Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.462
Dongxi Liu, J. Zic
When users store their data on a cloud, they may concern on whether their data is stored correctly and can be fully retrieved. Proofs of Retrivability (PoR) is a cryptographic concept that allows users to remotely check the integrity of their data without downloading. This check is usually done by attaching data with message authenticators that contain data integrity information. The existing PoR schemes consider only the retrievability of unencrypted data and their message authenticators are usually deterministic. In this paper, we propose a PoR scheme that is built over homomorphic encryption schemes. Our PoR scheme can prove the retrievability of homomorphically encrypted data by generating probabilistic and homomorphic message authenticators. Moreover, the homomorphically encrypted data can be processed by the cloud directly and our PoR scheme can verify the integrity of such outsourced computations over ciphertexts. A prototype of our scheme is implemented to evaluate its performance.
{"title":"Proofs of Encrypted Data Retrievability with Probabilistic and Homomorphic Message Authenticators","authors":"Dongxi Liu, J. Zic","doi":"10.1109/Trustcom.2015.462","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.462","url":null,"abstract":"When users store their data on a cloud, they may concern on whether their data is stored correctly and can be fully retrieved. Proofs of Retrivability (PoR) is a cryptographic concept that allows users to remotely check the integrity of their data without downloading. This check is usually done by attaching data with message authenticators that contain data integrity information. The existing PoR schemes consider only the retrievability of unencrypted data and their message authenticators are usually deterministic. In this paper, we propose a PoR scheme that is built over homomorphic encryption schemes. Our PoR scheme can prove the retrievability of homomorphically encrypted data by generating probabilistic and homomorphic message authenticators. Moreover, the homomorphically encrypted data can be processed by the cloud directly and our PoR scheme can verify the integrity of such outsourced computations over ciphertexts. A prototype of our scheme is implemented to evaluate its performance.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127685230","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.639
Á. Rubio-Largo, M. A. Vega-Rodríguez, D. L. González-Álvarez
Multiple Sequence Alignment (MSA) is the process of aligning three or more nucleotides/amino-acids sequences at the same time. It is an NP-complete optimization problem where the time complexity of finding an optimal alignment raises exponentially when the number of sequences to align increases. In the multiobjective version of the MSA problem, we simultaneously optimize the alignment accuracy and conservation. In this work, we present a parallel scheme for a multiobjective version of a memetic metaheuristic: Hybrid Multiobjective Memetic Metaheuristics for Multiple Sequence Alignment (H4MSA). In order to evaluate the parallel performance of H4MSA, we use several datasets with different number of sequences (up to 1000 sequences) and compare its parallel performance against other well-known parallel approaches published in the literature, such as MSAProbs, T-Coffee, Clustal O and MAFFT. On the other hand, the results reveals that parallel H4MSA is around 25 times faster than the sequential version with 32 cores.
{"title":"Parallel H4MSA for Multiple Sequence Alignment","authors":"Á. Rubio-Largo, M. A. Vega-Rodríguez, D. L. González-Álvarez","doi":"10.1109/Trustcom.2015.639","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.639","url":null,"abstract":"Multiple Sequence Alignment (MSA) is the process of aligning three or more nucleotides/amino-acids sequences at the same time. It is an NP-complete optimization problem where the time complexity of finding an optimal alignment raises exponentially when the number of sequences to align increases. In the multiobjective version of the MSA problem, we simultaneously optimize the alignment accuracy and conservation. In this work, we present a parallel scheme for a multiobjective version of a memetic metaheuristic: Hybrid Multiobjective Memetic Metaheuristics for Multiple Sequence Alignment (H4MSA). In order to evaluate the parallel performance of H4MSA, we use several datasets with different number of sequences (up to 1000 sequences) and compare its parallel performance against other well-known parallel approaches published in the literature, such as MSAProbs, T-Coffee, Clustal O and MAFFT. On the other hand, the results reveals that parallel H4MSA is around 25 times faster than the sequential version with 32 cores.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127798601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.355
Yingjun Zhang, Shijun Zhao, Yu Qin, Bo Yang, D. Feng
We give a detail analysis of the security issues when using mobile devices as a substitution of dedicated hardware tokens in two-factor authentication (2FA) schemes and propose TrustTokenF, a generic security framework for mobile 2FA schemes, which provides comparable security assurance to dedicated hardware tokens, and is more flexible for token management. We first illustrate how to leverage the Trusted Execution Environment(TEE) based on ARM TrustZone to provide essential security features for mobile 2FA applications, i.e., runtime isolated execution and trusted user interaction, which resist software attackers who even compromise the entire mobile OS. We also use the SRAM Physical Unclonable Functions (PUFs) to provide persistent secure storage for the authentication secrets, which achieves both high-level security and low cost. Based on these security features, we design a series of secure protocols for token deployment, migration and device key updating. We also introduce TPM2.0 policy-based authorization mechanism to enhance the security of the interface from outside world into the trusted tokens. Finally, we implement the prototype system on real TrustZone-enabled hardware. The experiment results show that TrustTokenF is secure, flexible, economical and efficient for mobile 2FA applications.
