure the voltage of a power outlet to capture the high-frequency switching noises for online information decoding without supervised training/learning. To evaluate NoDE, we run experiments on seven different computers from top-vendors and using top brand power supply units. Our results show that for a single transmitter, NoDE achieves a rate of up to 28.48 bits/second with a distance of 90 feet (27.4 meters) without the line of sight, demonstrating a practically stealthy threat. Based on the orthogonality of switching noise frequencies of different computers, we also demonstrate simultaneous data exfiltration from four computers using only one receiver. Finally, we present a few possible defenses, such as installing noise filters, and discuss their limitations.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-19
Mengqian Zhang; Jichen Li; Zhaohua Chen; Hongyin Chen; Xiaotie Deng

Traditional public distributed ledgers have not been able to scale-out well and work efficiently. Sharding is deemed as a promising way to solve this problem. By partitioning all nodes into small committees and letting them work in parallel, we can significantly lower the amount of communication and computation, reduce the overhead on each node's storage, as well as enhance the throughput of distributed ledger. Existing sharding-based protocols still suffer from several serious drawbacks. The first thing is that all honest nodes must connect well with each other, which demands a huge number of communication channels in the network. Moreover, previous protocols have face great loss in efficiency in the case where the honesty of each committee's leader is in question. At the same time, no explicit incentive is provided for nodes to actively participate in the protocol. We present CycLedger, a scalable and secure parallel protocol for distributed ledger via sharding. Our protocol selects a leader and a partial set for each committee, who are in charge of maintaining intra-shard consensus and communicating with other committees, to reduce the amortized complexity of communication, computation and storage on all nodes. We introduce a novel commitment scheme between committees and a recovery procedure to prevent the system from crashing even when leaders of committees are malicious. To add incentive for the network, we use the concept of reputation, which measures each node's computing power. As nodes with higher reputation receive more rewards, there is an encouragement for nodes with strong computing ability to work honestly so as to gain reputation. In this way, we strike out a new path to establish scalability, security and incentive for the sharding-based distributed ledger.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-19
Monika di Angelo; Gernot Salzer

In the area of blockchains, a wallet is anything that manages the access to cryptocurrencies and tokens. Off-chain wallets appear in different forms, from paper wallets to hardware wallets to dedicated wallet apps, while on-chain wallets are realized as smart contracts. Wallet contracts are supposed to increase trust and security by being transparent and by offering features like daily limits, approvals, multiple signatures, and recovery mechanisms. Ethereum is the most prominent platform for both, tokens and smart contracts, and thus also for on-chain wallets. Our work aims at a better understanding of Ethereum on-chain wallets, which represent one of the most frequent types of smart contracts. By analyzing source code, bytecode, and execution traces, we derive usage scenarios and patterns. We discuss several methods for identifying wallet contracts in a semi-automatic manner by looking at the deployed bytecodes and their interaction patterns. We extract blueprints for wallets and thereby compile a ground truth. Furthermore, we differentiate characteristics of wallets in use, and group them into six types. We provide numbers and temporal perspectives regarding the creation and use of wallets. We analyze the data of the Ethereum main chain up to block 8450000, mined on August 30, 2019.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-19
Hongyu Jin; Panos Papadimitratos

Authenticated safety beacons in Vehicular Communication (VC) systems ensure awareness among neighboring vehicles. However, the verification of beacon signatures introduces significant processing overhead for resource-constrained vehicular On-Board Units (OBUs). Even worse in dense neighborhood or when a clogging Denial of Service (DoS) attack is mounted. The OBU would fail to verify for all received (authentic or fictitious) beacons. This could significantly delay the verifications of authentic beacons or even affect the awareness of neighboring vehicle status. In this paper, we propose an efficient cooperative beacon verification scheme leveraging efficient symmetric key based authentication on top of pseudonymous authentication (based on traditional public key cryptography), providing efficient discovery of authentic beacons among a pool of received authentic and fictitious beacons, and can significantly decrease waiting times of beacons in queue before their validations. We show with simulation results that our scheme can guarantee low waiting times for received beacons even in high neighbor density situations and under DoS attacks, under which a traditional scheme would not be workable.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-20
Ke Li; Don Towsley; Dennis Goeckel

Recent works have considered the ability of transmitter Alice to communicate reliably to receiver Bob without being detected by warden Willie. These works generally assume a standard discrete-time model. But the assumption of a discrete-time model in standard communication scenarios is often predicated on its equivalence to a continuous-time model, which has not been established for the covert communications problem. Here, we consider the continuous-time channel directly and study if efficient covert communication can still be achieved. We assume that an uninformed jammer is present to assist Alice, and we consider additive white Gaussian noise (AWGN) channels between all parties. For a channel with approximate bandwidth W, we establish constructions such that O(WT) information bits can be transmitted covertly and reliably from Alice to Bob in T seconds for two separate scenarios: 1) when the path-loss between Alice and Willie is known; and 2) when the path-loss between Alice and Willie is unknown.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-20
Sujaya Maiyya; Danny Hyun Bum Cho; Divyakant Agrawal; Amr El Abbadi

Significant amounts of data are currently being stored and managed on third-party servers. It is impractical for many small scale enterprises to own their private datacenters, hence renting third-party servers is a viable solution for such businesses. But the increasing number of malicious attacks, both internal and external, as well as buggy software on third-party servers is causing clients to lose their trust in these external infrastructures. While small enterprises cannot avoid using external infrastructures, they need the right set of protocols to manage their data on untrusted infrastructures. In this paper, we propose TFCommit, a novel atomic commitment protocol that executes transactions on data stored across multiple untrusted servers. To our knowledge, TFCommit is the first atomic commitment protocol to execute transactions in an untrusted environment without using expensive Byzantine replication. Using TFCommit, we propose an auditable data management system, Fides, residing completely on untrustworthy infrastructure. As an auditable system, Fides guarantees the detection of potentially malicious failures occurring on untrusted servers using tamper-resistant logs with the support of cryptographic techniques. The experimental evaluation demonstrates the scalability and the relatively low overhead of our approach that allows executing transactions on untrusted infrastructure.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-20
Yibin Xu; Yangyu Huang

Distributed Ledger Technology (DLT) is promising to become the foundation of many decentralised systems. However, the unbalanced and unregulated network layout contributes to the inefficiency of DLT especially in the Internet of Things (IoT) environments, where nodes connect to only a limited number of peers. The data communication speed globally is unbalanced and does not live up to the constraints of efficient real-time distributed systems. In this paper, we introduce a new communication protocol, which enables nodes to calculate the tradeoff between connecting/disconnecting a peer in a completely decentralised manner. The network layout globally is continuously re-balancing and optimising along with nodes adjusting their peers. This communication protocol weakened the inequality of the communication network. The experiment suggests this communication protocol is stable and efficient.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-20
Doriane Perard; Lucas Gicquel; Jérôme Lacan

