2021 18th International Conference on Privacy, Security and Trust (PST)最新文献

筛选
英文 中文
Epistemic Analysis of a Key-Management Vulnerability in LoRaWAN LoRaWAN中一个密钥管理漏洞的认知分析
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647741
Martha N. Kamkuemah
{"title":"Epistemic Analysis of a Key-Management Vulnerability in LoRaWAN","authors":"Martha N. Kamkuemah","doi":"10.1109/PST52912.2021.9647741","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647741","url":null,"abstract":"Smart devices in applications like remote sensing systems use the LoRaWAN protocol to connect with and transmit data to a central server. The device and server use the protocol’s handshake procedure to start a communication session and negotiate session encryption keys. However, session keys remain unchanged throughout communications with the server. Static session keys make the protocol vulnerable to attack. An intruder that compromises the session keys can decrypt past and future messages. This work studies the LoRaWAN handshake procedure, its security properties, namely mutual authentication and secrecy, and proposes a key exchange scheme to mitigate the session key vulnerability. It proposes epistemic definitions for the vital properties of mutual authentication and secrecy. To validate them, we prove that the handshake and new key exchange scheme satisfy these definitions. Based on this validation, we show that the protocol is secure. Finally, the work shows that the new key exchange scheme is feasible for devices with limited processing power, bandwidth, and memory.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115263910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
IoT Malware Detection Using Function-Call-Graph Embedding 基于函数调用图嵌入的物联网恶意软件检测
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647806
Chia-Yi Wu, Tao Ban, Shin-Ming Cheng, Bo Sun, Takeshi Takahashi
{"title":"IoT Malware Detection Using Function-Call-Graph Embedding","authors":"Chia-Yi Wu, Tao Ban, Shin-Ming Cheng, Bo Sun, Takeshi Takahashi","doi":"10.1109/PST52912.2021.9647806","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647806","url":null,"abstract":"In the era of rapid network development, IoT devices are being deployed more and more widely, and various kinds of malware programs are gradually appearing at the deployment level. As a widely adopted static analysis approach, structure based analysis such as graph embedding can capture the semantic features of malware binaries and has received much research attention. In this paper, to further improve the robustness of the graph embedding approaches to IoT malware detection, we propose a novel method that incorporates both local and global characterizing features extracted from Function-Call Graphs (FCG) to perform the detection. The caller-callee relationship represents the local semantic features, and the global statistic feature represents the graph’s structural characteristics. The performance of the proposed method is evaluated on a largescale dataset consisting of 112K malware and 89k benignware samples collected from seven CPU architectures. It shows a 99% accuracy on IoT malware detection, outperforming existing graph embedding solutions. Moreover, when CPU architecture is taken into consideration, the proposed method combined with support vector machine and multilayer perception classifier can yield even higher performance.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129678521","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Impact Of Environmental Conditions On Fingerprint Systems Performance 环境条件对指纹系统性能的影响
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647754
Abdarahmane Wone, Joël Di Manno, C. Charrier, C. Rosenberger
{"title":"Impact Of Environmental Conditions On Fingerprint Systems Performance","authors":"Abdarahmane Wone, Joël Di Manno, C. Charrier, C. Rosenberger","doi":"10.1109/PST52912.2021.9647754","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647754","url":null,"abstract":"Biometrics testing has for objective to determine the performance of a biometric system in order to guarantee security and user experience requirements. Providing trust in biometric systems is a key for many manufacturers. The performance is usually measured through the computation of matching scores between legitimate and impostor samples from a given database. Different bias in particular those linked to the environmental conditions can modify the performance of a biometric system. In this paper, we study the impact of acquisition conditions on fingerprint systems considering at the same time the quality and accuracy. We defined an own-made database controlling the acquisition conditions and we observe the behavior of three different matchers on these biometric data. Experimental results allow us to quantity their impact on performance and draw conclusions for testing biometric systems.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129929629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Designing Personalized OS Update Message based on Security Behavior Stage Model 基于安全行为阶段模型的个性化操作系统更新消息设计
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647792
Ayane Sano, Y. Sawaya, A. Yamada, A. Kubota, T. Isohara
{"title":"Designing Personalized OS Update Message based on Security Behavior Stage Model","authors":"Ayane Sano, Y. Sawaya, A. Yamada, A. Kubota, T. Isohara","doi":"10.1109/PST52912.2021.9647792","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647792","url":null,"abstract":"As one of the scales which assess the end-user’s security behavior, the security behavior stage model (SeBeST) [1] is a practical approach to characterize similar groups of users (precontemplation, contemplation, preparation, action and maintenance stages) and provide customized remedies to improve their security behavior. For example, in OS update message customization, a group that does not update OS continuously may require a message indicating the ease of OS update; on the other hand, updating users need a message indicating the importance of OS update. In this paper, we propose a personalized OS update message interface based on SeBeST. We conduct two online surveys to evaluate effective appearance and message as the personalized user interface (UI). First, we assess the interface’s appearance individually for the three behavior stages (preparation, action, and maintenance) and then combine the customized messages and the selected impressions for these stages. We confirmed that appropriate appearances are different for each stage. For example, a highlighted red button is efficient for users in the preparation stage. On the other hand, the red background is suitable for users of the action and maintenance stages. We discovered that the combination of the message indicating the disadvantage of the OS update and the UI which is the highlighted red button is suitable for the preparation and action stages. In addition, we confirmed the best combination for users of the maintenance stage is a message indicating the ease of OS update and the UI which is mouse over pop-up representation. Therefore, it is necessary for each user to show the appropriate message and UI.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127285420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
PIdARCI: Using Assembly Instruction Patterns to Identify, Annotate, and Revert Compiler Idioms 使用汇编指令模式来识别、注释和还原编译器习惯用法
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647781
Steffen Enders, M. Rybalka, Elmar Padilla
{"title":"PIdARCI: Using Assembly Instruction Patterns to Identify, Annotate, and Revert Compiler Idioms","authors":"Steffen Enders, M. Rybalka, Elmar Padilla","doi":"10.1109/PST52912.2021.9647781","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647781","url":null,"abstract":"Analysis of binary code is a building block of computer security. Especially in malware or firmware analysis where source code oftentimes is not available, techniques like decompilation are utilized to Figure out the functionality of binaries. During the optimization phase in modern compilers, human-readable expressions are often transformed into instruction sequences (compiler idioms or idioms) that may be more efficient in terms of speed or size than the direct translation. However, these transformations are often considerably worse in terms of readability for the analyst. Such compiler specific sequences are not only significantly longer than the apparent translation of the original high-level language operation but also have no trivial correlation to the original expression’s semantics. Modern decompilers address this issue by reverting idioms using static, manually crafted rules. In this paper, we introduce a novel approach to find and annotate arithmetic idioms with their corresponding high-level language expressions to significantly simplify manual analysis. In contrast to previous approaches, our method does not require manual work to create the patterns for matching idioms and significantly less manual labour to derive the transformation rules to calculate the original constants. In our evaluation, we compared the results of PIdARCI against the current academic and commercial state-of-the-art Ghidra, RetDec, and Hex Rays / IDA Pro. We show that PIdARCI matches more than 99% of all considered idioms, exceeding the matching rate of the other approaches.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122533472","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
A new approach for cross-silo federated learning and its privacy risks 跨竖井联合学习的新方法及其隐私风险
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647753
Michele Fontana, Francesca Naretto, A. Monreale
{"title":"A new approach for cross-silo federated learning and its privacy risks","authors":"Michele Fontana, Francesca Naretto, A. Monreale","doi":"10.1109/PST52912.2021.9647753","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647753","url":null,"abstract":"Federated Learning has witnessed an increasing popularity in the past few years for its ability to train Machine Learning models in critical contexts, using private data without moving them. Most of the approaches in the literature are focused on mobile environments, where mobile devices contain the data of single users, and typically deal with images or text data. In this paper, we define HOLDA, a novel federated learning approach tailored for training machine learning models on data distributed over federated organizations hierarchically organized. Our method focuses on the generalization capabilities of the neural network models, providing a new mechanism for selecting their best weights. In addition, it is tailored for tabular data. We empirically test the performance of our approach on two different tabular datasets, showing excellent results in terms of performance and generalization capabilities. Then, we also tackle the problem of assessing the privacy risk of users represented in the training data. In particular, we empirically show, by attacking the HOLDA models with the Membership Inference Attack, that the privacy of the users in the training data may have high risk.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116987359","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Evaluating the Current State of Application Programming Interfaces for Verifiable Credentials 评估可验证凭证的应用程序编程接口的当前状态
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647805
Nikesh Lalchandani, F. Jiang, J. Jeong, Y. Zolotavkin, R. Doss
{"title":"Evaluating the Current State of Application Programming Interfaces for Verifiable Credentials","authors":"Nikesh Lalchandani, F. Jiang, J. Jeong, Y. Zolotavkin, R. Doss","doi":"10.1109/PST52912.2021.9647805","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647805","url":null,"abstract":"One of the challenges to the adoption of the decentralised approach to digital ID is a lack of consensus and standardisation of how different stakeholders within the ecosystem can inter-operate. As a means to address this issue, we examine the use of standard application programming interfaces (API) to integrate decentralised digital identification systems to preexisting ones. We first examine the current literature and solutions to (a) assess the attributes necessary to compare and contrast APIs, and (b) create a list of API providers within the decentralised digital ID marketplace, (c) compare the API providers against the attributes established. Based on an API Usability and Adoption framework as our lens, we assessed 19 service providers of APIs against their use cases. We identified that whilst the APIs are maturing, the APIs remain inconsistent and poorly adopted. A clear standard API could assist in better adoption. The guidance provided can inform organisations implementing digital identity and VCs along their adoption journey","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124084799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Secure Allocation for Graph-Based Virtual Machines in Cloud Environments 云环境下基于图的虚拟机的安全分配
