Leak Users Research Articles

Revocable and anonymous searchable encryption in multi‐user setting

SummaryWith powerful storage and computing capacities provided by cloud server provider(CSP), cloud customers can relieve from heavy storage and maintenance burden in cloud computing. Therefore, searchable encryption(SE) technology becomes a fundamental solution to search over encrypted data in outsourcing service. However, the genuine safety of SE schemes should concentrate not only on keyword privacy but also on user privacy as information tracking may leak user identity. For example, in the personal health record system, the malicious CSP may match sensitive disease information(cancer or AIDS) with certain patient. In addition, practical SE scheme should not be confined to single‐user setting because of its limitations. While SE schemes applied to multi‐user setting may result in additional secret key and ciphertext updating burden due to frequent user revocation. Along this direction, we define a revocable and anonymous SE scheme in multiple‐user setting, which is scalable and efficient in user revocation and anonymity. Security analysis shows that our scheme is Anonymous‐Revocable‐ID‐CPA secure under Decision Bilinear Diffie–Hellman assumption and is able to effectively resist decryption key exposure threat. Copyright © 2015 John Wiley & Sons, Ltd.

High-dimension space projection-based biometric encryption for fingerprint with fuzzy minutia

Biometric identification has caused a multitude of problems in the networking environment, such as the storage of user's biometric template and the leakage of user's privacy, therefore, biometric encryption has been the focus of the recent studies which are based on Fuzzy Vault, Fuzzy Commitment, and dynamic key generation. However, due to fuzzy information inherent biological characteristics, essentially deterministic analysis techniques, Fuzzy Vault, and Fuzzy Commitment have been accused of stored biometric templates and short keys. Fuzzy Information Processing needs suitable technology, such as fuzzy logic, to obtain better results. In this paper, we propose a new fingerprint encryption scheme which utilizes the high-dimension space projection. Unlike the reliance on biometric templates in Fuzzy Vault-based scheme or "encrypted" templates in Fuzzy Commitment-based scheme, this new scheme, similar to the dynamic biometric key generation scheme, protects biometric key in a polynomial, and hence saves "nothing" on the biometric characteristics. Thus, it integrates the advantages of Fuzzy Vault, Fuzzy Commitment, and dynamic key generation into one scheme.

Detection of repackaged mobile applications through a collaborative approach

SummaryRepackaged applications are based on genuine applications, but they subtlety include some modifications. In particular, trojanized applications are one of the most dangerous threats for smartphones. Malware code may be hidden inside applications to access private data or to leak user credit. In this paper, we propose a contract‐based approach to detect such repackaged applications, where a contract specifies the set of legal actions that can be performed by an application. Current methods to generate contracts lack information from real usage scenarios, thus being inaccurate and too coarse‐grained. This may result either in generating too many false positives or in missing misbehaviors when verifying the compliance between the application and the contract. In the proposed framework, application contracts are generated dynamically by a central server merging execution traces collected and shared continuously by collaborative users executing the application. More precisely, quantitative information extracted from execution traces is used to define a contract describing the expected application behavior, which is deployed to the cooperating users. Then, every user can use the received contract to check whether the related application is either genuine or repackaged. Such a verification is based on an enforcement mechanism that monitors the application execution at run‐time and compares it against the contract through statistical tests. Copyright © 2014 John Wiley & Sons, Ltd.

