Latest in cs.cr

total 5324took 0.22s
Algorithmic Bidding for Virtual Trading in Electricity MarketsFeb 08 2018We consider the problem of optimal bidding for virtual trading in two-settlement electricity markets. A virtual trader aims to arbitrage on the differences between day-ahead and real-time market prices; both prices, however, are random and unknown to ... More
Open Data, Grey Data, and Stewardship: Universities at the Privacy FrontierFeb 08 2018As universities recognize the inherent value in the data they collect and hold, they encounter unforeseen challenges in stewarding those data in ways that balance accountability, transparency, and protection of privacy, academic freedom, and intellectual ... More
Exploiting Spin-Orbit Torque Devices as Reconfigurable Logic for Circuit ObfuscationFeb 08 2018Circuit obfuscation is a frequently used approach to conceal logic functionalities in order to prevent reverse engineering attacks on fabricated chips. Efficient obfuscation implementations are expected with lower design complexity and overhead but higher ... More
Some application of difference equations in Cryptography and Coding TheoryFeb 08 2018In this paper, we present some applications of a difference equation of degree k in Cryptography and Coding Theory.
ODINI : Escaping Sensitive Data from Faraday-Caged, Air-Gapped Computers via Magnetic FieldsFeb 08 2018Air-gapped computers are computers which are kept isolated from the Internet, because they store and process sensitive information. When highly sensitive data is involved, an air-gapped computer might also be kept secluded in a Faraday cage. The Faraday ... More
Tight Lower Bounds for Locally Differentially Private SelectionFeb 07 2018We prove a tight lower bound (up to constant factors) on the sample complexity of any non-interactive local differentially private protocol for optimizing a linear function over the simplex. This lower bound also implies a tight lower bound (again, up ... More
A Diversity-based Substation Cyber Defense Strategy utilizing Coloring GamesFeb 07 2018Growing cybersecurity risks in the power grid require that utilities implement a variety of security mechanism (SM) composed mostly of VPNs, firewalls, or other custom security components. While they provide some protection, they might contain software ... More
Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep LearningFeb 07 2018Privacy policies are the primary channel through which companies inform users about their data collection and sharing practices. In their current form, policies remain long and difficult to comprehend, thus merely serving the goal of legally protecting ... More
Leveraging Uncertainty for Effective Malware MitigationFeb 07 2018A promising avenue for improving the effectiveness of behavioral-based malware detectors would be to combine fast traditional machine learning detectors with high-accuracy, but time-consuming deep learning models. The main idea would be to place software ... More
CryptoRec: Secure Recommendations as a ServiceFeb 07 2018Recommender systems rely on large datasets of historical data and entail serious privacy risks. A server offering recommendations as a service to a client might leak more information than necessary regarding its recommendation model and training dataset. ... More
Cyber-Physical Architecture Assisted by Programmable NetworkingFeb 07 2018Cyber-physical technologies are prone to attacks, in addition to faults and failures. The issue of protecting cyber-physical systems should be tackled by jointly addressing security at both cyber and physical domains, in order to promptly detect and mitigate ... More
New Use Cases for Snort: Cloud and Mobile EnvironmentsFeb 07 2018First, this case study explores an Intrusion Detection System package called Snort (provided by Cisco Systems) in a cloud environment. Snort is an open source and highly scalable signature-based intrusion detection system. Here, Snort is deployed on Ubuntu ... More
MAGNETO: Covert Channel between Air-Gapped Systems and Nearby Smartphones via CPU-Generated Magnetic FieldsFeb 07 2018In this paper, we show that attackers can leak data from isolated, air-gapped computers to nearby smartphones via covert magnetic signals. The proposed covert channel works even if a smartphone is kept inside a Faraday shielding case, which aims to block ... More
On the Preliminary Investigation of Selfish Mining Strategy with Multiple Selfish MinersFeb 06 2018Eyal and Sirer's selfish mining strategy has demonstrated that Bitcoin system is not secure even if 50% of total mining power is held by altruistic miners. Since then, researchers have been investigating either to improve the efficiency of selfish mining, ... More
Recovering decimation-based cryptographic sequences by means of linear CAsFeb 06 2018The sequences produced by the cryptographic sequence generator known as the shrinking generator can be modelled as the output sequences of linear elementary cellular automata. These sequences are composed of interleaved m-sequences produced by linear ... More
A Survey on Sensor-based Threats to Internet-of-Things (IoT) Devices and ApplicationsFeb 06 2018The concept of Internet of Things (IoT) has become more popular in the modern era of technology than ever before. From small household devices to large industrial machines, the vision of IoT has made it possible to connect the devices with the physical ... More
Secure Range Queries for Multiple UsersFeb 04 2018Order-preserving encryption allows encrypting data, while still enabling efficient range queries on the encrypted data. Moreover, it does not require any change to the database management system, because comparison operates on ciphertexts as on plaintexts. ... More
Software Fault Isolation for Robust CompilationFeb 03 2018Memory corruption vulnerabilities are endemic to unsafe languages, such as C, and they can even be found in safe languages that themselves are implemented in unsafe languages or linked with libraries implemented in unsafe languages. Robust compilation ... More
When Good Components Go Bad: Formally Secure Compilation Despite Dynamic CompromiseFeb 02 2018We propose a new formal criterion for secure compilation, giving strong end-to-end security guarantees for software components written in unsafe, low-level languages with C-style undefined behavior. Our criterion is the first to model_dynamic_ compromise ... More
Ensuring Data Integrity in Electronic Health Records: A Quality Health Care ImplicationFeb 02 2018An Electronic Health Record (EHR) system must enable efficient availability of meaningful, accurate and complete data to assist improved clinical administration through the development, implementation and optimisation of clinical pathways. Therefore data ... More
Secure Detection of Image Manipulation by means of Random Feature SelectionFeb 02 2018We address the problem of data-driven image manipulation detection in the presence of an attacker with limited knowledge about the detector. Specifically, we assume that the attacker knows the architecture of the detector, the training data and the class ... More
A group law for PKC purposesFeb 01 2018Let $\mathbb{F}$ be a field, let $V=\mathbb{F}^3$, and let $A\colon V\to V$ a linear map. The polynomial $P(x)=\det (x_1I+x_2A+x_3A^2)$ does not depend on $A$ but only on its characteristic polynomial $\chi(X)$. A law of composition $\oplus \colon V\times ... More
Early Warnings of Cyber Threats in Online DiscussionsJan 29 2018We introduce a system for automatically generating warnings of imminent or current cyber-threats. Our system leverages the communication of malicious actors on the darkweb, as well as activity of cyber security experts on social media platforms like Twitter. ... More
A Survey on Behavioral Biometric Authentication on SmartphonesJan 28 2018Recent research has shown the possibility of using smartphones' sensors and accessories to extract some behavioral attributes such as touch dynamics, keystroke dynamics and gait recognition. These attributes are known as behavioral biometrics and could ... More
A New Algorithm for Double Scalar Multiplication over Koblitz CurvesJan 25 2018Koblitz curves are a special set of elliptic curves and have improved performance in computing scalar multiplication in elliptic curve cryptography due to the Frobenius endomorphism. Double-base number system approach for Frobenius expansion has improved ... More
Secure and Privacy-Friendly Local Electricity Trading and Billing in Smart GridJan 25 2018This paper proposes two decentralised, secure and privacy-friendly protocols for local electricity trading and billing, respectively. The trading protocol employs a bidding algorithm based upon secure multiparty computations and allows users to trade ... More
A Secure and Privacy-preserving Protocol for Smart Metering Operational Data CollectionJan 25 2018In this paper we propose a novel protocol that allows suppliers and grid operators to collect users' aggregate metering data in a secure and privacy-preserving manner. We use secure multiparty computation to ensure privacy protection. In addition, we ... More
CommanderSong: A Systematic Approach for Practical Adversarial Voice RecognitionJan 24 2018ASR (automatic speech recognition) systems like Siri, Alexa, Google Voice or Cortana has become quite popular recently. One of the key techniques enabling the practical use of such systems in people's daily life is deep learning. Though deep learning ... More
