Albert B. Jeng

Android Malware Detection via a Latent Network Behavior Analysis

The rapid growth of smartphones has lead to a renaissance for mobile application services. Android and iOS now as the most popular smartphone platforms offer a public marketplace respectively, the Android Market and App Store- but operate with dramatically different approaches to prevent malware on their devices. In Android platform, developer not only can directly deliver their apps on the Android market without strict review process, but also is capable to put the non-official verified apps marketplace (i.e., Applanet, AppBrain and so on). In this study, we purpose an automatic Android malware detection mechanism based on the result from sandbox. We leverage network spatial feature extraction of Android apps and independent component analysis (ICA) to find the intrinsic domain name resolution behavior of Android malware. The proposed mechanism that identifies the Android malware can achieve in automatic way. For evaluation the proposed approach, the public Android malware apps dataset and popular benign apps collected from Android Market are used for evaluating the effectiveness in analyzing the grouping ability and the effectiveness of identifying the Android malware. The proposed approach successfully identifies malicious Android Apps close to 100% accuracy, precision and recall rate.

A study of CAPTCHA and its application to user authentication

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a scheme used to determine whether the user is a human or a malicious computer program. It has become the most widely used standard security technology to prevent automated computer program attacks. In this paper, we first give an overview of CAPTCHA. Next, we discuss the pros and cons of various CAPTCHA techniques. Then, we present the common attacks and vulnerability analysis in CAPTCHA design. Subsequently, we suggest counter-measures and remedies for those attacks. Finally we propose a personalized CAPTCHA to replace the traditional password-based authentication system as possible further research in applying CAPTCHA to user authentication application.

How to enhance the security of e-Passport

The RFID-based Passports critical information is stored on a tiny RFID computer chip. This biometric data is stored in the passport and sent via the contactless interface to the reader. The e-passport design should be able to hold digital signature data to ensure the integrity of the passport and the biometric information. The goal of e-passport is to provide strong authentication through documents that unequivocally identify their bearers. First, we describe privacy and security issues that apply to e-Passport. Second, we discuss the security threats and security status of e-Passport. Third, we summarize the e-Passport security and shortfalls of current e-Passports issued by various nations. Delta between German and other countries are the improvement which will be recommended in section Four. Finally, we draw a brief conclusion of e-Passport security.

Survey and remedy of the technologies used for RFID tags against counterfeiting

RFID tags such as EPC tags have been used in some commercial sectors such as the pharmaceutical industry as an anti-counterfeiting tool. RFID tags are a powerful mechanism for object identification, and can facilitate the compilation of detailed object histories and pedigrees. Since RFID tags communicate with the reader through open air in an automated, wireless manner, they are poor authenticators. Furthermore, they have a small microchip on board that offer functionality that can be used for security purposes. This chip functionality makes it possible to verify the authenticity of a product and hence to detect and prevent counterfeiting. In order to be successful for these security purposes, RFID tags have to be resistant against many attacks, in particular against cloning of the tag. Therefore, RFID tags are vulnerable to elementary cloning and counterfeiting attacks. In this paper, we survey and remedy the technologies used for RFID tags against counterfeiting. In the first section, we present an overview of the RFID tags counterfeiting issue. In the second section, we survey the existing methods which investigate how an RFID-tag can be made unclonable. In the third section, we compare and contrast the pros and cons of those existing methods and also identify the discrepancy areas which require further enhancement. In the fourth section, we propose some design principles and guidelines for improvement of the existing methods. Finally, we draw a conclusion and suggest further research direction in this field.

JSOD: JavaScript obfuscation detector

JavaScript obfuscation is a deliberate act of making a script difficult to understand by concealing its purpose. The prevalent use of obfuscation techniques to hide malicious codes and to preserve copyrights of benign scripts resulted in i missing detection of malicious scripts that are obfuscated and ii raising false alarms due to the benign scripts that are obfuscated. Automatic detection of obfuscated JavaScript is generally undertaken by tackling the problem from the readability perspective. Recently, Microsoft research team analyzed different levels of context-based features to distinguish obfuscated malicious scripts from obfuscated benign ones. In this work, we raise the issue of existing readable versions of obfuscated scripts. Further, we discuss the challenges posed by readably obfuscated scripts against both JavaScript malware detectors and obfuscated scripts detectors. Therefore, we propose JavaScript Obfuscation Detector JSOD, a completely static solution to detect obfuscated scripts including readable patterns. To evaluate JSOD, we compare it to the state-of-the-art approaches to detect obfuscated malicious and obfuscated benign script, namely,Zozzle andNofus. Our experimental results demonstrate the importance to detect readably obfuscated scripts and their sophisticated variations. Furthermore, they also show the superiority ofJSOD approach against all relevant solutions. Copyright

Meta-He digital signatures based on factoring and discrete logarithms

This paper investigates all 8 variants of the Hes digital signature scheme based on factoring and discrete logarithms. Instead of using three modular exponentiation computation, the two most optimal schemes of the generalized Hes signature require only two modular exponentiation for signature verification.

DroidExec: Root exploit malware recognition against wide variability via folding redundant function-relation graph

DroidExec is a novel root exploit recognition to reduce the influence of wide variability, which usually affects the Android malware detection rate, because of Android applicationss various properties. In Android, a specific malware family (e.g., root exploit malware), and thus its implementation may be influenced by the campaign it is serving, and thus producing wide variability, leading its samples to appear to match a wider range of potential families. In this paper, we propose a similarity recognition named as DroidExec, reducing wide variability via folding redundant function-relation graph based on Bipartite Graph Conceptual Matching of graph edit distance. We compute the multiple square roots for each 2×2 block in the cost matrix to conceptually cripple the wide variability. In the experiments, we measure the applicationss opcode structural similarity for clustering Android malware. Empirical validation shows that DroidExec can effectively filter surplus and various behaviors, which can improve the precision/recall rate from 82%/95% to 83%/97%, respectively.

RedJsod: A Readable JavaScript Obfuscation Detector Using Semantic-based Analysis

JavaScript allows Web-developers to hide intention behind their code inside different looking scripts known as Obfuscated code. Automatic detection of obfuscated code is generally tackled from readability perspective. However, recently obfuscation exhibits patterns that modify both syntax and semantic characteristics while preserving readability characteristic. There are two problems in dealing with readable obfuscation: 1. Difficulty in locating it since it does not manipulate suspicious strings. 2. It is a common and essential practice adopted in both benign codes and malicious codes. In this work, we first investigate why and how readable obfuscation can hinder detection of maliciousness and prevent the static analysis of suspicious scripts. Next, we propose a readable JavaScript obfuscation detector (RedJsod) system to deal with this type of threat. RedJsod is a well defined detector based on variable length context-based feature extraction (VCLFE) scheme that takes advantages of abstract syntax tree (AST) representation of a given JavaScript code to infer run-time behaviors statically. We applied RedJsod to three datasets collected from real world Web-pages to evaluate its effectiveness. Also, we tested RedJsod on well-known readable obfuscation samples cited in related works as a proof of concept illustration. Our experimental results indicated that RedJsod achieved very high detection rates (greater than 97%) in terms of accuracy, eliminated false negatives completely, while at the same time yielded very few false positives.

AOS: An optimized sandbox method used in behavior-based malware detection

Malware (malicious software) has been widely spread through our computers in the world that many antivirus vendors use signature-based method to detect them. However, the update rate of the virus signature database can never catch up the creation rate of the new malware variants. Using CSS (Crystal Security Sandbox) that monitors the Windows Portable Executable (PE) file execution and generates a sanitized intermediate result for classifying the malware is an emerging research in malware detection. Although the sanitized intermediate result is sufficient to depict the behaviors of malware, it is still a bit too long, too redundant, and too tedious to deal with efficiently. Therefore we compress and sieve the sanitized intermediate result to derive 90% fewer brief expressions which not only reduce the size of data, but also maintain above 93% accuracy rate and less 7 % error rate.

A Low Cost Key Agreement Protocol Based on Binary Tree for EPCglobal Class 1 Generation 2 RFID Protocol

There are many protocols proposed for protecting Radio Frequency Identification (RFID) system privacy and security. A number of these protocols are designed for protecting long-term security of RFID system using symmetric key or public key cryptosystem. Others are designed for protecting user anonymity and privacy. In practice, the use of RFID technology often has a short lifespan, such as commodity check out, supply chain management and so on. Furthermore, we know that designing a long-term security architecture to protect the security and privacy of RFID tags information requires a thorough consideration from many different aspects. However, any security enhancement on RFID technology will jack up its cost which may be detrimental to its widespread deployment. Due to the severe constraints of RFID tag resources (e.g., power source, computing power, communication bandwidth) and open air communication nature of RFID usage, it is a great challenge to secure a typical RFID system. For example, computational heavy public key and symmetric key cryptography algorithms (e.g., RSA and AES) may not be suitable or over-killed to protect RFID security or privacy. These factors motivate us to research an efficient and cost effective solution for RFID security and privacy protection. In this paper, we propose a new effective generic binary tree based key agreement protocol (called BKAP) and its variations, and show how it can be applied to secure the low cost and resource constraint RFID system. This BKAP is not a general purpose key agreement protocol rather it is a special purpose protocol to protect privacy, un-traceability and anonymity in a single RFID closed system domain.