Visible to the public Biblio

Found 2299 results

Filters: First Letter Of Last Name is K  [Clear All Filters]
Conference Paper
Kumaresan, Ranjit, Bentov, Iddo.  2016.  Amortizing Secure Computation with Penalties. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :418–429.

Motivated by the impossibility of achieving fairness in secure computation [Cleve, STOC 1986], recent works study a model of fairness in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty to every other party that did not receive the output. These works show how to design protocols for secure computation with penalties that guarantees that either fairness is guaranteed or that each honest party obtains a monetary penalty from the adversary. Protocols for this task are typically designed in an hybrid model where parties have access to a "claim-or-refund" transaction functionality denote FCR*. In this work, we obtain improvements on the efficiency of these constructions by amortizing the cost over multiple executions of secure computation with penalties. More precisely, for computational security parameter λ, we design a protocol that implements l = poly\vphantom\\(λ) instances of secure computation with penalties where the total number of calls to FCR* is independent of l.

Mansour, Ahmad, Malik, Khalid M., Kaso, Niko.  2019.  AMOUN: Lightweight Scalable Multi-recipient Asymmetric Cryptographic Scheme. 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). :0838–0846.
Securing multi-party communication is very challenging particularly in dynamic networks. Existing multi-recipient cryptographic schemes pose variety of limitations. These include: requiring trust among all recipients to make an agreement, high computational cost for both encryption and decryption, and additional communication overhead when group membership changes. To overcome these limitations, this paper introduces a novel multi-recipient asymmetric cryptographic scheme, AMOUN. This scheme enables the sender to possibly send different messages in one ciphertext to multiple recipients to better utilize network resources, while ensuring that each recipient only retrieves its own designated message. Security analysis demonstrates that proposed scheme is secure against well-known attacks. Evaluation results demonstrate that lightweight AMOUN outperforms RSA and Multi-RSA in terms of computational cost for both encryption and decryption. For a given prime size, in case of encryption, AMOUN achieves 86% and 98% lower average computational cost than RSA and Multi-RSA, respectively; while for decryption, it shows performance improvement of 98% compared to RSA and Multi-RSA.
Tung, Yu-Chih, Shin, Kang G., Kim, Kyu-Han.  2016.  Analog Man-in-the-middle Attack Against Link-based Packet Source Identification. Proceedings of the 17th ACM International Symposium on Mobile Ad Hoc Networking and Computing. :331–340.

A novel attack model is proposed against the existing wireless link-based source identification, which classifies packet sources according to the physical-layer link signatures. A link signature is believed to be a more reliable indicator than an IP or MAC address for identifying packet source, as it is generally harder to modify/forge. It is therefore expected to be a future authentication against impersonation and DoS attacks. However, if an attacker is equipped with the same capability/hardware as the authenticator to process physical-layer signals, a link signature can be easily manipulated by any nearby wireless device during the training phase. Based on this finding, we propose an attack model, called the analog man-in-the-middle (AMITM) attack, which utilizes the latest full-duplex relay technology to inject semi-controlled link signatures into authorized packets and reproduce the injected signature in the fabricated packets. Our experimental evaluation shows that with a proper parameter setting, 90% of fabricated packets are classified as those sent from an authorized transmitter. A countermeasure against this new attack is also proposed for the authenticator to inject link-signature noise by the same attack methodology.

Wilson, Jason R., Krause, Evan, Scheutz, Matthias, Rivers, Morgan.  2016.  Analogical Generalization of Actions from Single Exemplars in a Robotic Architecture. Proceedings of the 2016 International Conference on Autonomous Agents & Multiagent Systems. :1015–1023.

Humans are often able to generalize knowledge learned from a single exemplar. In this paper, we present a novel integration of mental simulation and analogical generalization algorithms into a cognitive robotic architecture that enables a similarly rudimentary generalization capability in robots. Specifically, we show how a robot can generate variations of a given scenario and then use the results of those new scenarios run in a physics simulator to generate generalized action scripts using analogical mappings. The generalized action scripts then allow the robot to perform the originally learned activity in a wider range of scenarios with different types of objects without the need for additional exploration or practice. In a proof-of-concept demonstration we show how the robot can generalize from a previously learned pick-and-place action performed with a single arm on an object with a handle to a pick-and-place action of a cylindrical object with no handle with two arms.

