Visible to the public Biblio

Filters: First Letter Of Title is Y  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X [Y] Z   [Show ALL]
Y
Kalokyri, Varvara, Borgida, Alexander, Marian, Amélie.  2018.  YourDigitalSelf: A Personal Digital Trace Integration Tool. Proceedings of the 27th ACM International Conference on Information and Knowledge Management. :1963–1966.
Personal information is typically fragmented across multiple, heterogeneous, distributed sources and saved as small, heterogeneous data objects, or traces. The DigitalSelf project at Rutgers University focuses on developing tools and techniques to manage (organize, search, summarize, make inferences on and personalize) such heterogeneous collections of personal digital traces. We propose to demonstrate YourDigitalSelf, a mobile phone-based personal information organization application developed as part of the DigitalSelf project. The demonstration will use a sample user data set to show how several disparate data traces can be integrated and combined to create personal narratives, or coherent episodes, of the user's activities. Conference attendees will be given the option to install YourDigitalSelf on their own devices to interact with their own data.
Zhang, Yiming, Fan, Yujie, Song, Wei, Hou, Shifu, Ye, Yanfang, Li, Xin, Zhao, Liang, Shi, Chuan, Wang, Jiabin, Xiong, Qi.  2019.  Your Style Your Identity: Leveraging Writing and Photography Styles for Drug Trafficker Identification in Darknet Markets over Attributed Heterogeneous Information Network. The World Wide Web Conference. :3448–3454.
Due to its anonymity, there has been a dramatic growth of underground drug markets hosted in the darknet (e.g., Dream Market and Valhalla). To combat drug trafficking (a.k.a. illicit drug trading) in the cyberspace, there is an urgent need for automatic analysis of participants in darknet markets. However, one of the key challenges is that drug traffickers (i.e., vendors) may maintain multiple accounts across different markets or within the same market. To address this issue, in this paper, we propose and develop an intelligent system named uStyle-uID leveraging both writing and photography styles for drug trafficker identification at the first attempt. At the core of uStyle-uID is an attributed heterogeneous information network (AHIN) which elegantly integrates both writing and photography styles along with the text and photo contents, as well as other supporting attributes (i.e., trafficker and drug information) and various kinds of relations. Built on the constructed AHIN, to efficiently measure the relatedness over nodes (i.e., traffickers) in the constructed AHIN, we propose a new network embedding model Vendor2Vec to learn the low-dimensional representations for the nodes in AHIN, which leverages complementary attribute information attached in the nodes to guide the meta-path based random walk for path instances sampling. After that, we devise a learning model named vIdentifier to classify if a given pair of traffickers are the same individual. Comprehensive experiments on the data collections from four different darknet markets are conducted to validate the effectiveness of uStyle-uID which integrates our proposed method in drug trafficker identification by comparisons with alternative approaches.
Chang, Kai Chih, Nokhbeh Zaeem, Razieh, Barber, K. Suzanne.  2020.  Is Your Phone You? How Privacy Policies of Mobile Apps Allow the Use of Your Personally Identifiable Information 2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). :256–262.
People continue to store their sensitive information in their smart-phone applications. Users seldom read an app's privacy policy to see how their information is being collected, used, and shared. In this paper, using a reference list of over 600 Personally Identifiable Information (PII) attributes, we investigate the privacy policies of 100 popular health and fitness mobile applications in both Android and iOS app markets to find the set of personal information these apps collect, use and share. The reference list of PII was independently built from a longitudinal study at The University of Texas investigating thousands of identity theft and fraud cases where PII attributes and associated value and risks were empirically quantified. This research leverages the reference PII list to identify and analyze the value of personal information collected by the mobile apps and the risk of disclosing this information. We found that the set of PII collected by these mobile apps covers 35% of the entire reference set of PII and, due to dependencies between PII attributes, these mobile apps have a likelihood of indirectly impacting 70% of the reference PII if breached. For a specific app, we discovered the monetary loss could reach \$1M if the set of sensitive data it collects is breached. We finally utilize Bayesian inference to measure risks of a set of PII gathered by apps: the probability that fraudsters can discover, impersonate and cause harm to the user by misusing only the PII the mobile apps collected.
Zhao, Tianming, Wang, Yan, Liu, Jian, Chen, Yingying.  2018.  Your Heart Won'T Lie: PPG-based Continuous Authentication on Wrist-worn Wearable Devices. Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. :783–785.
This paper presents a photoplethysmography (PPG)-based continuous user authentication (CA) system, which especially leverages the PPG sensors in wrist-worn wearable devices to identify users. We explore the uniqueness of the human cardiac system captured by the PPG sensing technology. Existing CA systems require either the dedicated sensing hardware or specific gestures, whereas our system does not require any users' interactions but only the wearable device, which has already been pervasively equipped with PPG sensors. Notably, we design a robust motion artifacts (MA) removal method to mitigate the impact of MA from wrist movements. Additionally, we explore the characteristic fiducial features from PPG measurements to efficiently distinguish the human cardiac system. Furthermore, we develop a cardiac-based classifier for user identification using the Gradient Boosting Tree (GBT). Experiments with the prototype of the wrist-worn PPG sensing platform and 10 participants in different scenarios demonstrate that our system can effectively remove MA and achieve a high average authentication success rate over \$90%\$.
Gris, Ivan, Rivera, Diego A., Rayon, Alex, Camacho, Adriana, Novick, David.  2016.  Young Merlin: An Embodied Conversational Agent in Virtual Reality. Proceedings of the 18th ACM International Conference on Multimodal Interaction. :425–426.

This paper describes a system for embodied conversational agents developed by Inmerssion and one of the applications—Young Merlin: Trial by Fire —built with this system. In the Merlin application, the ECA and a human interact with speech in virtual reality. The goal of this application is to provide engaging VR experiences that build rapport through storytelling and verbal interactions. The agent is fully automated, and his attitude towards the user changes over time depending on the interaction. The conversational system was built through a declarative approach that supports animations, markup language, and gesture recognition. Future versions of Merlin will implement multi-character dialogs, additional actions, and extended interaction time.

Bellini, Emanuele, Caullery, Florian, Hasikos, Alexandros, Manzano, Marc, Mateu, Victor.  2018.  You Shall Not Pass! (Once Again): An IoT Application of Post-Quantum Stateful Signature Schemes. Proceedings of the 5th ACM on ASIA Public-Key Cryptography Workshop. :19–24.

This paper presents an authentication protocol specifically tailored for IoT devices that inherently limits the number of times that an entity can authenticate itself with a given key pair. The protocol we propose is based on a stateful hash-based digital signature system called eXtended Merkle Signature Scheme (XMSS), which has increased its popularity of late due to its resistance to quantum-computer-aided attacks. We propose a 1-pass authentication protocol that can be customized according to the server capabilities to keep track of the key pair state. In addition, we present results when ported to ARM Cortex-M3 and M0 processors.

Xue, Minhui, Ballard, Cameron, Liu, Kelvin, Nemelka, Carson, Wu, Yanqiu, Ross, Keith, Qian, Haifeng.  2016.  You Can Yak but You Can'T Hide: Localizing Anonymous Social Network Users. Proceedings of the 2016 Internet Measurement Conference. :25–31.

The recent growth of anonymous social network services – such as 4chan, Whisper, and Yik Yak – has brought online anonymity into the spotlight. For these services to function properly, the integrity of user anonymity must be preserved. If an attacker can determine the physical location from where an anonymous message was sent, then the attacker can potentially use side information (for example, knowledge of who lives at the location) to de-anonymize the sender of the message. In this paper, we investigate whether the popular anonymous social media application Yik Yak is susceptible to localization attacks, thereby putting user anonymity at risk. The problem is challenging because Yik Yak application does not provide information about distances between user and message origins or any other message location information. We provide a comprehensive data collection and supervised machine learning methodology that does not require any reverse engineering of the Yik Yak protocol, is fully automated, and can be remotely run from anywhere. We show that we can accurately predict the locations of messages up to a small average error of 106 meters. We also devise an experiment where each message emanates from one of nine dorm colleges on the University of California Santa Cruz campus. We are able to determine the correct dorm college that generated each message 100\textbackslash% of the time.

Wang, Xiangwen, Peng, Peng, Wang, Chun, Wang, Gang.  2018.  You Are Your Photographs: Detecting Multiple Identities of Vendors in the Darknet Marketplaces. Proceedings of the 2018 on Asia Conference on Computer and Communications Security. :431-442.

Darknet markets are online services behind Tor where cybercriminals trade illegal goods and stolen datasets. In recent years, security analysts and law enforcement start to investigate the darknet markets to study the cybercriminal networks and predict future incidents. However, vendors in these markets often create multiple accounts ($\backslash$em i.e., Sybils), making it challenging to infer the relationships between cybercriminals and identify coordinated crimes. In this paper, we present a novel approach to link the multiple accounts of the same darknet vendors through photo analytics. The core idea is that darknet vendors often have to take their own product photos to prove the possession of the illegal goods, which can reveal their distinct photography styles. To fingerprint vendors, we construct a series deep neural networks to model the photography styles. We apply transfer learning to the model training, which allows us to accurately fingerprint vendors with a limited number of photos. We evaluate the system using real-world datasets from 3 large darknet markets (7,641 vendors and 197,682 product photos). A ground-truth evaluation shows that the system achieves an accuracy of 97.5%, outperforming existing stylometry-based methods in both accuracy and coverage. In addition, our system identifies previously unknown Sybil accounts within the same markets (23) and across different markets (715 pairs). Further case studies reveal new insights into the coordinated Sybil activities such as price manipulation, buyer scam, and product stocking and reselling.

