Recently, criminals frequently utilize logical attacks to Automated Teller Machines (ATMs) and financial institutes' (FIs') networks to steal cash. We proposed a security measure utilizing peripheral devices in an ATM for smart card transactions to prevent “unauthorized cash withdrawals” of logical attacks, and the fundamental framework as a generalized model of the measure in other paper. As the measure can prevent those logical attacks with tamper-proof hardware, it is quite difficult for criminals to compromise the measure. However, criminals can still carry out different types of logical attacks to ATMs, such as “unauthorized deposit”, to steal cash. In this paper, we propose a security measure utilizing peripheral devices to prevent unauthorized deposits with a smart card. The measure needs to protect multiple transaction sub-processes in a deposit transaction from multiple types of logical attacks and to be harmonized with existing ATM system/operations. A suitable implementation of the fundamental framework is required for the measure and such implementation design is confusing due to many items to be considered. Thus, the measure also provides an implementation model analysis of the fundamental framework to derive suitable implementation for each defense point in a deposit transaction. Two types of measure implementation are derived as the result of the analysis.

Currently, mobile terminals face serious security threats. A Trusted Execution Environment (TEE) which can provide an isolated execution environment for sensitive workloads, is seen as a trusted relay for providing security services for any mobile application. However, mobile TEE's architecture design and implementation strategy are not unbreakable at present. The existing researches lack of detect mechanisms for attack behaviour and malicious software. This paper proposes a Malicious code Detection scheme for Trusted Execution Environment based on Homomorphic Encryption (HE-TEEMD), which is a novel detection mechanism for data and code in the trusted execution environment. HE-TEEMD uses the Paillier additive homomorphic algorithm to implement the signature matching and transmits the ciphertext information generated in the TEE to the normal world for detection by the homomorphism and randomness of the homomorphic encryption ciphertext. An experiment and security analysis proves that our scheme can achieve malicious code detection in the secure world with minimal cost. Furthermore, evaluation parameters are introduced to address the known plaintext attack problem of privileged users.

Unlike black-box cryptography, an adversary in a white-box security model has full access to the implementation of the cryptographic algorithm. Thus, white-box implementation of cryptographic algorithms is more practical. Nevertheless, in recent years, there is no white-box implementation for public key cryptography. In this paper, we propose the first white-box implementation of the identity-based signature scheme in the IEEE P1363 standard. Our main idea is to hide the private key to multiple lookup tables, so that the private key cannot be leaked during the algorithm executed in the untrusted environment. We prove its security in both black-box and white-box models. We also evaluate the performance of our white-box implementations, in order to demonstrate utility for real-world applications.

This paper presents a practical side-channel attack that identifies the social web service account of a visitor to an attacker's website. Our attack leverages the widely adopted user-blocking mechanism, abusing its inherent property that certain pages return different web content depending on whether a user is blocked from another user. Our key insight is that an account prepared by an attacker can hold an attacker-controllable binary state of blocking/non-blocking with respect to an arbitrary user on the same service; provided that the user is logged in to the service, this state can be retrieved as one-bit data through the conventional cross-site timing attack when a user visits the attacker's website. We generalize and refer to such a property as visibility control, which we consider as the fundamental assumption of our attack. Building on this primitive, we show that an attacker with a set of controlled accounts can gain a complete and flexible control over the data leaked through the side channel. Using this mechanism, we show that it is possible to design and implement a robust, large-scale user identification attack on a wide variety of social web services. To verify the feasibility of our attack, we perform an extensive empirical study using 16 popular social web services and demonstrate that at least 12 of these are vulnerable to our attack. Vulnerable services include not only popular social networking sites such as Twitter and Facebook, but also other types of web services that provide social features, e.g., eBay and Xbox Live. We also demonstrate that the attack can achieve nearly 100% accuracy and can finish within a sufficiently short time in a practical setting. We discuss the fundamental principles, practical aspects, and limitations of the attack as well as possible defenses. We have successfully addressed this attack by collaborative working with service providers and browser vendors.

