Adaptive authentication and key agreement mechanism for future cellular systems

Since the radio medium can be accessed by anyone, authentication of users is a very important element of a mobile network. Nowadays, in GSM/GPRS a challenge response protocol is used to authenticate the user to the mobile network. Similarly, in third generation mobile systems [3] a challenge response protocol was chosen in such a way as to achieve maximum compatibility with the current GSM security architecture. Both authentication mechanisms use symmetric key cryptography because of the limited processing power of the mobile devices. However, recent research [6] has shown that asymmetric, or public, key cryptography can be enabled successfully in future mobile terminals. In this paper, we propose a new adaptive authentication and key agreement protocol (AAKA) for future mobile communication systems. The novelty of AAKA and its main advantage over other challenge response protocols is that can be adaptive to the mobile environment and use symmetric and/or public key cryptography for user and network authentication

Protecting biometric templates with image watermarking techniques

Biometric templates are subject to modifications for identity fraud especially when they are stored in databases. In this paper, a new approach to protecting biometric templates with image watermarking techniques is proposed. The novelty of this approach is that we have combined lattice and block-wise image watermarking techniques to maintain image quality along with cryptographic techniques to embed fingerprint templates into facial images and vice-versa. Thus, protecting them from being modified

Towards a combined Rotational-Differential Cryptanalytic Framework

In this report, we suggest a new cryptanalytic framework of constructing distinguishers which can be eventually extended to full attacks in the related-key scenario. We name this new paradigm as ”Relational Cryptanalysis”. The main idea is to exhibit the non-randomness of a given encryption algorithm by observing the propagation of specific sets of plaintexts of the form (P,P′) such that these pairs satisfy some rotational and differential properties of the form R1(P) = P′ and P ⊕ P′ ∈ ∆P, for some rotational symmetry R1 and fixed set of differences ∆P . Except of rotational and differential properties, we can add any other relation which seems to hold for a reduced number of rounds of the cryptographic primitive we study. Intuitively, we expect that by adding more relations we increase the observed probability of the propagation and this result to stronger statistical distinguishers

Advanced truncated differential cryptanalysis of GOST block cipher

n this paper, we use the ideas presented by Courtois and Mourouzis to study the security of two variants of GOST, which are considered as the simpler and most secure variants [9]; the one with the S-boxes replaced by the Identity Map and the ISO version which is assumed to be the strongest one. The advanced differential attacks we present are of the form of Depth-First Key search, which uses a 20 round distinguisher in the middle (or equivalently 26-round distinguisher for the simpler version of GOST with Identity Map) [11]. The main idea is that we consider a partition of the 32 rounds by placing in the middle the constructed distinguisher. Then, based on the weak diffusion we can extend these very strong statistical distinguishers to efficiently good filters for some external rounds. Then, by guessing some key bits for external rounds and determining some plaintext and ciphertext pairs of specified input-output differences we can extend the construction to an attack against the full block cipher. Thus, the technique we apply is a generic cryptanalytic framework of First-Search key search type which involves several optimization tasks obtained from the specific structure of the given encryption algorithm

Vulnerabilities of Decentralized Additive Reputation Systems Regarding the Privacy of Individual Votes

In this paper, we focus on attacks and defense mechanisms in additive reputation systems. We start by surveying the most important protocols that aim to provide privacy between individual voters. Then, we categorize attacks against additive reputation systems considering both malicious querying nodes and malicious reporting nodes that collaborate in order to undermine the vote privacy of the remaining users. To the best of our knowledge this is the first work that provides a description of such malicious behavior against such systems. In light of this analysis we demonstrate the inefficiencies of existing protocols

On The Security Evaluation of Partial Password Implementations

A partial password is a mode of password-based authentication that is widely used, especially in the financial sector. It is based on a challenge-response protocol, where at each login attempt, a challenge requesting characters from randomly selected positions of a pre-shared secret is presented to the user. This mode could be seen as a “cheap way” of preventing for example a malware or a keylogger installed on a user’s device to learn the full password in a single step. Despite of the widespread adoption of this mechanism, especially by many UK banks, there is limited material in the open literature. Questions like how the security of the scheme varies with the sampling method employed to form the challenges or what are the existing server-side implementations are left unaddressed. In this paper, we study questions like how the security of this mechanism varies in relation to the number of challenge-response pairs available to an attacker under different ways of generating challenges. In addition, we discuss possible server-side implementations as (unofficially) listed in different online forums by information security experts. To the best of our knowledge there is no formal academic literature in this direction and one of the aims of this paper is to motivate other researchers to study this topic

