Adversary Model - Explore the Science & Experts | ideXlab

Scan Science and Technology

Contact Leading Edge Experts & Companies

Adversary Model

The Experts below are selected from a list of 17208 Experts worldwide ranked by ideXlab platform

Adversary Model – Free Register to Access Experts & Abstracts

Kim-kwang Raymond Choo – One of the best experts on this subject based on the ideXlab platform.

  • The role of the Adversary Model in applied security research
    Computers & Security, 2019
    Co-Authors: Ben Martini, Kim-kwang Raymond Choo
    Abstract:

    Abstract Adversary Models have been integral to the design of provably-secure cryptographic schemes or protocols. However, their use in other computer science research disciplines is relatively limited, particularly in the case of applied security research (e.g., mobile app and vulnerability studies). In this study, we conduct a survey of prominent Adversary Models used in the seminal field of cryptography, and more recent mobile and Internet of Things (IoT) research. Motivated by the findings from the cryptography survey, we propose a classification scheme for common app-based adversaries used in mobile security research, and classify key papers using the proposed scheme. Finally, we discuss recent work involving Adversary Models in the contemporary research field of IoT. We contribute recommendations to aid researchers working in applied (IoT) security based upon our findings from the mobile and cryptography literature. The key recommendation is for authors to clearly define Adversary goals, assumptions and capabilities.

  • Mobile cloud security: An Adversary Model for lightweight browser security ☆
    Computer Standards & Interfaces, 2017
    Co-Authors: Shasi Pokharel, Kim-kwang Raymond Choo, Jixue Liu
    Abstract:

    Abstract Lightweight browsers on mobile devices are increasingly been used to access cloud services and upload / view data stored on the cloud, due to their faster resource loading capabilities. These browsers use client side efficiency measures such as larger cache storage and fewer plugins. However, the impact on data security of such measures is an understudied area. In this paper, we propose an Adversary Model to examine the security of lightweight browsers. Using the Adversary Model, we reveal previously unpublished vulnerabilities in four popular light browsers, namely: UC Browser, Dolphin, CM Browser, and Samsung Stock Browser, which allows an attacker to obtain unauthorized access to the user’s private data. The latter include browser history, email content, and bank account details. For example, we also demonstrate that it is possible to replace the images of the cache in one of the browsers, which can be used to facilitate phishing and other fraudulent activities. By identifying the design flaw in these browsers (i.e. improper file storage), we hope that future browser designers can avoid similar errors.

  • mobile cloud security an Adversary Model for lightweight browser security
    Computer Standards & Interfaces, 2017
    Co-Authors: Shasi Pokharel, Kim-kwang Raymond Choo, Jixue Liu
    Abstract:

    Abstract Lightweight browsers on mobile devices are increasingly been used to access cloud services and upload / view data stored on the cloud, due to their faster resource loading capabilities. These browsers use client side efficiency measures such as larger cache storage and fewer plugins. However, the impact on data security of such measures is an understudied area. In this paper, we propose an Adversary Model to examine the security of lightweight browsers. Using the Adversary Model, we reveal previously unpublished vulnerabilities in four popular light browsers, namely: UC Browser, Dolphin, CM Browser, and Samsung Stock Browser, which allows an attacker to obtain unauthorized access to the user’s private data. The latter include browser history, email content, and bank account details. For example, we also demonstrate that it is possible to replace the images of the cache in one of the browsers, which can be used to facilitate phishing and other fraudulent activities. By identifying the design flaw in these browsers (i.e. improper file storage), we hope that future browser designers can avoid similar errors.

Lin Liu – One of the best experts on this subject based on the ideXlab platform.

  • An android social app forensics Adversary Model
    Proceedings of the Annual Hawaii International Conference on System Sciences, 2016
    Co-Authors: Abdullah Azfar, Kim-kwang Raymond Choo, Lin Liu
    Abstract:

    Android forensics is one of the most studied topics in the mobile forensics literature, partly due to the popularity of Android devices and apps. However, there does not appear to have a formal Model that captures the activities undertaken during a forensic investigation. In this paper, we adapt a widely used Adversary Model from the cryptographic literature to formally capture a forensic investigator’s capabilities during the collection and analysis of evidentiary materials from mobile devices. We demonstrate the utility of the Model using five popular Android social apps (Twitter, POF Dating, Snapchat, Fling and P interest). We recover various information of forensic interest, such as databases, user account information, sent-received images, profile pictures, contact lists, unviewed text messages. We are also able to determine when a notification was sent, a tweet was posted, as well as identifying the Facebook authentication token string used in the apps.