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647766
Mansour Aldawood, Arshad Jhumka
{"title":"Secure Allocation for Graph-Based Virtual Machines in Cloud Environments","authors":"Mansour Aldawood, Arshad Jhumka","doi":"10.1109/PST52912.2021.9647766","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647766","url":null,"abstract":"Cloud computing systems (CCSs) enable the sharing of physical computing resources through virtualisation, where a group of virtual machines (VMs) can share the same physical resources of a given machine. However, this sharing can lead to a so-called side-channel attack (SCA), widely recognised as a potential threat to CCSs. Specifically, malicious VMs can capture information from (target) VMs, i.e., those with sensitive information, by merely co-located with them on the same physical machine. As such, a VM allocation algorithm needs to be cognizant of this issue and attempts to allocate the malicious and target VMs onto different machines, i.e., the allocation algorithm needs to be security-aware. This paper investigates the allocation patterns of VM allocation algorithms that are more likely to lead to a secure allocation. A driving objective is to reduce the number of VM migrations during allocation. We also propose a graph-based secure VMs allocation algorithm (GbSRS) to minimise SCA threats. Our results show that algorithms following a stacking-based behaviour are more likely to produce secure VMs allocation than those following spreading or random behaviours.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129215132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Fool Me Once: A Study of Password Selection Evolution over the Past Decade 《骗我一次:过去十年密码选择演变研究》
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647823
Rahul Dubey, Miguel Vargas Martin
{"title":"Fool Me Once: A Study of Password Selection Evolution over the Past Decade","authors":"Rahul Dubey, Miguel Vargas Martin","doi":"10.1109/PST52912.2021.9647823","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647823","url":null,"abstract":"Passwords have been around for many decades and have tenaciously remained the primary means of identification and authentication. Assuming that the communication channel is not intercepted, the strength of security provided by passwords is largely dependent on two factors: password selection and password storage mechanism. While both areas have been looked into by researchers in the past, there is no consensus to suggest whether or not humanity has moved towards choosing stronger passwords, notwithstanding strong password enforcement policies. One of the key reasons behind this shortcoming is the lack of data about individual credentials in leaked datasets, which usually contain only usernames and passwords. To the best of our knowledge, we are the first researchers to enrich the attribute set of any user credential database, thus allowing deeper insights. We outline the method we devised for adding new attributes (time-stamp and source inference) to a dataset of 1.4 billion user credentials. Subsequently, we use our modified dataset to determine how passwords have evolved overtime with respect to strength and whether humankind as a whole has learned from its past mistakes.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116974587","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Using CGAN to Deal with Class Imbalance and Small Sample Size in Cybersecurity Problems 用CGAN处理网络安全问题中的类不平衡和小样本量
2021 18th International Conference on Privacy, Security and Trust (PST) Pub Date : 2021-12-13 DOI: 10.1109/PST52912.2021.9647807
Ehsan Nazari, Paula Branco, Guy-Vincent Jourdan
{"title":"Using CGAN to Deal with Class Imbalance and Small Sample Size in Cybersecurity Problems","authors":"Ehsan Nazari, Paula Branco, Guy-Vincent Jourdan","doi":"10.1109/PST52912.2021.9647807","DOIUrl":"https://doi.org/10.1109/PST52912.2021.9647807","url":null,"abstract":"Predictive modelling in cybersecurity domains usually involves dealing with complex settings. The class imbalance problem is a well-know challenge typically present in the cybersecurity domain. For instance, in a real-world intrusion detection scenario, the number of attacks is expected to be a a very small percentage of the normal cases. Moreover, in these applications, the number of available examples labelled is also small due to the complexity and cost of the labelling process: teams of domain experts need to be involved in the process which becomes expensive, time consuming and prone to errors. To address these problems is critical to the success of predictive modelling in cybersecurity applications. In this paper we tackle the class imbalance and small sample size through the use of a CGAN-based up-sampling procedure. We carry out an extensive set of experiments that show the positive impact of applying this solution to address the class imbalance and small sample size problems. A large data repository is built and freely provided to the research community containing 114 binary datasets based on real-world cybersecurity problems that are generated with diversified levels of imbalance and sample size. Our experiments show a clear advantage of using the CGAN-based up-sampling method specially for situations where the sample size is small and there is a large imbalance between the problem classes. In the most critical scenarios associated with extreme rarity and very small sample size, an impressive performance boost is achieved. We also explore the behaviour of this approach when the presence of these problems is less marked and we found that, while CGAN-based up-sampling is not able to further improve the minority class performance, it also has no negative impact. Thus, it is a safe to use solution, also in these scenarios.","PeriodicalId":144610,"journal":{"name":"2021 18th International Conference on Privacy, Security and Trust (PST)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124830438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信