Behavior policy learning: Learning multi-stage tasks via solution sketches and model-based controllers

Multi-stage tasks are a challenge for reinforcement learning methods, and require either specific task knowledge (e.g., task segmentation) or big amount of interaction times to be learned. In this paper, we propose Behavior Policy Learning (BPL) that effectively combines 1) only few solution sketches, that is demonstrations without the actions, but only the states, 2) model-based controllers, and 3) simulations to effectively solve multi-stage tasks without strong knowledge about the underlying task. Our main intuition is that solution sketches alone can provide strong data for learning a high-level trajectory by imitation, and model-based controllers can be used to follow this trajectory (we call it behavior) effectively. Finally, we utilize robotic simulations to further improve the policy and make it robust in a Sim2Real style. We evaluate our method in simulation with a robotic manipulator that has to perform two tasks with variations: 1) grasp a box and place it in a basket, and 2) re-place a book on a different level within a bookcase. We also validate the Sim2Real capabilities of our method by performing real-world experiments and realistic simulated experiments where the objects are tracked through an RGB-D camera for the first task

A Study on the Evolution of Ransomware Detection Using Machine Learning and Deep Learning Techniques

This survey investigates the contributions of research into the detection of ransomware malware using machine learning and deep learning algorithms. The main motivations for this study are the destructive nature of ransomware, the difficulty of reversing a ransomware infection, and how important it is to detect it before infecting a system. Machine learning is coming to the forefront of combatting ransomware, so we attempted to identify weaknesses in machine learning approaches and how they can be strengthened. The threat posed by ransomware is exceptionally high, with new variants and families continually being found on the internet and dark web. Recovering from ransomware infections is difficult, given the nature of the encryption schemes used by them. The increase in the use of artificial intelligence also coincides with this boom in ransomware. The exploration into machine learning and deep learning approaches when it comes to detecting ransomware poses high interest because machine learning and deep learning can detect zero-day threats. These techniques can generate predictive models that can learn the behaviour of ransomware and use this knowledge to detect variants and families which have not yet been seen. In this survey, we review prominent research studies which all showcase a machine learning or deep learning approach when detecting ransomware malware. These studies were chosen based on the number of citations they had by other research. We carried out experiments to investigate how the discussed research studies are impacted by malware evolution. We also explored the new directions of ransomware and how we expect it to evolve in the coming years, such as expansion into IoT (Internet of Things), with IoT being integrated more into infrastructures and into homes

Anatomical variations of the pelvis during abdominal hysterectomy for benign conditions

Background: Anatomical variations are defined as atypical morphologic and positional presentations of anatomical entities. Pelvic anatomical variations encountered during abdominal hysterectomy can be of clinical interest, given that misidentification of certain structures can lead to iatrogenic injuries and postoperative sequelae. The aim of the present study was to detect and highlight the anatomical structures of interest and their variations to the surgeon performing abdominal hysterectomy for benign conditions. Materials and methods: A narrative review of the literature was performed including reports of anatomical variations encountered in cadavers, by surgeons during abdominal hysterectomy and radiologists on computed tomography angiography, searching within a 10-year span on Pubmed database. Studies regarding the treatment of malignant conditions requiring lymphadenectomy and different modes of surgical approach were reviewed with regards to the aspects relevant to benign conditions. The search was extended to the reference lists of all retrieved articles. Results: Ureters and the uterine arteries, due to anatomical variations, are the anatomical structures most vulnerable during abdominal hysterectomy. Specifically, the ureters can present multiplications, retroiliac positionings and ureteric diverticula, whereas, the uterine arteries can present notable variability in their origins. Such variations can be detected preoperatively or intraoperatively. Conclusions: Although rare, the presence of anatomical variations of the uterine arteries and ureters can increase the posibility of complications should they escape detection. Intraoperative misidentification could lead to improper dissection or ligation of the affected structures. Knowledge of these variations, coupled with extensive preoperative investigation and intraoperative vigilance can minimize the risk of complications