Wednesday, 4 January 2017

IEEE 2016 : PassBYOP: Bring Your Own Picture for Securing Graphical Passwords


IEEE 2016 Transaction on Image Processing

Abstract: PassBYOP is a new graphical password scheme for public terminals that replaces the static digital images typically used in graphical password systems with personalized physical tokens, herein in the form of digital pictures displayed on a physical user-owned device such as a mobile phone. Users present these images to a system camera and then enter their password as a sequence of selections on live video of the token. Highly distinctive optical features are extracted from these selections and used as the password.We present three feasibility studies of PassBYOP examining its reliability, usability, and security against observation. The reliability study shows that image-feature based passwords are viable and suggests appropriate system thresholds—password items should contain a minimum of seven features, 40% of which must geometrically match originals stored on an authentication server in order to be judged equivalent. The usability study measures task completion times and error rates, revealing these to be 7.5 s and 9%, broadly comparable with prior graphical password systems that use static digital images. Finally, the security study highlights PassBYOP’s resistance to observation attack—three attackers are unable to compromise a password using shoulder surfing, camera based observation, or malware. These results indicate that Pass- BYOP shows promise for security while maintaining the usabilityof current graphical password schemes.



IEEE 2016 : Single-sample Face Recognition Based on LPP Feature Transfer

IEEE 2016 Transaction on Image Processing
Abstract:Due to its wide applications in practice, face recognition has been an active research topic. With the availability of adequate training samples, many machine learning methods could yield high face recognition accuracy. However, under the circumstance of inadequate training samples, especially the extreme case of having only a single training sample, face recognition becomes challenging. How to deal with conflicting concerns of the small sample size and high dimensionality in one-sample face recognition is critical for its achievable recognition accuracy and feasibility in practice. Being different from conventional methods for global face recognition based on generalization ability promotion and local face recognition depending on image segmentation, a single-sample face recognition algorithm based on Locality Preserving Projection (LPP) feature transfer is proposed here. First, transfer sources are screened to obtain the selective sample source using the whitened cosine similarity metric. Secondly, we project the vectors of source faces and target faces into feature sub-space by LPP respectively, and calculate the feature transfer matrix to approximate the mapping relationship on source faces and target faces in subspace. Then, the feature transfer matrix is used on training samples to transfer the original macro characteristics to target macro characteristics. Finally, the nearest neighbor classifier is used for face recognition. Our results based on popular databases FERET, ORL and Yale demonstrate the superiority of the proposed LPP feature transfer based one-sample face recognition algorithm when compared with popular single-sample face recognition algorithms such as (PC)2A and Block FLDA.



IEEE 2016 :  Reversible Data Hiding in Encrypted Image with Distributed Source Encoding

IEEE 2016 Transaction on Image Processing
Abstract:This paper proposes a novel scheme of reversible data hiding (RDH) in encrypted images using distributed source coding (DSC). After the original image is encrypted by the content owner using a stream cipher, the data-hider compresses a series of selected bits taken from the encrypted image to make room for the secret data. The selected bit series is Slepian-Wolf encoded using low density parity check (LDPC) codes. On the receiver side, the secret bits can be extracted if the image receiver has the embedding key only. In case the receiver has the encryption key only, he/she can recover the original image approximately with high quality using an image estimation algorithm. If the receiver has both the embedding and encryption keys, he/she can extract the secret data and perfectly recover the original image using the distributed source decoding. The proposed method outperforms previously published ones.sine similarity metric. Secondly, we project the vectors of source faces and target faces into feature sub-space by LPP respectively, and calculate the feature transfer matrix to approximate the mapping relationship on source faces and target faces in subspace. Then, the feature transfer matrix is used on training samples to transfer the original macro characteristics to target macro characteristics. Finally, the nearest neighbor classifier is used for face recognition. Our results based on popular databases FERET, ORL and Yale demonstrate the superiority of the proposed LPP feature transfer based one-sample face recognition algorithm when compared with popular single-sample face recognition algorithms such as (PC)2A and Block FLDA.