On the Gold Standard for Security of Universal SteganographyJan 24 2018While symmetric-key steganography is quite well understood both in the information-theoretic and in the computational setting, many fundamental questions about its public-key counterpart resist persistent attempts to solve them. The computational model ... More
Towards Understanding Connections between Security/Privacy Attitudes and Unlock AuthenticationJan 23 2018Feb 01 2018In this study, we examine the ways in which user attitudes towards privacy and security relating to mobile devices and the data stored thereon may impact the strength of unlock authentication, focusing on Android's graphical unlock patterns. We conducted ... More
Block arrivals in the Bitcoin blockchainJan 23 2018Bitcoin is a electronic payment system where payment transactions are verified and stored in a data structure called the blockchain. Bitcoin miners work individually to solve a computationally intensive problem, and with each solution a Bitcoin block ... More
Code-Frequency Block Group Coding for Anti-Spoofing Pilot Authentication in Multi-Antenna OFDM SystemsJan 23 2018A pilot spoofer can paralyze the channel estimation in multi-user orthogonal frequency-division multiplexing (OFD- M) systems by using the same publicly-known pilot tones as legitimate nodes. This causes the problem of pilot authentication (PA). To solve ... More
On a Generic Security Game ModelJan 18 2018To protect the systems exposed to the Internet against attacks, a security system with the capability to engage with the attacker is needed. There have been attempts to model the engagement/interactions between users, both benign and malicious, and network ... More
The Utility Cost of Robust Privacy GuaranteesJan 18 2018Consider a data publishing setting for a data set with public and private features. The objective of the publisher is to maximize the amount of information about the public features in a revealed data set, while keeping the information leaked about the ... More
A Multi-layer Recursive Residue Number SystemJan 15 2018We present a method to increase the dynamical range of a Residue Number System (RNS) by adding virtual RNS layers on top of the original RNS, where the required modular arithmetic for a modulus on any non-bottom layer is implemented by means of an RNS ... More
Arhuaco: Deep Learning and Isolation Based Security for Distributed High-Throughput ComputingJan 12 2018Grid computing systems require innovative methods and tools to identify cybersecurity incidents and perform autonomous actions i.e. without administrator intervention. They also require methods to isolate and trace job payload activity in order to protect ... More
A First Look at Identity Management Schemes on the BlockchainJan 10 2018The emergence of distributed ledger technology (DLT) based upon a blockchain data structure, has given rise to new approaches to identity management that aim to upend dominant approaches to providing and consuming digital identities. These new approaches ... More
Game of Drones - Detecting Streamed POI from Encrypted FPV ChannelJan 09 2018Drones have created a new threat to people's privacy. We are now in an era in which anyone with a drone equipped with a video camera can use it to invade a subject's privacy by streaming the subject in his/her private space over an encrypted first person ... More
Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power SystemsJan 03 2018The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks ... More
Quantum-secured data transmission in urban fibre-optic communication linesDec 28 2017Quantum key distribution (QKD) provides information-theoretic security in communication based on the laws of quantum physics. In this work, we report an implementation of quantum-secured data transmission in standard communication lines in Moscow. The ... More
Note on Attacking Object Detectors with Adversarial StickersDec 21 2017Deep learning has proven to be a powerful tool for computer vision and has seen widespread adoption for numerous tasks. However, deep learning algorithms are known to be vulnerable to adversarial examples. These adversarial inputs are created such that, ... More
The Pyramid Scheme: Oblivious RAM for Trusted ProcessorsDec 21 2017Modern processors, e.g., Intel SGX, allow applications to isolate secret code and data in encrypted memory regions called enclaves. While encryption effectively hides the contents of memory, the sequence of address references issued by the secret code ... More
Tracking Cyber Adversaries with Adaptive Indicators of CompromiseDec 20 2017A forensics investigation after a breach often uncovers network and host indicators of compromise (IOCs) that can be deployed to sensors to allow early detection of the adversary in the future. Over time, the adversary will change tactics, techniques, ... More