안드로이드 모바일 단말에서의 실시간 이벤트 유사도 기반 트로이 목마 형태의 악성 앱 판별 메커니즘

안드로이드 기반 모바일 단말 사용자가 증가함에 따라 다양한 형태의 어플리케이션이 개발되어 안드로이드 마켓에 배포되고 있다. 하지만 오픈 마켓 또는 3rd party 마켓을 통해 악성 어플리케이션이 제작 및 배포되면서 안드로이드 기반 모바일 단말에 대한 보안 취약성 문제가 발생하고 있다. 대부분의 악성 어플리케이션 내에는 트로이 목마(Trojan Horse) 형태의 악성코드가 삽입되어 있어 모바일 단말 사용자 모르게 단말내 개인정보와 금융정보 등이 외부 서버로 유출된다는 문제점이 있다. 따라서 급격히 증가하고 있는 악성 모바일 어플리케이션에 의한 피해를 최소화하기 위해서는 능동적인 대응 메커니즘 개발이 필요하다. 이에 본 논문에서는 기존 악성 앱 탐지 기법의 장단점을 분석하고 안드로이드 모바일 단말내에서 실시간 이용시 발생하는 이벤트를 수집한 후 Jaccard 유사도를 중심으로 악성 어플리케이션을 판별하는 메커니즘을 제시하고 이를 기반으로 임의의 모바일 악성 앱에 대한 판별 결과를 제시하였다. Large number of Android mobile application has been developed and deployed through the Android open market by increasing android-based smart work device users recently. But, it has been discovered security vulnerabilities on malicious applications that are developed and deployed through the open market or 3rd party market. There are issues to leak user's personal and financial information in mobile devices to external server without the user's knowledge in most of malicious application inserted Trojan Horse forms of malicious code. Therefore, in order to minimize the damage caused by malignant constantly increasing malicious application, it is required a proactive detection mechanism development. In this paper, we analyzed the existing techniques' Pros and Cons to detect a malicious application and proposed discrimination and detection result using malicious application discrimination mechanism based on Jaccard similarity after collecting events occur in real-time execution on android-mobile devices.

An Indirect Fingerprint Authentication Scheme in Cloud Computing

The cloud computing offers dynamically scalable online resources provisioned as a service over the Internet cheaply. However, the security challenges it poses are equally striking. The reliable user authentication techniques are required to combat the rising security threat in cloud communications. Due to the non-denial requirements of remote user authentication scheme, it is most commonly achieved using some form of biometrics-based method. Fingerprint authentication is one of the popular and effective approaches to allow the only authorized users to access the cryptographic keys. While the critical issue in remote biometric cryptosystem is to protect the template of a user stored in a database. The biometric template is not secure and the stolen templates cannot be revoked, which is easy to leak user identity information. To overcome these shortcomings, in this paper, an indirect fingerprint authentication scheme is proposed. Further, we apply this secure scheme to the cloud system combing with PKI mechanism. At last, a comprehensive and detailed security analysis of the proposed scheme in cloud computing is provided.

Runtime-Based Behavior Dynamic Analysis System for Android Malware Detection

The most serious threats for Android users is come from application, However, the market lack a mechanism to validate whether these applications are malware or not. So, malware maybe leak users private information, malicious deductions for send premium SMS, get root privilege of the Android system and so on. In the traditional method of malware detection, signature is the only basis. It is far enough. In this paper, we propose a runtime-based behavior dynamic analysis for Android malware detection. The new scheme can be implemented as a system. We analyze 350 applications come from third-party Android market, the result show that our system can effectively detect unknown malware and the malicious behavior of malware.

모바일 환경에서 사용자 정보를 이용한 스토리 생성 방법

ABSTRACT Mobile device can get useful user information, because users ha ve always this device. In this paper, we propose automatically story generation method and user topic extraction using user information in mobile environment. Proposed method is follows: (1) We c ollect user action information in mobile device. Then, (2) we extract topics from collected information. (3) For the results of (2), we determine episodes for one day. Then, (4) we generate sentences using sen tence templates and we compose stories which have theme-based or time-based. Because proposed method is simpler than previous method, proposed method can work only in mobile device. There’s no room to leak user information. And proposed method is expres sed more informative than previous method, because proposed method is provided sentence-based result. Extracted user-topic, a result of our method, can use to analyze user action and user preference. ☞ keyword : Sentence Generation, Information Extraction, Mobile Context, Natural Language Processing