Software-Defined Networking (SDN) enables flexible deployment and innovation of new networking applications by decoupling and abstracting the control and data planes. It has radically changed the concept and way of building and managing networked systems, and reduced the barriers to entry for new players in the service markets. It is considered to be a promising solution providing the scale and versatility necessary for IoT. However, SDN may also face many challenges, i.e., the centralized control plane would be a single point of failure. With the advent of blockchain technology, blockchain-based SDN has become an emerging architecture for securing a distributed network environment. Motivated by this, in this work, we summarize the generic framework of blockchain-based SDN, discuss security challenges and relevant solutions, and provide insights on the future development in this field.

Threat object recognition in x-ray security images is one of the important practical applications of computer vision. However, research in this field has been limited by the lack of available dataset that would mirror the practical setting for such applications. In this paper, we present a novel GAN-based anomaly detection (GBAD) approach as a solution to the extreme class-imbalance problem in multi-label classification. This method helps in suppressing the surge in false positives induced by training a CNN on a non-practical dataset. We evaluate our method on a large-scale x-ray image database to closely emulate practical scenarios in port security inspection systems. Experiments demonstrate improvement against the existing algorithm.

Secret key generation based on channel characteristics is an effective physical-layer security method for 5G wireless networks. The issues of how to ensure the high key generation rate and correlation of the secret key under active attack are needed to be addressed. In this paper, a new practical secret key generation scheme with high rate and correlation is proposed. In our proposed scheme, Alice and Bob transmit independent random sequences instead of known training sequences or probing signals; neither Alice nor Bob can decode these random sequences or estimate the channel. User's random sequences together with the channel effects are used as common random source to generate the secret key. With this solution, legitimate users are able to share secret keys with sufficient length and high security under active attack. We evaluate the proposed scheme through both analytic and simulation studies. The results show that our proposed scheme achieves high key generation rate and key security, and is suitable for 5G wireless networks with resource-constrained devices.

A low-complexity time-invariant angle-range dependent directional modulation (DM) based on time-modulated frequency diverse array (TM-FDA-DM) is proposed to achieve point-to-point physical layer security communications. The principle of TM-FDA is elaborated and the vector synthesis method is utilized to realize the proposal, TM-FDA-DM, where normalization and orthogonal matrices are designed to modulate the useful baseband symbols and inserted artificial noise, respectively. Since the two designed matrices are time-invariant fixed values, which avoid real-time calculation, the proposed TM-FDA-DM is much easier to implement than time-invariant DMs based on conventional linear FDA or logarithmical FDA, and it also outperforms the time-invariant angle-range dependent DM that utilizes genetic algorithm (GA) to optimize phase shifters on radio frequency (RF) frontend. Additionally, a robust synthesis method for TM-FDA-DM with imperfect angle and range estimations is proposed by optimizing normalization matrix. Simulations demonstrate that the proposed TM-FDA-DM exhibits time-invariant and angle-range dependent characteristics, and the proposed robust TM-FDA-DM can achieve better BER performance than the non-robust method when the maximum range error is larger than 7km and the maximum angle error is larger than 4°.

Let us consider a situation where someone wants to encrypt his/her will on an existing blockchain, e.g. Bitcoin, and allow an encrypted will to be decryptable only if designated members work together. At a first glance, such a property seems to be easily provided by using conventional threshold encryption. However, this idea cannot be straightforwardly implemented since key pairs for an encryption mechanism is additionally required. In this paper, we propose a new threshold encryption scheme in which key pairs for ECDSA that are already used in the Bitcoin protocol can be directly used as they are. Namely, a unique key pair can be simultaneously used for both ECDSA and our threshold encryption scheme without losing security. Furthermore, we implemented our scheme on the Bitcoin regtest network, and show that it is fairly practical. For example, the execution time of the encryption algorithm Enc (resp., the threshold decryption algorithm Dec) is 0.2sec. (resp., 0.3sec.), and the total time is just only 3sec. including all the cryptographic processes and network communications for a typical parameter setting. Also, we discuss several applications of our threshold encryption scheme in detail: Claiming priority of intellectual property, sealed-bid auction, lottery, and coin tossing service.

Chosen-ciphertext security is a central goal in designing a secure public-key encryption scheme, and it is also important that the chosen-ciphertext security is tightly reduced to some well-established hard problem. Moreover, it is more important to have a tight reduction in the multi-user multi-challenge setting, since a tight security reduction in the single-user single-challenge setting generally does not imply a tight reduction to the multi-user multi-challenge setting. We propose the first fully tightly secure and practical public-key encryption scheme which is chosen-ciphertext secure in the multi-user multi-challenge setting in the random oracle model. The scheme is proven secure under the decisional Diffie-Hellman assumption in a pairing-free group. The ciphertext overhead of our scheme is two group elements and two exponents.

In this paper, we revisit related-key security of TWINE block cipher with 80-bit and 128-bit keys. Using an MILP-aided automatic search algorithm, we point out the previous evaluation of TWINE with a 80-bit key is wrong, and give a corrected evaluation result. Besides, we show a first security evaluation of TWINE with a 128-bit key in the related-key setting, which was infeasible due to the high computation cost in the original proposal.

In this letter, we investigate the secure transmission in radio frequency (RF) powered two-hop untrusted relay networks, where the source node and untrusted relay are both wireless powered by an RF power supplier. Specifically, considering the non-linear energy-harvesting (EH) model, the two-process communication protocol is proposed. The secrecy rate is maximized by jointly designing the beamforming vector at source and beamforming matrix at relay, under the constraints of transmit power at RF power supplier and destination. The secrecy rate maximization (SRM) is non-convex, hence we propose an alternative optimization (AO) based iterative algorithm. Numerical results demonstrate that the proposed scheme can significantly increase the secrecy rate compared to the baseline schemes.

We present a constant-size signature scheme under the CDH assumption. It has a tighter security reduction than any other constant-size signature scheme with a security reduction to solving some intractable search problems. Hofheinz, Jager, and Knapp (PKC 2012) presented a constant-size signature scheme under the CDH assumption with a reduction loss of O(q), where q is the number of signing queries. They also proved that the reduction loss of O(q) is optimal in a black-box security proof. To the best of our knowledge, no constant-size signature scheme has been proposed with a tighter reduction (to the hardness of a search problem) than that proposed by Hofheinz et al., even if it is not re-randomizable. We remark that our scheme is not re-randomizable. We achieve the reduction loss of O(q/d), where d is the number of group elements in a public key.

In this paper, we investigate a novel joint multi-relay and jammer selection (JMRJS) scheme in order to improve the physical layer security of wireless networks. In the JMRJS scheme, all the relays succeeding in source decoding are selected to assist in the source signal transmission and meanwhile, all the remaining relay nodes are employed to act as friendly jammers to disturb the eavesdroppers by broadcasting artificial noise. Based on the more general Nakagami-m fading channel, we analyze the security performance of the JMRJS scheme for protecting the source signal against eavesdropping. The exact closed-form expressions of outage probability (OP) and intercept probability (IP) for the JMRJS scheme over Nakagami-m fading channel are derived. Moreover, we analyze the security-reliability tradeoff (SRT) of this scheme. Simulation results show that as the number of decode-and-forward (DF)relay nodes increases, the SRT of the JMRJS scheme improves notably. And when the transmit power is below a certain value, the SRT of the JMRJS scheme consistently outperforms the joint single-relay and jammer selection (JSRJS) scheme and joint equal-relay and jammer selection (JERJS) scheme respectively. In addition, the SRT of this scheme is always better than that of the multi-relay selection (MRS) scheme.

We have proposed a generic architecture that can integrate the aspects of confidentiality and integrity into the A/D conversion framework. A conceptual account of the development of the proposed architecture is presented. Using the principle of this architecture we have presented a CMOS circuit design to facilitate a fully integrated Authenticated-Encrypted ADC (AE-ADC). We have implemented and demonstrated a partial 8-bit ADC Analog Front End of this proposed circuit in 0.18µm CMOS with an ENOB of 7.64 bits.

We propose a rootkit installation method inside a GPU kernel execution process which works through GPU context manipulation. In GPU-based applications such as deep learning computations and cryptographic operations, the proposed method uses the feature by which the execution flow of the GPU kernel obeys the GPU context information in GPU memory. The proposed method consists of two key ideas. The first is GPU code manipulation, which is able to hijack the execution flow of the original GPU kernel to execute an injected payload without affecting the original GPU computation result. The second is a self-page-table update execution during which the GPU kernel updates its page table to access any location in system memory. After the installation, the malicious payload is executed only in the GPU kernel, and any no evidence remains in system memory. Thus, it cannot be detected by conventional rootkit detection methods.

In this letter, we investigate a design of efficient antenna allocation at the full duplex receiver (FDR) in a multi-input multi-output multi-eavesdropper (MIMOME) wiretap channel for physical layer security improvement. Specifically, we propose the allocation which are feasible for the practical scenario with self-interference (SI) taken into account, because the jamming signals from FDR not only confuse the eavesdropper but also inevitably cause SI at the FDR. Due to the nolinear and coupling of the antenna allocation optimization problem, we transform the original problem into an integer programming problem. Then, we derive the optimal solution and the corresponding beamforming matrices in closed-form by means of combining spatial alignment and null-space projection method. Furthermore, we present the feasibility condition and full-protection condition, which offer insight into principles that enable more efficient and effective use of FDR in the wiretap channel for security improvement. From the simulation results, we validate the theoretical analysis and demonstrate the outstanding performance of the proposed antennas allocation at FDR.

Due to the depletion of the public IPv4 address pool, the transition to IPv6 became inevitable. However, this ongoing transition is taking a long time, and the two incompatible versions of the Internet Protocol must coexist. Different IPv6 transition technologies were developed, which can be used to enable communication in various scenarios, but they also involve additional security issues. In this paper, first, we introduce our methodology for analyzing the security of IPv6 transition technologies in a nutshell. Then, we develop a priority classification method for the ranking of different IPv6 transition technologies and their most important implementations, so that the vulnerabilities of the most crucial ones may be examined first. Next, we conduct a comprehensive survey of the existing IPv6 transition technologies by describing their application scenarios and the basics of their operation and we also determine the priorities of their security analysis according to our ranking system. Finally, we show that those IPv6 transition technologies that we gave high priorities, cover the most relevant scenarios.

Along with the proliferation of IoT (Internet of Things) devices, cyberattacks towards them are on the rise. In this paper, aiming at efficient precaution and mitigation of emerging IoT cyberthreats, we present a multimodal study on applying machine learning methods to characterize malicious programs which target multiple IoT platforms. Experiments show that opcode sequences obtained from static analysis and API sequences obtained by dynamic analysis provide sufficient discriminant information such that IoT malware can be classified with near optimal accuracy. Automated and accelerated identification and mitigation of new IoT cyberthreats can be enabled based on the findings reported in this study.

The security of elliptic curve cryptography is closely related to the computational complexity of the elliptic curve discrete logarithm problem (ECDLP). Today, the best practical attacks against ECDLP are exponential-time generic discrete logarithm algorithms such as Pollard's rho method. A recent line of inquiry in index calculus for ECDLP started by Semaev, Gaudry, and Diem has shown that, under certain heuristic assumptions, such algorithms could lead to subexponential attacks to ECDLP. In this study, we investigate the computational complexity of ECDLP for elliptic curves in various forms — including Hessian, Montgomery, (twisted) Edwards, and Weierstrass representations — using index calculus. Using index calculus, we aim to determine whether there is any significant difference in the computational complexity of ECDLP for elliptic curves in various forms. We provide empirical evidence and insight showing an affirmative answer in this paper.