Margolis, Joel, Oh, Tae(Tom), Jadhav, Suyash, Jeong, Jaehoon(Paul), Kim, Young Ho, Kim, Jeong Neyo.  2017.  Analysis and Impact of IoT Malware. Proceedings of the 18th Annual Conference on Information Technology Education. :187–187.
As Internet of Things (IoT) devices become more and more prevalent, it is important for research to be done around the security and integrity of them. By doing so, consumers can make well-informed choices about the smart devices that they purchase. This poster presents information about how three different IoT-specific malware variants operate and impact newly connected devices.
Kılın\c c, H. H., Acar, O. F..  2018.  Analysis of Attack and Attackers on VoIP Honeypot Environment. 2018 26th Signal Processing and Communications Applications Conference (SIU). :1-4.

This work explores attack and attacker profiles using a VoIP-based Honeypot. We implemented a low interaction honeypot environment to identify the behaviors of the attackers and the services most frequently used. We watched honeypot for 180 days and collected 242.812 events related to FTP, SIP, MSSQL, MySQL, SSH, SMB protocols. The results provide an in-depth analysis about both attacks and attackers profile, their tactics and purposes. It also allows understanding user interaction with a vulnerable honeypot environment.

Musa, Tanvirali, Yeo, Kheng Cher, Azam, Sami, Shanmugam, Bharanidharan, Karim, Asif, Boer, Friso De, Nur, Fernaz Narin, Faisal, Fahad.  2019.  Analysis of Complex Networks for Security Issues using Attack Graph. 2019 International Conference on Computer Communication and Informatics (ICCCI). :1–6.
Organizations perform security analysis for assessing network health and safe-guarding their growing networks through Vulnerability Assessments (AKA VA Scans). The output of VA scans is reports on individual hosts and its vulnerabilities, which, are of little use as the origin of the attack can't be located from these. Attack Graphs, generated without an in-depth analysis of the VA reports, are used to fill in these gaps, but only provide cursory information. This study presents an effective model of depicting the devices and the data flow that efficiently identifies the weakest nodes along with the concerned vulnerability's origin.The complexity of the attach graph using MulVal has been greatly reduced using the proposed approach of using the risk and CVSS base score as evaluation criteria. This makes it easier for the user to interpret the attack graphs and thus reduce the time taken needed to identify the attack paths and where the attack originates from.
Vorobiev, E. G., Petrenko, S. A., Kovaleva, I. V., Abrosimov, I. K..  2017.  Analysis of computer security incidents using fuzzy logic. 2017 XX IEEE International Conference on Soft Computing and Measurements (SCM). :369–371.

The work proposes and justifies a processing algorithm of computer security incidents based on the author's signatures of cyberattacks. Attention is also paid to the design pattern SOPKA based on the Russian ViPNet technology. Recommendations are made regarding the establishment of the corporate segment SOPKA, which meets the requirements of Presidential Decree of January 15, 2013 number 31c “On the establishment of the state system of detection, prevention and elimination of the consequences of cyber-attacks on information resources of the Russian Federation” and “Concept of the state system of detection, prevention and elimination of the consequences of cyber-attacks on information resources of the Russian Federation” approved by the President of the Russian Federation on December 12, 2014, No K 1274.

Nakamura, R., Kamiyama, N..  2020.  Analysis of Content Availability at Network Failure in Information-Centric Networking. 2020 16th International Conference on Network and Service Management (CNSM). :1–7.
In recent years, ICN (Information-Centric Networking) has been under the spotlight as a network that mainly focuses on transmitted and received data rather than on the hosts that transmit and receive data. Generally, the communication networks such as ICNs are required to be robust against network failures caused by attacks and disasters. One of the metrics for the robustness of conventional host-centric networks, e.g., TCP/IP network, is reachability between nodes in the network after network failures, whereas the key metric for the robustness of ICNs is content availability. In this paper, we focus on an arbitrary ICN network and derive the content availability for a given probability of node removal. Especially, we analytically obtain the average content availability over an entire network in the case where just a single path from a node to a repository, i.e., contents server, storing contents is available and where multiple paths to the repository are available, respectively. Furthermore, through several numerical evaluations, we investigate the effect of the structure of network topology as well as the pattern and scale of the network failures on the content availability in ICN. Our findings include that, regardless of patterns of network failures, the content availability is significantly improved by caching contents at routers and using multiple paths, and that the content availability is more degraded at cluster-based node removal compared with random node removal.
Johnson, R., Kiourtis, N., Stavrou, A., Sritapan, V..  2015.  Analysis of content copyright infringement in mobile application markets. 2015 APWG Symposium on Electronic Crime Research (eCrime). :1–10.