Towards an Economic Analysis of Routing in Payment Channel NetworksNov 07 2017Payment channel networks are supposed to overcome technical scalability limitations of blockchain infrastructure by employing a special overlay network with fast payment confirmation and only sporadic settlement of netted transactions on the blockchain. ... More
Differentially Private ANOVA TestingNov 03 2017Modern society generates an incredible amount of data about individuals, and releasing summary statistics about this data in a manner that provably protects individual privacy would offer a valuable resource for researchers in many fields. We present ... More
Privacy by typing in the $π$-calculusOct 17 2017Dec 17 2017In this paper we propose a formal framework for studying privacy in information systems. The proposal follows a two-axes schema where the first axis considers privacy as a taxonomy of rights and the second axis involves the ways an information system ... More
Automated fixing of access policy implementation in Industrial Networked SystemsOct 10 2017Access control (AC) is the core of every architectural solution for information security. Indeed, no effective protection scheme can abstract from the careful design of access control policies, and infrastructures underlying modern Industrial Networked ... More
Computation on Encrypted Data using Data Flow AuthenticationOct 01 2017Encrypting data before sending it to the cloud protects it against hackers and malicious insiders, but requires the cloud to compute on encrypted data. Trusted (hardware) modules, e.g., secure enclaves like Intel's SGX, can very efficiently run entire ... More
Angriffserkennung für industrielle Netzwerke innerhalb des Projektes IUNOSep 27 2017Nov 21 2017The increasing interconnectivity of industrial networks is one of the central current hot topics. It is adressed by research institutes, as well as industry. In order to perform the fourth industrial revolution, a full connectivity between production ... More
An Efficiently Searchable Encrypted Data Structure for Range QueriesSep 27 2017At CCS 2015 Naveed et al. presented first attacks on efficiently searchable encryption, such as deterministic and order-preserving encryption. These plaintext guessing attacks have been further improved in subsequent work, e.g. by Grubbs et al. in 2016. ... More
Is Geo-Indistinguishability What You Are Looking for?Sep 19 2017Since its proposal in 2013, geo-indistinguishability has been consolidated as a formal notion of location privacy, generating a rich body of literature building on this idea. A problem with most of these follow-up works is that they blindly rely on geo-indistinguishability ... More
Model Checking Social Network ModelsSep 07 2017A social network service is a platform to build social relations among people sharing similar interests and activities. The underlying structure of a social networks service is the social graph, where nodes represent users and the arcs represent the users' ... More
Quantum Fully Homomorphic Encryption With VerificationAug 30 2017Fully-homomorphic encryption (FHE) enables computation on encrypted data while maintaining secrecy. Recent research has shown that such schemes exist even for quantum computation. Given the numerous applications of classical FHE (zero-knowledge proofs, ... More
Verifying Security Policies in Multi-agent Workflows with LoopsAug 29 2017We consider the automatic verification of information flow security policies of web-based workflows, such as conference submission systems like EasyChair. Our workflow description language allows for loops, non-deterministic choice, and an unbounded number ... More
Deemon: Detecting CSRF with Dynamic Analysis and Property GraphsAug 29 2017Cross-Site Request Forgery (CSRF) vulnerabilities are a severe class of web vulnerabilities that have received only marginal attention from the research and security testing communities. While much effort has been spent on countermeasures and detection ... More
Algorithm Substitution Attacks from a Steganographic PerspectiveAug 21 2017Nov 01 2017The goal of an algorithm substitution attack (ASA), also called a subversion attack (SA), is to replace an honest implementation of a cryptographic tool by a subverted one which allows to leak private information while generating output indistinguishable ... More
Timed Epistemic Knowledge Bases for Social Networks (Extended Version)Aug 14 2017Sep 08 2017We present an epistemic logic equipped with time-stamps in the atoms and epistemic operators, which allows to reason not only about information available to the different agents, but also about the moments at which events happens and new knowledge is ... More
