Your search keyword '"Asokan, N"' showing total 12 results

1. Interactive decryption of DECT phone calls

Author

McHardy, Patrick, Schuler, Andreas, Tews, Erik, Gollmann, Dieter, Westhoff, Dirk, Tsudik, Gene, and Asokan, N.

Subjects

Key-recovery attack, Base station, Audio signal, Phone, business.industry, Computer science, Key (cryptography), Digital Enhanced Cordless Telecommunications, Encryption, business, Replay attack, Computer network

Abstract

DECT is a widely deployed standard mostly used for short range wireless phones. So far, no method has been published which is able to recover the audio signal in a call that is encrypted and lasts only for a few minutes. In this paper, we present a method that recovers the audio signal sent from the phone to its base station in an encrypted call. To do so, we use a replay-attack against the phone to recover the key streams, which were used to encrypt the call. The method is applicable to short calls too, where not enough keystreams are available to recover the ciphers key using a key recovery attack on DSC. The method is fast and practical and can be executed at very low cost.

Published

2011

2. AuDI: Toward Autonomous IoT Device-Type Identification Using Periodic Communication

Author

Ahmad-Reza Sadeghi, Thien Duc Nguyen, Nadarajah Asokan, Samuel Marchal, Markus Miettinen, Adj. Prof Asokan N. group, Technische Universität Darmstadt, Department of Computer Science, Aalto-yliopisto, and Aalto University

Subjects

autonomous IoT device identification, Computer Networks and Communications, business.industry, Computer science, Distributed computing, Quality of service, Internet of Things, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Variance (accounting), Identification (information), 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, business, self-learning, device-type identification

Abstract

IoT devices are being widely deployed. But the huge variance among them in the level of security and requirements for network resources makes it unfeasible to manage IoT networks using a common generic policy. One solution to this challenge is to define policies for classes of devices based on device type. In this paper, we present AuDI, a system for quickly and effectively identifying the type of a device in an IoT network by analyzing their network communications. AuDI models the periodic communication traffic of IoT devices using an unsupervised learning method to perform identification. In contrast to prior work, AuDI operates autonomously after initial setup, learning, without human intervention nor labeled data, to identify previously unseen device types. AuDI can identify the type of a device in any mode of operation or stage of lifecycle of the device. Via systematic experiments using 33 off-the-shelf IoT devices, we show that AuDI is effective (98.2% accuracy).

Published

2019

3. Effective writing style transfer via combinatorial paraphrasing

Author

Tommi Gröndahl, Nadarajah Asokan, Adj. Prof Asokan N. group, University of Waterloo, Department of Computer Science, Aalto-yliopisto, and Aalto University

Subjects

adversarial stylometry, Computer science, model evasion, style imitation, deanonymization, 0211 other engineering and technologies, 02 engineering and technology, computer.software_genre, Writing style, 020204 information systems, Transfer (computing), 0202 electrical engineering, electronic engineering, information engineering, General Environmental Science, Ethics, 021110 strategic, defence & security studies, Multimedia, business.industry, style transfer, author profiling, Information technology, QA75.5-76.95, BJ1-1725, Electronic computers. Computer science, stylometry, General Earth and Planetary Sciences, profiling, business, computer

Abstract

Stylometry can be used to profile or deanonymize authors against their will based on writing style. Style transfer provides a defence. Current techniques typically use either encoder-decoder architectures or rule-based algorithms. Crucially, style transfer must reliably retain original semantic content to be actually deployable. We conduct a multifaceted evaluation of three state-of-the-art encoder-decoder style transfer techniques, and show that all fail at semantic retainment. In particular, they do not produce appropriate paraphrases, but only retain original content in the trivial case of exactly reproducing the text. To mitigate this problem we propose ParChoice: a technique based on the combinatorial application of multiple paraphrasing algorithms. ParChoice strongly outperforms the encoder-decoder baselines in semantic retainment. Additionally, compared to baselines that achieve nonnegligible semantic retainment, ParChoice has superior style transfer performance. We also apply ParChoice to multi-author style imitation (not considered by prior work), where we achieve up to 75% imitation success among five authors. Furthermore, when compared to two state-of-the-art rule-based style transfer techniques, ParChoice has markedly better semantic retainment. Combining ParChoice with the best performing rulebased baseline (Mutant-X [34]) also reaches the highest style transfer success on the Brennan-Greenstadt and Extended-Brennan-Greenstadt corpora, with much less impact on original meaning than when using the rulebased baseline techniques alone. Finally, we highlight a critical problem that afflicts all current style transfer techniques: the adversary can use the same technique for thwarting style transfer via adversarial training. We show that adding randomness to style transfer helps to mitigate the effectiveness of adversarial training.

Published

2020

4. Game Theoretical Modelling of Network/Cybersecurity

Author

Lachlan J. Gunn, M. Ali Babar, Derek Abbott, Mingyuo Guo, Azhar Iqbal, University of Adelaide, Adj. Prof Asokan N. group, Department of Computer Science, Aalto-yliopisto, and Aalto University

Subjects

FOS: Computer and information sciences, game theory, Cybersecurity, cybersecurity, General Computer Science, Network security, 02 engineering and technology, Computer security, computer.software_genre, Cyberspace, Set (abstract data type), Mathematical model, Computer Science - Computer Science and Game Theory, 020204 information systems, Strategic decision making, network security, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Optimization methods, Game theory, business.industry, General Engineering, optimization methods, 020201 artificial intelligence & image processing, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, lcsh:TK1-9971, computer, mathematical model, Computer Science and Game Theory (cs.GT)

Abstract

Game theory is an established branch of mathematics that offers a rich set of mathematical tools for multi-person strategic decision making that can be used to model the interactions of decision makers in security problems who compete for limited and shared resources. This article presents a review of the literature in the area of game theoretical modelling of network/cybersecurity., Revised, 21 pages, to appear in IEEE Access

Published

2019

5. Stochastic Discriminant Analysis for Linear Supervised Dimension Reduction

Author

Juha Karhunen, Mika Juuti, Francesco Corona, Adj. Prof Asokan N. group, Department of Computer Science, Aalto-yliopisto, and Aalto University

Subjects

Kullback–Leibler divergence, Linear projection, Cognitive Neuroscience, Linear model, 02 engineering and technology, 01 natural sciences, 010104 statistics & probability, Information visualization, Artificial Intelligence, Joint probability distribution, 0202 electrical engineering, electronic engineering, information engineering, 0101 mathematics, Divergence (statistics), Mathematics, ta113, business.industry, Dimensionality reduction, Distance based probabilities, Supervised learning, Pattern recognition, Linear discriminant analysis, Classification, Computer Science Applications, Dimension reduction, Probability distribution, 020201 artificial intelligence & image processing, Artificial intelligence, business

Abstract

In this paper, we consider a linear supervised dimension reduction method for classification settings: stochastic discriminant analysis (SDA). This method matches similarities between points in the projection space with those in a response space. The similarities are represented by transforming distances between points to joint probabilities using a transformation which resembles Student’s t-distribution. The matching is done by minimizing the Kullback–Leibler divergence between the two probability distributions. We compare the performance of our SDA method against several state-of-the-art methods for supervised linear dimension reduction. In our experiments, we found that the performance of the SDA method is often better and typically at least equal to the compared methods. We have made experiments with various types of data sets having low, medium, or high dimensions and quite different numbers of samples, and with both sparse and dense data sets. If there are several classes in the studied data set, the low-dimensional projections computed using our SDA method provide often higher classification accuracies than the compared methods.

Published

2018

6. Protecting the stack with PACed canaries

Author

Thomas Nyman, Jan-Erik Ekberg, Hans Liljestrand, Zaheer Gauhar, Nadarajah Asokan, Department of Computer Science, Adj. Prof Asokan N. group, University of Waterloo, Aalto-yliopisto, and Aalto University

Subjects

FOS: Computer and information sciences, 021110 strategic, defence & security studies, Computer Science - Cryptography and Security, Computer science, business.industry, 0211 other engineering and technologies, Memory corruption, 02 engineering and technology, Trusted Computing, 020204 information systems, Pointer (computer programming), 0202 electrical engineering, electronic engineering, information engineering, business, Cryptography and Security (cs.CR), Computer network

Abstract

Stack canaries remain a widely deployed defense against memory corruption attacks. Despite their practical usefulness, canaries are vulnerable to memory disclosure and brute-forcing attacks. We propose PCan, a new approach based on ARMv8.3-A pointer authentication (PA), that uses dynamically-generated canaries to mitigate these weaknesses and show that it provides more fine-grained protec- tion with minimal performance overhead.

