Adversary Model

14,000,000 Leading Edge Experts on the ideXlab platform

Scan Science and Technology

Contact Leading Edge Experts & Companies

Scan Science and Technology

Contact Leading Edge Experts & Companies

The Experts below are selected from a list of 17208 Experts worldwide ranked by ideXlab platform

Kim-kwang Raymond Choo - One of the best experts on this subject based on the ideXlab platform.

  • The role of the Adversary Model in applied security research
    Computers & Security, 2019
    Co-Authors: Ben Martini, Kim-kwang Raymond Choo
    Abstract:

    Abstract Adversary Models have been integral to the design of provably-secure cryptographic schemes or protocols. However, their use in other computer science research disciplines is relatively limited, particularly in the case of applied security research (e.g., mobile app and vulnerability studies). In this study, we conduct a survey of prominent Adversary Models used in the seminal field of cryptography, and more recent mobile and Internet of Things (IoT) research. Motivated by the findings from the cryptography survey, we propose a classification scheme for common app-based adversaries used in mobile security research, and classify key papers using the proposed scheme. Finally, we discuss recent work involving Adversary Models in the contemporary research field of IoT. We contribute recommendations to aid researchers working in applied (IoT) security based upon our findings from the mobile and cryptography literature. The key recommendation is for authors to clearly define Adversary goals, assumptions and capabilities.

  • Mobile cloud security: An Adversary Model for lightweight browser security ☆
    Computer Standards & Interfaces, 2017
    Co-Authors: Shasi Pokharel, Kim-kwang Raymond Choo, Jixue Liu
    Abstract:

    Abstract Lightweight browsers on mobile devices are increasingly been used to access cloud services and upload / view data stored on the cloud, due to their faster resource loading capabilities. These browsers use client side efficiency measures such as larger cache storage and fewer plugins. However, the impact on data security of such measures is an understudied area. In this paper, we propose an Adversary Model to examine the security of lightweight browsers. Using the Adversary Model, we reveal previously unpublished vulnerabilities in four popular light browsers, namely: UC Browser, Dolphin, CM Browser, and Samsung Stock Browser, which allows an attacker to obtain unauthorized access to the user’s private data. The latter include browser history, email content, and bank account details. For example, we also demonstrate that it is possible to replace the images of the cache in one of the browsers, which can be used to facilitate phishing and other fraudulent activities. By identifying the design flaw in these browsers (i.e. improper file storage), we hope that future browser designers can avoid similar errors.

  • mobile cloud security an Adversary Model for lightweight browser security
    Computer Standards & Interfaces, 2017
    Co-Authors: Shasi Pokharel, Kim-kwang Raymond Choo, Jixue Liu
    Abstract:

    Abstract Lightweight browsers on mobile devices are increasingly been used to access cloud services and upload / view data stored on the cloud, due to their faster resource loading capabilities. These browsers use client side efficiency measures such as larger cache storage and fewer plugins. However, the impact on data security of such measures is an understudied area. In this paper, we propose an Adversary Model to examine the security of lightweight browsers. Using the Adversary Model, we reveal previously unpublished vulnerabilities in four popular light browsers, namely: UC Browser, Dolphin, CM Browser, and Samsung Stock Browser, which allows an attacker to obtain unauthorized access to the user’s private data. The latter include browser history, email content, and bank account details. For example, we also demonstrate that it is possible to replace the images of the cache in one of the browsers, which can be used to facilitate phishing and other fraudulent activities. By identifying the design flaw in these browsers (i.e. improper file storage), we hope that future browser designers can avoid similar errors.

  • A Markov Adversary Model to detect vulnerable iOS devices and vulnerabilities in iOS apps
    Applied Mathematics and Computation, 2017
    Co-Authors: Christian D’orazio, Kim-kwang Raymond Choo, Athanasios V. Vasilakos
    Abstract:

    Adversary Model to detect vulnerable iOS devices and vulnerabilities in iOS apps.Security and privacy of mobile device and app users.Markov process for Modelling (in)security state of iOS device or apps.iOS device and app vulnerabilities. With the increased convergence of technologies whereby a user can access, store and transmit data across different devices in real-time, risks will arise from factors such as lack of appropriate security measures in place and users not having requisite levels of security awareness and not fully understanding how security measures can be used to their advantage. In this paper, we adapt our previously published Adversary Model for digital rights management (DRM) apps and demonstrate how it can be used to detect vulnerable iOS devices and to analyse (non-DRM) apps for vulnerabilities that can potentially be exploited. Using our Adversary Model, we investigate several (jailbroken and non-jailbroken) iOS devices, Australian Government Medicare Expert Plus (MEP) app, Commonwealth Bank of Australia app, Western Union app, PayPal app, PocketCloud Remote Desktop app and Simple Transfer Pro app, and reveal previously unknown vulnerabilities. We then demonstrate how the identified vulnerabilities can be exploited to expose the user's sensitive data and personally identifiable information stored on or transmitted from the device. We conclude with several recommendations to enhance the security and privacy of user data stored on or transmitted from these devices.

  • Practical --Anonymization for Collaborative Data Publishing without Trusted Third Party
    Security and Communication Networks, 2017
    Co-Authors: Jingyu Hua, Kim-kwang Raymond Choo, An Tang, Qingyun Pan, Hong Ding, Yizhi Ren
    Abstract:

    In collaborative data publishing (CDP), an -Adversary attack refers to a scenario where up to malicious data providers collude to infer data records contributed by other providers. Existing solutions either rely on a trusted third party (TTP) or introduce expensive computation and communication overheads. In this paper, we present a practical distributed -anonymization scheme, - -anonymization, designed to defend against -Adversary attacks without relying on any TTPs. We then prove its security in the semihonest Adversary Model and demonstrate how an extension of the scheme can also be proven secure in a stronger Adversary Model. We also evaluate its efficiency using a commonly used dataset.

Lin Liu - One of the best experts on this subject based on the ideXlab platform.

  • An android social app forensics Adversary Model
    Proceedings of the Annual Hawaii International Conference on System Sciences, 2016
    Co-Authors: Abdullah Azfar, Kim-kwang Raymond Choo, Lin Liu
    Abstract:

    Android forensics is one of the most studied topics in the mobile forensics literature, partly due to the popularity of Android devices and apps. However, there does not appear to have a formal Model that captures the activities undertaken during a forensic investigation. In this paper, we adapt a widely used Adversary Model from the cryptographic literature to formally capture a forensic investigator's capabilities during the collection and analysis of evidentiary materials from mobile devices. We demonstrate the utility of the Model using five popular Android social apps (Twitter, POF Dating, Snapchat, Fling and P interest). We recover various information of forensic interest, such as databases, user account information, sent-received images, profile pictures, contact lists, unviewed text messages. We are also able to determine when a notification was sent, a tweet was posted, as well as identifying the Facebook authentication token string used in the apps.

  • HICSS - An Android Social App Forensics Adversary Model
    2016 49th Hawaii International Conference on System Sciences (HICSS), 2016
    Co-Authors: Abdullah Azfar, Kim-kwang Raymond Choo, Lin Liu
    Abstract:

    Android forensics is one of the most studied topics in the mobile forensics literature, partly due to the popularity of Android devices and apps. However, there does not appear to have a formal Model that captures the activities undertaken during a forensic investigation. In this paper, we adapt a widely used Adversary Model from the cryptographic literature to formally capture a forensic investigator's capabilities during the collection and analysis of evidentiary materials from mobile devices. We demonstrate the utility of the Model using five popular Android social apps (Twitter, POF Dating, Snapchat, Fling and Pinterest). We recover various information of forensic interest, such as databases, user account information, sent-received images, profile pictures, contact lists, unviewed text messages. We are also able to determine when a notification was sent, a tweet was posted, as well as identifying the Facebook authentication token string used in the apps.

Philipp Woelfel - One of the best experts on this subject based on the ideXlab platform.

  • Efficient randomized test-and-set implementations
    Distributed Computing, 2019
    Co-Authors: George Giakkoupis, Philipp Woelfel
    Abstract:

    We study randomized test-and-set (TAS) implementations from registers in the asynchronous shared memory Model with n processes. We introduce the problem of group election , a natural variant of leader election, and propose a framework for the implementation of TAS objects from group election objects. We then present two group election algorithms, each yielding an efficient TAS implementation. The first implementation has expected max-step complexity $$O(\log ^*k)$$ O ( log ∗ k ) in the location-oblivious Adversary Model, and the second has expected max-step complexity $$O(\log \log k)$$ O ( log log k ) against any read/write-oblivious Adversary, where $$k\le n$$ k ≤ n is the contention. These algorithms improve the previous upper bound by Alistarh and Aspnes (in: Proceedings of the 25th International Symposium on Distributed Computing, 2011 ) of $$O(\log \log n)$$ O ( log log n ) expected max-step complexity in the oblivious Adversary Model. We also propose a modification to a TAS algorithm devised by Alistarh, Attiya, Gilbert, Giurgiu, and Guerraoui (in: Proceedings of the 24th International Symposium on Distributed Computing, DISC 2010 ) for the strong adaptive Adversary, which improves its space complexity from super-linear to linear, while maintaining its $$O(\log n)$$ O ( log n ) expected max-step complexity. We then describe how this algorithm can be combined with any randomized TAS algorithm that has expected max-step complexity T ( n ) in a weaker Adversary Model, so that the resulting algorithm has $$O(\log n)$$ O ( log n ) expected max-step complexity against any strong adaptive Adversary and O ( T ( n )) in the weaker Adversary Model. Finally, we prove that for any randomized 2-process TAS algorithm, there exists a schedule determined by an oblivious Adversary such that with probability at least $$1/4^t$$ 1 / 4 t one of the processes needs at least t steps to finish its TAS operation. This complements a lower bound by Attiya and Censor-Hillel (SIAM J Comput 39(8):3885–3904, 2010 ) on a similar problem for $$n\ge 3$$ n ≥ 3 processes.

  • Efficient Randomized Test-And-Set Implementations
    Distributed Computing, 2019
    Co-Authors: George Giakkoupis, Philipp Woelfel
    Abstract:

    We study randomized test-and-set (TAS) implementations from registers in the asynchronous shared memory Model with n processes. We introduce the problem of group election, a natural variant of leader election, and propose a framework for the implementation of TAS objects from group election objects. We then present two group election algorithms, each yielding an efficient TAS implementation. The first implementation has expected max-step complexity O(log* k) in the location-oblivious Adversary Model, and the second has expected max-step complexity O(log log k) against any read/write-oblivious Adversary, where k ≤ n is the contention. These algorithms improve the previous upper bound by Alistarh and Aspnes [2] of O(log log n) expected max-step complexity in the oblivious Adversary Model. We also propose a modification to a TAS algorithm by Alistarh, Attiya, Gilbert, Giurgiu, and Guerraoui [5] for the strong adaptive Adversary, which improves its space complexity from super-linear to linear, while maintaining its O(log n) expected max-step complexity. We then describe how this algorithm can be combined with any randomized TAS algorithm that has expected max-step complexity T(n) in a weaker Adversary Model, so that the resulting algorithm has O(log n) expected maxstep complexity against any strong adaptive Adversary and O(T(n)) in the weaker Adversary Model. Finally, we prove that for any randomized 2-process TAS algorithm, there exists a schedule determined by an oblivious Adversary such that with probability at least 1/4t one of the processes needs at least t steps to finish its TAS operation. This complements a lower bound by Attiya and Censor-Hillel [7] on a similar problem for n ≥ 3 processes.

  • Randomized Abortable Mutual Exclusion with Constant Amortized RMR Complexity on the CC Model
    2017
    Co-Authors: George Giakkoupis, Philipp Woelfel
    Abstract:

    We present an abortable mutual exclusion algorithm for the cache-coherent (CC) Model with atomic registers and CAS objects. The algorithm has constant expected amortized RMR complexity in the oblivious Adversary Model and is deterministically deadlock-free. This is the first abortable mutual exclusion algorithm that achieves o(log n/log log n) RMR complexity.

  • Wait-Freedom is Harder than Lock-Freedom under Strong Linearizability
    2015
    Co-Authors: Oksana Denysyuk, Philipp Woelfel
    Abstract:

    In randomized algorithms, replacing atomic shared objects with linearizable [1] implementations may affect probability distributions over outcomes [2]. To avoid this problem in the adaptive Adversary Model, it is necessary and sufficient that implemented objects satisfy strong lin-earizability [2]. In this paper we study the existence of strongly lineariz-able implementations from multi-writer registers. We prove the impossibility of wait-free strongly linearizable implementations for a number of standard objects, including snapshots, counters, and max-registers, all of which have wait-free linearizable implementations. To do so, we introduce a new notion of group valency that is useful to analyze (strongly linearizable) implementations from registers. Furthermore, we show that many objects, including snapshots, do have lock-free strongly linearizable implementations. These results separate lock-freedom from wait-freedom under strong linearizability.

  • Randomized Mutual Exclusion with Constant Amortized RMR Complexity on the DSM
    2014 IEEE 55th Annual Symposium on Foundations of Computer Science, 2014
    Co-Authors: George Giakkoupis, Philipp Woelfel
    Abstract:

    In this paper we settle an open question by determining the remote memory reference (RMR) complexity of randomized mutual exclusion, on the distributed shared memory Model (DSM) with atomic registers, in a weak but natural (and stronger than oblivious) Adversary Model. In particular, we present a mutual exclusion algorithm that has constant expected amortized RMR complexity and is deterministically deadlock free. Prior to this work, no randomized algorithm with o(log n/log log n) RMR complexity was known for the DSM Model. Our algorithm is fairly simple, and compares favorably with one by Bender and Gilbert (FOCS 2011) for the CC Model, which has expected amortized RMR complexity O(log2 log n) and provides only probabilistic deadlock freedom.

S S Iyengar - One of the best experts on this subject based on the ideXlab platform.

  • pseudonym based anonymity zone generation for mobile service with strong Adversary Model
    Consumer Communications and Networking Conference, 2015
    Co-Authors: Mingming Guo, Niki Pissinou, S S Iyengar
    Abstract:

    The popularity of location-aware mobile devices and the advances of wireless networking have seriously pushed location-based services into the IT market. However, moving users need to report their coordinates to an application service provider to utilize interested services that may compromise user privacy. In this paper, we propose an online personalized scheme for generating anonymity zones to protect users with mobile devices while on the move. We also introduce a strong Adversary Model, which can conduct inference attacks in the system. Our design combines a geometric transformation algorithm with a dynamic pseudonyms-changing mechanism and user-controlled personalized dummy generation to achieve strong trajectory privacy preservation. Our proposal does not involve any trusted third-party and will not affect the existing LBS system architecture. Simulations are performed to show the effectiveness and efficiency of our approach.

  • CCNC - Pseudonym-based anonymity zone generation for mobile service with strong Adversary Model
    2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC), 2015
    Co-Authors: Mingming Guo, Niki Pissinou, S S Iyengar
    Abstract:

    The popularity of location-aware mobile devices and the advances of wireless networking have seriously pushed location-based services into the IT market. However, moving users need to report their coordinates to an application service provider to utilize interested services that may compromise user privacy. In this paper, we propose an online personalized scheme for generating anonymity zones to protect users with mobile devices while on the move. We also introduce a strong Adversary Model, which can conduct inference attacks in the system. Our design combines a geometric transformation algorithm with a dynamic pseudonyms-changing mechanism and user-controlled personalized dummy generation to achieve strong trajectory privacy preservation. Our proposal does not involve any trusted third-party and will not affect the existing LBS system architecture. Simulations are performed to show the effectiveness and efficiency of our approach.

Abdullah Azfar - One of the best experts on this subject based on the ideXlab platform.

  • An android social app forensics Adversary Model
    Proceedings of the Annual Hawaii International Conference on System Sciences, 2016
    Co-Authors: Abdullah Azfar, Kim-kwang Raymond Choo, Lin Liu
    Abstract:

    Android forensics is one of the most studied topics in the mobile forensics literature, partly due to the popularity of Android devices and apps. However, there does not appear to have a formal Model that captures the activities undertaken during a forensic investigation. In this paper, we adapt a widely used Adversary Model from the cryptographic literature to formally capture a forensic investigator's capabilities during the collection and analysis of evidentiary materials from mobile devices. We demonstrate the utility of the Model using five popular Android social apps (Twitter, POF Dating, Snapchat, Fling and P interest). We recover various information of forensic interest, such as databases, user account information, sent-received images, profile pictures, contact lists, unviewed text messages. We are also able to determine when a notification was sent, a tweet was posted, as well as identifying the Facebook authentication token string used in the apps.

  • HICSS - An Android Social App Forensics Adversary Model
    2016 49th Hawaii International Conference on System Sciences (HICSS), 2016
    Co-Authors: Abdullah Azfar, Kim-kwang Raymond Choo, Lin Liu
    Abstract:

    Android forensics is one of the most studied topics in the mobile forensics literature, partly due to the popularity of Android devices and apps. However, there does not appear to have a formal Model that captures the activities undertaken during a forensic investigation. In this paper, we adapt a widely used Adversary Model from the cryptographic literature to formally capture a forensic investigator's capabilities during the collection and analysis of evidentiary materials from mobile devices. We demonstrate the utility of the Model using five popular Android social apps (Twitter, POF Dating, Snapchat, Fling and Pinterest). We recover various information of forensic interest, such as databases, user account information, sent-received images, profile pictures, contact lists, unviewed text messages. We are also able to determine when a notification was sent, a tweet was posted, as well as identifying the Facebook authentication token string used in the apps.