Towards a Concurrent and Distributed Route Selection for Payment Channel NetworksAug 08 2017Payment channel networks use off-chain transactions to provide virtually arbitrary transaction rates. In this paper, we provide a new perspective on payment channels and consider them as a flow network. We propose an extended push-relabel algorithm to ... More
The Internet of Hackable ThingsJul 26 2017The Internet of Things makes possible to connect each everyday object to the Internet, making computing pervasive like never before. From a security and privacy perspective, this tsunami of connectivity represents a disaster, which makes each object remotely ... More
Predicting Exploitation of Disclosed Software Vulnerabilities Using Open-source DataJul 25 2017Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities are known ... More
Teechain: Scalable Blockchain Payments using Trusted Execution EnvironmentsJul 18 2017Blockchain protocols such as Bitcoin are gaining traction for exchanging payments in a secure and decentralized manner. Their need to achieve consensus across a large number of participants, however, fundamentally limits their performance. We describe ... More
The Complexity of Human Computation: A Concrete Model with an Application to PasswordsJul 05 2017What can humans compute in their heads? We are thinking of a variety of Crypto Protocols, games like Sudoku, Crossword Puzzles, Speed Chess, and so on. The intent of this paper is to apply the ideas and methods of theoretical computer science to better ... More
AntibIoTic: Protecting IoT Devices Against DDoS AttacksJun 28 2017The 2016 is remembered as the year that showed to the world how dangerous Distributed Denial of Service attacks can be. Gauge of the disruptiveness of DDoS attacks is the number of bots involved: the bigger the botnet, the more powerful the attack. This ... More
Hey, you, keep away from my device: remotely implanting a virus expeller to defeat Mirai on IoT devicesJun 19 2017Mirai is botnet which targets out-of-date Internet-of-Things (IoT) devices. The disruptive Distributed Denial of Service (DDoS) attack last year has hit major Internet companies, causing intermittent service for millions of Internet users. Since the affected ... More
Scalable and Provably Secure P2P Communication ProtocolsJun 16 2017In contrast to the enormous advances made in cryptographic technology over the last 40 years, there have been correspondingly few advances in anonymizing channels. This lag in advances is due the technical challenge of constructing a provably secure, ... More
Local Differential Privacy for Physical Sensor Data and Sparse RecoveryMay 31 2017Sep 13 2017In this work we explore the utility of locally differentially private thermal sensor data. We design a locally differentially private recovery algorithm for the 1-dimensional, discrete heat source location problem and analyse its performance in terms ... More
Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving MechanismsMay 24 2017Aug 24 2017In the last years we have witnessed the appearance of a variety of strategies to design optimal location privacy-preserving mechanisms, in terms of maximizing the adversary's expected error with respect to the users' whereabouts. In this work, we take ... More
Ensemble Adversarial Training: Attacks and DefensesMay 19 2017Jan 30 2018Adversarial examples are perturbed inputs designed to fool machine learning models. Adversarial training injects such examples into training data to increase robustness. To scale this technique to large datasets, perturbations are crafted using fast single-step ... More
MPC meets SNA: A Privacy Preserving Analysis of Distributed Sensitive Social NetworksMay 19 2017In this paper, we formalize the notion of distributed sensitive social networks (DSSNs), which encompasses networks like enmity networks, financial transaction networks, supply chain networks and sexual relationship networks. Compared to the well studied ... More
When the Hammer Meets the Nail: Multi-Server PIR for Database-Driven CRN with Location Privacy AssuranceMay 02 2017We show that it is possible to achieve information theoretic location privacy for secondary users (SUs) in database-driven cognitive radio networks (CRNs) with an end-to-end delay less than a second, which is significantly better than that of the existing ... More
The Space of Transferable Adversarial ExamplesApr 11 2017May 23 2017Adversarial examples are maliciously perturbed inputs designed to mislead machine learning (ML) models at test-time. They often transfer: the same adversarial example fools more than one model. In this work, we propose novel methods for estimating the ... More
Economic Analysis of RansomwareMar 20 2017We present in this work an economic analysis of ransomware, with relevant data from Cryptolocker, CryptoWall, TeslaCrypt and other major strands. We include a detailed study of the impact that different price discrimination strategies can have on the ... More
