We gratefully acknowledge support from
the Simons Foundation and member institutions.

Cryptography and Security

New submissions

[ total of 33 entries: 1-33 ]
[ showing up to 2000 entries per page: fewer | more ]

New submissions for Tue, 24 May 22

[1]  arXiv:2205.10580 [pdf, other]
Title: Towards Secure Virtual Elections: Multiparty Computation of Order Based Voting Rules
Subjects: Cryptography and Security (cs.CR)

Electronic voting systems are essential for holding virtual elections, and the need for such systems increases due to the COVID-19 pandemic and the social distancing that it mandates. One of the main challenges in e-voting systems is to secure the voting process: namely, to certify that the computed results are consistent with the cast ballots, and that the privacy of the voters is preserved. We propose herein a secure voting protocol for elections that are governed by order-based voting rules. Our protocol offers perfect ballot secrecy, in the sense that it issues only the required output, while no other information on the cast ballots is revealed. Such perfect secrecy, which is achieved by employing secure multiparty computation tools, may increase the voters' confidence and, consequently, encourage them to vote according to their true preferences. Evaluation of the protocol's computational costs establishes that it is lightweight and can be readily implemented in real-life electronic elections.

[2]  arXiv:2205.10591 [pdf, other]
Title: Multiplierless Design of Very Large Constant Multiplications in Cryptography
Subjects: Cryptography and Security (cs.CR)

This brief addresses the problem of implementing very large constant multiplications by a single variable under the shift-adds architecture using a minimum number of adders/subtractors. Due to the intrinsic complexity of the problem, we introduce an approximate algorithm, called T\~OLL, which partitions the very large constants into smaller ones. To reduce the number of operations, T\~OLL incorporates graph-based and common subexpression elimination methods proposed for the shift-adds design of constant multiplications. It can also consider the delay of a multiplierless design defined in terms of the maximum number of operations in series, i.e., the number of adder-steps, while reducing the number of operations. High-level experimental results show that the adder-steps of a shift-adds design can be reduced significantly with a little overhead in the number of operations. Gate-level experimental results indicate that while the shift-adds design can lead to a 36.6\% reduction in gate-level area with respect to a design using a multiplier, the delay-aware optimization can yield a 48.3\% reduction in minimum achievable delay of the shift-adds design when compared to the area-aware optimization.

[3]  arXiv:2205.10608 [pdf, other]
Title: SERVFAIL: The Unintended Consequences of Algorithm Agility in DNSSEC
Subjects: Cryptography and Security (cs.CR)

Cryptographic algorithm agility is an important property for DNSSEC: it allows easy deployment of new algorithms if the existing ones are no longer secure. Significant operational and research efforts are dedicated to pushing the deployment of new algorithms in DNSSEC forward. Recent research shows that DNSSEC is gradually achieving algorithm agility: most DNSSEC supporting resolvers can validate a number of different algorithms and domains are increasingly signed with cryptographically strong ciphers.
In this work we show for the first time that the cryptographic agility in DNSSEC, although critical for making DNS secure with strong cryptography, also introduces a severe vulnerability. We find that under certain conditions, when new algorithms are listed in signed DNS responses, the resolvers do not validate DNSSEC. As a result, domains that deploy new ciphers, risk exposing the validating resolvers to cache poisoning attacks.
We use this to develop DNSSEC-downgrade attacks and show that in some situations these attacks can be launched even by off-path adversaries. We experimentally and ethically evaluate our attacks against popular DNS resolver implementations, public DNS providers, and DNS services used by web clients worldwide. We validate the success of DNSSEC-downgrade attacks by poisoning the resolvers: we inject fake records, in signed domains, into the caches of validating resolvers. We find that major DNS providers, such as Google Public DNS and Cloudflare, as well as 70% of DNS resolvers used by web clients are vulnerable to our attacks.
We trace the factors that led to this situation and provide recommendations.

[4]  arXiv:2205.10686 [pdf, ps, other]
Title: Post-breach Recovery: Protection against White-box Adversarial Examples for Leaked DNN Models
Subjects: Cryptography and Security (cs.CR)

Server breaches are an unfortunate reality on today's Internet. In the context of deep neural network (DNN) models, they are particularly harmful, because a leaked model gives an attacker "white-box" access to generate adversarial examples, a threat model that has no practical robust defenses. For practitioners who have invested years and millions into proprietary DNNs, e.g. medical imaging, this seems like an inevitable disaster looming on the horizon.
In this paper, we consider the problem of post-breach recovery for DNN models. We propose Neo, a new system that creates new versions of leaked models, alongside an inference time filter that detects and removes adversarial examples generated on previously leaked models. The classification surfaces of different model versions are slightly offset (by introducing hidden distributions), and Neo detects the overfitting of attacks to the leaked model used in its generation. We show that across a variety of tasks and attack methods, Neo is able to filter out attacks from leaked models with very high accuracy, and provides strong protection (7--10 recoveries) against attackers who repeatedly breach the server. Neo performs well against a variety of strong adaptive attacks, dropping slightly in # of breaches recoverable, and demonstrates potential as a complement to DNN defenses in the wild.

[5]  arXiv:2205.10695 [pdf, ps, other]
Title: Evaluation of User Perception on Biometric Fingerprint System
Subjects: Cryptography and Security (cs.CR); Computers and Society (cs.CY)

Biometric systems involve security assurance to make our system highly secured and robust. Nowadays, biometric technology has been fixed into new systems with the aim of enforcing strong privacy and security. Several innovative system have been introduced, and most of them have biometrics installed to protect military bases, banking machines, and other sophisticated systems, such as online tracking systems. Businesses can now focus on their core functions and feel confident about their data security. Despite the benefits and enhancements in security that biometrics offer, there are also some vulnerabilities. This study aimed to investigate the biometric vulnerabilities in a healthcare facility and propose possible countermeasures for biometric system vulnerabilities.

[6]  arXiv:2205.10848 [pdf, other]
Title: Robust Quantity-Aware Aggregation for Federated Learning
Subjects: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI); Machine Learning (cs.LG)

Federated learning (FL) enables multiple clients to collaboratively train models without sharing their local data, and becomes an important privacy-preserving machine learning framework. However, classical FL faces serious security and robustness problem, e.g., malicious clients can poison model updates and at the same time claim large quantities to amplify the impact of their model updates in the model aggregation. Existing defense methods for FL, while all handling malicious model updates, either treat all quantities benign or simply ignore/truncate the quantities of all clients. The former is vulnerable to quantity-enhanced attack, while the latter leads to sub-optimal performance since the local data on different clients is usually in significantly different sizes. In this paper, we propose a robust quantity-aware aggregation algorithm for federated learning, called FedRA, to perform the aggregation with awareness of local data quantities while being able to defend against quantity-enhanced attacks. More specifically, we propose a method to filter malicious clients by jointly considering the uploaded model updates and data quantities from different clients, and performing quantity-aware weighted averaging on model updates from remaining clients. Moreover, as the number of malicious clients participating in the federated learning may dynamically change in different rounds, we also propose a malicious client number estimator to predict how many suspicious clients should be filtered in each round. Experiments on four public datasets demonstrate the effectiveness of our FedRA method in defending FL against quantity-enhanced attacks.

[7]  arXiv:2205.10961 [pdf, other]
Title: Scalable and Privacy-Focused Company-Centric Supply Chain Management
Comments: IEEE ICBC'22
Subjects: Cryptography and Security (cs.CR)

Blockchain technology promises to overcome trust and privacy concerns inherent to centralized information sharing. However, current decentralized supply chain management systems do either not meet privacy and scalability requirements or require a trustworthy consortium, which is challenging for increasingly dynamic supply chains with constantly changing participants. In this paper, we propose CCChain, a scalable and privacy-aware supply chain management system that stores all information locally to give companies complete sovereignty over who accesses their data. Still, tamper protection of all data through a permissionless blockchain enables on-demand tracking and tracing of products as well as reliable information sharing while affording the detection of data inconsistencies. Our evaluation confirms that CCChain offers superior scalability in comparison to alternatives while also enabling near real-time tracking and tracing for many, less complex products.

[8]  arXiv:2205.10962 [pdf, other]
Title: Digital Twin for Secure Semiconductor Lifecycle Management: Prospects and Applications
Comments: 37 pages including citations, 14 figures
Subjects: Cryptography and Security (cs.CR)

The expansive globalization of the semiconductor supply chain has introduced numerous untrusted entities into different stages of a device's lifecycle. To make matters worse, the increase complexity in the design as well as aggressive time to market requirements of the newer generation of integrated circuits can lead either designers to unintentionally introduce security vulnerabilities or verification engineers to fail in detecting them earlier in the design lifecycle. These overlooked or undetected vulnerabilities can be exploited by malicious entities in subsequent stages of the lifecycle through an ever widening variety of hardware attacks. The ability to ascertain the provenance of these vulnerabilities, therefore, becomes a pressing issue when the security assurance across the whole lifecycle is required to be ensured. We posit that if there is a malicious or unintentional breach of security policies of a device, it will be reflected in the form of anomalies in the traditional design, verification and testing activities throughout the lifecycle. With that, a digital simulacrum of a device's lifecycle, called a digital twin (DT), can be formed by the data gathered from different stages to secure the lifecycle of the device. In this paper, we put forward a realization of intertwined relationships of security vulnerabilities with data available from the silicon lifecycle and formulate different components of an AI driven DT framework. The proposed DT framework leverages these relationships and relational learning to achieve Forward and Backward Trust Analysis functionalities enabling security aware management of the entire lifecycle. Finally, we provide potential future research avenues and challenges for realization of the digital twin framework to enable secure semiconductor lifecycle management.

[9]  arXiv:2205.10963 [pdf, other]
Title: Protecting File Activities via Deception for ARM TrustZone
Comments: Under submission
Subjects: Cryptography and Security (cs.CR); Operating Systems (cs.OS)

A TrustZone TEE often invokes an external filesystem. While filedata can be encrypted, the revealed file activities can leak secrets. To hide the file activities from the filesystem and its OS, we propose Enigma, a deception-based defense injecting sybil file activities as the cover of the actual file activities.
Enigma contributes three new designs. (1) To make the deception credible, the TEE generates sybil calls by replaying file calls from the TEE code under protection. (2) To make sybil activities cheap, the TEE requests the OS to run K filesystem images simultaneously. Concealing the disk, the TEE backs only one image with the actual disk while backing other images by only storing their metadata. (3) To protect filesystem image identities, the TEE shuffles the images frequently, preventing the OS from observing any image for long.
Enigma works with unmodified filesystems shipped withLinux. On a low-cost Arm SoC with EXT4 and F2FS, our system can concurrently run as many as 50 filesystem images with 1% of disk overhead per additional image. Compared to common obfuscation for hiding addresses in a flat space, Enigma hides file activities with richer semantics. Its cost is lower by one order of magnitude while achieving the same level of probabilistic security guarantees.

[10]  arXiv:2205.11121 [pdf, ps, other]
Title: A normal approximation for joint frequency estimatation under Local Differential Privacy
Authors: Thomas Carette
Comments: Preliminary development, draft
Subjects: Cryptography and Security (cs.CR); Databases (cs.DB); Statistics Theory (math.ST)

In the recent years, Local Differential Privacy (LDP) has been one of the corner stone of privacy preserving data analysis. However, many challenges still opposes its widespread application. One of these problems is the scalability of LDP to high dimensional data, in particular for estimating joint-distributions. In this paper, we develop an approximate estimator for category frequency joint-distribution under so-called pure LDP protocols.

[11]  arXiv:2205.11171 [pdf, other]
Title: Distributed Energy Resources Cybersecurity Outlook: Vulnerabilities, Attacks, Impacts, and Mitigations
Subjects: Cryptography and Security (cs.CR); Systems and Control (eess.SY)

The digitalization and decentralization of the electric power grid are key thrusts towards an economically and environmentally sustainable future. Towards this goal, distributed energy resources (DER), including rooftop solar panels, battery storage, electric vehicles, etc., are becoming ubiquitous in power systems, effectively replacing fossil-fuel based generation. Power utilities benefit from DERs as they minimize transmission costs, provide voltage support through ancillary services, and reduce operational risks via their autonomous operation. Similarly, DERs grant users and aggregators control over the power they produce and consume. Apart from their sustainability and operational objectives, the cybersecurity of DER-supported power systems is of cardinal importance. DERs are interconnected, interoperable, and support remotely controllable features, thus, their cybersecurity should be thoroughly considered. DER communication dependencies and the diversity of DER architectures (e.g., hardware/software components of embedded devices, inverters, controllable loads, etc.) widen the threat surface and aggravate the cybersecurity posture of power systems. In this work, we focus on security oversights that reside in the cyber and physical layers of DERs and can jeopardize grid operations. We analyze adversarial capabilities and objectives when manipulating DER assets, and then present how protocol and device -level vulnerabilities can materialize into cyberattacks impacting power system operations. Finally, we provide mitigation strategies to thwart adversaries and directions for future DER cybersecurity.