Benzer, R., Yildiz, M. C..  2018.  YOLO Approach in Digital Object Definition in Military Systems. 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT). :35–37.

Today, as surveillance systems are widely used for indoor and outdoor monitoring applications, there is a growing interest in real-time generation detection and there are many different applications for real-time generation detection and analysis. Two-dimensional videos; It is used in multimedia content-based indexing, information acquisition, visual surveillance and distributed cross-camera surveillance systems, human tracking, traffic monitoring and similar applications. It is of great importance for the development of systems for national security by following a moving target within the scope of military applications. In this research, a more efficient solution is proposed in addition to the existing methods. Therefore, we present YOLO, a new approach to object detection for military applications.

Narwal, Bhawna, Ojha, Arushi, Goel, Nimisha, Dhawan, Sudipti.  2020.  A Yoking-Proof Based Remote Authentication Scheme for Cloud-Aided Wearable Devices (YPACW). 2020 IEEE International Conference for Innovation in Technology (INOCON). :1—5.

The developments made in IoT applications have made wearable devices a popular choice for collecting user data to monitor this information and provide intelligent service support. Since wearable devices are continuously collecting and transporting a user's sensitive data over the network, there exist increased security challenges. Moreover, wearable devices lack the computation capabilities in comparison to traditional short-range communication devices. In this paper, authors propounded a Yoking Proof based remote Authentication scheme for Cloud-aided Wearable devices (YPACW) which takes PUF and cryptographic functions and joins them to achieve mutual authentication between the wearable devices and smartphone via a cloud server, by performing the simultaneous verification of these devices, using the established yoking-proofs. Relative to Liu et al.'s scheme, YPACW provides better results with the reduction of communication and processing cost significantly.

Mehndiratta, Nishtha.  2020.  A Yoking-Proof and PUF-based Mutual Authentication Scheme for Cloud-aided Wearable Devices. 2020 IEEE International Conference for Innovation in Technology (INOCON). :1—4.

In today's world privacy is paramount in everyone's life. Alongside the growth of IoT (Internet of things), wearable devices are becoming widely popular for real-time user monitoring and wise service support. However, in contrast with the traditional short-range communications, these resource-scanty devices face various vulnerabilities and security threats during the course of interactions. Hence, designing a security solution for these devices while dealing with the limited communication and computation capabilities is a challenging task. In this work, PUF (Physical Unclonable Function) and lightweight cryptographic parameters are used together for performing two-way authentication between wearable devices and smartphone, while the simultaneous verification is performed by providing yoking-proofs to the Cloud Server. At the end, it is shown that the proposed scheme satisfies many security aspects and is flexible as well as lightweight.

Ye, Guixin, Tang, Zhanyong, Fang, Dingyi, Zhu, Zhanxing, Feng, Yansong, Xu, Pengfei, Chen, Xiaojiang, Wang, Zheng.  2018.  Yet Another Text Captcha Solver: A Generative Adversarial Network Based Approach. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :332–348.
Despite several attacks have been proposed, text-based CAPTCHAs are still being widely used as a security mechanism. One of the reasons for the pervasive use of text captchas is that many of the prior attacks are scheme-specific and require a labor-intensive and time-consuming process to construct. This means that a change in the captcha security features like a noisier background can simply invalid an earlier attack. This paper presents a generic, yet effective text captcha solver based on the generative adversarial network. Unlike prior machine-learning-based approaches that need a large volume of manually-labeled real captchas to learn an effective solver, our approach requires significantly fewer real captchas but yields much better performance. This is achieved by first learning a captcha synthesizer to automatically generate synthetic captchas to learn a base solver, and then fine-tuning the base solver on a small set of real captchas using transfer learning. We evaluate our approach by applying it to 33 captcha schemes, including 11 schemes that are currently being used by 32 of the top-50 popular websites including Microsoft, Wikipedia, eBay and Google. Our approach is the most capable attack on text captchas seen to date. It outperforms four state-of-the-art text-captcha solvers by not only delivering a significant higher accuracy on all testing schemes, but also successfully attacking schemes where others have zero chance. We show that our approach is highly efficient as it can solve a captcha within 0.05 second using a desktop GPU. We demonstrate that our attack is generally applicable because it can bypass the advanced security features employed by most modern text captcha schemes. We hope the results of our work can encourage the community to revisit the design and practical use of text captchas.