HardIDX: Practical and Secure Index with SGXMar 14 2017Software-based approaches for search over encrypted data are still either challenged by lack of proper, low-leakage encryption or slow performance. Existing hardware-based approaches do not scale well due to hardware limitations and software designs that ... More
Integer Factorization with a Neuromorphic SieveMar 10 2017The bound to factor large integers is dominated by the computational effort to discover numbers that are smooth, typically performed by sieving a polynomial sequence. On a von Neumann architecture, sieving has log-log amortized time complexity to check ... More
Scalable Attestation Resilient to Physical Attacks for Embedded Devices in Mesh NetworksJan 27 2017Interconnected embedded devices are increasingly used invarious scenarios, including industrial control, building automation, or emergency communication. As these systems commonly process sensitive information or perform safety critical tasks, they become ... More
Cyber-Physical Systems Security -- A SurveyJan 17 2017With the exponential growth of cyber-physical systems (CPS), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lack a systematic study of CPS ... More
The German eID as an Authentication Token on Android DevicesJan 15 2017Due to the rapid increase of digitization within our society, digital identities gain more and more importance. Provided by the German eID solution, every citizen has the ability to identify himself against various governmental and private organizations ... More
Cheating-Resilient Incentive Scheme for Mobile Crowdsensing SystemsJan 08 2017Mobile Crowdsensing is a promising paradigm for ubiquitous sensing, which explores the tremendous data collected by mobile smart devices with prominent spatial-temporal coverage. As a fundamental property of Mobile Crowdsensing Systems, temporally recruited ... More
Faster Space-Efficient Algorithms for Subset Sum, k-Sum and Related ProblemsDec 08 2016We present space efficient Monte Carlo algorithms that solve Subset Sum and Knapsack instances with $n$ items using $O^*(2^{0.86n})$ time and polynomial space, where the $O^*(\cdot)$ notation suppresses factors polynomial in the input size. Both algorithms ... More
Efficient Distinct Heavy Hitters for DNS DDoS Attack DetectionDec 08 2016Motivated by a recent new type of randomized Distributed Denial of Service (DDoS) attacks on the Domain Name Service (DNS), we develop novel and efficient distinct heavy hitters algorithms and build an attack identification system that uses our algorithms. ... More
Individual Differential Privacy: A Utility-Preserving Formulation of Differential Privacy GuaranteesDec 07 2016Differential privacy is a popular privacy model within the research community because of the strong privacy guarantee it offers, namely that the presence or absence of any individual in a data set does not significantly influence the results of analyses ... More
Experimental measurement-device-independent quantum random number generationDec 07 2016The randomness from a quantum random number generator (QRNG) relies on the accurate characterization of its devices. However, device imperfections and inaccurate characterizations can result in wrong entropy estimation and bias in practice, which highly ... More
Design and ARM-embedded implementation of a chaotic map-based multicast scheme for multiuser speech wireless communicationDec 06 2016This paper proposes a chaotic map-based multicast scheme for multiuser speech wireless communication and implements it in an ARM platform. The scheme compresses the digital audio signal decoded by a sound card and then encrypts it with a three-level chaotic ... More
Sub-linear Privacy-preserving Search with Untrusted Server and Semi-honest PartiesDec 06 2016Privacy-preserving Near-neighbor search (PP-NNS) is a well-studied problem in the literature. The overwhelming growth in the size of current datasets and the lack of any truly secure server in the online world render the existing solutions impractical ... More
Sub-linear Privacy-preserving Search with Untrusted Server and Semi-honest PartiesDec 06 2016Dec 07 2016Privacy-preserving Near-neighbor search (PP-NNS) is a well-studied problem in the literature. The overwhelming growth in the size of current datasets and the lack of any truly secure server in the online world render the existing solutions impractical ... More
PRIMA: Privacy-Preserving Identity and Access Management at Internet-ScaleDec 06 2016The management of identities on the Internet has evolved from the traditional approach (where each service provider stores and manages identities) to a federated identity management system (where the identity management is delegated to a set of identity ... More