[12]  arXiv:2205.11458 [pdf, other]
Title: Groundhog: Efficient Request Isolation in FaaS
Subjects: Cryptography and Security (cs.CR)

Security is a core responsibility for Function-as-a-Service (FaaS) providers. The prevailing approach has each function execute in its own container to isolate concurrent executions of different functions. However, successive invocations of the same function commonly reuse the runtime state of a previous invocation in order to avoid container cold-start delays when invoking a function. Although efficient, this container reuse has security implications for functions that are invoked on behalf of differently privileged users or administrative domains: bugs in a function's implementation, third-party library, or the language runtime may leak private data from one invocation of the function to subsequent invocations of the same function.
Groundhog isolates sequential invocations of a function by efficiently reverting to a clean state, free from any private data, after each invocation. The system exploits two properties of typical FaaS platforms: each container executes at most one function at a time and legitimate functions do not retain state across invocations. This enables Groundhog to efficiently snapshot and restore function state between invocations in a manner that is independent of the programming language/runtime and does not require any changes to existing functions, libraries, language runtimes, or OS kernels. We describe the design of Groundhog and its implementation in OpenWhisk, a popular production-grade open-source FaaS framework. On three existing benchmark suites, Groundhog isolates sequential invocations with modest overhead on end-to-end latency (median: 1.5%, 95p: 7%) and throughput (median: 2.5%, 95p: 49.6%), relative to an insecure baseline that reuses the container and runtime state.

[13]  arXiv:2205.11459 [pdf, other]
Title: CELEST: Federated Learning for Globally Coordinated Threat Detection
Subjects: Cryptography and Security (cs.CR); Machine Learning (cs.LG)

The cyber-threat landscape has evolved tremendously in recent years, with new threat variants emerging daily, and large-scale coordinated campaigns becoming more prevalent. In this study, we propose CELEST (CollaborativE LEarning for Scalable Threat detection), a federated machine learning framework for global threat detection over HTTP, which is one of the most commonly used protocols for malware dissemination and communication. CELEST leverages federated learning in order to collaboratively train a global model across multiple clients who keep their data locally, thus providing increased privacy and confidentiality assurances. Through a novel active learning component integrated with the federated learning technique, our system continuously discovers and learns the behavior of new, evolving, and globally-coordinated cyber threats. We show that CELEST is able to expose attacks that are largely invisible to individual organizations. For instance, in one challenging attack scenario with data exfiltration malware, the global model achieves a three-fold increase in Precision-Recall AUC compared to the local model. We deploy CELEST on two university networks and show that it is able to detect the malicious HTTP communication with high precision and low false positive rates. Furthermore, during its deployment, CELEST detected a set of previously unknown 42 malicious URLs and 20 malicious domains in one day, which were confirmed to be malicious by VirusTotal.

Cross-lists for Tue, 24 May 22

[14]  arXiv:2205.10364 (cross-list from cs.LG) [pdf, other]
Title: Learning to Reverse DNNs from AI Programs Automatically
Comments: This paper is accepted by IJCAI 2022
Subjects: Machine Learning (cs.LG); Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR)

With the privatization deployment of DNNs on edge devices, the security of on-device DNNs has raised significant concern. To quantify the model leakage risk of on-device DNNs automatically, we propose NNReverse, the first learning-based method which can reverse DNNs from AI programs without domain knowledge. NNReverse trains a representation model to represent the semantics of binary code for DNN layers. By searching the most similar function in our database, NNReverse infers the layer type of a given function's binary code. To represent assembly instructions semantics precisely, NNReverse proposes a more fine-grained embedding model to represent the textual and structural-semantic of assembly functions.

