In this paper a novel steganographic method, called Hide F0, dedicated to IP telephony is proposed. It is based on the approximation of the parameter that describes the F0 frequency (the pitch) of the speaker's voice. We show that thanks to approximating some fragments of the "fine pitch" parameter in the Speex codec we can create efficient hidden transmission channels. We determined that for Speex working in mode 5 the Hide F0 method can provide a hidden channel with a capacity of ca. 220 bps at the optimal operating point. We also demonstrated that the proposed method offers a significantly more advantageous trade-off between the steganographic bandwidth and steganographic cost than the classic least significant bit (LSB) approach.
{"title":"Novel Method of Hiding Information in IP Telephony Using Pitch Approximation","authors":"A. Janicki","doi":"10.1109/ARES.2015.12","DOIUrl":"https://doi.org/10.1109/ARES.2015.12","url":null,"abstract":"In this paper a novel steganographic method, called Hide F0, dedicated to IP telephony is proposed. It is based on the approximation of the parameter that describes the F0 frequency (the pitch) of the speaker's voice. We show that thanks to approximating some fragments of the \"fine pitch\" parameter in the Speex codec we can create efficient hidden transmission channels. We determined that for Speex working in mode 5 the Hide F0 method can provide a hidden channel with a capacity of ca. 220 bps at the optimal operating point. We also demonstrated that the proposed method offers a significantly more advantageous trade-off between the steganographic bandwidth and steganographic cost than the classic least significant bit (LSB) approach.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130628606","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
George Kalpakis, T. Tsikrika, Fotini Markatopoulou, Nikiforos Pittaras, S. Vrochidis, V. Mezaris, I. Patras, Y. Kompatsiaris
This work investigates the effectiveness of a state-of-the-art concept detection framework for the automatic classification of multimedia content, namely images and videos, embedded in publicly available Web resources containing recipes for the synthesis of Home Made Explosives (HMEs), to a set of predefined semantic concepts relevant to the HME domain. The concept detection framework employs advanced methods for video (shot) segmentation, visual feature extraction (using SIFT, SURF, and their variations), and classification based on machine learning techniques (logistic regression). The evaluation experiments are performed using an annotated collection of multimedia HME content discovered on the Web, and a set of concepts, which emerged both from an empirical study, and were also provided by domain experts and interested stakeholders, including Law Enforcement Agencies personnel. The experiments demonstrate the satisfactory performance of our framework, which in turn indicates the significant potential of the adopted approaches on the HME domain.
{"title":"Concept Detection in Multimedia Web Resources About Home Made Explosives","authors":"George Kalpakis, T. Tsikrika, Fotini Markatopoulou, Nikiforos Pittaras, S. Vrochidis, V. Mezaris, I. Patras, Y. Kompatsiaris","doi":"10.1109/ARES.2015.85","DOIUrl":"https://doi.org/10.1109/ARES.2015.85","url":null,"abstract":"This work investigates the effectiveness of a state-of-the-art concept detection framework for the automatic classification of multimedia content, namely images and videos, embedded in publicly available Web resources containing recipes for the synthesis of Home Made Explosives (HMEs), to a set of predefined semantic concepts relevant to the HME domain. The concept detection framework employs advanced methods for video (shot) segmentation, visual feature extraction (using SIFT, SURF, and their variations), and classification based on machine learning techniques (logistic regression). The evaluation experiments are performed using an annotated collection of multimedia HME content discovered on the Web, and a set of concepts, which emerged both from an empirical study, and were also provided by domain experts and interested stakeholders, including Law Enforcement Agencies personnel. The experiments demonstrate the satisfactory performance of our framework, which in turn indicates the significant potential of the adopted approaches on the HME domain.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125558103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper aims at inferring probing campaigns by investigating dark net traffic. The latter probing events refer to a new phenomenon of reconnaissance activities that are distinguished by their orchestration patterns. The objective is to provide a systematic methodology to infer, in a prompt manner, whether or not the perceived probing packets belong to an orchestrated campaign. Additionally, the methodology could be easily leveraged to generate network traffic signatures to facilitate capturing incoming packets as belonging to the same inferred campaign. Indeed, this would be utilized for early cyber attack warning and notification as well as for simplified analysis and tracking of such events. To realize such goals, the proposed approach models such challenging task as a problem of interpolating and predicting time series with missing values. By initially employing trigonometric interpolation and subsequently executing state space modeling in conjunction with a time-varying window algorithm, the proposed approach is able to pinpoint orchestrated probing campaigns by only monitoring few orchestrated flows. We empirically evaluate the effectiveness of the proposed model using 330 GB of real dark net data. By comparing the outcome with a previously validated work, the results indeed demonstrate the promptness and accuracy of the proposed approach.
{"title":"A Time Series Approach for Inferring Orchestrated Probing Campaigns by Analyzing Darknet Traffic","authors":"E. Bou-Harb, M. Debbabi, C. Assi","doi":"10.1109/ARES.2015.9","DOIUrl":"https://doi.org/10.1109/ARES.2015.9","url":null,"abstract":"This paper aims at inferring probing campaigns by investigating dark net traffic. The latter probing events refer to a new phenomenon of reconnaissance activities that are distinguished by their orchestration patterns. The objective is to provide a systematic methodology to infer, in a prompt manner, whether or not the perceived probing packets belong to an orchestrated campaign. Additionally, the methodology could be easily leveraged to generate network traffic signatures to facilitate capturing incoming packets as belonging to the same inferred campaign. Indeed, this would be utilized for early cyber attack warning and notification as well as for simplified analysis and tracking of such events. To realize such goals, the proposed approach models such challenging task as a problem of interpolating and predicting time series with missing values. By initially employing trigonometric interpolation and subsequently executing state space modeling in conjunction with a time-varying window algorithm, the proposed approach is able to pinpoint orchestrated probing campaigns by only monitoring few orchestrated flows. We empirically evaluate the effectiveness of the proposed model using 330 GB of real dark net data. By comparing the outcome with a previously validated work, the results indeed demonstrate the promptness and accuracy of the proposed approach.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133034853","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Victoria M. Katilu, V. N. Franqueira, Olga Angelopoulou
Cloud computing has gained popularity due to its efficiency, robustness and cost effectiveness. Carrying out digital forensic investigations in the cloud is currently a relevant and open issue. The root of this issue is the fact that servers cannot be physically accessed, coupled with the dynamic and distributed nature of cloud computing with regards to data processing and storage. This renders traditional methods of evidence collection impractical. The use of provenance data in cloud forensics is critical as it provides forensic investigators with data history in terms of people, entities and activities involved in producing related data objects. Therefore, cloud forensics requires effective provenance collection mechanisms. This paper provides an overview of current provenance challenges in cloud computing and identifies limitations of current provenance collection mechanisms. Recommendations for additional research in digital provenance for cloud forensics are also presented.
{"title":"Challenges of Data Provenance for Cloud Forensic Investigations","authors":"Victoria M. Katilu, V. N. Franqueira, Olga Angelopoulou","doi":"10.1109/ARES.2015.54","DOIUrl":"https://doi.org/10.1109/ARES.2015.54","url":null,"abstract":"Cloud computing has gained popularity due to its efficiency, robustness and cost effectiveness. Carrying out digital forensic investigations in the cloud is currently a relevant and open issue. The root of this issue is the fact that servers cannot be physically accessed, coupled with the dynamic and distributed nature of cloud computing with regards to data processing and storage. This renders traditional methods of evidence collection impractical. The use of provenance data in cloud forensics is critical as it provides forensic investigators with data history in terms of people, entities and activities involved in producing related data objects. Therefore, cloud forensics requires effective provenance collection mechanisms. This paper provides an overview of current provenance challenges in cloud computing and identifies limitations of current provenance collection mechanisms. Recommendations for additional research in digital provenance for cloud forensics are also presented.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131568583","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Collaborative systems are growing in use and in popularity. The need to boost the methods concerning the interoperability is growing as well, therefore, trustworthy interactions of the different systems are a priority. We have proposed a formal distributed network monitoring approach to analyze the packets exchanged by the entities, in order to prove a system is acting in a trustworthy manner. Using this approach, some limitations regarding the testers resources have been found. In this paper, we identify the constraints and propose and new language suited for testing at runtime in different environments.
{"title":"TEAR: A Multi-purpose Formal Language Specification for TEsting at Runtime","authors":"Jorge López, S. Maag, Gerardo Morales","doi":"10.1109/ARES.2015.90","DOIUrl":"https://doi.org/10.1109/ARES.2015.90","url":null,"abstract":"Collaborative systems are growing in use and in popularity. The need to boost the methods concerning the interoperability is growing as well, therefore, trustworthy interactions of the different systems are a priority. We have proposed a formal distributed network monitoring approach to analyze the packets exchanged by the entities, in order to prove a system is acting in a trustworthy manner. Using this approach, some limitations regarding the testers resources have been found. In this paper, we identify the constraints and propose and new language suited for testing at runtime in different environments.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134445888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hafizah Mansor, K. Markantonakis, Raja Naeem Akram, K. Mayes
In modern cars, there are a number of controllers that play a major role in the overall operations of the vehicles. The secure and updated firmware of these controllers is crucial to the overall security and reliability of the vehicle and its electronic system (s). Therefore, the life cycle of these controllers should be carefully managed. In this paper, we examine the vehicular firmware updates process and their associated security issues. We have analysed the security of the firmware update protocol proposed in the EVITA project, referred as EVITA protocol, which is considered as a main industrial effort in this field and found some potential shortcomings. Based on the analysis, in this paper we have suggested a number of improvements to the EVITA protocol, related with safety and security measures. The proposed improved protocol, also referred as EVITA+ protocol includes a rollback mechanism while preserving the confidentiality of the firmware. The integrity and authenticity of the flash driver are also considered in the EVITA+ protocol. The EVITA+ protocol is formally analysed using Casper FDR and Scyther to ensure the security of the firmware update process. Finally, we provide an insight analysis and our experience in relation to the efficiency, suitability and performance of the aforementioned tools in the field of automotive security.
{"title":"Don't Brick Your Car: Firmware Confidentiality and Rollback for Vehicles","authors":"Hafizah Mansor, K. Markantonakis, Raja Naeem Akram, K. Mayes","doi":"10.1109/ARES.2015.58","DOIUrl":"https://doi.org/10.1109/ARES.2015.58","url":null,"abstract":"In modern cars, there are a number of controllers that play a major role in the overall operations of the vehicles. The secure and updated firmware of these controllers is crucial to the overall security and reliability of the vehicle and its electronic system (s). Therefore, the life cycle of these controllers should be carefully managed. In this paper, we examine the vehicular firmware updates process and their associated security issues. We have analysed the security of the firmware update protocol proposed in the EVITA project, referred as EVITA protocol, which is considered as a main industrial effort in this field and found some potential shortcomings. Based on the analysis, in this paper we have suggested a number of improvements to the EVITA protocol, related with safety and security measures. The proposed improved protocol, also referred as EVITA+ protocol includes a rollback mechanism while preserving the confidentiality of the firmware. The integrity and authenticity of the flash driver are also considered in the EVITA+ protocol. The EVITA+ protocol is formally analysed using Casper FDR and Scyther to ensure the security of the firmware update process. Finally, we provide an insight analysis and our experience in relation to the efficiency, suitability and performance of the aforementioned tools in the field of automotive security.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129797209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Agile methodologies are becoming increasingly common on Software Engineering Teams. Unfortunately, their relation with the security activities is complex to approach, even more complex when the Security Team has strong requirements of independence. This paper shows a case study of a software security testing process, based on the Microsoft Software Development Lifecycle for Agile, on a company moving their Software Engineering Teams from waterfall to agile. The results of this case study show a successful synchronization between the tasks of agile Software Engineering Teams and the independent Security Team.
{"title":"Independent Security Testing on Agile Software Development: A Case Study in a Software Company","authors":"Jesus Choliz, Julian Vilas, Jose Moreira","doi":"10.1109/ARES.2015.79","DOIUrl":"https://doi.org/10.1109/ARES.2015.79","url":null,"abstract":"Agile methodologies are becoming increasingly common on Software Engineering Teams. Unfortunately, their relation with the security activities is complex to approach, even more complex when the Security Team has strong requirements of independence. This paper shows a case study of a software security testing process, based on the Microsoft Software Development Lifecycle for Agile, on a company moving their Software Engineering Teams from waterfall to agile. The results of this case study show a successful synchronization between the tasks of agile Software Engineering Teams and the independent Security Team.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129951160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With over one billion sold devices, representing 80% market share, Android remains the most popular platform for mobile devices. Application piracy on this platform is a major concern and a cause of significant losses: about 97% of the top 100 paid apps were found to be hacked in terms of repackaging or the distribution of clones. Therefore new and stronger methods aiming to increase the burden on reverse engineering and modification of proprietary mobile software are required. In this paper, we propose an application of the Android native code component to implement strong software self-protection for apps. Within this scope, we present three dynamic obfuscation techniques, namely dynamic code loading, dynamic re-encryption, and tamper proofing. We provide a practical evaluation of this approach, assessing both the cost and efficiency of its achieved protection level. Our results indicate that with the proposed methods one can reach significant complication of the reverse-engineering process, while being affordable in terms of execution time and application size.
{"title":"Dynamic Self-Protection and Tamperproofing for Android Apps Using Native Code","authors":"Mykola Protsenko, Sebastien Kreuter, Tilo Müller","doi":"10.1109/ARES.2015.98","DOIUrl":"https://doi.org/10.1109/ARES.2015.98","url":null,"abstract":"With over one billion sold devices, representing 80% market share, Android remains the most popular platform for mobile devices. Application piracy on this platform is a major concern and a cause of significant losses: about 97% of the top 100 paid apps were found to be hacked in terms of repackaging or the distribution of clones. Therefore new and stronger methods aiming to increase the burden on reverse engineering and modification of proprietary mobile software are required. In this paper, we propose an application of the Android native code component to implement strong software self-protection for apps. Within this scope, we present three dynamic obfuscation techniques, namely dynamic code loading, dynamic re-encryption, and tamper proofing. We provide a practical evaluation of this approach, assessing both the cost and efficiency of its achieved protection level. Our results indicate that with the proposed methods one can reach significant complication of the reverse-engineering process, while being affordable in terms of execution time and application size.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132928800","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Raphael Machado, D. Boccardo, V. P. D. Sá, J. Szwarcfiter
Digital watermarks embed information into a host artifact in such a way that the functionalities of the artifact remain unchanged. Allowing for the timely retrieval of authorship/ownership information, and ideally hard to be removed, watermarks discourage piracy and have thus been regarded as important tools to protect the intellectual property. A watermark aimed at uniquely identifying an artifact is referred to as a fingerprint. After presenting a formal definition of digital watermarks, we introduce an unbiased fingerprinting protocol -- based on oblivious transfer -- that lends no advantage to the prosecuting party in a dispute around intellectual property breach.
{"title":"Fair Fingerprinting Protocol for Attesting Software Misuses","authors":"Raphael Machado, D. Boccardo, V. P. D. Sá, J. Szwarcfiter","doi":"10.1109/ARES.2015.29","DOIUrl":"https://doi.org/10.1109/ARES.2015.29","url":null,"abstract":"Digital watermarks embed information into a host artifact in such a way that the functionalities of the artifact remain unchanged. Allowing for the timely retrieval of authorship/ownership information, and ideally hard to be removed, watermarks discourage piracy and have thus been regarded as important tools to protect the intellectual property. A watermark aimed at uniquely identifying an artifact is referred to as a fingerprint. After presenting a formal definition of digital watermarks, we introduce an unbiased fingerprinting protocol -- based on oblivious transfer -- that lends no advantage to the prosecuting party in a dispute around intellectual property breach.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123203732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
F. Buccafurri, G. Lax, S. Nicolazzo, Antonino Nocera
Many real-life reputation models suffer from classical drawbacks making the systems where they are used vulnerable to users' misbehavior. TripAdvisor is a good example of this problem. Indeed, despite its popularity, the weakness of its reputation model is resulting in loss of credibility and growth of legal disputes. In this paper, we propose a reputation model abstractly considering service providers, users and feedbacks, and implementing the theoretical notion of certified reputation to concretely define a strategy to normalize feedback scores towards reliable values. We apply the model to the case of TripAdvisor, by proposing a solution to improve its dependability not increasing invasiveness nor reducing usability of the system. Moreover, it fully guarantees backward compatibility. In the context of project activities, we are in progress to fully implement the system and validate it on real-life data.
{"title":"A Model Implementing Certified Reputation and Its Application to TripAdvisor","authors":"F. Buccafurri, G. Lax, S. Nicolazzo, Antonino Nocera","doi":"10.1109/ARES.2015.26","DOIUrl":"https://doi.org/10.1109/ARES.2015.26","url":null,"abstract":"Many real-life reputation models suffer from classical drawbacks making the systems where they are used vulnerable to users' misbehavior. TripAdvisor is a good example of this problem. Indeed, despite its popularity, the weakness of its reputation model is resulting in loss of credibility and growth of legal disputes. In this paper, we propose a reputation model abstractly considering service providers, users and feedbacks, and implementing the theoretical notion of certified reputation to concretely define a strategy to normalize feedback scores towards reliable values. We apply the model to the case of TripAdvisor, by proposing a solution to improve its dependability not increasing invasiveness nor reducing usability of the system. Moreover, it fully guarantees backward compatibility. In the context of project activities, we are in progress to fully implement the system and validate it on real-life data.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121921709","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: