Effective Feature Extraction Method for SVM-Based Profiled Attacks

Nowadays, one of the most powerful side channel attacks (SCA) is profiled attack. Machine learning algorithms, for example support vector machine, are currently used for improving the effectiveness of the attack. One issue when using SVM-based profiled attack is extracting points of interest, or features from power traces. So far, studies in SCA domain have selected the points of interest (POIs) from the raw power trace for the classifiers. Our work proposes a novel method for finding POIs that based on the combining variational mode decomposition (VMD) and Gram-Schmidt orthogonalization (GSO). That is, VMD is used to decompose the power traces into sub-signals (modes) of different frequencies and POIs selection process based on GSO is conducted on these sub-signals. As a result, the selected POIs are used for SVM classifier to conduct profiled attack. This attack method outperforms other profiled attacks in the same attack scenario. Experiments were performed on a trace data set collected from the Atmega8515 smart card run on the side channel evaluation board Sakura-G/W and the data set of DPA contest v4 to verify the effectiveness of our method in reducing number of power traces for the attacks, especially with noisy power traces

Security weakness in the Proof of Storage with Deduplication

Achieving both security and efficiency is the challenging issue for a data outsourcing service in the cloud computing. Proof of Storage with Deduplication (POSD) is the first solution that addresses the issue for the cloud storage. However, the validity of the POSD scheme stands on the strong assumption that all clients are honest in terms of generating their keys. We present insecurity of the scheme under new attack model that malicious clients exploit dishonestly manipulated keys. We also propose an improvement of the POSD scheme to mitigate our attack

Efficient and privacy-preserving biometric identification in cloud

With the rapid growth in the development of smart devices equipped with biometric sensors, client identification system using biometric traits are widely adopted across various applications. Among many biometric traits, fingerprint-based identification systems have been extensively studied and deployed. However, to adopt biometric identification systems in practical applications, two main obstacles in terms of efficiency and client privacy must be resolved simultaneously. That is, identification should be performed at an acceptable time, and only a client should have access to his/her biometric traits, which are not revocable if leaked. Until now, multiple studies have demonstrated successful protection of client biometric data; however, such systems lack efficiency that leads to excessive time utilization for identification. The most recently researched scheme shows efficiency improvements but reveals client biometric traits to other entities such as biometric database server. This violates client privacy. In this paper, we propose an efficient and privacy-preserving fingerprint identification scheme by using cloud systems. The proposed scheme extensively exploits the computation power of a cloud so that most of the laborious computations are performed by the cloud service provider. According to our experimental results on an Amazon EC2 cloud, the proposed scheme is faster than the existing schemes and guarantees client privacy by exploiting symmetric homomorphic encryption. Our security analysis shows that during identification, the client fingerprint data is not disclosed to the cloud service provider or fingerprint database server

Privacy-Preserving Aggregation and Authentication of Multi-Source Smart Meters in a Smart Grid System

The smart grid is a promising electrical grid paradigm for enhancing flexibility and reliability in power transmission through two-way communications among grid entities. In the smart grid system, the privacy of usage information measured by individual smart meters has gained significant attention, owing to the possibility of personal information inference. Moreover, efficient and reliable power provisioning can be seriously impeded through illicit manipulations of aggregated data under the influence of malicious adversaries. Due to such potential risks, it becomes an important requirement for the smart grid to preserve privacy of metering data by secure aggregation and to authenticate the aggregated result in an efficient manner within large scale environments. From this perspective, this paper investigates the current status of security and privacy in smart grid systems and representative state-of-the-art studies in secure aggregation and authentication of metering data for future directions of a smart grid

Efficient Attribute-Based Secure Data Sharing with Hidden Policies and Traceability in Mobile Health Networks

Mobile health (also written as mHealth) provisions the practice of public health supported by mobile devices. mHealth systems let patients and healthcare providers collect and share sensitive information, such as electronic and personal health records (EHRs) at any time, allowing more rapid convergence to optimal treatment. Key to achieving this is securely sharing data by providing enhanced access control and reliability. Typically, such sharing follows policies that depend on patient and physician preferences defined by a set of attributes. In mHealth systems, not only the data but also the policies for sharing it may be sensitive since they directly contain sensitive information which can reveal the underlying data protected by the policy. Also, since the policies usually incur linearly increasing communication costs, mHealth is inapplicable to resource-constrained environments. Lastly, access privileges may be publicly known to users, so a malicious user could illegally share his access privileges without the risk of being traced. In this paper, we propose an efficient attribute-based secure data sharing scheme in mHealth. The proposed scheme guarantees a hidden policy, constant-sized ciphertexts, and traces, with security analyses. The computation cost to the user is reduced by delegating approximately 50% of the decryption operations to the more powerful storage systems

Toward Practical Deep Blind Watermarking for Traitor Tracing

Traitor tracing via blind watermarking is a promising solution to protect copyright. Recently, it was demonstrated that deep learning-based blind watermarking methods could outperform traditional watermarking methods in terms of robustness against distortions. However, we found they could sacrifice the imperceptibility as a trade-off. To handle this challenge, we propose a novel method consisting of a deep blind model and watermarking strategy. For the purpose, we first investigate the fundamental components of the basic deep blind watermarking model, and empirically show how the performance changes when each component is modified with respect to the robustness. Based on it, we construct a deep blind watermarking encoder, CFC+CONCAT, which can encode watermarks in a robust way against distortions without imperceptibility degradation. We then propose a watermarking strategy to make deep blind watermarking robust by increasing watermarking capacity (by splitting a large image into small patches), and using the effect of distortion types on the robustness we found. According to the experiments, our method achieved 5.46 higher PSNR on average than the baseline methods with comparable robustness under various distortions when watermarking in the $3\times 256\times 256$ image. Also, the training time and VRAM usage are reduced by less than 1/4, demonstrating our method can mitigate the trade-off between robustness and imperceptibility, and achieve lightweight training

On the Security of Practical Mail User Agents against Cache Side-Channel Attacks

Mail user agent (MUA) programs provide an integrated interface for email services. Many MUAs support email encryption functionality to ensure the confidentiality of emails. In practice, they encrypt the content of an email using email encryption standards such as OpenPGP or S/MIME, mostly implemented using GnuPG. Despite their widespread deployment, there has been insufficient research on their software structure and the security dependencies among the software components of MUA programs. In order to understand the security implications of the structures and analyze any possible vulnerabilities of MUA programs, we investigated a number of MUAs that support email encryption. As a result, we found severe vulnerabilities in a number of MUAs that allow cache side-channel attacks in virtualized desktop environments. Our analysis reveals that the root cause originates from the lack of verification and control over the third-party cryptographic libraries that they adopt. In order to demonstrate this, we implemented a cache side-channel attack on RSA in GnuPG and then conducted an evaluation of the vulnerability of 13 MUAs that support email encryption in Ubuntu 14.04, 16.04 and 18.04. Based on our experiment, we found that 10 of these MUA programs (representing approximately 77% of existing MUA programs) allow the installation of a vulnerable version of GnuPG, even when the latest version of GnuPG, which is secure against most cache side-channel attacks, is in use. In order to substantiate the importance of the vulnerability we discovered, we conducted a FLUSH+RELOAD attack on these MUA programs and demonstrated that the attack restored 92% of the bits of the 2048-bit RSA private key when the recipients read a single encrypted email