  • HICSS – An Android Social App Forensics Adversary Model
    2016 49th Hawaii International Conference on System Sciences (HICSS), 2016
    Co-Authors: Abdullah Azfar, Kim-kwang Raymond Choo, Lin Liu
    Abstract:

    Android forensics is one of the most studied topics in the mobile forensics literature, partly due to the popularity of Android devices and apps. However, there does not appear to have a formal Model that captures the activities undertaken during a forensic investigation. In this paper, we adapt a widely used Adversary Model from the cryptographic literature to formally capture a forensic investigator’s capabilities during the collection and analysis of evidentiary materials from mobile devices. We demonstrate the utility of the Model using five popular Android social apps (Twitter, POF Dating, Snapchat, Fling and Pinterest). We recover various information of forensic interest, such as databases, user account information, sent-received images, profile pictures, contact lists, unviewed text messages. We are also able to determine when a notification was sent, a tweet was posted, as well as identifying the Facebook authentication token string used in the apps.

Philipp Woelfel – One of the best experts on this subject based on the ideXlab platform.

  • Efficient randomized test-and-set implementations
    Distributed Computing, 2019
    Co-Authors: George Giakkoupis, Philipp Woelfel
    Abstract:

    We study randomized test-and-set (TAS) implementations from registers in the asynchronous shared memory Model with n processes. We introduce the problem of group election , a natural variant of leader election, and propose a framework for the implementation of TAS objects from group election objects. We then present two group election algorithms, each yielding an efficient TAS implementation. The first implementation has expected max-step complexity $$O(\log ^*k)$$ O ( log ∗ k ) in the location-oblivious Adversary Model, and the second has expected max-step complexity $$O(\log \log k)$$ O ( log log k ) against any read/write-oblivious Adversary, where $$k\le n$$ k ≤ n is the contention. These algorithms improve the previous upper bound by Alistarh and Aspnes (in: Proceedings of the 25th International Symposium on Distributed Computing, 2011 ) of $$O(\log \log n)$$ O ( log log n ) expected max-step complexity in the oblivious Adversary Model. We also propose a modification to a TAS algorithm devised by Alistarh, Attiya, Gilbert, Giurgiu, and Guerraoui (in: Proceedings of the 24th International Symposium on Distributed Computing, DISC 2010 ) for the strong adaptive Adversary, which improves its space complexity from super-linear to linear, while maintaining its $$O(\log n)$$ O ( log n ) expected max-step complexity. We then describe how this algorithm can be combined with any randomized TAS algorithm that has expected max-step complexity T ( n ) in a weaker Adversary Model, so that the resulting algorithm has $$O(\log n)$$ O ( log n ) expected max-step complexity against any strong adaptive Adversary and O ( T ( n )) in the weaker Adversary Model. Finally, we prove that for any randomized 2-process TAS algorithm, there exists a schedule determined by an oblivious Adversary such that with probability at least $$1/4^t$$ 1 / 4 t one of the processes needs at least t steps to finish its TAS operation. This complements a lower bound by Attiya and Censor-Hillel (SIAM J Comput 39(8):3885–3904, 2010 ) on a similar problem for $$n\ge 3$$ n ≥ 3 processes.

  • Efficient Randomized Test-And-Set Implementations
    Distributed Computing, 2019
    Co-Authors: George Giakkoupis, Philipp Woelfel
    Abstract:

    We study randomized test-and-set (TAS) implementations from registers in the asynchronous shared memory Model with n processes. We introduce the problem of group election, a natural variant of leader election, and propose a framework for the implementation of TAS objects from group election objects. We then present two group election algorithms, each yielding an efficient TAS implementation. The first implementation has expected max-step complexity O(log* k) in the location-oblivious Adversary Model, and the second has expected max-step complexity O(log log k) against any read/write-oblivious Adversary, where k ≤ n is the contention. These algorithms improve the previous upper bound by Alistarh and Aspnes [2] of O(log log n) expected max-step complexity in the oblivious Adversary Model. We also propose a modification to a TAS algorithm by Alistarh, Attiya, Gilbert, Giurgiu, and Guerraoui [5] for the strong adaptive Adversary, which improves its space complexity from super-linear to linear, while maintaining its O(log n) expected max-step complexity. We then describe how this algorithm can be combined with any randomized TAS algorithm that has expected max-step complexity T(n) in a weaker Adversary Model, so that the resulting algorithm has O(log n) expected maxstep complexity against any strong adaptive Adversary and O(T(n)) in the weaker Adversary Model. Finally, we prove that for any randomized 2-process TAS algorithm, there exists a schedule determined by an oblivious Adversary such that with probability at least 1/4t one of the processes needs at least t steps to finish its TAS operation. This complements a lower bound by Attiya and Censor-Hillel [7] on a similar problem for n ≥ 3 processes.

  • Randomized Abortable Mutual Exclusion with Constant Amortized RMR Complexity on the CC Model
    , 2017
    Co-Authors: George Giakkoupis, Philipp Woelfel
    Abstract:

    We present an abortable mutual exclusion algorithm for the cache-coherent (CC) Model with atomic registers and CAS objects. The algorithm has constant expected amortized RMR complexity in the oblivious Adversary Model and is deterministically deadlock-free. This is the first abortable mutual exclusion algorithm that achieves o(log n/log log n) RMR complexity.

S S Iyengar – One of the best experts on this subject based on the ideXlab platform.

  • pseudonym based anonymity zone generation for mobile service with strong Adversary Model
    Consumer Communications and Networking Conference, 2015
    Co-Authors: Mingming Guo, Niki Pissinou, S S Iyengar
    Abstract:

    The popularity of location-aware mobile devices and the advances of wireless networking have seriously pushed location-based services into the IT market. However, moving users need to report their coordinates to an application service provider to utilize interested services that may compromise user privacy. In this paper, we propose an online personalized scheme for generating anonymity zones to protect users with mobile devices while on the move. We also introduce a strong Adversary Model, which can conduct inference attacks in the system. Our design combines a geometric transformation algorithm with a dynamic pseudonyms-changing mechanism and user-controlled personalized dummy generation to achieve strong trajectory privacy preservation. Our proposal does not involve any trusted third-party and will not affect the existing LBS system architecture. Simulations are performed to show the effectiveness and efficiency of our approach.

  • CCNC – Pseudonym-based anonymity zone generation for mobile service with strong Adversary Model
    2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC), 2015
    Co-Authors: Mingming Guo, Niki Pissinou, S S Iyengar
    Abstract:

    The popularity of location-aware mobile devices and the advances of wireless networking have seriously pushed location-based services into the IT market. However, moving users need to report their coordinates to an application service provider to utilize interested services that may compromise user privacy. In this paper, we propose an online personalized scheme for generating anonymity zones to protect users with mobile devices while on the move. We also introduce a strong Adversary Model, which can conduct inference attacks in the system. Our design combines a geometric transformation algorithm with a dynamic pseudonyms-changing mechanism and user-controlled personalized dummy generation to achieve strong trajectory privacy preservation. Our proposal does not involve any trusted third-party and will not affect the existing LBS system architecture. Simulations are performed to show the effectiveness and efficiency of our approach.

Abdullah Azfar – One of the best experts on this subject based on the ideXlab platform.

  • An android social app forensics Adversary Model
    Proceedings of the Annual Hawaii International Conference on System Sciences, 2016
    Co-Authors: Abdullah Azfar, Kim-kwang Raymond Choo, Lin Liu
    Abstract:

    Android forensics is one of the most studied topics in the mobile forensics literature, partly due to the popularity of Android devices and apps. However, there does not appear to have a formal Model that captures the activities undertaken during a forensic investigation. In this paper, we adapt a widely used Adversary Model from the cryptographic literature to formally capture a forensic investigator’s capabilities during the collection and analysis of evidentiary materials from mobile devices. We demonstrate the utility of the Model using five popular Android social apps (Twitter, POF Dating, Snapchat, Fling and P interest). We recover various information of forensic interest, such as databases, user account information, sent-received images, profile pictures, contact lists, unviewed text messages. We are also able to determine when a notification was sent, a tweet was posted, as well as identifying the Facebook authentication token string used in the apps.

  • HICSS – An Android Social App Forensics Adversary Model
    2016 49th Hawaii International Conference on System Sciences (HICSS), 2016
    Co-Authors: Abdullah Azfar, Kim-kwang Raymond Choo, Lin Liu
    Abstract:

    Android forensics is one of the most studied topics in the mobile forensics literature, partly due to the popularity of Android devices and apps. However, there does not appear to have a formal Model that captures the activities undertaken during a forensic investigation. In this paper, we adapt a widely used Adversary Model from the cryptographic literature to formally capture a forensic investigator’s capabilities during the collection and analysis of evidentiary materials from mobile devices. We demonstrate the utility of the Model using five popular Android social apps (Twitter, POF Dating, Snapchat, Fling and Pinterest). We recover various information of forensic interest, such as databases, user account information, sent-received images, profile pictures, contact lists, unviewed text messages. We are also able to determine when a notification was sent, a tweet was posted, as well as identifying the Facebook authentication token string used in the apps.