Visible to the public Biblio

Filters: Keyword is confidential messages  [Clear All Filters]
Segoro, M. B., Putro, P. A. Wibowo.  2020.  Implementation of Two Factor Authentication (2FA) and Hybrid Encryption to Reduce the Impact of Account Theft on Android-Based Instant Messaging (IM) Applications. 2020 International Workshop on Big Data and Information Security (IWBIS). :115—120.

Instant messaging is an application that is widely used to communicate. Based on the report, three of the five most used social media platforms are chat or instant messaging. Instant messaging was chosen for communication because it has security features in log in using a One Time Password (OTP) code, end-to-end encryption, and even two-factor authentication. However, instant messaging applications still have a vulnerability to account theft. This account theft occurs when the user loses his cellphone. Account theft can happen when a cellphone is locked or not. As a result of this account theft, thieves can read confidential messages and send fake news on behalf of the victim. In this research, instant messaging application security will be applied using hybrid encryption and two-factor authentication, which are made interrelated. Both methods will be implemented in 2 implementation designs. The implementation design is securing login and securing sending and receiving messages. For login security, QR Code implementation is sent via email. In sending and receiving messages, the message decryption process will be carried out when the user is authenticated using a fingerprint. Hybrid encryption as message security uses RSA 2048 and AES 128. Of the ten attempts to steal accounts that have been conducted, it is shown that the implementation design is proven to reduce the impact of account theft.

Gollamudi, Anitha, Chong, Stephen, Arden, Owen.  2019.  Information Flow Control for Distributed Trusted Execution Environments. 2019 IEEE 32nd Computer Security Foundations Symposium (CSF). :304–30414.

Distributed applications cannot assume that their security policies will be enforced on untrusted hosts. Trusted execution environments (TEEs) combined with cryptographic mechanisms enable execution of known code on an untrusted host and the exchange of confidential and authenticated messages with it. TEEs do not, however, establish the trustworthiness of code executing in a TEE. Thus, developing secure applications using TEEs requires specialized expertise and careful auditing. This paper presents DFLATE, a core security calculus for distributed applications with TEEs. DFLATE offers high-level abstractions that reflect both the guarantees and limitations of the underlying security mechanisms they are based on. The accuracy of these abstractions is exhibited by asymmetry between confidentiality and integrity in our formal results: DFLATE enforces a strong form of noninterference for confidentiality, but only a weak form for integrity. This reflects the asymmetry of the security guarantees of a TEE: a malicious host cannot access secrets in the TEE or modify its contents, but they can suppress or manipulate the sequence of its inputs and outputs. Therefore DFLATE cannot protect against the suppression of high-integrity messages, but when these messages are delivered, their contents cannot have been influenced by an attacker.

A. A. Zewail, A. Yener.  2015.  "The two-hop interference untrusted-relay channel with confidential messages". 2015 IEEE Information Theory Workshop - Fall (ITW). :322-326.

This paper considers the two-user interference relay channel where each source wishes to communicate to its destination a message that is confidential from the other destination. Furthermore, the relay, that is the enabler of communication, due to the absence of direct links, is untrusted. Thus, the messages from both sources need to be kept secret from the relay as well. We provide an achievable secure rate region for this network. The achievability scheme utilizes structured codes for message transmission, cooperative jamming and scaled compute-and-forward. In particular, the sources use nested lattice codes and stochastic encoding, while the destinations jam using lattice points. The relay decodes two integer combinations of the received lattice points and forwards, using Gaussian codewords, to both destinations. The achievability technique provides the insight that we can utilize the untrusted relay node as an encryption block in a two-hop interference relay channel with confidential messages.