Securing Interactive Sessions Using Mobile Device through Visual Channel and Visual Inspection

Communication channel established from a display to a device's camera is known as visual channel, and it is helpful in securing key exchange protocol. In this paper, we study how visual channel can be exploited by a network terminal and mobile device to jointly verify information in an interactive session, and how such information can be jointly presented in a user-friendly manner, taking into account that the mobile device can only capture and display a small region, and the user may only want to authenticate selective regions-of-interests. Motivated by applications in Kiosk computing and multi-factor authentication, we consider three security models: (1) the mobile device is trusted, (2) at most one of the terminal or the mobile device is dishonest, and (3) both the terminal and device are dishonest but they do not collude or communicate. We give two protocols and investigate them under the abovementioned models. We point out a form of replay attack that renders some other straightforward implementations cumbersome to use. To enhance user-friendliness, we propose a solution using visual cues embedded into the 2D barcodes and incorporate the framework of "augmented reality" for easy verifications through visual inspection. We give a proof-of-concept implementation to show that our scheme is feasible in practice.Comment: 16 pages, 10 figure

Identifiying High Risk Areas of Zika Virus Infection by Meteorological Factors in Columbia

Background Several Zika virus (ZIKV) outbreaks have occurred since October 2015. Because there is no effective treatment for ZIKV infection, developing an effective surveillance and warning system is currently a high priority to prevent ZIKV infection. Despite Aedes mosquitos having been known to spread ZIKV, the calculation approach is diverse, and only applied to local areas. This study used meteorological measurements to monitor ZIKV infection due to the high correlation between climate change and Aedes mosquitos and the convenience to obtain meteorological data from weather monitoring stations. Methods This study applied the Bayesian structured additive regression modeling approach to include spatial interactive terms with meteorological factors and a geospatial function in a zero-inflated Poisson model. The study area contained 32 administrative departments in Colombia from October 2015 to December 2017. Weekly ZIKV infection cases and daily meteorological measurements were collected. Mapping techniques were adopted to visualize spatial findings. A series of model selections determined the best combinations of meteorological factors in the same model. Results When multiple meteorological factors are considered in the same model, both total rainfall and average temperature can best assess the geographic disparities of ZIKV infection. Meanwhile, a 1-in. increase in rainfall is associated with an increase in the logarithm of relative risk (logRR) of ZIKV infection of at most 1.66 (95% credible interval [CI] = 1.09, 2.15) as well as a 1 °F increase in average temperature is significantly associated with at most 0.79 (95% CI = 0.12, 1.22) increase in the logRR of ZIKV. Moreover, after controlling rainfall and average temperature, an independent geospatial function in the model results in two departments with an excessive ZIKV risk which may be explained by unobserved factors other than total rainfall and average temperature. Conclusion Our study found that meteorological factors are significantly associated with ZIKV infection across departments. The study determined both total rainfall and average temperature as the best meteorological factors to identify high risk departments of ZIKV infection. These findings can help governmental agencies monitor at risk areas according to meteorological measurements, and develop preventions in those at risk areas in priority

Evading Classifiers by Morphing in the Dark

Learning-based systems have been shown to be vulnerable to evasion through adversarial data manipulation. These attacks have been studied under assumptions that the adversary has certain knowledge of either the target model internals, its training dataset or at least classification scores it assigns to input samples. In this paper, we investigate a much more constrained and realistic attack scenario wherein the target classifier is minimally exposed to the adversary, revealing on its final classification decision (e.g., reject or accept an input sample). Moreover, the adversary can only manipulate malicious samples using a blackbox morpher. That is, the adversary has to evade the target classifier by morphing malicious samples "in the dark". We present a scoring mechanism that can assign a real-value score which reflects evasion progress to each sample based on the limited information available. Leveraging on such scoring mechanism, we propose an evasion method -- EvadeHC -- and evaluate it against two PDF malware detectors, namely PDFRate and Hidost. The experimental evaluation demonstrates that the proposed evasion attacks are effective, attaining $100\%$ evasion rate on the evaluation dataset. Interestingly, EvadeHC outperforms the known classifier evasion technique that operates based on classification scores output by the classifiers. Although our evaluations are conducted on PDF malware classifier, the proposed approaches are domain-agnostic and is of wider application to other learning-based systems