Subscribe to the gold package and get unlimited access to Shamra Academy
Register a new userThe Bayes Security Measure
297
0
0.0
(
0
)
Added by
Giovanni Cherubin
Publication date
2020
fields
Informatics Engineering
and research's language is
English
Ask ChatGPT about the research
No Arabic abstract
Security system designers favor worst-case security measures, such as those derived from differential privacy, due to the strong guarantees they provide. These guarantees, on the downside, result on high penalties on the systems performance. In this paper, we study the Bayes security measure. This measure quantifies the expected advantage over random guessing of an adversary that observes the output of a mechanism. We show that the minimizer of this measure, which indicates its security lower bound, i) is independent from the prior on the secrets, ii) can be estimated efficiently in black-box scenarios, and iii) it enables system designers to find low-risk security parameters without hurting utility. We provide a thorough comparison with respect to well-known measures, identifying the scenarios where our measure is advantageous for designers, which we illustrate empirically on relevant security and privacy problems.
rate research
Read More
Website Fingerprinting (WF) attacks raise major concerns about users privacy. They employ Machine Learning (ML) to allow a local passive adversary to uncover the Web browsing behavior of a user, even if she browses through an encrypted tunnel (e.g. Tor, VPN). Numerous defenses have been proposed in the past; however, it is typically difficult to have formal guarantees on their security, which is most often evaluated empirically against state-of-the-art attacks. In this paper, we present a practical method to derive security bounds for any WF defense, which depend on a chosen feature set. This result derives from reducing WF attacks to an ML classification task, where we can determine the smallest achievable error (the Bayes error); such error can be estimated in practice, and is a lower bound for a WF adversary, for any classification algorithm he may use. Our work has two main consequences: i) it allows determining the security of WF defenses, in a black-box manner, with respect to the state-of-the-art feature set and ii) it favors shifting the focus of future WF research to the identification of optimal feature sets. The generality of the approach further suggests that the method could be used to define security bounds for other ML-based attacks.
Third-party security apps are an integral part of the Android app ecosystem. Many users install them as an extra layer of protection for their devices. There are hundreds of such security apps, both free and paid in Google Play Store and some of them are downloaded millions of times. By installing security apps, the smartphone users place a significant amount of trust towards the security companies who developed these apps, because a fully functional mobile security app requires access to many smartphone resources such as the storage, text messages and email, browser history, and information about other installed applications. Often these resources contain highly sensitive personal information. As such, it is essential to understand the mobile security apps ecosystem to assess whether is it indeed beneficial to install them. To this end, in this paper, we present the first empirical study of Android security apps. We analyse 100 Android security apps from multiple aspects such as metadata, static analysis, and dynamic analysis and presents insights to their operations and behaviours. Our results show that 20% of the security apps we studied potentially resell the data they collect from smartphones to third parties; in some cases, even without the user consent. Also, our experiments show that around 50% of the security apps fail to identify malware installed on a smartphone.
Fuchsia is a new open-source operating system created at Google that is currently under active development. The core architectural principles guiding the design and development of the OS include high system modularity and a specific focus on security and privacy. This paper analyzes the architecture and the software model of Fuchsia, giving a specific focus on the core security mechanisms of this new operating system.
Fraud (swindling money, property, or authority by fictionizing, counterfeiting, forging, or imitating things, or by feigning other persons privately) forms its threats against public security and network security. Anti-fraud is essentially the identification of a person or thing. In this paper, the authors first propose the concept of idology - a systematic and scientific study of identifications of persons and things, and give the definitions of a symmetric identity and an asymmetric identity. Discuss the converting symmetric identities (e.g., fingerprints) to asymmetric identities. Make a comparison between a symmetric identity and an asymmetric identity, and emphasize that symmetric identities cannot guard against inside jobs. Compare asymmetric RFIDs with BFIDs, and point out that a BFID is lightweight, economical, convenient, and environmentalistic, and more suitable for the anti-counterfeiting and source tracing of consumable merchandise such as foods, drugs, and cosmetics. The authors design the structure of a united verification platform for BFIDs and the composition of an identification system, and discuss the wide applications of BFIDs in public security and network security - antiterrorism and dynamic passwords for example.
Despite widespread use of smartphones, there is no measurement standard targeted at smartphone security behaviors. In this paper we translate a well-known cybersecurity behavioral scale into the smartphone domain and show that we can improve on this translation by following an established psychometrics approach surveying 1011 participants. We design a new 14-item Smartphone Security Behavioral Scale (SSBS) exhibiting high reliability and good fit to a two-component behavioural model based on technical versus social protection strategies. We then demonstrate how SSBS can be applied to measure the influence of mental health issues on smartphone security behavior intentions. We found significant correlations that predict SSBS profiles from three types of MHIs. Conversely, we are able to predict presence of MHIs using SSBS profiles.We obtain prediction AUCs of 72.1% for Internet addiction,75.8% for depression and 66.2% for insomnia.
Log in to be able to interact and post comments
comments
Fetching comments
Sign in to be able to follow your search criteria