We propose in this paper BlockHouse, a decentralized/P2P storage system fully based on private blockchains. Each participant can rent his unused storage in order to host data of other members. This system uses a dual Smart Contract and Proof of Retrievability system to automatically check at a fixed frequency if the file is still hosted. In addition to transparency, the blockchain allows a better integration with all payments associated to this type of system ( regular payments, sequestration to ensure good behaviors of users, ...). Except the data transferred between the client and the server, all the actions go through a smart contract in the blockchain in order to log, pay and secure the entire storage process.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-20
Yibin Xu; Yangyu Huang

The exponential growth of the blockchain size has become a major contributing factor that hinders the decentralisation of blockchain and its potential implementations in data-heavy applications. In this paper, we propose segment blockchain, an approach that segmentises blockchain and enables nodes to only store a copy of one blockchain segment. We use \emph{PoW} as a membership threshold to limit the number of nodes taken by an Adversary---the Adversary can only gain at most $n/2$ of nodes in a network of $n$ nodes when it has $50\%$ of the calculation power in the system (the Nakamoto blockchain security threshold). A segment blockchain system fails when an Adversary stores all copies of a segment, because the Adversary can then leave the system, causing a permanent loss of the segment. We theoretically prove that segment blockchain can sustain a $(AD/n)^m$ failure probability when the Adversary has no more than $AD$ number of nodes and every segment is stored by $m$ number of nodes. The storage requirement is mostly shrunken compared to the traditional design and therefore making the blockchain more suitable for data-heavy applications.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-20
Kaikai Pan; Elyas Rakhshani; Peter Palensky

Power systems are moving towards hybrid AC/DC grids with the integration of HVDC links, renewable resources and energy storage modules. New models for frequency control have to consider the complex interactions between these components. Meanwhile, more attention should be paid to cyber security concerns as these control strategies highly depend on data communications which may be exposed to cyber attacks. In this article, for the first time, we study the false data injection attacks on the hybrid AC/DC grid with virtual inertia. We then build an optimization-based framework for vulnerability and impact analysis. It is shown that the hybrid grid with inertia emulation capability is more vulnerable to the false data injection attacks, compared with the normal AC system. We also propose a detection approach to detect and isolate each intrusion, and even recover the attack value in the steady-state behavior. In addition to theoretical results, the effectiveness of the proposed methods is validated through simulations on the two-area AC/HVDC interconnected system.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-20
Matt Wixey; Shane Johnson; Emiliano De Cristofaro

Sound at frequencies above (ultrasonic) or below (infrasonic) the range of human hearing can, in some settings, cause adverse physiological and psychological effects to individuals. In this paper, we investigate the feasibility of cyber-attacks that could make smart consumer devices produce possibly imperceptible sound at both high (17-21kHz) and low (60-100Hz) frequencies, at the maximum available volume setting, potentially turning them into acoustic cyber-weapons. To do so, we deploy attacks targeting different smart devices and take sound measurements in an anechoic chamber. For comparison, we also test possible attacks on traditional devices. Overall, we find that many of the devices tested are capable of reproducing frequencies within both high and low ranges, at levels exceeding those recommended in published guidelines. Generally speaking, such attacks are often trivial to develop and in many cases could be added to existing malware payloads, as they may be attractive to adversaries with specific motivations or targets. Finally, we suggest a number of countermeasures, both platform-specific and generic ones.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-20
Miroslav Mitev; Arsenia Chorti; Martin Reed; Leila Musavian

With the emergence of 5G low latency applications, such as haptics and V2X, low complexity and low latency security mechanisms are sought. Promising lightweight mechanisms include physical unclonable functions (PUF) and secret key generation (SKG) at the physical layer, as considered in this paper. In this framework we propose i) a novel authenticated encryption using SKG; ii) a combined PUF / SKG authentication to reduce computational overhead; iii) a 0-RTT resumption authentication protocol; iv) pipelining of the SKG and the encrypted data transfer. With respect to the latter, we investigate a parallel SKG approach for multi-carrier systems, where a subset of the subcarriers are used for SKG and the rest for data transmission. The optimal resource allocation is identified under security, power and delay constraints, by formulating the subcarrier allocation as a subset-sum $0-1$ knapsack optimization problem. A heuristic approach of linear complexity is proposed and shown to incur negligible loss with respect to the optimal dynamic programming solution. All of the proposed mechanisms, have the potential to pave the way for a new breed of latency aware security protocols.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-20
Tobias Meuser; Oluwasegun Taiwo Ojo; Daniel Bischoff; Antonio Fernández Anta; Ioannis Stavrakakis; Ralf Steinmetz

To support location-based services, vehicles must share their location with a server to receive relevant data, compromising their (location) privacy. To alleviate this privacy compromise, the vehicle's location can be obfuscated by adding artificial noise. Under limited available bandwidth, and since the area including the vehicle's location increases with the noise, the server will provide fewer data relevant to the vehicle's true location, reducing the effectiveness of a location-based service. To alleviate this problem, we propose that data relevant to a vehicle is also provided through direct, ad hoc communication by neighboring vehicles. Through such Vehicle-to-Vehicle (V2V) cooperation, the impact of location obfuscation is mitigated. Since vehicles subscribe to data of (location-dependent) impact values, neighboring vehicles will subscribe to largely overlapping sets of data, reducing the benefit of V2V cooperation. To increase such benefit, we develop and study a non-cooperative game determining the data that a vehicle should subscribe to, aiming at maximizing its utilization while considering the participating (neighboring) vehicles. Our analysis and results show that the proposed V2V cooperation and derived strategy lead to significant performance increase compared to non-cooperative approaches and largely alleviates the impact of privacy on location-based services.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-20
Jaspreet KaurPhD Scholar at CSE Department, Indian Institute of Technology Jodhpur, Jodhpur, India

Nowadays security is major concern for any user connected to the internet. Various types of attacks are to be performed by intruders to obtaining user information as manin-middle attack, denial of service, malware attacks etc. Malware attacks specifically ransomware attack become very famous recently. Ransomware attack threaten the users by encrypting their most valuable data, lock the user screen, play some random videos and by various more means. Finally attacker take benefits by users through paid ransom. In this paper, we propose a framework which prevent the ransomware attack more appropriately using various techniques as blockchain, honeypot, cloud & edge computing. This framework is analysed mainly through the IoT devices and generalized to the any malware attack.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-21
Deepak Puthal; Saraju P. Mohanty; Venkata P. Yanambaka; Elias Kougianos

In today's connected world, resource constrained devices are deployed for sensing and decision making applications, ranging from smart cities to environmental monitoring. Those recourse constrained devices are connected to create real-time distributed networks popularly known as the Internet of Things (IoT), fog computing and edge computing. The blockchain is gaining a lot of interest in these domains to secure the system by ignoring centralized dependencies, where proof-of-work (PoW) plays a vital role to make the whole security solution decentralized. Due to the resource limitations of the devices, PoW is not suitable for blockchain-based security solutions. This paper presents a novel consensus algorithm called Proof-of-Authentication (PoAh), which introduces a cryptographic authentication mechanism to replace PoW for resource constrained devices, and to make the blockchain application-specific. PoAh is thus suitable for private as well as permissioned blockchains. Further, PoAh not only secures the systems, but also maintains system sustainability and scalability. The proposed consensus algorithm is evaluated theoretically in simulation scenarios, and in real-time hardware testbeds to validate its performance. Finally, PoAh and its integration with the blockchain in the IoT and edge computing scenarios is discussed. The proposed PoAh, while running in limited computer resources (e.g. single-board computing devices like the Raspberry Pi) has a latency in the order of 3 secs.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-21
Artur Janc; Krzysztof Kotowicz; Lukas Weichselbaum; Roberto Clapis

Intelligent Tracking Prevention (ITP) is a privacy mechanism implemented by Apple's Safari browser, released in October 2017. ITP aims to reduce the cross-site tracking of web users by limiting the capabilities of cookies and other website data. As part of a routine security review, the Information Security Engineering team at Google has identified multiple security and privacy issues in Safari's ITP design. These issues have a number of unexpected consequences, including the disclosure of the user's web browsing habits, allowing persistent cross-site tracking, and enabling cross-site information leaks (including cross-site search). This report is a modestly expanded version of our original vulnerability submission to Apple (WebKit bug #201319), providing additional context and edited for clarity. A number of the issues discussed here have been addressed in Safari 13.0.4 and iOS 13.3, released in December 2019.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-21
Abhilash Garg; Supriya Chakraborty; Manoj Malik; Devesh Kumar; Satyajeet Singh; Manan Suri

Semiconductor NAND Flash based memory technology dominates the electronic Non-Volatile storage media market. Though NAND Flash offers superior performance and reliability over conventional magnetic HDDs, yet it suffers from certain data-security vulnerabilities. Such vulnerabilities can expose sensitive information stored on the media to security risks. It is thus necessary to study in detail the fundamental reasons behind data-security vulnerabilities of NAND Flash for use in critical applications. In this paper, the problem of unreliable data-deletion/sanitization in commercial NAND Flash media is investigated along with the fundamental reasons leading to such vulnerabilities. Exhaustive software based data recovery experiments (multiple iterations) has been carried out on commercial NAND Flash storage media (8 GB and 16 GB) for different types of filesystems (NTFS and FAT) and OS specific delete/Erase instructions. 100 % data recovery is obtained for windows and linux based delete/Erase commands. Inverse effect of performance enhancement techniques like wear levelling, bad block management etc. is also observed with the help of software based recovery experiments.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-21
Youren Shen; Hongliang Tian; Yu Chen; Kang Chen; Runji Wang; Yi Xu; Yubin Xia

Intel Software Guard Extensions (SGX) enables user-level code to create private memory regions called enclaves, whose code and data are protected by the CPU from software and hardware attacks outside the enclaves. Recent work introduces library operating systems (LibOSes) to SGX so that legacy applications can run inside enclaves with few or even no modifications. As virtually any non-trivial application demands multiple processes, it is essential for LibOSes to support multitasking. However, none of the existing SGX LibOSes support multitasking both securely and efficiently. This paper presents Occlum, a system that enables secure and efficient multitasking on SGX. We implement the LibOS processes as SFI-Isolated Processes (SIPs). SFI is a software instrumentation technique for sandboxing untrusted modules (called domains). We design a novel SFI scheme named MPX-based, Multi-Domain SFI (MMDSFI) and leverage MMDSFI to enforce the isolation of SIPs. We also design an independent verifier to ensure the security guarantees of MMDSFI. With SIPs safely sharing the single address space of an enclave, the LibOS can implement multitasking efficiently. The Occlum LibOS outperforms the state-of-the-art SGX LibOS on multitasking-heavy workloads by up to 6,600X on micro-benchmarks and up to 500X on application benchmarks.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2018-08-28
Herman Galteland; Kristian Gjøsteen

We model and analyze passive adversaries that monitors Tor traffic crossing the border of a jurisdiction an adversary is controlling. We show that a single adversary is able to connect incoming and outgoing traffic of their border, tracking the traffic, and cooperating adversaries are able to reconstruct parts of the Tor network, revealing user-server relationships. In our analysis we created two algorithms to estimate the capabilities of the adversaries. The first generates Tor-like traffic and the second analyzes and reconstructs the simulated data.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2018-12-05
Huangyi Ge; Sze Yiu Chau; Bruno Ribeiro; Ninghui Li

Image classifiers often suffer from adversarial examples, which are generated by strategically adding a small amount of noise to input images to trick classifiers into misclassification. Over the years, many defense mechanisms have been proposed, and different researchers have made seemingly contradictory claims on their effectiveness. We present an analysis of possible adversarial models, and propose an evaluation framework for comparing different defense mechanisms. As part of the framework, we introduce a more powerful and realistic adversary strategy. Furthermore, we propose a new defense mechanism called Random Spiking (RS), which generalizes dropout and introduces random noises in the training process in a controlled manner. Evaluations under our proposed framework suggest RS delivers better protection against adversarial examples than many existing schemes.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2019-04-30
Erisa Karafili; Linna Wang; Emil C. Lupu

We expect an increase in the frequency and severity of cyber-attacks that comes along with the need for efficient security countermeasures. The process of attributing a cyber-attack helps to construct efficient and targeted mitigating and preventive security measures. In this work, we propose an argumentation-based reasoner (ABR) as a proof-of-concept tool that can help a forensics analyst during the analysis of forensic evidence and the attribution process. Given the evidence collected from a cyber-attack, our reasoner can assist the analyst during the investigation process, by helping him/her to analyze the evidence and identify who performed the attack. Furthermore, it suggests to the analyst where to focus further analyses by giving hints of the missing evidence or new investigation paths to follow. ABR is the first automatic reasoner that can combine both technical and social evidence in the analysis of a cyber-attack, and that can also cope with incomplete and conflicting information. To illustrate how ABR can assist in the analysis and attribution of cyber-attacks we have used examples of cyber-attacks and their analyses as reported in publicly available reports and online literature. We do not mean to either agree or disagree with the analyses presented therein or reach attribution conclusions.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2019-05-26
Avishek Joey Bose; Andre Cianflone; William L. Hamilton

