An Immunity Passport Scheme Based on the Dual-Blockchain Architecture for International Travel

The implementation of immunity passport has been hampered by the controversies over vaccines in various countries, the privacy of vaccinators, and the forgery of passports. While some existing schemes have been devoted to accelerating this effort, the problems above are not well solved in existing schemes. In this paper, we present an immunity passport scheme based on the dual-blockchain architecture, which frees people from the cumbersome epidemic prevention process while traveling abroad. Specially, the dual-blockchain architecture is established to fit with the scenarios of immunity passport. Searchable encryption and anonymous authentication are utilized to ensure users’ privacy. In addition, the performance and security evaluations show that our scheme achieves the proposed security goals and surpasses other authentication schemes in communicational and computational overheads.

A static analysis approach for Android permission-based malware detection systems

The evolution of malware is causing mobile devices to crash with increasing frequency. Therefore, adequate security evaluations that detect Android malware are crucial. Two techniques can be used in this regard: Static analysis, which meticulously examines the full codes of applications, and dynamic analysis, which monitors malware behaviour. While both perform security evaluations successfully, there is still room for improvement. The goal of this research is to examine the effectiveness of static analysis to detect Android malware by using permission-based features. This study proposes machine learning with different sets of classifiers was used to evaluate Android malware detection. The feature selection method in this study was applied to determine which features were most capable of distinguishing malware. A total of 5,000 Drebin malware samples and 5,000 Androzoo benign samples were utilised. The performances of the different sets of classifiers were then compared. The results indicated that with a TPR value of 91.6%, the Random Forest algorithm achieved the highest level of accuracy in malware detection.

Breaking Masked Implementations with Many Shares on 32-bit Software Platforms

We explore the concrete side-channel security provided by state-of-theart higher-order masked software implementations of the AES and the (candidate to the NIST Lightweight Cryptography competition) Clyde, in ARM Cortex-M0 and M3 devices. Rather than looking for possibly reduced security orders (as frequently considered in the literature), we directly target these implementations by assuming their maximum security order and aim at reducing their noise level thanks to multivariate, horizontal and analytical attacks. Our investigations point out that the Cortex-M0 device has so limited physical noise that masking is close to ineffective. The Cortex-M3 shows a better trend but still requires a large number of shares to provide strong security guarantees. Practically, we first exhibit a full 128-bit key recovery in less than 10 traces for a 6-share masked AES implementation running on the Cortex-M0 requiring 232 enumeration power. A similar attack performed against the Cortex-M3 with 5 shares require 1,000 measurements with 244 enumeration power. We then show the positive impact of lightweight block ciphers with limited number of AND gates for side-channel security, and compare our attacks against a masked Clyde with the best reported attacks of the CHES 2020 CTF. We complement these experiments with a careful information theoretic analysis, which allows interpreting our results. We also discuss our conclusions under the umbrella of “backwards security evaluations” recently put forwards by Azouaoui et al. We finally extrapolate the evolution of the proposed attack complexities in the presence of additional countermeasures using the local random probing model proposed at CHES 2020.

Evaluation of the works carried out by the Directorate of Disaster and Emergency Management (AFAD) in the Syrian crisis in the context of humanitarian diplomacy activities that Turkey prioritizes in foreign policy

The concept of soft power and cultural diplomacy with assessing humanitarian diplomacy activities has been seen as the primary motivation in Turkey’s international relations studies, especially in the last 20 years. In this study, in the Syrian crisis that has left its 10th year behind, activities carried out both in and outside of Turkey’s boundaries were discussed in the context of humanitarian diplomacy and the subject was evaluated in all aspects. In the study, which consists of two main parts, firstly; the concept of humanitarian diplomacy, which symbolizes one of the last stages of public diplomacy, was mentioned. In the second part of the study, in the context of the management of the migration phenomenon in the Syrian crisis studies conducted with public institutions and non-governmental organizations under the coordination of AFAD Presidency were determined. In the conclusion part of the study, all kinds of crises beyond Turkey’s borders besides ensuring its security, evaluations have been made on the benefits and contributions of the countries in the region, Europe and world peace. Özet Kültürel ve yumuşak güç kavramları ile birlikte değerlendirilen insani diplomasi faaliyetlerinin, Türkiye’nin uluslararası ilişkilerde özellikle son 20 yılda ortaya koyduğu çalışmalarda temel motivasyon kaynağı olduğu görülmektedir. Bu çalışmada, 10. yılını geride bırakan Suriye krizinde, Türkiye’nin hem sınırları içinde hem de sınırları dışında yürüttüğü faaliyetler insani diplomasi bağlamında ele alınmış ve konu tüm yönleriyle değerlendirilmeye çalışılmıştır. İki ana bölümden oluşan çalışmada öncelikle; kamu diplomasisinin geldiği son aşamalardan birini sembolize eden insani diplomasi kavramı ele alınmıştır. Çalışmanın ikinci bölümünde, Suriye krizinde meydana gelen göç olgusunun yönetimi bağlamında AFAD Başkanlığının koordinesinde kamu kurumları ve sivil kuruluşlar ile birlikte yapılan çalışmalara değinilmiştir. Çalışmanın sonuç bölümünde ise Türkiye’nin sınırları ötesinde yaşanan her türlü krizde, sadece kendi güvenliğini sağlamanın ötesinde bölge ülkeleri, Avrupa ve dünya barışına olan fayda ve katkıları konusunda değerlendirmelerde bulunulmuştur.

Constructing Keyed Hash Algorithm Using Enhanced Chaotic Map with Varying Parameter

A keyed hash algorithm is proposed based on 1-D enhanced quadratic map (EQM) with varying parameter. Three measures, including assigning unique one-time keys, key expansion, and hash length extension, are taken to enhance its security. First, the message is transformed into a parameter sequence for the EQM to be absorbed, and then the extended keys are generated as the initial values of the EQM. Finally, the EQM is iterated with redundant loops to transform the variable values into a hash value. The algorithm is so flexible that it can generate hash value with different lengths of 256, 512, 1024, or more bits through a parameter switcher, and redundant loops can eliminate the transient effect of chaos and mitigate the increasing threat of the side-channel attack. Security evaluations and comparison demonstrated its practicability and reliability.

Understanding Screaming Channels: From a Detailed Analysis to Improved Attacks

Recently, some wireless devices have been found vulnerable to a novel class of side-channel attacks, called Screaming Channels. These leaks might appear if the sensitive leaks from the processor are unintentionally broadcast by a radio transmitter placed on the same chip. Previous work focuses on identifying the root causes, and on mounting an attack at a distance considerably larger than the one achievable with conventional electromagnetic side channels, which was demonstrated in the low-noise environment of an anechoic chamber. However, a detailed understanding of the leak, attacks that take full advantage of the novel vector, and security evaluations in more practical scenarios are still missing. In this paper, we conduct a thorough experimental analysis of the peculiar properties of Screaming Channels. For example, we learn about the coexistence of intended and unintended data, the role of distance and other parameters on the strength of the leak, the distortion of the leakmodel, and the portability of the profiles. With such insights, we build better attacks. We profile a device connected via cable with 10000·500 traces. Then, 5 months later, we attack a different instance at 15m in an office environment. We recover the AES-128 key with 5000·1000 traces and key enumeration up to 223. Leveraging spatial diversity, we mount some attacks in the presence of obstacles. As a first example of application to a real system, we show a proof-of-concept attack against the authentication method of Google Eddystone beacons. On the one side, this work lowers the bar for more realistic attacks, highlighting the importance of the novel attack vector. On the other side, it provides a broader security evaluation of the leaks, helping the defender and radio designers to evaluate risk, and the need of countermeasures.