IEEE 2017: Multi-party secret key agreement over state-dependent wireless broadcast channels
IEEE 2017 Web Security
Abstract: We consider a group of m
trusted and authenticated nodes that aim to create a shared secret key K over a
wireless channel in the presence of an eavesdropper Eve. We assume that there
exists a state dependent wireless broadcast channel from one of the honest
nodes to the rest of them including Eve. All of the trusted nodes can also
discuss over a cost-free, noiseless and unlimited rate public channel which is
also overheard by Eve. For this setup, we develop an information-theoretically
secure secret key agreement protocol. We show the optimality of this protocol
for “linear deterministic” wireless broadcast channels. This model generalizes
the packet erasure model studied in literature for wireless broadcast channels.
Here, the main idea is to convert a deterministic channel to multiple
independent erasure channels by using superposition coding.For “state-dependent
Gaussian” wireless broadcast channels, by using insights from the deterministic
problem, we propose an achievability scheme based on a multi-layer wiretap
code. By using the wiretap code, we can mimic the phenomenon of converting the
wireless channel to multiple independent erasure channels. Then, finding the
best achievable secret key generation rate leads to solving a non-convex power
allocation problem over these channels (layers). We show that using a dynamic
programming algorithm, one can obtain the best power allocation for this
problem. Moreover, we prove the optimality of the proposed achievability scheme
for the regime of high-SNR and large-dynamic range over the channel states in
the (generalized) degrees of freedom sense.Read More
IEEE 2017: NetSpam: a Network-based Spam Detection Framework for Reviews in Online Social Media
IEEE 2017 Web Security
IEEE 2017 Web Security
Abstract: Nowadays, a big part of people rely on available con-tent in social media in their decisions (e.g. reviews and feedback on a topic or product). The possibility that anybody can leave a review provide a golden opportunity for spammers to write spam reviews about products and services for different interests. Identifying these spammers and the spam content is a hot topic of research and although a considerable number of studies have been done recently toward this end, but so far the methodologies put forth still barely detect spam reviews, and none of them show the importance of each extracted feature type. In this study, we propose a novel framework, named NetSpam, which utilizes spam features for modeling review datasets as heterogeneous information networks to map spam detection procedure into a classification problem in such networks. Using the importance of spam features help us to obtain better results in terms of different metrics experimented on real-world review datasets from Yelp and Amazon websites.Read More
IEEE 2017: Authorship Attribution for Social Media Forensics
IEEE 2017 Web Security
Abstract: The veil of anonymity provided by smartphones with pre-paid SIM cards, public Wi-Fi hotspots, and distributed networks like Tor has drastically complicated the task of iden-tifying users of social media during forensic investigations. In some cases, the text of a single posted message will be the only clue to an author’s identity. How can we accurately predict who that author might be when the message may never exceed 140 characters on a service like Twitter? For the past 50 years, linguists, computer scientists and scholars of the humanities have been jointly developing automated methods to identify authors based on the style of their writing. All authors possess peculiarities of habit that influence the form and content of their written works. These characteristics can often be quantified and measured using machine learning algorithms. In this article, we provide a comprehensive review of the methods of authorship attribution that can be applied to the problem of social media forensics.Read More
IEEE 2017: Someone in Your Contact List: Cued Recall-Based Textual Passwords
IEEE 2017 web security
Abstract:
Textual passwords remain
the most commonly employed user authentication mechanism, and potentially will
continue to be so for years to come. Despite the well-known security and
usability issues concerning textual passwords, none of the numerous proposed
authentication alternatives appear to have achieved a sufficient level of
adoption to dominate in the foreseeable future. Password hints, consisting of a
user generated text saved at the account setup stage, are employed in several
authentication systems to help users to recall forgotten passwords. However,
users are often unable to create hints that jog the memory without revealing
too much information regarding the passwords themselves. We propose a rethink of password hints by
introducing S`YNTHIMA, a novel cued recall-based textual password method that
reveals no information regarding the password, requires no modifications to
authentication servers, and requires no additional setup or registration steps.Read more
IEEE 2017: My Privacy My Decision: Control of Photo Sharing on Online Social Networks
IEEE 2017 web security
Abstract:Photo sharing is an
attractive feature which popularizes Online Social Networks (OSNs).
Unfortunately, it may leak users’ privacy if they are allowed to post, comment,
and tag a photo freely. In project, we attempt to address this issue and when a
user shares a photo containing individuals other than himself/herself (termed
co-photo for short). To prevent possible privacy leakage of a photo, we design
a mechanism to enable each individual in a photo be aware of the posting
activity and participate in the decision making on the photo posting. For this
purpose, we need an efficient facial recognition (FR) system that can recognize
everyone in the photo. However, more demanding privacy setting may limit the
number of the photos publicly available to train the FR system. To deal with
this dilemma, our mechanism attempts to utilize users’ private photos to design
a personalized FR system specifically trained to differentiate possible photo
co-owners without leaking their privacy.Read More
IEEE 2016 : An Exploration of Geographic Authentication Schemes
IEEE 2016 Web Security
Abstract:We
design and explore the usability and security of two geographic authentication
schemes: GeoPass and GeoPass-Notes. GeoPass requires users to choose a place on
a digital map to authenticate with (a location password). GeoPass Notes—an
extension of GeoPass—requires users to annotate their location password with a
sequence of words that they can associate with the location (an annotated
location password). In GeoPass Notes, users are authenticated by correctly
entering both a location and an annotation. We conducted user studies to test
the usability and assess the security of location passwords and annotated
location passwords. The results indicate that both the variants are highly
memorable, and that annotated location passwords may be more advantageous than
location passwords alone due to their increased security and the minimal
usability impact introduced by the annotation.
IEEE 2016 : Dummy-Based
User Location Anonymization Under Real-World Constraints
IEEE 2016 Web Security
Abstract:—According
to the growth of mobile devices equipped with a GPS receiver, a variety of
locationbased services (LBSs) have been launched. Since location information
may reveal private information, preserving location privacy has become a
signi_cant issue. Previous studies proposed methods to preserve a users'
privacy; however, most of them do not take physical constraints into
consideration. In this paper, we focus on such constraints and propose a
location privacy preservation method that can be applicable to a real environment.
In particular, our method anonymizes the user's location by generating dummies
which we simulate to behave like real human. It also considers traceability of
the user's locations to quickly recover from an accidental reveal of the user's
location. We conduct an experiment using five users' real GPS trajectories and
compared our method with previous studies. The results show that our method
ensures to anonymize the user's location within a pre-determined range. It also
avoids fixing the relative positions of the user and dummies, which may give a
hint for an LBS provider to identify the real user. In addition, we conducted a
user experiment with 22 participants to evaluate the robustness of our method
against humans. We asked participants to observe movements of a user and
dummies and try to _nd the real user. As a result, we confirmed that our method
can anonymize the users' locations even against human's observation.
IEEE 2016 : Privacy-Preserving Location Sharing
Services for Social Networks
IEEE 2016 Web Security
Abstract:—A common functionality of many location-based social
networking applications is a location sharing service that allows a group of
friends to share their locations. With a potentially untrusted server, such a
location sharing service may threaten the privacy of users. Existing solutions
for Privacy-Preserving Location Sharing Services (PPLSS) require a trusted
third party that has access to the exact location of all users in the system or
rely on expensive algorithms or protocols in terms of computational or
communication overhead. Other solutions can only provide approximate query
answers. To overcome these limitations, we propose a new encryption notion,
called Order-Retrievable Encryption (ORE), for PPLSS for social networking
applications. The distinguishing characteristics of our PPLSS are that it (1)
allows a group of friends to share their exact locations without the need of
any third party or leaking any location information to any server or users
outside the group, (2) achieves low computational and communication cost by
allowing users to receive the exact location of their friends without requiring
any direct communication between users or multiple rounds of communication
between a user and a server, (3) provides efficient query processing by
designing an index structure for our ORE scheme, (4) supports dynamic location
updates, and (5) provides personalized privacy protection within a group of
friends by specifying a maximum distance where a user is willing to be
located by his/her friends. Experimental results show that the computational
and communication cost of our PPLSS is much better than the state-of-the-art
solution.
IEEE 2016 : STAMP: Enabling Privacy-Preserving Location
Proofs for Mobile Users
IEEE 2016 Web Security
Abstract:—Location-based services are quickly becoming immensely
popular. In addition to services based on users' current location, many
potential services rely on users' location history, or their spatial-temporal
provenance. Malicious users may lie about their spatial-temporal provenance
without a carefully designed security system for users to prove their past
locations. In this paper, we present the Spatial-Temporal provenance Assurance
with Mutual Proofs (STAMP) scheme. STAMP is designed for ad-hoc mobile users
generating location proofs for each other in a distributed setting. However, it
can easily accommodate trusted mobile users and wireless access points. STAMP
ensures the integrity and non-transferability of the location proofs and protects
users' privacy. A semi-trusted Certification Authority is used to distribute
cryptographic keys as well as guard users against collusion by a light-weight
entropy-based trust evaluation approach. Our prototype implementation on the
Android platform shows that STAMP is low-cost in terms of computational and
storage resources. Extensive simulation experiments show that our entropy-based
trust model is able to achieve high collusion detection accuracy.
PRISM: PRivacy-aware Interest Sharing and Matching in
Mobile Social Networks
IEEE 2016 Web Security
Abstract:—In a profile matchmaking application of mobile social
networks, users need to reveal their interests to each other in order to find
the common interests. A malicious user may harm a user by knowing his personal
information. Therefore, mutual interests need to be found in a privacy
preserving manner. In this paper, we propose an efficient privacy protection
and interests sharing protocol referred to as PRivacy-aware Interest Sharing
and Matching (PRISM). PRISM enables users to discover mutual interests without
revealing their interests. Unlike existing approaches, PRISM does not require
revealing the interests to a trusted server. Moreover, the protocol considers
attacking scenarios that have not been addressed previously and provides an
efficient solution. The inherent mechanism reveals any cheating attempt by a
malicious user. PRISM also proposes the procedure to eliminate Sybil attacks.
We analyze the security of PRISM against both passive and active attacks.
Through implementation, we also present a detailed analysis of the performance
of PRISM and compare it with existing approaches. The results show the
effectiveness of PRISM without any significant performance degradation.
IEEE 2016 : Single-sample
Face Recognition Based on LPP Feature Transfer
IEEE 2016 Web Security
Abstract:—Due to its wide applications in practice, face recognition
has been an active research topic. With the availability of adequate training
samples, many machine learning methods could yield high face recognition
accuracy. However, under the circumstance of inadequate training samples,
especially the extreme case of having only a single training sample, face
recognition becomes challenging. How to deal with conflicting concerns of the
small sample size and high dimensionality in one-sample face recognition is
critical for its achievable recognition accuracy and feasibility in practice.
Being different from conventional methods for global face recognition based on
generalization ability promotion and local face recognition depending on image
segmentation, a single-sample face recognition algorithm based on Locality
Preserving Projection (LPP) feature transfer is proposed here. First, transfer
sources are screened to obtain the selective sample source using the whitened
cosine similarity metric. Secondly, we project the vectors of source faces and
target faces into feature sub-space by LPP respectively, and calculate the
feature transfer matrix to approximate the mapping relationship on source faces
and target faces in subspace. Then, the feature transfer matrix is used on
training samples to transfer the original macro characteristics to target macro
characteristics. Finally, the nearest neighbor classifier is used for face
recognition. Our results based on popular databases FERET, ORL and Yale
demonstrate the superiority of the proposed LPP feature transfer based
one-sample face recognition algorithm when compared with popular single-sample
face recognition algorithms such as (PC)2A and Block FLDA.
A Shoulder Surfing Resistant Graphical Authentication
System
IEEE 2016 Web Security
Abstract:—Authentication based on passwords is used largely in
applications for computer security and privacy. However, human actions such as
choosing bad passwords and inputting passwords in an insecure way are regarded
as ”the weakest link” in the authentication chain. Rather than arbitrary
alphanumeric strings, users tend to choose passwords either short or meaningful
for easy memorization. With web applications and mobile apps piling up, people
can access these applications anytime and anywhere with various devices. This
evolution brings great convenience but also increases the probability of
exposing passwords to shoulder surfing attacks. Attackers can observe directly
or use external recording devices to collect users’ credentials. To overcome
this problem, we proposed a novel authentication system PassMatrix, based on
graphical passwords to resist shoulder surfing attacks. With a one-time valid
login indicator and circulative horizontal and vertical bars covering the
entire scope of pass-images, PassMatrix offers no hint for attackers to figure
out or narrow down the password even they conduct multiple camera-based
attacks. We also implemented a PassMatrix prototype on Android and carried out
real user experiments to evaluate its memorability and usability. From the
experimental result, the proposed system achieves better resistance to shoulder
surfing attacks while maintaining usability.
Captcha as Graphical Passwords—A New Security Primitive Based on Hard AI
Problems
Abstract— Many security primitives are based on
hard mathematical problems. Using hard AI problems for security is emerging as
an exciting new paradigm, but has been underexplored. In this paper, we present
a new security primitive based on hard AI problems, namely, a novel family of
graphical password systems built on top of Captcha technology, which we call
Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical
password scheme. CaRP addresses a number of security problems altogether, such
as online guessing attacks, relay attacks, and, if combined with dual-view
technologies, shoulder-surfing attacks. Notably, a CaRP password can be found
only probabilistically by automatic online guessing attacks even if the
password is in the search set. CaRP also offers a novel approach to address the
well-known image hotspot problem in popular graphical password systems, such as
Pass Points, that often leads to weak password choices. CaRP is not a panacea,
but it offers reasonable security and usability and appears to fit well with
some practical applications for improving online security.
2.Online Payment System using Steganography and Visual Cryptography
Abstract— A rapid
growth in E-Commerce market is seen in recent
time throughout the world. With ever increasing popularity of online shopping,
Debit or Credit card fraud and personal information security are major concerns
for customers, merchants and banks specifically in the case of CNP (Card Not Present).
This paper presents a new approach for providing limited information only that
is necessary for fund transfer during online shopping thereby safeguarding
customer data and increasing customer confidence and preventing
identity theft. The method uses combined application of steganography and visual
cryptography for this purpose.
Abstract— Equipped
with state-of-the-art smart phones and mobile devices, today’s highly
interconnected urban population is increasingly dependent on these gadgets to
organize and plan their daily lives. These applications often rely on current (or
preferred) locations of individual users or a group of users to provide the
desired service, which jeopardizes their privacy; users do not necessarily want
to reveal their current (or preferred) locations to the service provider or to
other, possibly untrusted, users. In this paper, we propose privacy-preserving
algorithms for determining an optimal meeting location for a group of users. We
perform a thorough privacy evaluation by formally quantifying privacy-loss of
the proposed approaches. In order to study the performance of our algorithms in
a real deployment, we implement and test their execution efficiency on Nokia smart
phones. By means of a targeted user-study, we attempt to get an insight into
the privacy-awareness of users in location based services and the usability of
the proposed solutions.
Abstract— Using
geo-social applications, such as Four Square, millions of people interact with
their surroundings through their friends and their recommendations. Without
adequate privacy protection, however, these systems can be easily misused,
e.g., to track users or target them for home invasion. In this paper, we introduce
LocX, a novel alternative that provides significantly-improved location privacy
without adding uncertainty into query results or relying on strong assumptions
about server security. Our key insight is to apply secure user-specific,
distance-preserving coordinate transformations to all location data shared with
the server. The friends of a user share this user’s secrets so they can apply
the same transformation. This allows all location queries to be evaluated
correctly by the server, but our privacy mechanisms guarantee that servers are
unable to see or infer the actual location data from the transformed data or
from the data access. We show that LocX provides privacy even against a
powerful adversary model, and we use prototype measurements to show that it
provides privacy with very little performance overhead, making it suitable for
today’s mobile devices.
Abstract— Distributed
computing is a method of computer processing in which different parts of a
program run simultaneously on two or more computers that are communicating with
each other over a system. Distributed computing is a type of segmented or
corresponding computing, but the last term is most usually used to refer to
dispensation in which different parts of a program run simultaneously on two or
more processors that are part of the same computer. Beside all this there is
security issues arise. Through insecure environment distribute the data to get
the leakage problem inside the network communication or exchanges the resources
of content information specification process. Previous system it cannot
provides any verification and validation results specification process. There
is no perfect encrypted format of data; it can contain less computational
resources of information. In present system we are going to implement robust
design with perfect security constraints. We also were implementing Linear
Programming Condition and Fully Homomorphic encryption technique.
Abstract— E-banking
services vitally need comprehensive secure and simple authentication methods in
order to be universally spread. In this paper, a new method of authentication
was propose and tested. This method uses templates in addition to passwords
which are received in registration process. Template provides benefits of
one-time passwords in practice, and can thwart common attacks of the context.
Template can be as simple as using week-days or even simpler, as parity of the
day. Each template can be added to the either end of passwords, therefore there
would be numerous templates with two possible positions each; which provide
security as well as simplicity. These templates can be changed by various
parameters, e.g. time, and generating different passwords. This method can
provides ease of use for users as well as security; which the former could be
important for a wide range of users such as the elder liess.
Abstract— Most of
the existing authentication system has certain drawbacks for that reason
graphical passwords are most preferable authentication system where users click
on images to authenticate themselves. An important usability goal of an authentication
system is to support users for selecting the better password. User creates
memorable password which is easy to guess by an attacker and strong system
assigned passwords are difficult to memorize. So researchers of modern days
gone through different alternative methods and conclude that graphical
passwords are most preferable authentication system. The proposed system
combines the existing cued click point technique with the persuasive feature to
influence user choice, encouraging user to select more random click point which
is difficult
to guess.
Abstract— Usable
security has unique usability challenges because the need for security often means
that standard human-computer-interaction approaches cannot be directly applied.
An important usability goal for authentication systems is to support users in
selecting better passwords. Users often create memorable passwords that are
easy for attackers to guess, but strong system-assigned passwords are difficult
for users to remember. So researchers of modern days have gone for alternative
methods wherein graphical pictures are used as passwords. Graphical passwords
essentially use images or representation of images as passwords. Human brain is
good in remembering picture than textual character. There are various graphical
password schemes or graphical password software in the market. However, very
little research has been done to analyze graphical passwords that are still
immature. There for, this project work merges persuasive cued click points and
password guessing resistant protocol. The major goal of this work is to reduce
the guessing attacks as well as encouraging users to select more random, and
difficult passwords to guess. Well known security threats like brute force
attacks and dictionary attacks can be successfully abolished using this method.
No comments:
Post a Comment