{"title":"TrustTokenF: A Generic Security Framework for Mobile Two-Factor Authentication Using TrustZone","authors":"Yingjun Zhang, Shijun Zhao, Yu Qin, Bo Yang, D. Feng","doi":"10.1109/Trustcom.2015.355","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.355","url":null,"abstract":"We give a detail analysis of the security issues when using mobile devices as a substitution of dedicated hardware tokens in two-factor authentication (2FA) schemes and propose TrustTokenF, a generic security framework for mobile 2FA schemes, which provides comparable security assurance to dedicated hardware tokens, and is more flexible for token management. We first illustrate how to leverage the Trusted Execution Environment(TEE) based on ARM TrustZone to provide essential security features for mobile 2FA applications, i.e., runtime isolated execution and trusted user interaction, which resist software attackers who even compromise the entire mobile OS. We also use the SRAM Physical Unclonable Functions (PUFs) to provide persistent secure storage for the authentication secrets, which achieves both high-level security and low cost. Based on these security features, we design a series of secure protocols for token deployment, migration and device key updating. We also introduce TPM2.0 policy-based authorization mechanism to enhance the security of the interface from outside world into the trusted tokens. Finally, we implement the prototype system on real TrustZone-enabled hardware. The experiment results show that TrustTokenF is secure, flexible, economical and efficient for mobile 2FA applications.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127828774","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.537
Midhun Babu Tharayanil, G. Whitney, Mahdi Aiash, Chafika Benzaid
In the past five years cybercrime has grown to become one of the most significant threats to the safety of the nation and its economy. The government's call to arms has been eagerly accepted by business enterprises and academia. But training cyber security professionals raises a unique set of challenges. Cost, space, time and scalability are among the issues identified and possible solutions proposed. As a cyber-security professionals, we have realized the importance of practical experience which can be hard to deliver in a lecture based environment. The primary aim of this project is to evaluate and recommend a platform for Virtual handson Labs which may be used to provide a secure environment for cyber security students to evaluate and receive hands-on experience on possible threats and countermeasures. There are similar labs setup in different universities across the world but we have not been able to find any studies evaluating the virtualization platforms for their merit in order to run a virtual lab. Hence we study three of the most popular virtualization platforms and recommendations are provided to guide anyone who desires to setup such a lab.
{"title":"Virtualization and Cyber Security: Arming Future Security Practitioners","authors":"Midhun Babu Tharayanil, G. Whitney, Mahdi Aiash, Chafika Benzaid","doi":"10.1109/Trustcom.2015.537","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.537","url":null,"abstract":"In the past five years cybercrime has grown to become one of the most significant threats to the safety of the nation and its economy. The government's call to arms has been eagerly accepted by business enterprises and academia. But training cyber security professionals raises a unique set of challenges. Cost, space, time and scalability are among the issues identified and possible solutions proposed. As a cyber-security professionals, we have realized the importance of practical experience which can be hard to deliver in a lecture based environment. The primary aim of this project is to evaluate and recommend a platform for Virtual handson Labs which may be used to provide a secure environment for cyber security students to evaluate and receive hands-on experience on possible threats and countermeasures. There are similar labs setup in different universities across the world but we have not been able to find any studies evaluating the virtualization platforms for their merit in order to run a virtual lab. Hence we study three of the most popular virtualization platforms and recommendations are provided to guide anyone who desires to setup such a lab.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133180862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.430
M. Taha, Sivadon Chaisiri, R. Ko
Data provenance, the origin and derivation history of data, is commonly used for security auditing, forensics and data analysis. While provenance loggers provide evidence of data changes, the integrity of the provenance logs is also critical for the integrity of the forensics process. However, to our best knowledge, few solutions are able to fully satisfy this trust requirement. In this paper, we propose a framework to enable tamper-evidence and preserve the confidentiality and integrity of data provenance using the Trusted Platform Module (TPM). Our framework also stores provenance logs in trusted and backup servers to guarantee the availability of data provenance. Tampered provenance logs can be discovered and consequently recovered by retrieving the original logs from the servers. Leveraging on TPM's technical capability, our framework guarantees data provenance collected to be admissible, complete, and confidential. More importantly, this framework can be applied to capture tampering evidence in large-scale cloud environments at system, network, and application granularities. We applied our framework to provide tamper-evidence for Progger, a cloud-based, kernel-space logger. Our results demonstrate the ability to conduct remote attestation of Progger logs' integrity, and uphold the completeness, confidential and admissible requirements.
