An ISO/IEC 7816-4 Application Layer Approach to Mitigate Relay Attacks on near Field Communication

Near Field Communication (NFC) has become prevalent in access control and contactless payment systems, however, there is evidence in the literature to suggest that the technology possesses numerous vulnerabilities. Contactless bank cards are becoming commonplace in society; while there are many benefits from the use of contactless payments, there are also security issues present that could be exploited by a malicious third party. The inherently short operating distance of NFC (typically about 4 cm) is often relied upon as a means of ensuring intentional interaction on the user’s part and limiting attack vectors. However, NFC is particularly sensitive to relay attacks, which entirely negate the security usefulness of the short-range aspect of technology. The aim of this article is to demonstrate how standard hardware can be used to exploit the technology to carry out a relay attack. Considering the risk that relay attacks pose, a countermeasure is proposed to mitigate this threat. Our countermeasure yields a 100% detection rate in experiments undertaken – in which over 10,000 contactless transactions were carried out on a range of different contactless cards and devices. In these experiments, there was a false positive rate of 0.38% – 0.86%. As little as 1 in every 250 transactions were falsely classified as being the subject of a relay attack and so the user experience was not significantly impacted. With our countermeasure implemented, transaction time was lengthened by only 0.22 seconds

Classifying Recaptured Identity Documents Using the Biomedical Meijering and Sato Algorithms

Recaptured identity documents are a low-cost, high-risk threat to modern eKYC systems. Bad actors can easily manipulate images and print them. Existing solutions typically demand manual review of remotely captured identity documents, this is expensive and does not scale. In 2022, the UK National Crime Agency estimated fraud cost business hundreds of billion pounds per year and document forgery is an area of investigation by Europol.https://arrow.tudublin.ie/cddpos/1002/thumbnail.jp

Determining Child Sexual Abuse Posts based on Artificial Intelligence

The volume of child sexual abuse materials (CSAM) created and shared daily both surface web platforms such as Twitter and dark web forums is very high. Based on volume, it is not viable for human experts to intercept or identify CSAM manually. However, automatically detecting and analysing child sexual abusive language in online text is challenging and time-intensive, mostly due to the variety of data formats and privacy constraints of hosting platforms. We propose a CSAM detection intelligence algorithm based on natural language processing and machine learning techniques. Our CSAM detection model is not only used to remove CSAM on online platforms, but can also help determine perpetrator behaviours, provide evidences, and extract new knowledge for hotlines, child agencies, education programs and policy makers

Fedoram: A Federated Oblivious RAM Scheme

Instant messaging (IM) applications, even with end-to-end encryption enabled, pose privacy issues due to metadata and pattern leakage. Our goal is to develop a model for a privacy preserving IM application, by designing an IM application that focuses on hiding metadata and discussion patterns. To solve the issue of privacy preservation through the obfuscation of metadata, cryptographic constructions like Oblivious Random Access Machines (ORAM) have been proposed in recent years. However, although they completely hide the user access patterns, they incur high computational costs, often resulting in excessively slow performance in practice. We propose a new federated model, FedORAM, which is the first ORAM scheme that uses a federation of servers to hide metadata for an IM use case. In order to investigate the trade-off between security and performance, we propose two versions of FedORAM: Weak FedORAM and Strong FedORAM. Strong FedORAM uses a tree-based federation architecture to ensure strong obliviousness, but with an increased overhead cost. Weak FedORAM has a more simple federated architecture that only uses Oblivious Transfer (OT) to increase communication speed, but with security consequences. Our results show that both constructions are faster than a similar client-server ORAM scheme. Furthermore, Weak FedORAM has a response time of less than 2 seconds per message for a middle-sized federation

Identifying Online Child Sexual Texts in Dark Web through Machine Learning and Deep Learning Algorithms

Predators often use the dark web to discuss and share Child Sexual Abuse Material (CSAM) because the dark web provides a degree of anonymity, making it more difficult for law enforcement to track the criminals involved. In most countries, CSAM is considered as forensic evidence of a crime in progress. Processing, identifying and investigating CSAM is often done manually. This is a time-consuming and emotionally challenging task. In this paper, we propose a novel model based on artificial intelligence algorithms to automatically detect CSA text messages in dark web forums. Our algorithms have achieved impressive results in detecting CSAM in dark web, with a recall rate of 89%, a precision rate of 92.3% and an accuracy rate of 87.6%. Moreover, the algorithms can predict the classification of a post in just 1 microsecond and 0.3 milliseconds on standard laptop capabilities. This makes it possible to integrate our model into social network sites or edge devices to for real-time CSAM detection

Robustness of Image-Based Malware Classification Models Trained with Generative Adversarial Networks

As malware continues to evolve, deep learning models are increasingly used for malware detection and classification, including image based classification. However, adversarial attacks can be used to perturb images so as to evade detection by these models. This study investigates the effectiveness of training deep learning models with Generative Adversarial Network-generated data to improve their robustness against such attacks. Two image conversion methods, byte plot and space-filling curves, were used to represent the malware samples, and a ResNet-50 architecture was used to train models on the image datasets. The models were then tested against a projected gradient descent attack. It was found that without GAN generated data, the models’ prediction performance drastically decreased from 93-95% to 4.5% accuracy. However, the addition of adversarial images to the training data almost doubled the accuracy of the models. This study highlights the potential benefits of incorporating GAN-generated data in the training of deep learning models to improve their robustness against adversarial attacks

Importance of data distribution on hive-based systems for query performance: An experimental study

SQL-on-Hadoop systems have been gaining popularity in recent years. One popular example of SQL-on-Hadoop systems is Apache Hive; the pioneer of SQL-on-Hadoop systems. Hive is located on the top of big data stack as an application layer. Besides the application layer, the Hadoop Ecosystem is composed of 3 different main layers: storage, the resource manager and processing engine. The demand from industry has led to the development of new efficient components for each layer. As the ecosystem evolves over time, Hive employed different execution engines too. Understanding the strengths of components is very important in order to exploit the full performance of the Hadoop Ecosystem. Therefore, recent works in the literature study the importance of each layer separately. To the best of our knowledge, the present work is the first work that focuses on the performance of the combination of both the storage layer and the execution engine. In this work, we compare the Hive\u27s query performance by using three different execution engines: MR, Tez and Spark on the skewed/well-balanced data distribution through the full TPC-H benchmark. Our results show the importance of data distribution on the storage layer for overall job performance of SQL-on-Hadoop systems and empirically showed even distribution improves performance up to 48% compared to skewed distribution. Moreover, the present study provides insightful findings by identifying particular SQL query cases that the certain processing engine deals exceptionally well

Discovering Child Sexual Abuse Material Creators’ Behaviors and Preferences on the Dark Web

Background: Producing, distributing or discussing child sexual abuse materials (CSAM) is often committed through the dark web in order to remain hidden from search engines and regular users. Additionally, on the dark web, the CSAM creators employ various techniques to avoid detection and conceal their activities. The large volume of CSAM on the dark web presents a global social problem and poses a significant challenge for helplines, hotlines and law enforcement agencies. Objective: Identifying CSAM discussions on the dark web and uncovering associated metadata insights into characteristics, behaviours and motivation of CSAM creators. Participants and Setting: We have conducted an analysis of more than 353,000 posts generated by 35,400 distinct users and written in 118 different languages across eight dark web forums in 2022. Out of these, approximately 221,000 posts were written in English and contributed by around 29,500 unique users. Method: We propose a CSAM detection intelligence system. The system uses a manually labelled dataset to train, evaluate and select an efficient CSAM classification model. Once we identify CSAM creators and victims through CSAM posts on the dark web, we proceed to analyze, visualize and uncover information concerning the behaviors of CSAM creators and victims. Result: The CSAM classifier, based on Support Vector Machine model, exhibited good performance, achieving the highest precision of 92.3\%, accuracy of 87.6\% and recall of 84.2\%. Its prediction time is fast, taking only 0.3 milliseconds to process a single post on our laptop. While, the Naive Bayes combination is the best in term of recall, achieving 89\%, and its prediction time is just 0.1 microseconds per post. Across the eight forums in 2022, our Support Vector Machine model detected around 63,000 English CSAM posts and identified near 10,500 English CSAM creators. The analysis of metadata of CSAM posts revealed meaningful information about CSAM creators and their victims, such as: (1) the ages and nationalities of the victims typically mentioned by CSAM creators, (2) forum topics where the CSAM creators assign their posts, and (3) online platforms preferred by CSAM creators for sharing or uploading CSAM. Conclusion: Our CSAM detection system exhibits high performance in precision, recall, and accuracy in real-time when classifying CSAM and non-CSAM posts. Additionally, it can extract and visualize valuable and unique insights about CSAM creators and victims by employing advanced statistical methods. These insights prove beneficial to our partners, i.e. national hotlines and child agencies