Mobile device authentication has been a highly active research topic for over 10 years, with a vast range of methods proposed and analyzed. In related areas, such as secure channel protocols, remote authentication, or desktop user authentication, strong, systematic, and increasingly formal threat models have been established and are used to qualitatively compare different methods. However, the analysis of mobile device authentication is often based on weak adversary models, suggesting overly optimistic results on their respective security. In this article, we introduce a new classification of adversaries to better analyze and compare mobile device authentication methods. We apply this classification to a systematic literature survey. The survey shows that security is still an afterthought and that most proposed protocols lack a comprehensive security analysis. The proposed classification of adversaries provides a strong and practical adversary model that offers a comparable and transparent classification of security properties in mobile device authentication.
We propose postquantum universal composable (UC) cut-and-choose oblivious transfer (CCOT) protocol under the malicious adversary model. In secure two-party computation, we construct
copies’ garbled circuits, including half check circuit and half evaluation circuit. The sender can transfer the key to the receiver by CCOT protocol. Compared to PVW-OT  framework, we invoke WQ-OT  framework with reusability of common random string (
) and better security. Relying on LWE’s assumption and the property of the Rounding function, we construct an UC-CCOT protocol, which can resist quantum attack in secure two-party computation.
Over the last decade attacks have repetitively demonstrated that bitstream protection for SRAM-based FPGAs is a persistent problem without a satisfying solution in practice. Hence, real-world hardware designs are prone to intellectual property infringement and malicious manipulation as they are not adequately protected against reverse-engineering.In this work, we first review state-of-the-art solutions from industry and academia and demonstrate their ineffectiveness with respect to reverse-engineering and design manipulation. We then describe the design and implementation of novel hardware obfuscation primitives based on the intrinsic structure of FPGAs. Based on our primitives, we design and implement LifeLine, a hardware design protection mechanism for FPGAs using hardware/software co-obfuscated cryptography. We show that LifeLine offers effective protection for a real-world adversary model, requires minimal integration effort for hardware designers, and retrofits to already deployed (and so far vulnerable) systems.
I appreciate the thoughtful reflections of Jim Coben, Ellen Deason, and Elayne Greenberg on the teachings and legacies of my 1991 article, which attempted to capture the beginning of several types of institutionalization and co-optation of some of the key ideas of the “ADR movement.” Sadly, much of what I commented on then has, in my view, only gotten worse as the adversary model is gaining, not losing, ascendancy (...
Distance-bounding protocol is a useful primitive in resisting distance-based attacks. Currently, most of the existing distance-bounding protocols usually do not take the reuse of nonces in designing the protocols into consideration. However, there have been some literature studies showing that nonce repetition may lead to the leakage of the shared key between protocol participants. Aikaterini et al. introduced a countermeasure that could serve as a supplementary in most distance-bounding systems allowing nonce repetition. However, their proposal only holds against passive attackers. In this paper, we introduce an active attack model and show that their countermeasure is insecure under the proposed active attack model. We also discover that all existing distance-bounding protocols with mutual authentication are vulnerable to distance-based attacks if a short nonce is applied under the proposed active model. To address this security concern, we propose a new distance-bounding protocol with mutual authentication to prevent distance-based attacks under the active adversary model. A detailed security analysis is presented for the proposed distance-bounding protocol with mutual authentication.
The broadcast nature of wireless networks makes them susceptible to attacks by eavesdroppers than wired networks. Any untrusted node can eavesdrop on the medium, listen to transmissions and obtain sensitive information within the wireless network. In this paper, we propose a new mechanism which combines the advantages of two techniques namely iJam and OFDM phase encryption. Our modified mechanism makes iJam more bandwidth efficient by using Alamouti scheme to take advantage of the repetition inherent in its implementation. The adversary model is extended to the active adversary case, which has not been done in the original work of iJam and OFDM phase encryption. We propose, through a max min optimization model, a framework that maximizes the secrecy rate by means of a friendly jammer. We formulate a Zero-Sum game that captures the strategic decision making between the transmitter receiver pair and the adversary. We apply the fictitious play (FP) algorithm to reach the Nash equilibria (NE) of the game. Our simulation results show a significant improvement in terms of the ability of the eavesdropper to benefit from the received information over the traditional schemes, i.e. iJam or OFDM phase encryption.
With the rapid development of the Internet, threats from the network security are emerging one after another. Driven by economic interests, attackers use malicious domain names to promote the development of botnets and phishing sites, which leads to serious information leakage of victims and devices, the proliferation of DDoS attacks and the rapid spread of viruses. Based on the above background, the purpose of this paper is to study the network detection of malicious domain name based on the adversary model. Firstly, this paper studies the generation mechanism of DGA domain name based on PCFG model, and studies the characteristics of the domain name generated by such DGA. The research shows that the domain name generated by PCFG model is usually based on the legal domain name, so the character statistical characteristics of the domain name are similar to the legal domain name. Moreover, the same PCFG model can often generate multiple types of domain names, so it is difficult to extract appropriate features manually. The experimental results show that the accuracy, recall and accuracy of the performance parameters of the classifier are over 95%. By using the open domain name data set, comparing the linear calculation edit distance method and the detection effect under different thresholds, it is proved that the proposed method can improve the detection speed of misplanted domain names under the condition of similar accuracy.
In this paper, we address the problem of privacy-preserving distributed learning and the evaluation of machine-learning models by analyzing it in the widespread MapReduce abstraction that we extend with privacy constraints. We design spindle (Scalable Privacy-preservINg Distributed LEarning), the first distributed and privacy-preserving system that covers the complete ML workflow by enabling the execution of a cooperative gradient-descent and the evaluation of the obtained model and by preserving data and model confidentiality in a passive-adversary model with up to N −1 colluding parties. spindle uses multiparty homomorphic encryption to execute parallel high-depth computations on encrypted data without significant overhead. We instantiate spindle for the training and evaluation of generalized linear models on distributed datasets and show that it is able to accurately (on par with non-secure centrally-trained models) and efficiently (due to a multi-level parallelization of the computations) train models that require a high number of iterations on large input data with thousands of features, distributed among hundreds of data providers. For instance, it trains a logistic-regression model on a dataset of one million samples with 32 features distributed among 160 data providers in less than three minutes.