As mobile devices increasingly become bigger in terms of display and reliable in delivering paid entertainment and video content, we also see a rise in the presence of mobile applications that attempt to profit by streaming pirated content to unsuspected end-users. These applications are both paid and free and in the case of free applications, the source of funding appears to be advertisements that are displayed while the content is streamed to the device. In this paper, we assess the extent of content copyright infringement for mobile markets that span multiple platforms (iOS, Android, and Windows Mobile) and cover both official and unofficial mobile markets located across the world. Using a set of search keywords that point to titles of paid streaming content, we discovered 8,592 Android, 5,550 iOS, and 3,910 Windows mobile applications that matched our search criteria. Out of those applications, hundreds had links to either locally or remotely stored pirated content and were not developed, endorsed, or, in many cases, known to the owners of the copyrighted contents. We also revealed the network locations of 856,717 Uniform Resource Locators (URLs) pointing to back-end servers and cyber-lockers used to communicate the pirated content to the mobile application.

Dcruz, Hans John, Kaliaperumal, Baskaran.  2018.  Analysis of Cyber-Physical Security in Electric Smart Grid : Survey and challenges. 2018 6th International Renewable and Sustainable Energy Conference (IRSEC). :1–6.
With the advancement in technology, inclusion of Information and Communication Technology (ICT) in the conventional Electrical Power Grid has become evident. The combination of communication system with physical system makes it cyber-physical system (CPS). Though the advantages of this improvement in technology are numerous, there exist certain issues with the system. Security and privacy concerns of a CPS are a major field and research and the insight of which is content of this paper.
Kim, H., Hahn, C., Hur, J..  2019.  Analysis of Forward Private Searchable Encryption and Its Application to Multi-Client Settings. 2019 Eleventh International Conference on Ubiquitous and Future Networks (ICUFN). :529-531.

Searchable encryption (SE) supports privacy-preserving searches over encrypted data. Recent studies on SE have focused on improving efficiency of the schemes. However, it was shown that most of the previous SE schemes could reveal the client's queries even if they are encrypted, thereby leading to privacy violation. In order to solve the problem, several forward private SE schemes have been proposed in a single client environment. However, the previous forward private SE schemes have never been analyzed in multi-client settings. In this paper, we briefly review the previous forward private SE schemes. Then, we conduct a comparative analysis of them in terms of performance and forward privacy. Our analysis demonstrates the previous forward secure SE schemes highly depend on the file-counter. Lastly, we show that they are not scalable in multi-client settings due to the performance and security issue from the file-counter.

Kesiman, M. W. A., Prum, S., Sunarya, I. M. G., Burie, J. C., Ogier, J. M..  2015.  An analysis of ground truth binarized image variability of palm leaf manuscripts. 2015 International Conference on Image Processing Theory, Tools and Applications (IPTA). :229–233.

As a very valuable cultural heritage, palm leaf manuscripts offer a new challenge in document analysis system due to the specific characteristics on physical support of the manuscript. With the aim of finding an optimal binarization method for palm leaf manuscript images, creating a new ground truth binarized image is a necessary step in document analysis of palm leaf manuscript. But, regarding to the human intervention in ground truthing process, an important remark about the subjectivity effect on the construction of ground truth binarized image has been analysed and reported. In this paper, we present an experiment in a real condition to analyse the existance of human subjectivity on the construction of ground truth binarized image of palm leaf manuscript images and to measure quantitatively the ground truth variability with several binarization evaluation metrics.