Adversarial attacks on deep neural networks traditionally rely on a constrained optimization paradigm, where an optimization procedure is used to obtain a single adversarial perturbation for a given input example. In this work we frame the problem as learning a distribution of adversarial perturbations, enabling us to generate diverse adversarial distributions given an unperturbed input. We show that this framework is domain-agnostic in that the same framework can be employed to attack different input domains with minimal modification. Across three diverse domains---images, text, and graphs---our approach generates whitebox attacks with success rates that are competitive with or superior to existing approaches, with a new state-of-the-art achieved in the graph domain. Finally, we demonstrate that our framework can efficiently generate a diverse set of attacks for a single given input, and is even capable of attacking \textit{unseen} test instances in a zero-shot manner, exhibiting attack generalization.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2019-05-29
Léonard Hussenot; Matthieu Geist; Olivier Pietquin

We propose a new perspective on adversarial attacks against deep reinforcement learning agents. Our main contribution is CopyCAT, a targeted attack able to consistently lure an agent into following an outsider's policy. It is pre-computed, therefore fast inferred, and could thus be usable in a real-time scenario. We show its effectiveness on Atari 2600 games in the novel read-only setting. In this setting, the adversary cannot directly modify the agent's state -- its representation of the environment -- but can only attack the agent's observation -- its perception of the environment. Directly modifying the agent's state would require a write-access to the agent's inner workings and we argue that this assumption is too strong in realistic settings.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2019-08-17
Jiadong Lin; Chuanbiao Song; Kun He; Liwei Wang; John E. Hopcroft

Deep learning models are vulnerable to adversarial examples crafted by applying human-imperceptible perturbations on benign inputs. However, under the black-box setting, most existing adversaries often have a poor transferability to attack other defense models. In this work, from the perspective of regarding the adversarial example generation as an optimization process, we propose two new methods to improve the transferability of adversarial examples, namely Nesterov Iterative Fast Gradient Sign Method (NI-FGSM) and Scale-Invariant attack Method (SIM). NI-FGSM aims to adapt Nesterov accelerated gradient into the iterative attacks so as to effectively look ahead and improve the transferability of adversarial examples. While SIM is based on our discovery on the scale-invariant property of deep learning models, for which we leverage to optimize the adversarial perturbations over the scale copies of the input images so as to avoid "overfitting" on the white-box model being attacked and generate more transferable adversarial examples. NI-FGSM and SIM can be naturally integrated to build a robust gradient-based attack to generate more transferable adversarial examples against the defense models. Empirical results on ImageNet dataset demonstrate that our attack methods exhibit higher transferability and achieve higher attack success rates than state-of-the-art gradient-based attacks.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2019-08-29
Christian Priebe; Divya Muthukumaran; Joshua Lind; Huanzhou Zhu; Shujie Cui; Vasily A. Sartakov; Peter Pietzuch

Hardware support for trusted execution in modern CPUs enables tenants to shield their data processing workloads in otherwise untrusted cloud environments. Runtime systems for the trusted execution must rely on an interface to the untrusted host OS to use external resources such as storage, network, and other functions. Attackers may exploit this interface to leak data or corrupt the computation. We describe SGX-LKL, a system for running Linux binaries inside of Intel SGX enclaves that only exposes a minimal, protected and oblivious host interface: the interface is (i) minimal because SGX-LKL uses a complete library OS inside the enclave, including file system and network stacks, which requires a host interface with only 7 calls; (ii) protected because SGX-LKL transparently encrypts and integrity-protects all data passed via low-level I/O operations; and (iii) oblivious because SGX-LKL performs host operations independently of the application workload. For oblivious disk I/O, SGX-LKL uses an encrypted ext4 file system with shuffled disk blocks. We show that SGX-LKL protects TensorFlow training with a 21% overhead.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2019-10-03
Kevin Atighehchi; Loubna Ghammam; Koray Karabina; Patrick Lacharme

Cancelable biometric schemes generate secure biometric templates by combining user specific tokens and biometric data. The main objective is to create irreversible, unlinkable, and revocable templates, with high accuracy in matching. In this paper, we cryptanalyze two recent cancelable biometric schemes based on a particular locality sensitive hashing function, index-of-max (IoM): Gaussian Random Projection-IoM (GRP-IoM) and Uniformly Random Permutation-IoM (URP-IoM). As originally proposed, these schemes were claimed to be resistant against reversibility, authentication, and linkability attacks under the stolen token scenario. We propose several attacks against GRP-IoM and URP-IoM, and argue that both schemes are severely vulnerable against authentication and linkability attacks. We also propose better, but not yet practical, reversibility attacks against GRP-IoM. The correctness and practical impact of our attacks are verified over the same dataset provided by the authors of these two schemes.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2019-10-14
Alireza Mohammadinodooshan; Ulf Kargén; Nahid Shahmehri

We have identified a methodological problem in the empirical evaluation of the string encryption detection capabilities of the AndrODet system described by Mirzaei et al. in the recent paper "AndrODet: An adaptive Android obfuscation detector". The accuracy of string encryption detection is evaluated using samples from the AMD and PraGuard malware datasets. However, the authors failed to account for the fact that many of the AMD samples are highly similar due to the fact that they come from the same malware family. This introduces a risk that a machine learning system trained on these samples could fail to learn a generalizable model for string encryption detection, and might instead learn to classify samples based on characteristics of each malware family. Our own evaluation strongly indicates that the reported high accuracy of AndrODet's string encryption detection is indeed due to this phenomenon. When we evaluated AndrODet, we found that when we ensured that samples from the same family never appeared in both training and testing data, the accuracy dropped to around 50%. Moreover, the PraGuard dataset is not suitable for evaluating a static string encryption detector such as AndrODet, since the particular obfuscation tool used to produce the dataset effectively makes it impossible to extract meaningful features of static strings in Android apps.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2019-11-03
Taotao Wang; Xiaoqian Bai; Hao Wang; Soung Chang Liew; Shengli Zhang

Bitcoin-NG, a scalable blockchain protocol, divides each block into a key block and many micro blocks to effectively improve the transaction processing capacity. Bitcoin-NG has a special incentive mechanism (i.e. splitting transaction fees to the current and the next leader) to maintain its security. However, this design of the incentive mechanism ignores the joint effect of transaction fees, mint coins and mining duration lengths on the expected mining reward. In this paper, we identify the advanced mining attack that deliberately ignores micro blocks to enlarge the mining duration length to increase the likelihood of winning the mining race. We first show that an advanced mining attacker can maximize its expected reward by optimizing its mining duration length. We then formulate a game-theoretical model in which multiple mining players perform advanced mining to compete with each other. We analyze the Nash equilibrium for the mining game. Our analytical and simulation results indicate that all mining players in the mining game converge to having advanced mining at the equilibrium and have no incentives for deviating from the equilibrium; the transaction processing capability of the Bitcoin-NG network at the equilibrium is decreased by advanced mining. Therefore, we conclude that the Bitcoin-NG blockchain protocol is vulnerable to advanced mining attack. We discuss how to reduce the negative impact of advanced mining for Bitcoin-NG.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2019-11-06
Ahmed M. Elmisery; Mirela Sertovic

