FPGAPRO: A Defense Framework Against Crosstalk-Induced Secret Leakage in FPGA

With the emerging cloud-computing development, FPGAs are being integrated with cloud servers for higher performance. Recently, it has been explored to enable multiple users to share the hardware resources of a remote FPGA, i.e., to execute their own applications simultaneously. Although being a promising technique, multi-tenant FPGA unfortunately brings its unique security concerns. It has been demonstrated that the capacitive crosstalk between FPGA long-wires can be a side-channel to extract secret information, giving adversaries the opportunity to implement crosstalk-based side-channel attacks. Moreover, recent work reveals that medium-wires and multiplexers in configurable logic block (CLB) are also vulnerable to crosstalk-based information leakage. In this work, we propose FPGAPRO: a defense framework leveraging P lacement, R outing, and O bfuscation to mitigate the secret leakage on FPGA components, including long-wires, medium-wires, and logic elements in CLB. As a user-friendly defense strategy, FPGAPRO focuses on protecting the security-sensitive instances meanwhile considering critical path delay for performance maintenance. As the proof-of-concept, the experimental result demonstrates that FPGAPRO can effectively reduce the crosstalk-caused side-channel leakage by 138 times. Besides, the performance analysis shows that this strategy prevents the maximum frequency from timing violation.

Management Problems in Global Crowdsourcing

The study aimed to develop recommendations for the optimization of settings in which the crowdsourcing project takes place. Findings show that crowdfunding projects are hybrid and include the elements of crowdsourcing, crowdsensing, crowdfunding, crowdworking, and crowdsourced recruitment. The predominant role of security guarantees was identified. It turned out that relations irreducible to a simple hierarchy pose many challenges. The results indicate that leading issues include the lack of financial guarantees and the likelihood of information leakage to competitors. Hence, the priority is to manage the exchange of money and information. An interesting finding demonstrates a positive correlation between project success, ethical conduct, and fair distribution of gains. The protection of intellectual property rights was no less important. As it was concluded in the course of analysis, the more successful the project, the more thoroughly it addresses the protection of someone else's intellectual property.

Management Problems in Global Crowdsourcing

The study aimed to develop recommendations for the optimization of settings in which the crowdsourcing project takes place. Findings show that crowdfunding projects are hybrid and include the elements of crowdsourcing, crowdsensing, crowdfunding, crowdworking, and crowdsourced recruitment. The predominant role of security guarantees was identified. It turned out that relations irreducible to a simple hierarchy pose many challenges. The results indicate that leading issues include the lack of financial guarantees and the likelihood of information leakage to competitors. Hence, the priority is to manage the exchange of money and information. An interesting finding demonstrates a positive correlation between project success, ethical conduct, and fair distribution of gains. The protection of intellectual property rights was no less important. As it was concluded in the course of analysis, the more successful the project, the more thoroughly it addresses the protection of someone else's intellectual property.

Survey on Reverse-Engineering Tools for Android Mobile Devices

With the presence of the Internet and the frequent use of mobile devices to send several transactions that involve personal and sensitive information, it becomes of great importance to consider the security aspects of mobile devices. And with the increasing use of mobile applications that are utilized for several purposes such as healthcare or banking, those applications have become an easy and attractive target for attackers who want to get access to mobile devices and obtain users’ sensitive information. Developing a secure application is very important; otherwise, attackers can easily exploit vulnerabilities in mobile applications which lead to serious security issues such as information leakage or injecting applications with malicious programs to access user data. In this paper, we survey the literature on application security on mobile devices, specifically mobile devices running on the Android platform, and exhibit security threats in the Android system. In addition, we study many reverse-engineering tools that are utilized to exploit vulnerabilities in applications. We demonstrate several reverse-engineering tools in terms of methodology, security holes that can be exploited, and how to use these tools to help in developing more secure applications.

Function Computation under Privacy, Secrecy, Distortion, and Communication Constraints

The problem of reliable function computation is extended by imposing privacy, secrecy, and storage constraints on a remote source whose noisy measurements are observed by multiple parties. The main additions to the classic function computation problem include (1) privacy leakage to an eavesdropper is measured with respect to the remote source rather than the transmitting terminals’ observed sequences; (2) the information leakage to a fusion center with respect to the remote source is considered a new privacy leakage metric; (3) the function computed is allowed to be a distorted version of the target function, which allows the storage rate to be reduced compared to a reliable function computation scenario, in addition to reducing secrecy and privacy leakages; (4) two transmitting node observations are used to compute a function. Inner and outer bounds on the rate regions are derived for lossless and lossy single-function computation with two transmitting nodes, which recover previous results in the literature. For special cases, including invertible and partially invertible functions, and degraded measurement channels, exact lossless and lossy rate regions are characterized, and one exact region is evaluated as an example scenario.

User Authentication Method via Speaker Recognition and Speech Synthesis Detection

As the Internet has been developed, various online services such as social media services are introduced and widely used by many people. Traditionally, many online services utilize self-certification methods that are made using public certificates or resident registration numbers, but it is found that the existing methods pose the risk of recent personal information leakage accidents. The most popular authentication method to compensate for these problems is biometric authentication technology. The biometric authentication techniques are considered relatively safe from risks like personal information theft, forgery, etc. Among many biometric-based methods, we studied the speaker recognition method, which is considered suitable to be used as a user authentication method of the social media service usually accessed in the smartphone environment. In this paper, we first propose a speaker recognition-based authentication method that identifies and authenticates individual voice patterns, and we also present a synthesis speech detection method that is used to prevent a masquerading attack using synthetic voices.

Systematic Regulation of Personal Information Rights in the Era of Big Data

Big data has an important impact on people’s production and life. The existing legal and judicial protection, sanctions, and mechanisms for the enforcement of information rights have proved insufficient to stem the serious consequences of rampant leakage and illegal activity. Based on Information Full Life Cycle Theory, this article combines qualitative analysis with quantitative analysis, uses data from the Survey Report on App Personal Information Leakage released by China Consumers Association as an example, and finds that illegal access, illegal provisions, and illegal transactions have become important sources of personal information leakage. The main reasons for this problem include limitations of the technologies used, the falsification of informed consent, the lag of legislative protections, and a lack of administrative supervision. Systematic regulation of the right to protect personal information should include a variety of initiatives. First, it should be used to identify who to protect and how to protect them. Second, there needs to be a shift from identifiable subject regulations to risk control. Third, legislation needs to be comprehensive, entailing a shift from fragmented to systemic reforms. Fourth, protection efforts should include supervision, self-regulation, and management. Finally, the jurisdiction of legislation should extend across cyberspace and physical reality as a means to achieve a balance between effective protection and the reasonable use of personal information.

Analysis of Compromising Video Disturbances through Power Line

In this article, we present results on research performed in the TEMPEST domain, which studies the electromagnetic disturbances generated unintentionally by electronic equipment as well as the methods to protect the information processed by this equipment against these electromagnetic phenomena. The highest vulnerability of information leakage is attributed to the display video signal from the TEMPEST domain perspective. Examples of far-range propagation on a power line of this type of disturbance will be illustrated for the first time. Thus, the examples will highlight the possibility of recovering processed information at distances of 1, 10 and 50 m. There are published articles studying electromagnetic disturbances generated by electronic equipment propagating on power cables of such equipment but no studies on their long-distance propagation. Our research aims to raise awareness in the scientific community and the general public of the existence of such vulnerabilities that can compromise confidential or sensitive information that can make the difference between success or failure in the business sector, for example, or can harm personal privacy, which is also important for us all. Countermeasures to reduce or even eliminate these threats will also be presented based on the analysis of the signal-to noise-ratio recorded during our research.

Modern technologies of protection and processing of confidential documentary information in organizations and institutions of different forms of ownership

The purpose of the article is to establish the features and types of modern documentary information thathas intellectual value; finding out the principles on which to build a secure document flow; characteristics ofthe main technological stages and procedures for the implementation of confidential documents; identifyingthreats that may arise during this process. The methodology consisted of a set of general scientific, specialscientific and specific methods of studying the problem, the application of which allows to achieve the goal.Scientific intelligence was based on the principles of objectivity and integrity. The use of a set of scientificmethods made it possible to study the specifics of valuable documentary information, to find out the mainchannels of information leakage, to trace the stages of document circulation of such business papers. Scientificnovelty. The latest international practices of working with confidential documents are studied. Featuresand types of documentary information that has intellectual value for the entrepreneur are established. Theprinciples on which it is necessary to build a secure document flow are formulated. The main technologicalstages and procedures of execution of confidential documents are outlined. The main threats that may ariseduring this process have been identified. Conclusions. Confidential information allows any company to operatesuccessfully due to the security of information. The importance of such information determines the risk of itsloss. In order to avoid inconveniences related to the loss or theft of information, the institutions should createappropriate services, whose representatives monitor confidential information, document circulation, createdatabases for computers and files for paper media, destroy drafts of confidential documents, store and destroydocuments that are valuable in the prescribed manner.Keywords: execution of a confidential document, secrecy stamp, information protection, technologicalcomplexity, value of documentary information.

Leakage or Identification

The convenience of laptops brings with it the risk of information leakage, and conventional security systems based on the password or the explicit biometric do little to alleviate this problem. Biometric identification based on anatomical features provides far stronger security; however, a lack of suitable sensors on laptops limits the applicability of this technology. In this paper, we developed a behavior-irrelevant user identification system applicable to laptops with a metal casing. The proposed scheme, referred to as LeakPrint, is based on leakage current, wherein the system uses an earphone to capture current leaking through the body and then transmits the corresponding signal to a server for identification. The user identification is achieved via denoising, dimension reduction, and feature extraction. Compared to other biometric identification methods, the proposed system is less dependent on external hardware and more robust to environmental noise. The experiments in real-world environments demonstrated that LeakPrint can verify user identity with high accuracy (93.6%), while providing effective defense against replay attacks (96.5%) and mimicry attacks (90.9%).