Published

2019

7. Circumventing Cryptographic Deniability with Remote Attestation

Author

Lachlan J. Gunn, Nadarajah Asokan, Ricardo Vieitez Parra, Adj. Prof Asokan N. group, Department of Computer Science, Aalto-yliopisto, and Aalto University

Subjects

0301 basic medicine, secure messaging, Ethics, business.industry, Computer science, Information technology, Cryptography, QA75.5-76.95, Computer security, computer.software_genre, BJ1-1725, 03 medical and health sciences, remote attestation, 030104 developmental biology, 0302 clinical medicine, 030220 oncology & carcinogenesis, Electronic computers. Computer science, trusted hardware, General Earth and Planetary Sciences, business, computer, General Environmental Science, deniability

Abstract

Deniable messaging protocols allow two parties to have ‘off-the-record’ conversations without leaving any record that can convince external verifiers about what either of them said during the conversation. Recent events like the Podesta email dump underscore the importance of deniable messaging to politicians, whistleblowers, dissidents and many others. Consequently, messaging protocols like Signal and OTR are designed with cryptographic mechanisms to ensure deniable communication, irrespective of whether the communications partner is trusted. Many commodity devices today support hardware-assisted remote attestation which can be used to convince a remote verifier of some property locally observed on the device. We show how an adversary can use remote attestation to undetectably generate a non-repudiable transcript from any deniable protocol (including messaging protocols) providing sender authentication, proving to skeptical verifiers what was said. We describe a concrete implementation of the technique using the Signal messaging protocol. We then show how to design protocols that are deniable even against an adversary capable of attestation, and in particular how attestation itself can be used to restore deniability by thwarting realistic classes of adversary.

Published

2019

8. PRADA: Protecting Against DNN Model Stealing Attacks

Author

Samuel Marchal, Nadarajah Asokan, Sebastian Szyller, Mika Juuti, Adj. Prof Asokan N. group, Department of Computer Science, Aalto-yliopisto, and Aalto University

Subjects

FOS: Computer and information sciences, Model extraction, Computer Science - Cryptography and Security, Computer science, model stealing, Transferability, 02 engineering and technology, 010501 environmental sciences, Adversarial machine learning, Machine learning, computer.software_genre, 01 natural sciences, Predictive models, Mathematical model, 0202 electrical engineering, electronic engineering, information engineering, False positive paradox, Training, Business, Confidentiality, Data mining, 0105 earth and related environmental sciences, Hyperparameter, business.industry, deep neural network, Computational modeling, Adversary, 020201 artificial intelligence & image processing, model extraction, Artificial intelligence, business, Cryptography and Security (cs.CR), computer, Neural networks

Abstract

Machine learning (ML) applications are increasingly prevalent. Protecting the confidentiality of ML models becomes paramount for two reasons: (a) a model can be a business advantage to its owner, and (b) an adversary may use a stolen model to find transferable adversarial examples that can evade classification by the original model. Access to the model can be restricted to be only via well-defined prediction APIs. Nevertheless, prediction APIs still provide enough information to allow an adversary to mount model extraction attacks by sending repeated queries via the prediction API. In this paper, we describe new model extraction attacks using novel approaches for generating synthetic queries, and optimizing training hyperparameters. Our attacks outperform state-of-the-art model extraction in terms of transferability of both targeted and non-targeted adversarial examples (up to +29-44 percentage points, pp), and prediction accuracy (up to +46 pp) on two datasets. We provide take-aways on how to perform effective model extraction attacks. We then propose PRADA, the first step towards generic and effective detection of DNN model extraction attacks. It analyzes the distribution of consecutive API queries and raises an alarm when this distribution deviates from benign behavior. We show that PRADA can detect all prior model extraction attacks with no false positives., Comment: 17 pages, 7 figures, 9 tables. Accepted for publication in the 4th IEEE European Symposium on Security and Privacy (EuroS&P 2019)

Published

2019

9. All You Need is 'Love'

Author

Mika Juuti, Tommi Gröndahl, Nadarajah Asokan, Luca Pajola, Mauro Conti, Adj. Prof Asokan N. group, Department of Computer Science, University of Padua, Helsinki Institute for Information Technology (HIIT), Aalto-yliopisto, and Aalto University

Subjects

ta113, 021110 strategic, defence & security studies, Voice activity detection, Artificial neural network, Computer science, business.industry, Speech recognition, Deep learning, Perspective (graphical), Supervised learning, 0211 other engineering and technologies, 02 engineering and technology, Model architecture, Adversarial system, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Artificial intelligence, business, Word (computer architecture)

Abstract

openaire: EC/H2020/688061/EU//TagItSmart With the spread of social networks and their unfortunate use for hate speech, automatic detection of the latter has become a pressing problem. In this paper, we reproduce seven state-of-the-art hate speech detection models from prior work, and show that they perform well only when tested on the same type of data they were trained on. Based on these results, we argue that for successful hate speech detection, model architecture is less important than the type of data and labeling criteria. We further show that all proposed detection techniques are brittle against adversaries who can (automatically) insert typos, change word boundaries or add innocuous words to the original hate speech. A combination of these methods is also effective against Google Perspective - a cutting-edge solution from industry. Our experiments demonstrate that adversarial training does not completely mitigate the attacks, and using character-level features makes the models systematically more attack-resistant than using word-level features.