The recent proliferation of smart home environments offers new and transformative circumstances for various domains with a commitment to enhancing the quality of life and experience. Most of these environments combine different gadgets offered by multiple stakeholders in a dynamic and decentralized manner, which in turn presents new challenges from the perspective of digital investigation. In addition, a plentiful amount of data records got generated because of the day to day interactions between these gadgets and homeowners, which poses difficulty in managing and analyzing such data. The analysts should endorse new digital investigation approaches to tackle the current limitations in traditional approaches when used in these environments. The digital evidence in such environments can be found inside the records of logfiles that store the historical events occurred inside the smart home. Threat hunting can leverage the collective nature of these gadgets to gain deeper insights into the best way for responding to new threats, which in turn can be valuable in reducing the impact of breaches. Nevertheless, this approach depends mainly on the readiness of smart homeowners to share their own personal usage logs that have been extracted from their smart home environments. However, they might disincline to employ such service due to the sensitive nature of the information logged by their personal gateways. In this paper, we presented an approach to enable smart homeowners to share their usage logs in a privacy preserving manner. A distributed threat hunting approach has been developed to permit the composition of diverse threat classes without revealing the logged records to other involved parties. Furthermore, a scenario was proposed to depict a proactive threat Intelligence sharing for the detection of potential threats in smart home environments with some experimental results.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2019-11-24
Yen-Lung Lai

Secure sketch produces public information of its input $w$ without revealing it, yet, allows the exact recovery of $w$ given another value $w'$ that is close to $w$. Therefore, it can be used to reliably reproduce any error-prone secret (i.e., biometrics) stored in secret storage. However, some sources have lower entropy compared to the error itself, formally called "more error than entropy", a standard secure sketch cannot show its security promise perfectly to these kind of sources. This paper focuses on secure sketch. We propose a concrete construction for secure sketch. We show security to all noisy sources, including the trivial source with zero min-entropy. In addition, our construction comes with efficient recovery algorithm operates in polynomial time in the sketch size, which can tolerate high number of error rate arbitrary close to 1/2. Above result acts in conjunction to our derivation on the solution to two NP-complete coding problems, suggesting P=NP.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2019-11-28
Oleksii Konashevych; Oleg Khovayko

Randpay is a technology developed in Emercoin for blockchain micropayments that can be more effective in some scenarios than the Lightning Network as we show in the paper. The protocol is based on the concept of Ronald L. Rivest and published in the paper "Electronic Lottery Tickets as Micropayments" (1997). The "lottery ticket" was designed for centralized systems where a trusted third party is required to provide payments, and in some scenarios is also a lottery facilitator. The existing blockchain protocol cannot accommodate peer-to-peer "lottery" micropayments at least without the need to create payment channels, which is analysed in the paper. Therefore, the implementation required the development of an update to the blockchain core. In the result, RandpayUTXO was introduced - infinitely spendable zero output that requires the payee's signature to be published in the blockchain. Randpay is considered to be the first blockchain protocol to require the payee to sign the transaction by their private key. This is a significant feature to improve not only microtransactions but also extend the use of the blockchain for legal deeds that require a payee's consent to be recognised in legal applications. The second important innovation of this research is the implementation of Blum's "coin flipping by telephone" problem to design a "lottery ticket" that does not require any third party to facilitate the lottery. The paper offers an API description, an analysis of the mathematical model, and proof of how "lottery" can be beneficial. There is also an attack analysis and overview of existing solutions.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2019-11-23
Jorge Peña Queralta; Tomi Westerlund

One of the key challenges in the collaboration within heterogeneous multi-robot systems is the optimization of the amount and type of data to be shared between robots with different sensing capabilities and computational resources. In this paper, we present a novel approach to managing collaboration terms in heterogeneous multi-robot systems with blockchain technology. Leveraging the extensive research of consensus algorithms in the blockchain domain, we exploit key technologies in this field to be integrated for consensus in robotic systems. We propose the utilization of proof of work systems to have an online estimation of the available computational resources at different robots. Furthermore, we define smart contracts that integrate information about the environment from different robots in order to evaluate and rank the quality and accuracy of each of the robots' sensor data. This means that the key parameters involved in heterogeneous robotic collaboration are integrated within the Blockchain and estimated at all robots equally without explicitly sharing information about the robots' hardware or sensors. Trustability is based on the verification of data samples that are submitted to the blockchain within each data exchange transaction and validated by other robots operating in the same environment. Initial results are reported which show the viability of the concepts presented in this paper.

更新日期：2020-01-22
• arXiv.cs.CR Pub Date : 2020-01-15
Alyssa Donawa; Inema Orukari; Corey E. Baker

Electronic Health Records (EHRs) have improved many aspects of healthcare and allowed for easier patient management for medical providers. Blockchains have been proposed as a promising solution for supporting Electronic Health Records (EHRs), but have also been linked to scalability concerns about supporting real-world healthcare systems. This paper quantifies the scalability issues and bottlenecks related to current blockchains and puts into perspective the limitations blockchains have with supporting healthcare systems. Particularly we show that well known blockchains such as Bitcoin, Ethereum, and IOTA cannot support transactions of a large scale hospital system such as the University of Kentucky HealthCare system and leave over 7.5M unsealed transactions per day. We then discuss how bottlenecks of blockchains can be relieved with sidechains, enabling well-known blockchains to support even larger hospital systems of over 30M transactions per day. We then introduce the Patient-Healthchain architecture to provide future direction on how scaling blockchains for EHR systems with sidechains can be achieved.

更新日期：2020-01-17
• arXiv.cs.CR Pub Date : 2020-01-13
Dou Goodman; Hao Xin; Wang Yang; Wu Yuesheng; Xiong Junfeng; Zhang Huan

In recent years, neural networks have been extensively deployed for computer vision tasks, particularly visual classification problems, where new algorithms reported to achieve or even surpass the human performance. Recent studies have shown that they are all vulnerable to the attack of adversarial examples. Small and often imperceptible perturbations to the input images are sufficient to fool the most powerful neural networks. \emph{Advbox} is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle, PyTorch, Caffe2, MxNet, Keras, TensorFlow and it can benchmark the robustness of machine learning models. Compared to previous work, our platform supports black box attacks on Machine-Learning-as-a-service, as well as more attack scenarios, such as Face Recognition Attack, Stealth T-shirt, and Deepfake Face Detect. The code is licensed under the Apache 2.0 license and is openly available at https://github.com/advboxes/AdvBox.