Khandelwal, S., Rana, S., Pandey, K., Kaushik, P..  2018.  Analysis of Hyperparameter Tuning in Neural Style Transfer. 2018 Fifth International Conference on Parallel, Distributed and Grid Computing (PDGC). :36–41.

Most of the notable artworks of all time are hand drawn by great artists. But, now with the advancement in image processing and huge computation power, very sophisticated synthesised artworks are being produced. Since mid-1990's, computer graphics engineers have come up with algorithms to produce digital paintings, but the results were not visually appealing. Recently, neural networks have been used to do this task and the results seen are like never before. One such algorithm for this purpose is the neural style transfer algorithm, which imparts the pattern from one image to another, producing marvellous pieces of art. This research paper focuses on the roles of various parameters involved in the neural style transfer algorithm. An extensive analysis of how these parameters influence the output, in terms of time, performance and quality of the style transferred image produced is also shown in the paper. A concrete comparison has been drawn on the basis of different time and performance metrics. Finally, optimal values for these discussed parameters have been suggested.

Mousavi, M. Z., Kumar, S..  2019.  Analysis of key Factors for Organization Information Security. 2019 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon). :514—518.
Protecting sensitive information from illegal access and misuse is crucial to all organizations. An inappropriate Information Security (IS) policy and procedures are not only a suitable environment for an outsider attack but also a good chance for the insiders' misuse. In this paper, we will discuss the roles of an organization in information security and how human behavior affects the Information Security System (ISS). How an organization can create and instill an effective information security culture in an organization to improve their information safeguards. The findings in this review can be used to further researches and will be useful for organizations to improve their information security structure (ISC).
Kumari, Alpana, Krishnan, Shoba.  2019.  Analysis of Malicious Behavior of Blackhole and Rushing Attack in MANET. 2019 International Conference on Nascent Technologies in Engineering (ICNTE). :1–6.

Mobile Adhoc Network (MANET) are the networks where network nodes uses wireless links to transfer information from one node to another without making use of existing infrastructure. There is no node in the network to control and coordinate establishment of connections between the network nodes. Hence the network nodes performs dual function of both node as well as router. Due to dynamically changing network scenarios, absence of centralization and lack of resources, MANETs have a threat of large number of security attacks. Hence security attacks need to be evaluated in order to find effective methods to avoid or remove them. In this paper malicious behavior of Blackhole attack and Rushing attack is studied and analyzed for QoS metrics.

Lastinec, Jan, Keszeli, Mario.  2019.  Analysis of Realistic Attack Scenarios in Vehicle Ad-Hoc Networks. 2019 7th International Symposium on Digital Forensics and Security (ISDFS). :1–6.

The pace of technological development in automotive and transportation has been accelerating rapidly in recent years. Automation of driver assistance systems, autonomous driving, increasing vehicle connectivity and emerging inter-vehicular communication (V2V) are among the most disruptive innovations, the latter of which also raises numerous unprecedented security concerns. This paper is focused on the security of V2V communication in vehicle ad-hoc networks (VANET) with the main goal of identifying realistic attack scenarios and evaluating their impact, as well as possible security countermeasures to thwart the attacks. The evaluation has been done in OMNeT++ simulation environment and the results indicate that common attacks, such as replay attack or message falsification, can be eliminated by utilizing digital signatures and message validation. However, detection and mitigation of advanced attacks such as Sybil attack requires more complex approach. The paper also presents a simple detection method of Sybil nodes based on measuring the signal strength of received messages and maintaining reputation of sending nodes. The evaluation results suggest that the presented method is able to detect Sybil nodes in VANET and contributes to the improvement of traffic flow.

K, S. K., Sahoo, S., Mahapatra, A., Swain, A. K., Mahapatra, K. K..  2017.  Analysis of Side-Channel Attack AES Hardware Trojan Benchmarks against Countermeasures. 2017 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). :574–579.