[15]  arXiv:2205.10488 (cross-list from quant-ph) [pdf, ps, other]
Title: Cryptanalysis of Three Quantum Money Schemes
Subjects: Quantum Physics (quant-ph); Cryptography and Security (cs.CR)

We investigate the security assumptions behind three public-key quantum money schemes. Aaronson and Christiano proposed a scheme based on hidden subspaces of the vector space $\mathbb{F}_2^n$ in 2012. It was conjectured by Pena et al in 2015 that the hard problem underlying the scheme can be solved in quasi-polynomial time. We confirm this conjecture by giving a polynomial time quantum algorithm for the underlying problem. Our algorithm is based on computing the Zariski tangent space of a random point in the hidden subspace.
Zhandry proposed a scheme based on multivariate hash functions in 2017. We give a polynomial time quantum algorithm for cloning a money state with high probability. Our algorithm uses the verification circuit of the scheme to produce a banknote from a given serial number.
Kane proposed a scheme based on modular forms in 2018. The underlying hard problem in Kane's scheme is cloning a quantum state that represents an eigenvector of a set of Hecke operators. We give a polynomial time quantum reduction from this hard problem to a linear algebra problem. The latter problem is much easier to understand, and we hope that our reduction opens new avenues to future cryptanalyses of this scheme.

[16]  arXiv:2205.10552 (cross-list from cs.IT) [pdf, other]
Title: Smoothing Codes and Lattices: Systematic Study and New Bounds
Subjects: Information Theory (cs.IT); Cryptography and Security (cs.CR)

In this article we revisit smoothing bounds in parallel between lattices $and$ codes. Initially introduced by Micciancio and Regev, these bounds were instantiated with Gaussian distributions and were crucial for arguing the security of many lattice-based cryptosystems. Unencumbered by direct application concerns, we provide a systematic study of how these bounds are obtained for both lattices $and$ codes, transferring techniques between both areas. We also consider various spherically symmetric noise distributions.
We found that the best strategy for a worst-case bound combines Parseval's Identity, the Cauchy-Schwarz inequality, and the second linear programming bound, and this for both codes and lattices, and for all noise distributions at hand. For an average-case analysis, the linear programming bound can be replaced by a tight average count.
This alone gives optimal results for spherically uniform noise over random codes and random lattices. This also improves previous Gaussian smoothing bound for worst-case lattices, but surprisingly this provides even better results for uniform noise than for Gaussian (or Bernoulli noise for codes).
This counter-intuitive situation can be resolved by adequate decomposition and truncation of Gaussian and Bernoulli distribution into a superposition of uniform noise, giving further improvement for those cases, and putting them on par with the uniform cases.

[17]  arXiv:2205.10821 (cross-list from cs.IT) [pdf, other]
Title: Information Leakage in Index Coding
Comments: Published in Proceedings of IEEE Information Theory Workshop (ITW) 2021
Subjects: Information Theory (cs.IT); Cryptography and Security (cs.CR)

We study the information leakage to a guessing adversary in index coding with a general message distribution. Under both vanishing-error and zero-error decoding assumptions, we develop lower and upper bounds on the optimal leakage rate, which are based on the broadcast rate of the subproblem induced by the set of messages the adversary tries to guess. When the messages are independent and uniformly distributed, the lower and upper bounds match, establishing an equivalence between the two rates.

[18]  arXiv:2205.10827 (cross-list from cs.IT) [pdf, other]
Title: Information Leakage in Index Coding With Sensitive and Non-Sensitive Messages
Comments: Accepted by IEEE International Symposium on Information Theory (ISIT) 2022
Subjects: Information Theory (cs.IT); Cryptography and Security (cs.CR)

Information leakage to a guessing adversary in index coding is studied, where some messages in the system are sensitive and others are not. The non-sensitive messages can be used by the server like secret keys to mitigate leakage of the sensitive messages to the adversary. We construct a deterministic linear coding scheme, developed from the rank minimization method based on fitting matrices (Bar-Yossef et al. 2011). The linear scheme leads to a novel upper bound on the optimal information leakage rate, which is proved to be tight over all deterministic scalar linear codes. We also derive a converse result from a graph-theoretic perspective, which holds in general over all deterministic and stochastic coding schemes.

[19]  arXiv:2205.10929 (cross-list from cs.OS) [pdf, other]
Title: rgpdOS: GDPR Enforcement By The Operating System
Subjects: Operating Systems (cs.OS); Cryptography and Security (cs.CR)

The General Data Protection Regulation (GDPR) forces IT companies to comply with a number of principles when dealing with European citizens' personal data. Non-compliant companies are exposed to penalties which may represent up to 4% of their turnover. Currently, it is very hard for companies driven by personal data to make their applications GDPR-compliant, especially if those applications were developed before the GDPR was established. We present rgpdOS, a GDPR-aware operating system that aims to bring GDPR-compliance to every application, while requiring minimal changes to application code.