更新日期：2020-01-17
• arXiv.cs.CR Pub Date : 2020-01-16
Jing Li; Dongning Guo

Bitcoin is a peer-to-peer payment system proposed by Nakamoto in 2008. Based on the Nakamoto consensus, Bagaria, Kannan, Tse, Fanti, and Viswanath proposed the Prism protocol in 2018 and showed that it achieves near-optimal blockchain throughput while maintaining similar level of security as bitcoin. This work provides the probabilistic guarantees for the liveliness and consistency of bitcoin and Prism transactions. Previous analyses of the bitcoin and Prism have been either established under a simplified discrete-time model or expressed in terms of exponential order result. This paper presents a streamlined and strengthened analysis under a more realistic continuous-time model where the block propagation delays are heterogeneous, arbitrary, and upper bounded by some constant. The goal is to show that every valid transaction becomes permanent in all honest miners' blockchains under a certain "typical event", which occurs with probability close to 1. To that end, we establish the blockchain growth theorem, the blockchain quality theorem, and the common prefix theorem. In lieu of exponential order result in the literature, the probabilistic guarantees for the desired properties of the bitcoin and Prism protocols take the form of explicit expressions here, which provide improved design references for public transaction ledger protocols.

更新日期：2020-01-17
• arXiv.cs.CR Pub Date : 2020-01-16
Mohamed Abushwereb; Muhannad Mustafa; Mouhammd Al-kasassbeh; Malik Qasaimeh

One of the most common internet attacks causing significant economic losses in recent years is the Denial of Service (DoS) flooding attack. As a countermeasure, intrusion detection systems equipped with machine learning classification algorithms were developed to detect anomalies in network traffic. These classification algorithms had varying degrees of success, depending on the type of DoS attack used. In this paper, we use an SNMP-MIB dataset from real testbed to explore the most prominent DoS attacks and the chances of their detection based on the classification algorithm used. The results show that most DOS attacks used nowadays can be detected with high accuracy using machine learning classification techniques based on features provided by SNMP-MIB. We also conclude that of all the attacks we studied, the Slowloris attack had the highest detection rate, on the other hand TCP-SYN had the lowest detection rate throughout all classification techniques, despite being one of the most used DoS attacks.

更新日期：2020-01-17
• arXiv.cs.CR Pub Date : 2020-01-16
Dingyu Yan

Solving cybersecurity issues requires a holistic understanding of components, factors, structures and their interactions in cyberspace, but conventional modeling approaches view the field of cybersecurity by their boundaries so that we are still not clear to cybersecurity and its changes. In this paper, we attempt to discuss the application of systems thinking approaches to cybersecurity modeling. This paper reviews the systems thinking approaches and provides the systems theories and methods for tackling cybersecurity challenges, regarding relevant fields, associated impact factors and their interactions. Moreover, an illustrative example of systems thinking frameworks for cybersecurity modeling is developed to help broaden the mind in methodology, theory, technology and practice. This article concludes that systems thinking can be considered as one of the powerful tools of cybersecurity modeling to find, characterize, understand, evaluate and predict cybersecurity.

更新日期：2020-01-17
• arXiv.cs.CR Pub Date : 2019-12-30
Takahiro Suzuki; Shingo Takeshita; Satoshi Ono

This paper proposes Evolutionary Multi-objective Optimization (EMO)-based Adversarial Example (AE) design method that performs under black-box setting. Previous gradient-based methods produce AEs by changing all pixels of a target image, while previous EC-based method changes small number of pixels to produce AEs. Thanks to EMO's property of population based-search, the proposed method produces various types of AEs involving ones locating between AEs generated by the previous two approaches, which helps to know the characteristics of a target model or to know unknown attack patterns. Experimental results showed the potential of the proposed method, e.g., it can generate robust AEs and, with the aid of DCT-based perturbation pattern generation, AEs for high resolution images.

更新日期：2020-01-17
• arXiv.cs.CR Pub Date : 2020-01-16
Matteo Allaix; Lukas Holzbaur; Tefjol Pllaha; Camilla Hollanti

In the classical private information retrieval (PIR) setup, a user wants to retrieve a file from a database or a distributed storage system (DSS) without revealing the file identity to the servers holding the data. In the quantum PIR (QPIR) setting, a user privately retrieves a classical file by downloading quantum systems from the servers. The QPIR problem has been treated by Song \emph{et al.} in the case of replicated servers, both without collusion and with all but one servers colluding. In this paper, the QPIR setting is extended to account for MDS-coded servers. The proposed protocol works for any [n,k]-MDS code and t-collusion with t = n - k. Similarly to the previous cases, the rates achieved are better than those known or conjectured in the classical counterparts.

更新日期：2020-01-17
• arXiv.cs.CR Pub Date : 2020-01-16
Omar Amer; Walter O. Krawec

In this paper we derive a key rate expression for the extended version of the B92 quantum key distribution protocol that takes into account, for the first time, the effects of operating with finite resources. With this expression, we conduct an analysis of the protocol in a variety of different noise and key-length settings, and compare to previous bounds on comparable protocols.

更新日期：2020-01-17
• arXiv.cs.CR Pub Date : 2020-01-16
Keyvan Ramezanpour; Paul Ampadu; William Diehl

Existing power analysis techniques rely on strong adversary models with prior knowledge of the leakage or training data. We introduce side-channel analysis with unsupervised learning (SCAUL) that can recover the secret key without requiring prior knowledge or profiling (training). We employ an LSTM auto-encoder to extract features from power traces with high mutual information with the data-dependent samples of the measurements. We demonstrate that by replacing the raw measurements with the auto-encoder features in a classical DPA attack, the efficiency, in terms of required number of measurements for key recovery, improves by 10X. Further, we employ these features to identify a leakage model with sensitivity analysis and multi-layer perceptron (MLP) networks. SCAUL uses the auto-encoder features and the leakage model, obtained in an unsupervised approach, to find the correct key. On a lightweight implementation of AES on Artix-7 FPGA, we show that SCAUL is able to recover the correct key with 3700 power measurements with random plaintexts, while a DPA attack requires at least 17400 measurements. Using misaligned traces, with an uncertainty equal to 20\% of the hardware clock cycle, SCAUL is able to recover the secret key with 12300 measurements while the DPA attack fails to detect the key.

更新日期：2020-01-17
• arXiv.cs.CR Pub Date : 2020-01-16
Shahab Asoodeh; Jiachun Liao; Flavio P. Calmon; Oliver Kosut; Lalitha Sankar

We derive the optimal differential privacy (DP) parameters of a mechanism that satisfies a given level of R\'enyi differential privacy (RDP). Our result is based on the joint range of two $f$-divergences that underlie the approximate and the R\'enyi variations of differential privacy. We apply our result to the moments accountant framework for characterizing privacy guarantees of stochastic gradient descent. When compared to the state-of-the-art, our bounds may lead to about 100 more stochastic gradient descent iterations for training deep learning models for the same privacy budget.

更新日期：2020-01-17
• arXiv.cs.CR Pub Date : 2018-11-20
Kostantinos Papadamou; Savvas Zannettou; Bogdan Chifor; Sorin Teican; George Gugulea; Annamaria Recupero; Alberto Caponi; Claudio Pisa; Giuseppe Bianchi; Steven Gevers; Christos Xenakis; Michael Sirivianos

Current authentication methods on the Web have serious weaknesses. First, services heavily rely on the traditional password paradigm, which diminishes the end-users' security and usability. Second, the lack of attribute-based authentication does not allow anonymity-preserving access to services. Third, users have multiple online accounts that often reflect distinct identity aspects. This makes proving combinations of identity attributes hard on the users. In this paper, we address these weaknesses by proposing a privacy-preserving architecture for device-centric and attribute-based authentication based on: 1) the seamless integration between usable/strong device-centric authentication methods and federated login solutions; 2) the separation of the concerns for Authorization, Authentication, Behavioral Authentication and Identification to facilitate incremental deployability, wide adoption and compliance with NIST assurance levels; and 3) a novel centralized component that allows end-users to perform identity profile and consent management, to prove combinations of fragmented identity aspects, and to perform account recovery in case of device loss. To the best of our knowledge, this is the first effort towards fusing the aforementioned techniques under an integrated architecture. This architecture effectively deems the password paradigm obsolete with minimal modification on the service provider's software stack.

更新日期：2020-01-17
• arXiv.cs.CR Pub Date : 2019-02-28
Michael D. Brown; Santosh Pande

Nearly all modern software suffers from bloat that negatively impacts its performance and security. To combat this problem, several automated techniques have been proposed to debloat software. A key metric used in many of these works to demonstrate improved security is code reuse gadget count reduction. The use of this metric is based on the prevailing idea that reducing the number of gadgets available in a software package reduces its attack surface and makes mounting a gadget-based code reuse exploit such as return-oriented programming (ROP) more difficult for an attacker. In this paper, we challenge this idea and show through a variety of realistic debloating scenarios the flaws inherent to the gadget count reduction metric. Specifically, we demonstrate that software debloating can achieve high gadget count reduction rates, yet fail to limit an attacker's ability to construct an exploit. Worse yet, in some scenarios high gadget count reduction rates conceal instances in which software debloating makes security worse by introducing new, useful gadgets. To address these issues, we propose a set of four new metrics for measuring security improvements realized through software debloating that are quality-oriented rather than quantity-oriented. We show that these metrics can identify when debloating negatively impacts security and be efficiently calculated using our static binary analysis tool, the Gadget Set Analyzer. Finally, we demonstrate the utility of these metrics in two realistic case studies: iterative debloating and debloater evaluation.

更新日期：2020-01-17
• arXiv.cs.CR Pub Date : 2020-01-14
Mahdi Soltani; Mahdi Jafari Siavoshani; Amir Hossein Jahangir

By growing the number of Internet users and the prevalence of web applications, we have to deal with very complex software and applications in the network. This results in an increasing number of new vulnerabilities in the systems, which consequently leads to an increase in the cyber and, in particular, zero-day attacks. The cost of generating appropriate signatures for these attacks is a potential motive for using machine learning-based methodologies. Although there exist many studies on the use of learning-based methods for attack detection, they generally use extracted features and overlook raw contents. This approach can lessen the performance of detection systems against content-based attacks like SQL injection, Cross-site Scripting (XSS), and various viruses. As a new paradigm, in this work, we propose a scheme, called deep intrusion detection (DID) system that uses the pure content of traffic flows in addition to traffic metadata in the learning and detection phases. To this end, we employ deep learning techniques recently developed in the machine learning community. Due to the inherent nature of deep learning, it can process high dimensional data content and, accordingly, discover the sophisticated relations between the auto extracted features of the traffic. To evaluate the proposed DID system, we use the ISCX IDS 2017 dataset. The evaluation metrics, such as precision and recall, reach $0.992$ and $0.998$, respectively, which show the high performance of the proposed DID method.

更新日期：2020-01-16
• arXiv.cs.CR Pub Date : 2020-01-14
Jianyu Niu; Ziyu Wang; Fangyu Gai; Chen Feng

Bitcoin-NG is among the first blockchain protocols to approach the \emph{near-optimal} throughput by decoupling blockchain operation into two planes: leader election and transaction serialization. Its decoupling idea has inspired a new generation of high-performance blockchain protocols. However, the existing incentive analysis of Bitcoin-NG has several limitations. First, the impact of network capacity is ignored. Second, an integrated incentive analysis that jointly considers both key blocks and microblocks is still missing. In this paper, we aim to address the two limitations. First, we propose a new incentive analysis that takes the network capacity into account, showing that Bitcoin-NG can achieve better incentive compatibility against the microblock mining attack under limited network capacity. Second, we leverage a Markov decision process (MDP) to jointly analyze the incentive of both key blocks and microblocks, showing that Bitcoin-NG is as secure as Bitcoin when the adversary controls less than 35% of the computation power. We hope that our in-depth incentive analysis for Bitcoin-NG can shed some light on the mechanism design and incentive analysis of next-generation blockchain protocols.

更新日期：2020-01-16
• arXiv.cs.CR Pub Date : 2020-01-15
Hongchao Zhou; Abbas El Gamal

Shannon showed that to achieve perfect secrecy in point-to-point communication, the message rate cannot exceed the shared secret key rate giving rise to the simple one-time pad encryption scheme. In this paper, we extend this work from point-to-point to networks. We consider a connected network with pairwise communication between the nodes. We assume that each node is provided with a certain amount of secret bits before communication commences. An eavesdropper with unlimited computing power has access to all communication and can hack a subset of the nodes not known to the rest of the nodes. We investigate the limits on information-theoretic secure communication for this network. We establish a tradeoff between the secure channel rate (for a node pair) and the secure network rate (sum over all node pair rates) and show that perfect secrecy can be achieved if and only if the sum rate of any subset of unhacked channels does not exceed the shared unhacked-secret-bit rate of these channels. We also propose two practical and efficient schemes that achieve a good balance of network and channel rates with perfect secrecy guarantee. This work has a wide range of potential applications for which perfect secrecy is desired, such as cyber-physical systems, distributed-control systems, and ad-hoc networks.

更新日期：2020-01-16
• arXiv.cs.CR Pub Date : 2020-01-15
He Li; Vireshwar Kumar; Jung-Min Park; Yaling Yang

In emerging applications, such as intelligent automotive systems, Internet-of-Things (IoT) and industrial control systems, the use of conventional message authentication codes (MACs) to provide message authentication and integrity is not possible due to the large size of the MAC output. A straightforward yet naive solution to this problem is to employ a truncated MAC which undesirably sacrifices cryptographic strength in exchange for reduced communication overhead. In this paper, we address this problem by proposing a novel approach for message authentication called \textit{Cumulative Message Authentication Code} (CuMAC), which consists of two distinctive procedures: \textit{aggregation} and \textit{accumulation}. In aggregation, a sender generates compact authentication tags from segments of multiple MACs by using a systematic encoding procedure. In accumulation, a receiver accumulates the cryptographic strength of the underlying MAC by collecting and verifying the authentication tags. Embodied with these two procedures, CuMAC enables the receiver to achieve an advantageous trade-off between the cryptographic strength and the latency in processing of the authentication tags. We have carried out comprehensive evaluations of CuMAC in two real-world applications: low-power wide-area network and in-vehicle controller area network. Our evaluation methodology included simulations as well as a prototype implementation of CuMAC on a real car.

