In the user identification (UI) scheme for a multiple-access fading channel based on a randomly generated (0, 1, -1)-signature code, previous studies used the signature code over a noisy multiple-access adder channel, and only the user state information (USI) was decoded by the signature decoder. However, by considering the communication model as a compressed sensing process, it is possible to estimate the channel coefficients while identifying users. In this study, to improve the efficiency of the decoding process, we propose an iterative deep neural network (DNN)-based decoder. Simulation results show that for the randomly generated (0, 1, -1)-signature code, the proposed DNN-based decoder requires less computing time than the classical signal recovery algorithm used in compressed sensing while achieving higher UI and channel estimation (CE) accuracies.

This paper presents a practical side-channel attack that identifies the social web service account of a visitor to an attacker's website. Our attack leverages the widely adopted user-blocking mechanism, abusing its inherent property that certain pages return different web content depending on whether a user is blocked from another user. Our key insight is that an account prepared by an attacker can hold an attacker-controllable binary state of blocking/non-blocking with respect to an arbitrary user on the same service; provided that the user is logged in to the service, this state can be retrieved as one-bit data through the conventional cross-site timing attack when a user visits the attacker's website. We generalize and refer to such a property as visibility control, which we consider as the fundamental assumption of our attack. Building on this primitive, we show that an attacker with a set of controlled accounts can gain a complete and flexible control over the data leaked through the side channel. Using this mechanism, we show that it is possible to design and implement a robust, large-scale user identification attack on a wide variety of social web services. To verify the feasibility of our attack, we perform an extensive empirical study using 16 popular social web services and demonstrate that at least 12 of these are vulnerable to our attack. Vulnerable services include not only popular social networking sites such as Twitter and Facebook, but also other types of web services that provide social features, e.g., eBay and Xbox Live. We also demonstrate that the attack can achieve nearly 100% accuracy and can finish within a sufficiently short time in a practical setting. We discuss the fundamental principles, practical aspects, and limitations of the attack as well as possible defenses. We have successfully addressed this attack by collaborative working with service providers and browser vendors.

A recursive construction of (k+1)-ary error-correcting signature code is proposed to identify users for MAAC, even in the presence of channel noise. The recursion is originally from a trivial signature code. In the (j-1)-th recursion, from a signature code with minimum distance of 2j-2, a longer and larger signature code with minimum distance of 2j-1 is obtained. The decoding procedure of signature code is given, which consists of error correction and user identification.

In 1998, Tseng and Jan proposed a lightweight interactive user identification protocol based on ID-based cryptography. Recently, Hwang et al. modified their protocol to reduce the responding and waiting time for wireless network applications. In this letter, we show that their scheme is vulnerable to impersonation attacks.