109 research outputs found
Cast-as-Intended Mechanism with Return Codes Based on PETs
We propose a method providing cast-as-intended verifiability for remote
electronic voting. The method is based on plaintext equivalence tests (PETs),
used to match the cast ballots against the pre-generated encrypted code tables.
Our solution provides an attractive balance of security and functional
properties. It is based on well-known cryptographic building blocks and relies
on standard cryptographic assumptions, which allows for relatively simple
security analysis. Our scheme is designed with a built-in fine-grained
distributed trust mechanism based on threshold decryption. It, finally, imposes
only very little additional computational burden on the voting platform, which
is especially important when voters use devices of restricted computational
power such as mobile phones. At the same time, the computational cost on the
server side is very reasonable and scales well with the increasing ballot size
Risks and opportunities in arbitrage and market-making in blockchain-based currency markets. Part 1 : Risks
This study provides a practical introduction to high-frequency trading in
blockchain-based currency markets. These types of markets have some specific
characteristics that differentiate them from the stock markets, such as a large
number of trading exchanges (centralized and decentralized), relative
simplicity in moving funds from one exchange to another, and the large number
of new currencies that have very little liquidity. This study analyzes the
possible risks that specifically characterize this type of trading operation,
the potential opportunities, and the algorithms that are mostly used, providing
information that can be useful for practitioners who intend to operate in these
markets by providing (and risking) liquidity
R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections
The influence of Deep Learning on image identification and natural language
processing has attracted enormous attention globally. The convolution neural
network that can learn without prior extraction of features fits well in
response to the rapid iteration of Android malware. The traditional solution
for detecting Android malware requires continuous learning through
pre-extracted features to maintain high performance of identifying the malware.
In order to reduce the manpower of feature engineering prior to the condition
of not to extract pre-selected features, we have developed a coloR-inspired
convolutional neuRal networks (CNN)-based AndroiD malware Detection (R2-D2)
system. The system can convert the bytecode of classes.dex from Android archive
file to rgb color code and store it as a color image with fixed size. The color
image is input to the convolutional neural network for automatic feature
extraction and training. The data was collected from Jan. 2017 to Aug 2017.
During the period of time, we have collected approximately 2 million of benign
and malicious Android apps for our experiments with the help from our research
partner Leopard Mobile Inc. Our experiment results demonstrate that the
proposed system has accurate security analysis on contracts. Furthermore, we
keep our research results and experiment materials on http://R2D2.TWMAN.ORG.Comment: Verison 2018/11/15, IEEE BigData 2018, Seattle, WA, USA, Dec 10-13,
2018. (Accepted
Active Android malware analysis: an approach based on stochastic games
Active Malware Analysis focuses on learning the behaviors and the intentions of a malicious piece of software by interacting with it in a safe environment. The process can be formalized as a stochastic game involving two agents, a malware sample and an analyzer, that interact with opposite objectives: the malware sample tries to hide its behavior, while the analyzer aims at gaining as much information on the malware sample as possible. Our goal is to design a software agent that interacts with malware and extracts information on the behavior, learning a policy. We can then analyze different malware policies by using standard clustering approaches. In more detail, we propose a novel method to build malware models that can be used as an input to the stochastic game formulation. We empirically evaluate our method on real malware for the Android systems, showing that our approach can group malware belonging to the same families and identify the presence of possible sub-groups within such families
Cloud Storage File Recoverability
Data loss is perceived as one of the major threats for cloud storage. Consequently, the security community developed several challenge-response protocols that allow a user to remotely verify whether an outsourced file is still intact. However, two important practical problems have not yet been considered. First, clients commonly outsource multiple files of different sizes, raising the question how to formalize such a scheme and in particular ensuring that all files can be simultaneously audited. Second, in case auditing of the files fails, existing schemes do not provide a client with any method to prove if the original files are still recoverable.
We address both problems and describe appropriate solutions. The first problem is tackled by providing a new type of Proofs of Retrievability scheme, enabling a client to check all files simultaneously in a compact way. The second problem is solved by defining a novel procedure called Proofs of Recoverability , enabling a client to obtain an assurance whether a file is recoverable or irreparably damaged. Finally, we present a combination of both schemes allowing the client to check the recoverability of all her original files, thus ensuring cloud storage file recoverability
- …