更新日期：2020-01-16
• arXiv.cs.CR Pub Date : 2020-01-15
Yibin Xu; Yangyu Huang

Traditional Blockchain Sharding approaches can only tolerate up to n/3 of nodes being adversary because they rely on the hypergeometric distribution to make a failure (an adversary does not have n/3 of nodes globally but can manipulate the consensus of a Shard) hard to happen. The system must maintain a large Shard size (the number of nodes inside a Shard) to sustain the low failure probability so that only a small number of Shards may exist. In this paper, we present a new approach of Blockchain Sharding that can withstand up to n/2 of nodes being bad. We categorise the nodes into different classes, and every Shard has a fixed number of nodes from different classes. We prove that this design is much more secure than the traditional models (only have one class) and the Shard size can be reduced significantly. In this way, many more Shards can exist, and the transaction throughput can be largely increased. The improved Blockchain Sharding approach is promising to serve as the foundation for decentralised autonomous organisations and decentralised database.

更新日期：2020-01-16
• arXiv.cs.CR Pub Date : 2020-01-15
Qianlan Bai; Chao Zhang; Yuedong Xu; Xiaowei Chen; Xin Wang

Ethereum is one of the most popular blockchain systems that supports more than half a million transactions every day and fosters miscellaneous decentralized applications with its Turing-complete smart contract machine. Whereas it remains mysterious what the transaction pattern of Ethereum is and how it evolves over time. In this paper, we study the evolutionary behavior of Ethereum transactions from a temporal graph point of view. We first develop a data analytics platform to collect external transactions associated with users as well as internal transactions initiated by smart contracts. Three types of temporal graphs, user-to-user, contract-to-contract and user-contract graphs, are constructed according to trading relationship and are segmented with an appropriate time window. We observe a strong correlation between the size of user-to-user transaction graph and the average Ether price in a time window, while no evidence of such linkage is shown at the average degree, average edge weights and average triplet closure duration. The macroscopic and microscopic burstiness of Ethereum transactions is validated. We analyze the Gini indexes of the transaction graphs and the user wealth in which Ethereum is found to be very unfair since the very beginning, in a sense, "the rich is already very rich".

更新日期：2020-01-16
• arXiv.cs.CR Pub Date : 2020-01-15
Maedeh Sharifinejad; Ali Dorri; Javad Rezazadeh

Insurance is one of the fundamental services offered to the citizens to reduce their costs and assist them in case of an emergency. One of the most important challenges in the insurance industry is to address liability challenge and the forging of documents by the involved parties, i.e., insurance company or the users, in order to increase financial gain. Conventional methods to address this challenge is significantly time consuming and costly and also suffers from lock of transparency. In this paper, we propose a blockchain-based solution for the insurance industry in smart cities (BIS). BIS creates a big umbrella that consists of the smart city managers, insurance companies, users, and sensors and devices. The users are known by changeable Public Keys (PKs) that introduces a level of anonymity. The data collected by the sensors is stored in cloud or local storage and is shared with insurance company on demand to find the liable party that in turn increases the privacy of the users. BIS enables the users to prove and share the history of their insurances with other users or insurances. Using Proof of Concept (POC) implementation we demonstrated the applicability of blockchain in insurance industry. The implementation results prove that BIS significantly reduces delay involved in insurance industry as compared with conventional insurance methods.

更新日期：2020-01-16
• arXiv.cs.CR Pub Date : 2020-01-15
Kiran B. Raja; R. Raghavendra; Sushma Venkatesh; Christoph Busch

We address the fundamental performance issues of template protection (TP) for iris verification. We base our work on the popular Bloom-Filter templates protection & address the key challenges like sub-optimal performance and low unlinkability. Specifically, we focus on cases where Bloom-filter templates results in non-ideal performance due to presence of large degradations within iris images. Iris recognition is challenged with number of occluding factors such as presence of eye-lashes within captured image, occlusion due to eyelids, low quality iris images due to motion blur. All of such degrading factors result in obtaining non-reliable iris codes & thereby provide non-ideal biometric performance. These factors directly impact the protected templates derived from iris images when classical Bloom-filters are employed. To this end, we propose and extend our earlier ideas of Morton-filters for obtaining better and reliable templates for iris. Morton filter based TP for iris codes is based on leveraging the intra and inter-class distribution by exploiting low-rank iris codes to derive the stable bits across iris images for a particular subject and also analyzing the discriminable bits across various subjects. Such low-rank non-noisy iris codes enables realizing the template protection in a superior way which not only can be used in constrained setting, but also in relaxed iris imaging. We further extend the work to analyze the applicability to VIS iris images by employing a large scale public iris image database - UBIRIS(v1 & v2), captured in a unconstrained setting. Through a set of experiments, we demonstrate the applicability of proposed approach and vet the strengths and weakness. Yet another contribution of this work stems in assessing the security of the proposed approach where factors of Unlinkability is studied to indicate the antagonistic nature to relaxed iris imaging scenarios.

更新日期：2020-01-16
• arXiv.cs.CR Pub Date : 2020-01-15
Kobra Mabodi; Mehdi Yusefi; Shahram Zandiyan; Leili Irankhah; Reza Fotohi

The internet of things (IoT) is able to provide a prediction of linked, universal, and smart nodes that have autonomous interaction when they present services. Because of wide openness, relatively high processing power, and wide distribution of IoT things, they are ideal for attacks of the gray hole. In the gray hole attack, the attacker fakes itself as the shortest path to the destination that is a thing here. This causes the routing packets not to reach the destination. The proposed method is based on the AODV routing protocol and is presented under the MTISS-IoT name which means for the reduction of gray hole attacks using check node information. In this paper, a hybrid approach is proposed based on cryptographic authentication. The proposed approach consists of four phases, such as the verifying node trust in the IoT, testing the routes, gray hole attack discovery, and the malicious attack elimination process in MTISS-IoT. The method is evaluated here via extensive simulations carried out in the NS-3 environment. The experimental results of four scenarios demonstrated that the MTISS-IoT method can achieve a false positive rate of 14.104%, a false negative rate of 17.49%, and a detection rate of 94.5% when gray hole attack was launched.

更新日期：2020-01-16
Contents have been reproduced by permission of the publishers.

down
wechat
bug