Hardware Trojan (HT) is one of the well known hardware security issue in research community in last one decade. HT research is mainly focused on HT detection, HT defense and designing novel HT's. HT's are inserted by an adversary for leaking secret data, denial of service attacks etc. Trojan benchmark circuits for processors, cryptography and communication protocols from Trust-hub are widely used in HT research. And power analysis based side channel attacks and designing countermeasures against side channel attacks is a well established research area. Trust-Hub provides a power based side-channel attack promoting Advanced Encryption Standard (AES) HT benchmarks for research. In this work, we analyze the strength of AES HT benchmarks in the presence well known side-channel attack countermeasures. Masking, Random delay insertion and tweaking the operating frequency of clock used in sensitive operations are applied on AES benchmarks. Simulation and power profiling studies confirm that side-channel promoting HT benchmarks are resilient against these selected countermeasures and even in the presence of these countermeasures; an adversary can get the sensitive data by triggering the HT.

Khari, M., Vaishali, Kumar, M..  2016.  Analysis of software security testing using metaheuristic search technique. 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom). :2147–2152.

Metaheuristic search technique is one of the advance approach when compared with traditional heuristic search technique. To select one option among different alternatives is not hard to get but really hard is give assurance that being cost effective. This hard problem is solved by the meta-heuristic search technique with the help of fitness function. Fitness function is a crucial metrics or a measure which helps in deciding which solution is optimal to choose from available set of test sets. This paper discusses hill climbing, simulated annealing, tabu search, genetic algorithm and particle swarm optimization techniques in detail explaining with the help of the algorithm. If metaheuristic search techniques combine some of the security testing methods, it would result in better searching technique as well as secure too. This paper primarily focusses on the metaheuristic search techniques.

Kim, Y.-K., Lee, J. J., Go, M.-H., Lee, K..  2020.  Analysis of the Asymmetrical Relationships between State Actors and APT Threat Groups. 2020 International Conference on Information and Communication Technology Convergence (ICTC). :695–700.
During the Cold War era, countries with asymmetrical relationships often demonstrated how lower-tier nation states required the alliance and support from top-tier nation states. This statement no longer stands true as country such as North Korea has exploited global financial institutions through various malware such as WANNACRY V0, V1, V2, evtsys.exe, and BRAMBUL WORM. Top tier nation states such as the U.S. are unable to use diplomatic clout or to retaliate against the deferrer. Our study examined the affidavit filed against the North Korean hacker, Park Jin Hyok, which was provided by the FBI. Our paper focuses on the operations and campaigns that were carried out by the Lazarus Group by focusing on the key factors of the infrastructure and artifacts. Due to the nature of the cyber deterrence, deterrence in the cyber realm is far complex than the nuclear deterrence. We focused on the Sony Picture Entertainment’s incident for our study. In this study, we discuss how cyber deterrence can be employed when different nation states share an asymmetrical relationship. Furthermore, we focus on contestability and attribution that is a key factor that makes cyber deterrence difficult.
Kostromitin, K. I., Dokuchaev, B. N., Kozlov, D. A..  2020.  Analysis of the Most Common Software and Hardware Vulnerabilities in Microprocessor Systems. 2020 International Russian Automation Conference (RusAutoCon). :1031—1036.

The relevance of data protection is related to the intensive informatization of various aspects of society and the need to prevent unauthorized access to them. World spending on ensuring information security (IS) for the current state: expenses in the field of IS today amount to \$81.7 billion. Expenditure forecast by 2020: about \$105 billion [1]. Information protection of military facilities is the most critical in the public sector, in the non-state - financial organizations is one of the leaders in spending on information protection. An example of the importance of IS research is the Trojan encoder WannaCry, which infected hundreds of thousands of computers around the world, attacks are recorded in more than 116 countries. The attack of the encoder of WannaCry (Wana Decryptor) happens through a vulnerability in service Server Message Block (protocol of network access to file systems) of Windows OS. Then, a rootkit (a set of malware) was installed on the infected system, using which the attackers launched an encryption program. Then each vulnerable computer could become infected with another infected device within one local network. Due to these attacks, about \$70,000 was lost (according to data from 18.05.2017) [2]. It is assumed in the presented work, that the software level of information protection is fundamentally insufficient to ensure the stable functioning of critical objects. This is due to the possible hardware implementation of undocumented instructions, discussed later. The complexity of computing systems and the degree of integration of their components are constantly growing. Therefore, monitoring the operation of the computer hardware is necessary to achieve the maximum degree of protection, in particular, data processing methods.