{"title":"Trusted Tamper-Evident Data Provenance","authors":"M. Taha, Sivadon Chaisiri, R. Ko","doi":"10.1109/Trustcom.2015.430","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.430","url":null,"abstract":"Data provenance, the origin and derivation history of data, is commonly used for security auditing, forensics and data analysis. While provenance loggers provide evidence of data changes, the integrity of the provenance logs is also critical for the integrity of the forensics process. However, to our best knowledge, few solutions are able to fully satisfy this trust requirement. In this paper, we propose a framework to enable tamper-evidence and preserve the confidentiality and integrity of data provenance using the Trusted Platform Module (TPM). Our framework also stores provenance logs in trusted and backup servers to guarantee the availability of data provenance. Tampered provenance logs can be discovered and consequently recovered by retrieving the original logs from the servers. Leveraging on TPM's technical capability, our framework guarantees data provenance collected to be admissible, complete, and confidential. More importantly, this framework can be applied to capture tampering evidence in large-scale cloud environments at system, network, and application granularities. We applied our framework to provide tamper-evidence for Progger, a cloud-based, kernel-space logger. Our results demonstrate the ability to conduct remote attestation of Progger logs' integrity, and uphold the completeness, confidential and admissible requirements.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133305600","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.581
Wojciech M. Czarnecki, Krzysztof Rataj
Modern drug design procedures involve the process of virtual screening, a highly efficient filtering step used for maximizing the efficiency of the preselection of compounds which are valuable drug candidates. Recent advances in introduction of machine learning models to this process can lead to significant increase in the overall quality of the drug designing pipeline. Unfortunately, for many proteins it is still extremely hard to come up with a valid statistical model. It is a consequence of huge classes disproportion (even 1000:1), large datasets (over 100,000 of samples) and restricted data representation (mostly high-dimensional, sparse, binary vectors). In this paper, we try to tackle this problem through three important innovations. First we represent compounds with 2-dimensional, graph representation. Second, we show how one can provide extremely fast method for measuring similarity of such data. Finally, we use the Extreme Entropy Machine which shows increase in balanced accuracy over Extreme Learning Machines, Support Vector Machines, one-class Support Vector Machines as well as Random Forest. Proposed pipeline brings significantly better results than all considered alternative, state-of-the-art approaches. We introduce some important novel elements and show why they lead to better model. Despite this, it should still be considered as a proof of concept and further investigations in the field are needed.
{"title":"Compounds Activity Prediction in Large Imbalanced Datasets with Substructural Relations Fingerprint and EEM","authors":"Wojciech M. Czarnecki, Krzysztof Rataj","doi":"10.1109/Trustcom.2015.581","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.581","url":null,"abstract":"Modern drug design procedures involve the process of virtual screening, a highly efficient filtering step used for maximizing the efficiency of the preselection of compounds which are valuable drug candidates. Recent advances in introduction of machine learning models to this process can lead to significant increase in the overall quality of the drug designing pipeline. Unfortunately, for many proteins it is still extremely hard to come up with a valid statistical model. It is a consequence of huge classes disproportion (even 1000:1), large datasets (over 100,000 of samples) and restricted data representation (mostly high-dimensional, sparse, binary vectors). In this paper, we try to tackle this problem through three important innovations. First we represent compounds with 2-dimensional, graph representation. Second, we show how one can provide extremely fast method for measuring similarity of such data. Finally, we use the Extreme Entropy Machine which shows increase in balanced accuracy over Extreme Learning Machines, Support Vector Machines, one-class Support Vector Machines as well as Random Forest. Proposed pipeline brings significantly better results than all considered alternative, state-of-the-art approaches. We introduce some important novel elements and show why they lead to better model. Despite this, it should still be considered as a proof of concept and further investigations in the field are needed.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122133182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.518
Kyoungsoo Bok, Eunkyung Ryu, Junho Park, Jaesoo Yoo
Wireless sensor networks have enabled multimedia data collection such as video or audio with the advancement of computer technology. In this paper, we propose an energy efficient congestion control scheme for multimedia data in wireless sensor networks. The proposed scheme extracts and transfers dynamic regions by considering monitoring characteristics over multimedia data to reduce the transferred data. Furthermore, it can reduce the packet size by deleting and transferring low-priority bit data by considering multimedia data characteristics during congestion situations to minimize packet loss.