Published

2018

10. Revisiting context-based authentication in IoT

Author

Ahmad-Reza Sadeghi, Thien Duc Nguyen, Markus Miettinen, Nadarajah Asokan, Technische Universität Darmstadt, Adj. Prof Asokan N. group, Department of Computer Science, Aalto-yliopisto, and Aalto University

Subjects

0301 basic medicine, Password, 010302 applied physics, ta113, Authentication, business.industry, Computer science, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Fingerprint recognition, Shared secret, Context based, Computer security, computer.software_genre, 01 natural sciences, 020202 computer hardware & architecture, 03 medical and health sciences, 030104 developmental biology, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, business, Internet of Things, computer

Abstract

The emergence of IoT poses new challenges towards solutions for authenticating numerous very heterogeneous IoT devices to their respective trust domains. Using passwords or pre-defined keys have drawbacks that limit their use in IoT scenarios. Recent works propose to use contextual information about ambient physical properties of devices' surroundings as a shared secret to mutually authenticate devices that are co-located, e.g., the same room. In this paper, we analyze these context-based authentication solutions with regard to their security and requirements on context quality. We quantify their achievable security based on empirical real-world data from context measurements in typical IoT environments.

Published

2018

11. Using SafeKeeper to Protect Web Passwords

Author

Klaudia Krawiecka, Andrew Paverd, Arseny Kurnikov, Mohammad Mannan, Nadarajah Asokan, Department of Computer Science, Adj. Prof Asokan N. group, Concordia University, Aalto-yliopisto, and Aalto University

Subjects

0301 basic medicine, Password, ta113, User authentication, business.industry, Computer science, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Phishing, 03 medical and health sciences, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 030104 developmental biology, User experience design, 020204 information systems, Server, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Verifiable secret sharing, business, computer

Abstract

Although passwords are by far the most widely-used user authentication mechanism on the web, their security is threatened by password phishing and password database breaches. SafeKeeper is a system for protecting web passwords against very strong adversaries, including sophisticated phishers and compromised servers. Compared to other approaches, one of the key differentiating aspects of SafeKeeper is that it provides web users with verifiable assurance that their passwords are being protected. In this paper, we demonstrate precisely how SafeKeeper can be used to protect web passwords in real-world systems. We first explain two important deployability aspects: i) how SafeKeeper can be integrated into the popular WordPress platform, and ii) how ordinary web users can use Intel SGX remote attestation to verify that SafeKeeper is running on a particular server. We then describe three demonstrations to illustrate the use of SafeKeeper: i) showing the user experience when visiting a legitimate website; ii) showing the encryption of the password in transit via live packet-capture; and iii) showing how SafeKeeper performs in the presence of phishing.

Published

2018

12. Scalable Byzantine Consensus via Hardware-assisted Secret Sharing

Author

Wenting Li, Ghassan Karame, Jian Liu, Nadarajah Asokan, Adj. Prof Asokan N. group, NEC Corporation, Department of Computer Science, Aalto-yliopisto, and Aalto University

Subjects

FOS: Computer and information sciences, Silicon, Computer Science - Cryptography and Security, State machine replication, Computer science, Throughput, 02 engineering and technology, Network topology, Secret sharing, Theoretical Computer Science, Blockchain, 0202 electrical engineering, electronic engineering, information engineering, Latency (engineering), Byzantine fault-tolerance, Byzantine fault tolerance, ta113, distributed systems, Fault tolerant systems, business.industry, trusted component, Fault tolerance, 020202 computer hardware & architecture, Computational Theory and Mathematics, Computer Science - Distributed, Parallel, and Cluster Computing, Hardware and Architecture, Scalability, state machine replication, Distributed, Parallel, and Cluster Computing (cs.DC), business, Cryptography and Security (cs.CR), Bitcoin, Protocols, Software, Computer hardware

Abstract

The surging interest in blockchain technology has revitalized the search for effective Byzantine consensus schemes. In particular, the blockchain community has been looking for ways to effectively integrate traditional Byzantine fault-tolerant (BFT) protocols into a blockchain consensus layer allowing various financial institutions to securely agree on the order of transactions. However, existing BFT protocols can only scale to tens of nodes due to their $O(n^2)$ message complexity. In this paper, we propose FastBFT, a fast and scalable BFT protocol. At the heart of FastBFT is a novel message aggregation technique that combines hardware-based trusted execution environments (TEEs) with lightweight secret sharing primitives. Combining this technique with several other optimizations (i.e., optimistic execution, tree topology and failure detection), FastBFT achieves low latency and high throughput even for large scale networks. Via systematic analysis and experiments, we demonstrate that FastBFT has better scalability and performance than previous BFT protocols., This paper will be published in IEEE Transactions on Computers

Published

2016