Ikram, Muhammad, Vallina-Rodriguez, Narseo, Seneviratne, Suranga, Kaafar, Mohamed Ali, Paxson, Vern.  2016.  An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps. Proceedings of the 2016 Internet Measurement Conference. :349–364.

Millions of users worldwide resort to mobile VPN clients to either circumvent censorship or to access geo-blocked content, and more generally for privacy and security purposes. In practice, however, users have little if any guarantees about the corresponding security and privacy settings, and perhaps no practical knowledge about the entities accessing their mobile traffic. In this paper we provide a first comprehensive analysis of 283 Android apps that use the Android VPN permission, which we extracted from a corpus of more than 1.4 million apps on the Google Play store. We perform a number of passive and active measurements designed to investigate a wide range of security and privacy features and to study the behavior of each VPN-based app. Our analysis includes investigation of possible malware presence, third-party library embedding, and traffic manipulation, as well as gauging user perception of the security and privacy of such apps. Our experiments reveal several instances of VPN apps that expose users to serious privacy and security vulnerabilities, such as use of insecure VPN tunneling protocols, as well as IPv6 and DNS traffic leakage. We also report on a number of apps actively performing TLS interception. Of particular concern are instances of apps that inject JavaScript programs for tracking, advertising, and for redirecting e-commerce traffic to external partners.

Treseangrat, K., Kolahi, S. S., Sarrafpour, B..  2015.  Analysis of UDP DDoS cyber flood attack and defense mechanisms on Windows Server 2012 and Linux Ubuntu 13. 2015 International Conference on Computer, Information and Telecommunication Systems (CITS). :1–5.

Distributed Denial of Service (DoS) attacks is one of the major threats and among the hardest security problems in the Internet world. In this paper, we study the impact of a UDP flood attack on TCP throughputs, round-trip time, and CPU utilization on the latest version of Windows and Linux platforms, namely, Windows Server 2012 and Linux Ubuntu 13. This paper also evaluates several defense mechanisms including Access Control Lists (ACLs), Threshold Limit, Reverse Path Forwarding (IP Verify), and Network Load Balancing. Threshold Limit defense gave better results than the other solutions.

Kolahi, S. S., Treseangrat, K., Sarrafpour, B..  2015.  Analysis of UDP DDoS flood cyber attack and defense mechanisms on Web Server with Linux Ubuntu 13. 2015 International Conference on Communications, Signal Processing, and their Applications (ICCSPA). :1–5.

Denial of Service (DoS) attacks is one of the major threats and among the hardest security problems in the Internet world. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With little or no advance warning, an attacker can easily exhaust the computing resources of its victim within a short period of time. In this paper, we study the impact of a UDP flood attack on TCP throughput, round-trip time, and CPU utilization for a Web Server with the new generation of Linux platform, Linux Ubuntu 13. This paper also evaluates the impact of various defense mechanisms, including Access Control Lists (ACLs), Threshold Limit, Reverse Path Forwarding (IP Verify), and Network Load Balancing. Threshold Limit is found to be the most effective defense.

Li, H., Xie, R., Kong, X., Wang, L., Li, B..  2020.  An Analysis of Utility for API Recommendation: Do the Matched Results Have the Same Efforts? 2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS). :479—488.

The current evaluation of API recommendation systems mainly focuses on correctness, which is calculated through matching results with ground-truth APIs. However, this measurement may be affected if there exist more than one APIs in a result. In practice, some APIs are used to implement basic functionalities (e.g., print and log generation). These APIs can be invoked everywhere, and they may contribute less than functionally related APIs to the given requirements in recommendation. To study the impacts of correct-but-useless APIs, we use utility to measure them. Our study is conducted on more than 5,000 matched results generated by two specification-based API recommendation techniques. The results show that the matched APIs are heavily overlapped, 10% APIs compose more than 80% matched results. The selected 10% APIs are all correct, but few of them are used to implement the required functionality. We further propose a heuristic approach to measure the utility and conduct an online evaluation with 15 developers. Their reports confirm that the matched results with higher utility score usually have more efforts on programming than the lower ones.