Detecting Byzantine Attacks for Gaussian Two-Way Relay SystemDec 06 2016This paper focuses on Byzantine attack detection for Gaussian two-way relay network. In this network, two source nodes communicate with each other with the help of an amplify-and-forward relay which may perform Byzantine attacks by forwarding altered ... More
A System Architecture for the Detection of Insider Attacks in Big Data SystemsDec 05 2016In big data systems, the infrastructure is such that large amounts of data are hosted away from the users. In such a system information security is considered as a major challenge. From a customer perspective, one of the big risks in adopting big data ... More
N-gram Opcode Analysis for Android Malware DetectionDec 05 2016Android malware has been on the rise in recent years due to the increasing popularity of Android and the proliferation of third party application markets. Emerging Android malware families are increasingly adopting sophisticated detection avoidance techniques ... More
Privacy on the Blockchain: Unique Ring SignaturesDec 04 2016Ring signatures are cryptographic protocols designed to allow any member of a group to produce a signature on behalf of the group, without revealing the individual signer's identity. This offers group members a level of anonymity not attainable through ... More
Security Analysis of Encrypted Virtual MachinesDec 04 2016Cloud computing has become indispensable in today's computer landscape. The flexibility it offers for customers as well as for providers has become a crucial factor for large parts of the computer industry. Virtualization is the key technology that allows ... More
A Protocol for a Secure Remote Keyless Entry System Applicable in Vehicles using Symmetric-Key CryptographyDec 03 2016In our modern society comfort became a standard. This comfort, especially in cars can only be achieved by equipping the car with more electronic devices. Some of the electronic devices must cooperate with each other and thus they require a communication ... More
Spying Browser Extensions: Analysis and DetectionDec 02 2016Several studies have been conducted on understanding third-party user tracking on the web. However, web trackers can only track users on sites where they are embedded by the publisher, thus obtaining a fragmented view of a user's online footprint. In ... More
Estonian Voting Verification Mechanism RevisitedDec 02 2016After the Estonian Parliamentary Elections held in 2011, an additional verification mechanism was integrated into the i-voting system in order to resist corrupted voting devices, including the so called Student's Attack where a student practically showed ... More
Optimizing Governed Blockchains for Financial Process AuthenticationsDec 01 2016We propose the formal study of governed blockchains that are owned and controlled by organizations and that neither create cryptocurrencies nor provide any incentives to solvers of cryptographic puzzles. We view such approaches as frameworks in which ... More
Forensics Acquisition and Analysis of instant messaging and VoIP applicationsDec 01 2016The advent of the Internet has significantly transformed the daily activities of millions of people, with one of them being the way people communicate where Instant Messaging (IM) and Voice over IP (VoIP) communications have become prevalent. Although ... More
When to Reset Your Keys: Optimal Timing of Security Updates via LearningDec 01 2016Dec 02 2016Cybersecurity is increasingly threatened by advanced and persistent attacks. As these attacks are often designed to disable a system (or a critical resource, e.g., a user account) repeatedly, it is crucial for the defender to keep updating its security ... More
When to Reset Your Keys: Optimal Timing of Security Updates via LearningDec 01 2016Cybersecurity is increasingly threatened by advanced and persistent attacks. As these attacks are often designed to disable a system (or a critical resource, e.g., a user account) repeatedly, it is crucial for the defender to keep updating its security ... More
Android Code Protection via Obfuscation Techniques: Past, Present and Future DirectionsNov 30 2016Mobile devices have become ubiquitous due to centralization of private user information, contacts, messages and multiple sensors. Google Android, an open-source mobile Operating System (OS), is currently the market leader. Android popularity has motivated ... More
A Bayesian Network Approach to Assess and Predict Software Quality Using Activity-Based Quality ModelsNov 30 2016Context: Software quality is a complex concept. Therefore, assessing and predicting it is still challenging in practice as well as in research. Activity-based quality models break down this complex concept into concrete definitions, more precisely facts ... More