Biblio

While in business and private settings the disruptive impact of advanced information communication technology (ICT) have already been felt, the legal sector is now starting to face great disruptions due to such ICTs. Bits and pieces of innovations in the legal sector have been emerging for some time, affecting the performance of core functions and the legitimacy of public institutions. In this paper, we present our framework for enabling the smart government vision, particularly for the case of criminal justice systems, by unifying different isolated ICT-based solutions. Our framework, coined as Legal Logistics, supports the well-functioning of a legal system in order to streamline the innovations in these legal systems. The framework targets the exploitation of all relevant data generated by the ICT-based solutions. As will be illustrated for the Dutch criminal justice system, the framework may be used to integrate different ICT-based innovations and to gain insights about the well-functioning of the system. Furthermore, Legal Logistics can be regarded as a roadmap towards a smart and open justice.

In this workshop, participants coming from a variety of disciplinary backgrounds and countries–-China, South Korea, EU, and US–-will present their country's cyber security initiatives and challenges. Following the presentations, participants will discuss current trends, lessons learned in implementing the initiatives, and international collaboration. The workshop will culminate in the setting an agenda for future collaborative studies in cyber security.

While the rapid progress in smart city technologies are changing cities and the lifestyle of the people, there are increasingly enormous challenges in terms of the safety and security of smart cities. The potential vulnerabilities of e-government products and imminent attacks on smart city infrastructure and services will have catastrophic consequences on the governments and can cause substantial economic and noneconomic losses, even chaos, to the cities and their residents. This paper aims to explore alternative economic solutions ranging from incentive mechanisms to market-based solutions to motivate smart city product vendors, governments, and vulnerability researchers and finders to improve the cybersecurity of smart cities.

In this paper, we apply verifiable computing techniques to a biometric matching. The purpose of verifiable computation is to give the result of a computation along with a proof that the calculations were correctly performed. We adapt a protocol called sumcheck protocol and present a system that performs verifiable biometric matching in the case of a fast border control. This is a work in progress and we focus on verifying an inner product. We then give some experimental results of its implementation. Verifiable computation here helps to enforce the authentication phase bringing in the process a proof that the biometric verification has been correctly performed.

Conventional security methods like password and ID card methods are now rapidly replacing by biometrics for identification of a person. Biometrics uses physiological or behavioral characteristics of a person. Usage of biometric raises critical privacy and security concerns that, due to the noisy nature of biometrics, cannot be addressed using standard cryptographic methods. The loss of an enrollment biometric to an attacker is a security hazard because it may allow the attacker to get an unauthorized access to the system. Biometric template can be stolen and intruder can get access of biometric system using fake input. Hence, it becomes essential to design biometric system with secure template or if the biometric template in an application is compromised, the biometric signal itself is not lost forever and a new biometric template can be issued. One way is to combine the biometrics and cryptography or use transformed data instead of original biometric template. But traditional cryptography methods are not useful in biometrics because of intra-class variation. Biometric cryptosystem can apply fuzzy vault, fuzzy commitment, helper data and secure sketch, whereas, cancelable biometrics uses distorting transforms, Bio-Hashing, and Bio-Encoding techniques. In this paper, biometric cryptosystem is presented with fuzzy vault and fuzzy commitment techniques for fingerprint recognition system.

Biometric authentication schemes are frequently used to establish the identity of a user. Often, a trusted hardware device is used to decide if a provided biometric feature is sufficiently close to the features stored by the legitimate user during enrollment. In this paper, we address the question whether the stored features can be extracted with side-channel attacks. We consider several models for types of leakage that are relevant specifically for fingerprint verification, and show results for attacks against the Bozorth3 and a custom matching algorithm. This work shows an interesting path for future research on the susceptibility of biometric algorithms towards side-channel attacks.

Internet of Things (IoT) have been connecting the physical world seamlessly and provides tremendous opportunities to a wide range of applications. However, potential risks exist when IoT system collects local sensor data and uploads to the Cloud. The private data leakage can be severe with curious database administrator or malicious hackers who compromise the Cloud. In this demo, we solve this problem of guaranteeing the user data privacy and security using compressive sensing based cryptographic method. We present CScrypt, a compressive-sensing-based encryption engine for the Cloud-enabled IoT systems to secure the interaction between the IoT devices and the Cloud. Our system exploits the fact that each individual's biometric data can be trained to a unique dictionary which can be used as an encryption key meanwhile to compress the original data. We will demonstrate a functioning prototype of our system using live data stream when attending the conference.