{"title":"An Energy Efficient Congestion Control Scheme for Multimedia Data in Wireless Sensor Networks","authors":"Kyoungsoo Bok, Eunkyung Ryu, Junho Park, Jaesoo Yoo","doi":"10.1109/Trustcom.2015.518","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.518","url":null,"abstract":"Wireless sensor networks have enabled multimedia data collection such as video or audio with the advancement of computer technology. In this paper, we propose an energy efficient congestion control scheme for multimedia data in wireless sensor networks. The proposed scheme extracts and transfers dynamic regions by considering monitoring characteristics over multimedia data to reduce the transferred data. Furthermore, it can reduce the packet size by deleting and transferring low-priority bit data by considering multimedia data characteristics during congestion situations to minimize packet loss.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131424895","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.560
Moufida Rehab Adjout, F. Boufarès
The large volumes of information emerging by the progress of technology and the growing individual needs of data mining, makes training of very large scale of data a challenging task. However, this information cannot be practically analyzed on a single machine due to the sheer size of the data to fit in memory. For this purpose, the process of such data requires the use of high-performance analytical systems running on distributed environments. To this end standard analytics algorithms need to be adapted to take advantage of cloud computing models which provide scalability and flexibility. This paper introduces a new distributed training method, which combines the widely used framework, MapReduce, for Multiple Linear Regression which will be based on the QR decomposition and the ordinary least squares method adapted to MapReduce. Our platform is deployed on Cloud Amazon EMR service. Experimental results demonstrate that our parallel version of the Multiple Linear Regression can efficiently handle very large datasets with different parameter settings (number, size and structure of machines).
{"title":"Scalable Massively Parallel Learning of Multiple Linear Regression Algorithm with MapReduce","authors":"Moufida Rehab Adjout, F. Boufarès","doi":"10.1109/Trustcom.2015.560","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.560","url":null,"abstract":"The large volumes of information emerging by the progress of technology and the growing individual needs of data mining, makes training of very large scale of data a challenging task. However, this information cannot be practically analyzed on a single machine due to the sheer size of the data to fit in memory. For this purpose, the process of such data requires the use of high-performance analytical systems running on distributed environments. To this end standard analytics algorithms need to be adapted to take advantage of cloud computing models which provide scalability and flexibility. This paper introduces a new distributed training method, which combines the widely used framework, MapReduce, for Multiple Linear Regression which will be based on the QR decomposition and the ordinary least squares method adapted to MapReduce. Our platform is deployed on Cloud Amazon EMR service. Experimental results demonstrate that our parallel version of the Multiple Linear Regression can efficiently handle very large datasets with different parameter settings (number, size and structure of machines).","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134485410","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.386
Lars Baumgärtner, Jonas Höchst, M. Leinweber, Bernd Freisleben
Electronic mail is one of the oldest and widely used services in the Internet. In this paper, an empirical study of the security properties of email server communication within the German IP address space range is presented. Instead of investigating end-user security or end-to-end encryption, we focus on the connections between SMTP servers relying on transport layer security. We analyze the involved ciphers suites, the certificates used and certificate authorities, and the behavior of email providers when communicating with improperly secured email servers. Conclusions drawn from this analysis lead to several recommendations to mitigate the security issues currently present in the email system as it is deployed in the Internet.
{"title":"How to Misuse SMTP over TLS: A Study of the (In) Security of Email Server Communication","authors":"Lars Baumgärtner, Jonas Höchst, M. Leinweber, Bernd Freisleben","doi":"10.1109/Trustcom.2015.386","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.386","url":null,"abstract":"Electronic mail is one of the oldest and widely used services in the Internet. In this paper, an empirical study of the security properties of email server communication within the German IP address space range is presented. Instead of investigating end-user security or end-to-end encryption, we focus on the connections between SMTP servers relying on transport layer security. We analyze the involved ciphers suites, the certificates used and certificate authorities, and the behavior of email providers when communicating with improperly secured email servers. Conclusions drawn from this analysis lead to several recommendations to mitigate the security issues currently present in the email system as it is deployed in the Internet.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133441252","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.500
S. Rao, S. Holtmanns, Ian Oliver, T. Aura
The increase in usage of mobile phones and the relative increase in the number of mobile phone thefts have imposed an overhead on securely retrieving the stolen or missing devices. While the mobile security researchers try to figure out various mechanisms to track such devices, attackers on the other hand are trying to exploit weaknesses in the mobile network system to dissipate into the dark side with stolen devices. In this paper, we present how the SS7- MAP protocol can be misused to help an attacker to unblock the device from the stolen list and use it normally.
{"title":"Unblocking Stolen Mobile Devices Using SS7-MAP Vulnerabilities: Exploiting the Relationship between IMEI and IMSI for EIR Access","authors":"S. Rao, S. Holtmanns, Ian Oliver, T. Aura","doi":"10.1109/Trustcom.2015.500","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.500","url":null,"abstract":"The increase in usage of mobile phones and the relative increase in the number of mobile phone thefts have imposed an overhead on securely retrieving the stolen or missing devices. While the mobile security researchers try to figure out various mechanisms to track such devices, attackers on the other hand are trying to exploit weaknesses in the mobile network system to dissipate into the dark side with stolen devices. In this paper, we present how the SS7- MAP protocol can be misused to help an attacker to unblock the device from the stolen list and use it normally.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131971610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: