3,151 research outputs found
Trustworthy content push
Delivery of content to mobile devices gains increasing importance in
industrial environments to support employees in the field. An important
application are e-mail push services like the fashionable Blackberry. These
systems are facing security challenges regarding data transport to, and storage
of the data on the end user equipment. The emerging Trusted Computing
technology offers new answers to these open questions.Comment: 4 pages, 4 eps figure
MLCapsule: Guarded Offline Deployment of Machine Learning as a Service
With the widespread use of machine learning (ML) techniques, ML as a service
has become increasingly popular. In this setting, an ML model resides on a
server and users can query it with their data via an API. However, if the
user's input is sensitive, sending it to the server is undesirable and
sometimes even legally not possible. Equally, the service provider does not
want to share the model by sending it to the client for protecting its
intellectual property and pay-per-query business model.
In this paper, we propose MLCapsule, a guarded offline deployment of machine
learning as a service. MLCapsule executes the model locally on the user's side
and therefore the data never leaves the client. Meanwhile, MLCapsule offers the
service provider the same level of control and security of its model as the
commonly used server-side execution. In addition, MLCapsule is applicable to
offline applications that require local execution. Beyond protecting against
direct model access, we couple the secure offline deployment with defenses
against advanced attacks on machine learning models such as model stealing,
reverse engineering, and membership inference
Trusted Computing in Mobile Action
Due to the convergence of various mobile access technologies like UMTS, WLAN,
and WiMax the need for a new supporting infrastructure arises. This
infrastructure should be able to support more efficient ways to authenticate
users and devices, potentially enabling novel services based on the security
provided by the infrastructure. In this paper we exhibit some usage scenarios
from the mobile domain integrating trusted computing, which show that trusted
computing offers new paradigms for implementing trust and by this enables new
technical applications and business scenarios. The scenarios show how the
traditional boundaries between technical and authentication domains become
permeable while a high security level is maintained.Comment: In: Peer-reviewed Proceedings of the Information Security South
Africa (ISSA) 2006 From Insight to Foresight Conference, 5 to 7 July 2006,
Sandton, South Afric
Not-a-Bot (NAB): Improving Service Availability in the Face of Botnet Attacks
A large fraction of email spam, distributed denial-of-service (DDoS) attacks, and click-fraud on web advertisements are caused by traffic sent from compromised machines that form botnets. This paper posits that by identifying human-generated traffic as such, one can service it with improved reliability or higher priority, mitigating the effects of botnet attacks.
The key challenge is to identify human-generated traffic in the absence of strong unique identities. We develop NAB (``Not-A-Bot''), a system to approximately identify and certify human-generated activity. NAB uses a small trusted software component called an attester, which runs on the client machine with an untrusted OS and applications. The attester tags each request with an attestation if the request is made within a small amount of time of legitimate keyboard or mouse activity. The remote entity serving the request sends the request and attestation to a verifier, which checks the attestation and implements an application-specific policy for attested requests.
Our implementation of the attester is within the Xen hypervisor. By analyzing traces of keyboard and mouse activity from 328 users at Intel, together with adversarial traces of spam, DDoS, and click-fraud activity, we estimate that NAB reduces the amount of spam that currently passes through a tuned spam filter by more than 92%, while not flagging any legitimate email as spam. NAB delivers similar benefits to legitimate requests under DDoS and click-fraud attacks
Identity credential issuance with trusted computing
In a client-server environment that deals with multiple clients,there is a need to provide a mechanism on the server to manage the issuance of the client credentials for security authorization. Credentials created using a particular own
platform identities and functions as an authentication credentials to authenticate the platform itself in a network communication.However, these credentials can easily be shared, copied and stolen.This will led to an anonymous service sharing and worst to come when the stolen credentials is using for phishing attacks to the original user.One solution
to the problem is to use tamper-resistant hardware to which a credential is bound such that a credential can only be generated and used in connection with the hardware.For that, manufacturers have started to embed into computers a tamper resistant piece of hardware, called trusted platform modules(TPM), as specified by the Trusted Computing Group.This mechanism insures that credentials can only be issued with the TPM existence in the platform thus guarantees the platform origins.This paper describes the component involved in the credential issuance method by the server trusted computing domain.To implement our approach, a client server application is used as an interface through the secure communication channel in credential request.The server acts as a Trusted Third Party to verify authorized users in this environment
- …