Biometric is uses to identify authorized person based on specific physiological or behavioral features. Template protection is a crucial requirement when designing an authentication system, where the template could be modified by attacker. Hill Cipher is a block cipher and symmetric key algorithm it has several advantages such as simplicity, high speed and high throughput can be used to protect Biometric Template. Unfortunately, Hill Cipher has some disadvantages such as takes smaller sizes of blocks, very simple and vulnerable for exhaustive key search attack and known plain text attack, also the key matrix which entered should be invertible. This paper proposed an enhancement to overcome these drawbacks of Hill Cipher by using a large and random key with large data block, beside overcome the Invertible-key Matrix problem. The efficiency of encryption has been checked out by Normalized Correlation Coefficient (NCC) and running time.

Mobile devices store a diverse set of private user data and have gradually become a hub to control users' other personal Internet-of-Things devices. Access control on mobile devices is therefore highly important. The widely accepted solution is to protect access by asking for a password. However, password authentication is tedious, e.g., a user needs to input a password every time she wants to use the device. Moreover, existing biometrics such as face, fingerprint, and touch behaviors are vulnerable to forgery attacks. We propose a new touch-based biometric authentication system that is passive and secure against forgery attacks. In our touch-based authentication, a user's touch behaviors are a function of some random "secret". The user can subconsciously know the secret while touching the device's screen. However, an attacker cannot know the secret at the time of attack, which makes it challenging to perform forgery attacks even if the attacker has already obtained the user's touch behaviors. We evaluate our touch-based authentication system by collecting data from 25 subjects. Results are promising: the random secrets do not influence user experience and, for targeted forgery attacks, our system achieves 0.18 smaller Equal Error Rates (EERs) than previous touch-based authentication.

India being digitized through digital India, the most basic unique identity for each individual is biometrics. Since India is the second most populous nation, the database that has to be maintained is surplus. Shielding those information by using the present techniques has been questioned. This contravene problem can be overcome by using cryptographic algorithms in accumulation to biometrics. Hence proposed system is developed by combining multimodal biometric (Fingerprint, Retina, Finger vein) with cryptographic algorithm with Genuine Acceptance Rate of 94%, False Acceptance Rate of 1.46%, and False Rejection Rate of 1.07%.

Now a days, ATM is used for money transaction for the convenience of the user by providing round the clock 24*7 services in financial transaction. Bank provides the Debit or Credit card to its user along with particular PIN number (which is only known by the Bank and User). Sometimes, user's card may be stolen by someone and this person can access all confidential information as Credit card number, Card holder name, Expiry date and CVV number through which he/she can complete fake transaction. In this paper, we introduced the biometric encryption of "EYE RETINA" to enhance the security over the wireless and unreliable network as internet. In this method user can authorizeasthird person his/her behalf to make the transaction using Debit or Credit card. In proposed method, third person can also perform financial transaction by providing his/her eye retina for the authorization & identification purpose.

Cloud computing is rapidly reshaping the server administration landscape. The widespread use of virtualization and the increasingly high server consolidation ratios, in particular, have introduced unprecedented security challenges for users, increasing the exposure to intrusions and opening up new opportunities for attacks. Deploying security mechanisms in the hypervisor to detect and stop intrusion attempts is a promising strategy to address this problem. Existing hypervisor-based solutions, however, are typically limited to very specific classes of attacks and introduce exceedingly high performance overhead for production use. In this paper, we present Slick (Storage-Level Intrusion ChecKer), an intrusion detection system (IDS) for virtualized storage devices. Slick detects intrusion attempts by efficiently and transparently monitoring write accesses to critical regions on storage devices. The low-overhead monitoring component operates entirely inside the hypervisor, with no introspection or modifications required in the guest VMs. Using Slick, users can deploy generic IDS rules to detect a broad range of real-world intrusions in a flexible and practical way. Experimental results confirm that Slick is effective at enhancing the security of virtualized servers, while imposing less than 5% overhead in production.

Embedded virtualization has emerged as a valuable way to reduce costs, improve software quality, and decrease design time. Additionally, virtualization can enforce the overall system's security from several perspectives. One is security due to separation, where the hypervisor ensures that one domain does not compromise the execution of other domains. At the same time, the advances in the development of IoT applications opened discussions about the security flaws that were introduced by IoT devices. In a few years, billions of these devices will be connected to the cloud exchanging information. This is an opportunity for hackers to exploit their vulnerabilities, endangering applications connected to such devices. At this point, it is inevitable to consider virtualization as a possible approach for IoT security. In this paper we discuss how embedded virtualization could take place on IoT devices as a sound solution for security.

Cloud service providers typically adopt the multi-tenancy model to optimize resources usage and achieve the promised cost-effectiveness. Sharing resources between different tenants and the underlying complex technology increase the necessity of transparency and accountability. In this regard, auditing security compliance of the provider's infrastructure against standards, regulations and customers' policies takes on an increasing importance in the cloud to boost the trust between the stakeholders. However, virtualization and scalability make compliance verification challenging. In this work, we propose an automated framework that allows auditing the cloud infrastructure from the structural point of view while focusing on virtualization-related security properties and consistency between multiple control layers. Furthermore, to show the feasibility of our approach, we integrate our auditing system into OpenStack, one of the most used cloud infrastructure management systems. To show the scalability and validity of our framework, we present our experimental results on assessing several properties related to auditing inter-layer consistency, virtual machines co-residence, and virtual resources isolation.

This paper presents SplitBox, an efficient system for privacy-preserving processing of network functions that are outsourced as software processes to the cloud. Specifically, cloud providers processing the network functions do not learn the network policies instructing how the functions are to be processed. First, we propose an abstract model of a generic network function based on match-action pairs. We assume that this function is processed in a distributed manner by multiple honest-but-curious cloud service providers. Then, we introduce our SplitBox system for private network function virtualization and present a proof-of-concept implementation on FastClick, an extension of the Click modular router, using a firewall as a use case. Our experimental results achieve a throughput of over 2 Gbps with 1 kB-sized packets on average, traversing up to 60 firewall rules.

Network monitoring is vital to the administration and operation of networks, but it requires privileged access that only highly trusted parties are granted. This severely limits the opportunity for external parties, such as service or equipment providers, auditors, or even clients, to measure the health or operation of a network in which they are stakeholders, but do not have access to its internal structure. In this position paper we propose the use of middleboxes to open up network monitoring to external parties using privacy-preserving technology. This will allow distrusted parties to make more inferences about the network state than currently possible, without learning any precise information about the network or the data that crosses it. Thus the state of the network will be more transparent to external stakeholders, who will be empowered to verify claims made by network operators. Network operators will be able to provide more information about their network without compromising security or privacy.

Screen lock is vulnerable against shoulder surfing since password, personal identification numbers (PIN) and pattern can be seen when smart phones are used in public space although important information is stored in them and they are often used in public space. In this paper, we propose a new method in which passwords are combined with biometrics authentication which cannot be seen by shoulder surfing and difficult to be guessed by brute-force attacks. In our method, the motion of a finger is measured by sensors when a user controls a mobile terminal, and the motion which includes characteristics of the user is registered. In our method, registered characteristics are classified by learning with self-organizing maps. Users are identified by referring the self-organizing maps when they input passwords on mobile terminals.

Fixing a non-deadlock concurrency bug is a difficult job that sometimes introduces additional bugs and requires a long time. To overcome this difficulty and efficiently perform fixing jobs, engineers should have broad knowledge of various fix patterns, and the ability to select the most proper one among those patterns based on quantitative data gathered from real-world bug databases. In this paper, we provide a real-world characteristic study on the fixes of non-deadlock concurrency bugs to help engineers responsible for program maintenance. In particular, we examine various fix patterns and the factors that influence the selection of those patterns with respect to the preexistence of locks and failure types. Our results will provide useful information for engineers who write bug patches, and researchers who study efficient testing and fixing techniques.

Formal specification is a vital ingredient to scalable verification of software systems. In the case of efficient implementations of concurrent objects like atomic registers, queues, and locks, symbolic formal representations of their abstract data types (ADTs) enable efficient modular reasoning, decoupling clients from implementations. Writing adequate formal specifications, however, is a complex task requiring rare expertise. In practice, programmers write reference implementations as informal specifications. In this work we demonstrate that effective symbolic ADT representations can be automatically generated from the executions of reference implementations. Our approach exploits two key features of naturally-occurring ADTs: violations can be decomposed into a small set of representative patterns, and these patterns manifest in executions with few operations. By identifying certain algebraic properties of naturally-occurring ADTs, and exhaustively sampling executions up to a small number of operations, we generate concise symbolic ADT representations which are complete in practice, enabling the application of efficient symbolic verification algorithms without the burden of manual specification. Furthermore, the concise ADT violation patterns we generate are human-readable, and can serve as useful, formal documentation.

NoSQL solutions become emerging for large scaled, high performance, schema-flexible applications. WiredTiger is cost effective, non-locking, no-overwrite storage used as default storage engine in MongoDB. Understanding I/O characteristics of storage engine is important not only for choosing suitable solution with an application but also opening opportunities for researchers optimizing current working system, especially building more flash-awareness NoSQL DBMS. This paper explores background of MongoDB internals then analyze I/O characteristics of WiredTiger storage engine in detail. We also exploit space management mechanism in WiredTiger by using TRIM command.

We introduce OPTIK, a new practical design pattern for designing and implementing fast and scalable concurrent data structures. OPTIK relies on the commonly-used technique of version numbers for detecting conflicting concurrent operations. We show how to implement the OPTIK pattern using the novel concept of OPTIK locks. These locks enable the use of version numbers for implementing very efficient optimistic concurrent data structures. Existing state-of-the-art lock-based data structures acquire the lock and then check for conflicts. In contrast, with OPTIK locks, we merge the lock acquisition with the detection of conflicting concurrency in a single atomic step, similarly to lock-free algorithms. We illustrate the power of our OPTIK pattern and its implementation by introducing four new algorithms and by optimizing four state-of-the-art algorithms for linked lists, skip lists, hash tables, and queues. Our results show that concurrent data structures built using OPTIK are more scalable than the state of the art.

The rapid progress of multi-/many-core architectures has caused data-intensive parallel applications not yet be fully suited for getting the maximum performance. The advent of parallel programming frameworks offering structured patterns has alleviated developers' burden adapting such applications to parallel platforms. For example, the use of synchronization mechanisms in multithreaded applications is essential on shared-cache multi-core architectures. However, ensuring an appropriate use of their interfaces can be challenging, since different memory models plus instruction reordering at compiler/processor levels may influence the occurrence of data races. The benefits of race detectors are formidable in this sense, nevertheless if lock-free data structures with no high-level atomics are used, they may emit false positives. In this paper, we extend the ThreadSanitizer race detection tool in order to support semantics of the general Single-Producer/Single-Consumer (SPSC) lock-free parallel queue and to detect benign data races where it was correctly used. To perform our analysis, we leverage the FastFlow SPSC bounded lock-free queue implementation to test our extensions over a set of μ-benchmarks and real applications on a dual-socket Intel Xeon CPU E5-2695 platform. We demonstrate that this approach can reduce, on average, 30% the number of data race warning messages.

To prevent unauthorized parties from accessing data stored on their smartphones, users have the option of enabling a "lock screen" that requires a secret code (e.g., PIN, drawing a pattern, or biometric) to gain access to their devices. We present a detailed analysis of the smartphone locking mechanisms currently available to billions of smartphone users worldwide. Through a month-long field study, we logged events from a panel of users with instrumented smartphones (N=134). We are able to show how existing lock screen mechanisms provide users with distinct tradeoffs between usability (unlocking speed vs. unlocking frequency) and security. We find that PIN users take longer to enter their codes, but commit fewer errors than pattern users, who unlock more frequently and are very prone to errors. Overall, PIN and pattern users spent the same amount of time unlocking their devices on average. Additionally, unlock performance seemed unaffected for users enabling the stealth mode for patterns. Based on our results, we identify areas where device locking mechanisms can be improved to result in fewer human errors – increasing usability – while also maintaining security.

This paper presents a new type of online password guessing attack called "WiPING" (Wi-Fi signal-based PIN Guessing attack) to guess a victim's PIN (Personal Identification Number) within a small number of unlock attempts. WiPING uses wireless signal patterns identified from observing sequential finger movements involved in typing a PIN to unlock a mobile device. A list of possible PIN candidates is generated from the wireless signal patterns, and is used to improve performance of PIN guessing attacks. We implemented a proof-of-concept attack to demonstrate the feasibility of WiPING. Our results showed that WiPING could be practically effective: while pure guessing attacks failed to guess all 20 PINs, WiPING successfully guessed two PINs.

Multi-core is widely used for mobile devices due to high performance and good energy efficiency. For maintaining cores' cache coherency, mobile multi-core integrated new hardware ARM CCI. In this study, we focus on the security aspect of mobile multi-core. We monitor cache coherency operations that occur among PSL related processes' inter-core communication. After simple analysis, we can sneak android PSL information. Some preliminary results show that we could efficiently identify PSL pattern. This is a significant security violation in terms of confidentiality. In addition, mobile multi-cores are already prevalent, the attack is practical, and it can be easily spread.