[20]  arXiv:2205.11034 (cross-list from quant-ph) [pdf, ps, other]
Title: Watermarking PRFs against Quantum Adversaries
Journal-ref: In: Dunkelman O., Dziembowski S. (eds) Advances in Cryptology - EUROCRYPT 2022 - LNCS 13277. Springer
Subjects: Quantum Physics (quant-ph); Cryptography and Security (cs.CR)

We initiate the study of software watermarking against quantum adversaries. A quantum adversary generates a quantum state as a pirate software that potentially removes an embedded message from a classical marked software. Extracting an embedded message from quantum pirate software is difficult since measurement could irreversibly alter the quantum state.
In this work, we define secure watermarking PRFs for quantum adversaries (unremovability against quantum adversaries). We also present two watermarking PRFs as follows.
- We construct a privately extractable watermarking PRF against quantum adversaries from the quantum hardness of the learning with errors (LWE) problem. The marking and extraction algorithms use a public parameter and a private extraction key, respectively. The watermarking PRF is unremovable even if adversaries have (the public parameter and) access to the extraction oracle, which returns a result of extraction for a queried quantum circuit.
- We construct a publicly extractable watermarking PRF against quantum adversaries from indistinguishability obfuscation (IO) and the quantum hardness of the LWE problem. The marking and extraction algorithms use a public parameter and a public extraction key, respectively. The watermarking PRF is unremovable even if adversaries have the extraction key (and the public parameter).
We develop a quantum extraction technique to extract information (a classical string) from a quantum state without destroying the state too much. We also introduce the notion of extraction-less watermarking PRFs as a crucial building block to achieve the results above by combining the tool with our quantum extraction technique.

[21]  arXiv:2205.11156 (cross-list from cs.LG) [pdf, other]
Title: Collaborative Adversarial Training
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR); Computer Vision and Pattern Recognition (cs.CV)

The vulnerability of deep neural networks (DNNs) to adversarial examples has attracted great attention in the machine learning community. The problem is related to local non-smoothness and steepness of normally obtained loss landscapes. Training augmented with adversarial examples (a.k.a., adversarial training) is considered as an effective remedy. In this paper, we highlight that some collaborative examples, nearly perceptually indistinguishable from both adversarial and benign examples yet show extremely lower prediction loss, can be utilized to enhance adversarial training. A novel method called collaborative adversarial training (CoAT) is thus proposed to achieve new state-of-the-arts.

[22]  arXiv:2205.11212 (cross-list from cs.DC) [pdf, other]
Title: CircleChain: Tokenizing Products with a Role-based Scheme for a Circular Economy
Subjects: Distributed, Parallel, and Cluster Computing (cs.DC); Cryptography and Security (cs.CR); Computers and Society (cs.CY)

In a circular economy, tracking the flow of second-life components for quality control is critical. Tokenization can enhance the transparency of the flow of second-life components. However, simple tokenization does not correspond to real economic models and lacks the ability to finely manage complex business processes. In particular, existing systems have to take into account the different roles of the parties in the supply chain. Based on the Algorand blockchain, we propose a role-based token management scheme, which can achieve authentication, synthesis, circulation, and reuse of these second-life components in a trustless environment. The proposed scheme not only achieves fine-grained and scalable second-life component management, but also enables on-chain trading, subsidies, and green-bond issuance. Furthermore, we implemented and performed scalability tests for the proposed architecture on Algorand blockchain using its smart contracts and Algorand Standard Assets (ASA). The open-source implementation, tests, along with results are available on our Github page.

[23]  arXiv:2205.11242 (cross-list from cs.CV) [pdf, other]
Title: Fusing Multiscale Texture and Residual Descriptors for Multilevel 2D Barcode Rebroadcasting Detection
Subjects: Computer Vision and Pattern Recognition (cs.CV); Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR)

Nowadays, 2D barcodes have been widely used for advertisement, mobile payment, and product authentication. However, in applications related to product authentication, an authentic 2D barcode can be illegally copied and attached to a counterfeited product in such a way to bypass the authentication scheme. In this paper, we employ a proprietary 2D barcode pattern and use multimedia forensics methods to analyse the scanning and printing artefacts resulting from the copy (rebroadcasting) attack. A diverse and complementary feature set is proposed to quantify the barcode texture distortions introduced during the illegal copying process. The proposed features are composed of global and local descriptors, which characterize the multi-scale texture appearance and the points of interest distribution, respectively. The proposed descriptors are compared against some existing texture descriptors and deep learning-based approaches under various scenarios, such as cross-datasets and cross-size. Experimental results highlight the practicality of the proposed method in real-world settings.

[24]  arXiv:2205.11406 (cross-list from cs.SE) [pdf, other]
Title: A Model-Driven-Engineering Approach for Detecting Privilege Escalation in IoT Systems
Subjects: Software Engineering (cs.SE); Cryptography and Security (cs.CR)

Software vulnerabilities in access control models can represent a serious threat in a system. In fact, OWASP lists broken access control as number 5 in severity among the top 10 vulnerabilities. In this paper, we study the permission model of an emerging Smart-Home platform, SmartThings, and explore an approach that detects privilege escalation in its permission model. Our approach is based on Model Driven Engineering (MDE) in addition to static analysis. This approach allows for better coverage of privilege escalation detection than static analysis alone, and takes advantage of analyzing free-form text that carries extra permissions details. Our experimental results demonstrate a very high accuracy for detecting over-privilege vulnerabilities in IoT applications

[25]  arXiv:2205.11418 (cross-list from cs.IT) [pdf, ps, other]
Title: On non-monimial APcN permutations over finite fields of even characteristic
Subjects: Information Theory (cs.IT); Cryptography and Security (cs.CR)

Recently, a new concept called the $c$-differential uniformity was proposed by Ellingsen et al. (2020), which allows to simplify some types of differential cryptanalysis. Since then, finding functions having low $c$-differential uniformity has attracted the attention of many researchers. However it seems that, at this moment, there are not many non-monomial permutations having low $c$-differential uniformity. In this paper, we propose new classes of almost perfect $c$-nonlinear non-monomial permutations over a binary field.

Replacements for Tue, 24 May 22

[26]  arXiv:2202.09407 (replaced) [pdf, other]
Title: Blockchain Driven Privacy Preserving Contact Tracing Framework in Pandemics
Subjects: Cryptography and Security (cs.CR); Computers and Society (cs.CY)
[27]  arXiv:2205.00208 (replaced) [pdf, ps, other]
Title: Security and Privacy in Virtual Reality -- A Literature Survey
Authors: Alberto Giaretta
Comments: 15 pages, 3 figures, 4 tables
Subjects: Cryptography and Security (cs.CR)
[28]  arXiv:2205.01052 (replaced) [pdf, other]
Title: HTTPA/2: a Trusted End-to-End Protocol for Web Services
Comments: 23 pages, 6 figures
Subjects: Cryptography and Security (cs.CR)
[29]  arXiv:2205.06837 (replaced) [pdf, other]
Title: Strategic Latency Reduction in Blockchain Peer-to-Peer Networks
Subjects: Cryptography and Security (cs.CR); Computer Science and Game Theory (cs.GT); Networking and Internet Architecture (cs.NI)
[30]  arXiv:2006.03568 (replaced) [pdf, other]
Title: Graph Layer Security: Encrypting Information via Common Networked Physics
Subjects: Signal Processing (eess.SP); Cryptography and Security (cs.CR)
[31]  arXiv:2010.08311 (replaced) [pdf, other]
Title: Formal Verification of Robustness and Resilience of Learning-Enabled State Estimation Systems for Robotics
Subjects: Robotics (cs.RO); Cryptography and Security (cs.CR)
[32]  arXiv:2101.04645 (replaced) [pdf, other]
Title: Double-Adversarial Activation Anomaly Detection: Adversarial Autoencoders are Anomaly Generators
Comments: Accepted at IJCNN 2022
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR)
[33]  arXiv:2205.02973 (replaced) [pdf, other]
Title: Large Scale Transfer Learning for Differentially Private Image Classification
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR); Computer Vision and Pattern Recognition (cs.CV)
[ total of 33 entries: 1-33 ]
[ showing up to 2000 entries per page: fewer | more ]

Disable MathJax (What is MathJax?)

Links to: arXiv, form interface, find, cs, recent, 2205, contact, help  (Access key information)