IEEE 2016 :  A Shoulder Surfing Resistant Graphical Authentication System

IEEE 2016 Transaction on Image Processing
Abstract:Authentication based on passwords is used largely in applications for computer security and privacy. However, human actions such as choosing bad passwords and inputting passwords in an insecure way are regarded as ”the weakest link” in the authentication chain. Rather than arbitrary alphanumeric strings, users tend to choose passwords either short or meaningful for easy memorization. With web applications and mobile apps piling up, people can access these applications anytime and anywhere with various devices. This evolution brings great convenience but also increases the probability of exposing passwords to shoulder surfing attacks. Attackers can observe directly or use external recording devices to collect users’ credentials. To overcome this problem, we proposed a novel authentication system PassMatrix, based on graphical passwords to resist shoulder surfing attacks. With a one-time valid login indicator and circulative horizontal and vertical bars covering the entire scope of pass-images, PassMatrix offers no hint for attackers to figure out or narrow down the password even they conduct multiple camera-based attacks. We also implemented a PassMatrix prototype on Android and carried out real user experiments to evaluate its memorability and usability. From the experimental result, the proposed system achieves better resistance to shoulder surfing attacks while maintaining usability.




IEEE 2016 : STAMP: Enabling Privacy-Preserving Location Proofs for Mobile Users


IEEE 2016 Transaction on Networking

Abstract:Location-based services are quickly becoming immensely popular. In addition to services based on users' current location, many potential services rely on users' location history, or their spatial-temporal provenance. Malicious users may lie about their spatial-temporal provenance without a carefully designed security system for users to prove their past locations. In this paper, we present the Spatial-Temporal provenance Assurance with Mutual Proofs (STAMP) scheme. STAMP is designed for ad-hoc mobile users generating location proofs for each other in a distributed setting. However, it can easily accommodate trusted mobile users and wireless access points. STAMP ensures the integrity and non-transferability of the location proofs and protects users' privacy. A semi-trusted Certification Authority is used to distribute cryptographic keys as well as guard users against collusion by a light-weight entropy-based trust evaluation approach. Our prototype implementation on the Android platform shows that STAMP is low-cost in terms of computational and storage resources. Extensive simulation experiments show that our entropy-based trust model is able to achieve high collusion detection accuracy.



IEEE 2016 : FRAppE: Detecting Malicious Facebook Applications

IEEE 2016 Transaction on Networking

Abstract:With 20 million installs a day [1], third-party apps are a major reason for the popularity and addictiveness of Facebook. Unfortunately, hackers have realized the potential of using apps for spreading malware and spam. The problem is already significant, as we find that at least 13% of apps in our dataset are malicious. So far, the research community has focused on detecting malicious posts and campaigns.In this paper, we ask the question: given a Facebook application,can we determine if it is malicious? Our key contribution is in developing FRAppE—Facebook’s Rigorous Application Evaluator—arguably the first tool focused on detecting malicious apps on Facebook. To develop FRAppE, we use information gathered by observing the posting behavior of 111K Facebook apps seen across 2.2 million users on Facebook. First, we identify a set of features that help us distinguish malicious apps from benign ones. For example, we find that malicious apps often share names with other apps, and they typically request fewer permissions than benign apps. Second, leveraging these distinguishing features, we show that FRAppE can detect malicious apps with 99.5% accuracy, with no false positives and a low false negative rate (4.1%). Finally, we explore the ecosystem of malicious Facebook apps and identify mechanisms that these apps use to propagate. Interestingly, we find that many apps collude and support each other; in our dataset, we find 1,584 apps enabling the viral propagation of 3,723 other apps through their posts. Long-term, we see FRAppE as a step towards creating an independent watchdog for app assessment and ranking, so as to warn Facebook users before installing apps.


IEEE 2016 : Toward Optimum Crowdsensing Coverage With Guaranteed Performance

IEEE 2016 Transaction on Networking

Abstract:Mobile crowdsensing networks have emerged to show elegant data collection capability in loosely cooperative network. However, in the sense of coverage quality, marginal works have considered the efficient (less participants) and effective (more coverage) designs for mobile crowdsensing network. We investigate the optimal coverage problem in distributed crowdsensing networks. In that, the sensing quality and the information delivery are jointly considered. Different from the conventional coverage problem, ours only select a subset of mobile users, so as to maximize the crowdsensing coverage with limited budget. We formulate our concerns as an optimal crowdsensing coverage problem, and prove its NP-completeness. In tackling this difficulty, we also prove the submodular property in our problem. Leveraging the favorable property in submodular optimization, we present the greedy algorithm with approximationratio O(√k), where k is the number of selected users. Such that the information delivery and sensing coverage ratio could be guaranteed. Finally, we make extensive evaluations for the proposed scheme, with trace-driven tests. Evaluation results show that the proposed scheme could outperform the random selection by 2× with a random walk model, and over 3× with real trace data, in terms of crowdsensing coverage. Besides, the proposed scheme achieves near optimal solution comparing with the bruteforce search results.