Degang Sun

Method for Determining Whether or not Text Information Is Leaked from Computer Display Through Electromagnetic Radiation

Confidential information might be leaked through electro-magnetic radiation from a computer display. To detect the electromagnetic radiation that contains text information, this paper proposed an evaluation method without reconstructing the displayed image. In this method, sparse decomposition in wavelet is used to describe the characteristics of electromagnetic radiation signals contain text information. By using this method, it is easy to detect text information leakage in electromagnetic radiation from a computer display.

Enhanced Correlation Power Analysis by Biasing Power Traces

Biasing power traces with high Signal to Noise Ratio (SNR) proposed by K. Yongdae et al. can significantly improve the efficiency of the CPA. But it is still a problem to be solved that how to efficiently select power traces with high SNR. Through the analysis of the statistical characteristics of power traces, we propose three methods to better solve this problem in this paper. We bias power traces by using the Minkowski distance (i.e. Euclidean distance or Manhattan distance) between each power trace and mean power trace. Biasing power traces can also be carried out by using probability density function values of power consumption of interesting points, or even directly using power consumption of interesting points. Our schemes can blindly select power traces with high SNR in a high probability. The efficiency of the CPA by using the three of our methods is significantly improved. Thus, our schemes are more effective compared to the one proposed by K. Yongdae et al.

A novel method for computer video leaking signal detection

Video leaking signal detection is an important part of TEMPEST, which is the technologies research focus on the investigations and studies of compromising emanations. A novel video leaking signal detection algorithm based on spectral centroid has been developed. Using the property that spectral centroid can accurately identify the signal energy center in frequency domain, the proposed algorithm can detect the display video leaking signal automatically. The uniformity degree of spectral centroid spacing distribution is defined to distinguish the video leaking signal and clutter signal automatically. Furthermore, the ant-jamming and ant-noise performance of the developed algorithm is analyzed in a practical attack scenario.

Network transmission of hidden data using smartphones based on compromising emanations

In this paper, we proposes a method to obtain the stored in the air-gapped computer with the help of nearby smartphones by intentionally generating loud physical emanations. We can construct a big transmission network connecting a computer and many cell phones by using different kinds of physical emanations. We further demonstrate the scenario by implementing a system using electromagnetic waves and acoustical signals. In this system, convert transmission channels are established between the computer and the cell phones. The microphone and FM receiver of the mobile phone are used to obtain the information. This kind of hidden data transmission method has the characteristics of strong concealment.

A new efficient interesting points enhanced electromagnetic attack on AT89S52

Electromagnetic attacks are non-invasive attacks and pose serious threats to the security of cryptographic devices. However, its environment is complex and the noise on electromagnetic traces is often large. Thus, traditional differential electromagnetic analysis (DEMA) and correlation electromagnetic analysis (CEMA) require a lot of electromagnetic traces to recover the key used in the cryptographic devices. In order to reduce the number of electromagnetic traces required in our attacks, two high efficiency side channel distinguishers named multiple interesting points combined differential electromagnetic analysis (MIP-DEMA) and multiple interesting points combined correlation electromagnetic analysis (MIP-CEMA) are proposed in this paper. Experimental results on AES algorithm targeting an AT89S52 microcontroller show that, to get success rates of 0.80 and 1.00, only 40% ~ 60% of electromagnetic traces are needed in our MIP-DEMA and MIP-CEMA.

Research on Security Algorithm of Virtual Machine Live Migration for KVM Virtualization System

Live migration of virtual machine is the process of moving VMs from one physical server to another server keeping services running in VMs, and facilitates load balancing, energy saving, hardware dependent, remote migration and so on. This novel technology brings a huge convenience, and also presents new security challenges that the security concern is the major factor effecting this technology widely adopted in IT industry. Live migration exposes VM’s data as plaintext to the network as a result of vulnerabilities in the migration protocol. The traditional protection way is using the SSL protocol, but that consume too much time and not as safe as it used to be, few users adopt this way. So we design a security algorithm based original migration algorithm making up for the lack of security. In this paper, firstly, we analyze and verify security threats to live migration. Secondly, through the analysis on the live migration mechanism, the bottom driver, and the source code of KVM virtualization system, we design a security algorithm for live migration to meet the security needs of different users. Thirdly, the new security algorithm which we innovatively add three functions to the original algorithm to ensure migration data to remain confidential and unmodified during the transmission. The security algorithm make up the security vulnerabilities of original migration mechanism and take less time than the SSL. Finally, a series of experiments validate the algorithm that could solve the balance of the security and performance in live migration process.

A low-cost and efficient method of determining the best frequency band for video leaking signal reconstruction

Determining the best frequency band for reconstructing display video leaking signal is the key problem in TEMPEST, which is the technology of electromagnetic leaking research. To solve such problem, a novel algorithm based on spectral centroid has been developed. Using the property that spectral centroid can accurately identify the signal energy center in frequency domain, the proposed algorithm can find best frequency band automatically. The uniformity degree of spectral centroid spacing distribution is defined to find the best frequency band which has the highest signal to noise ratio (SNR). Thus the video leaking signal reconstruction can be realized efficiently without expensive equipment.

A Novel Method for Specific Emitter Identification Based on Singular Spectrum Analysis

As wireless platforms grow in popularity and store valuable information, their security becomes increasingly important. Specific emitter identification (SEI) is a novel means of enhancing the security of wireless networks. Thus, an automatic SEI system with good performance is meaningful. In this paper, a novel method for SEI based on singular spectrum analysis (SSA) is proposed. It uses SSA to analyze the transient signals and extract features for identification of mobile phones. A complete identification system is presented and its performance is evaluated by volume experiments, which show that the proposed method is efficient even at a reduced signal to noise ratio.

Detecting Flooding DDoS Under Flash Crowds Based on Mondrian Forest

Flooding Distributed Denial of Service (DDoS) attacks could cause huge damages to Internet, which has much similarity with Flash Crowds (FC). Traditional Machine learning methods usually have a better performance for offline processing, however, they cannot process huge volume data which cannot be loaded in memory at one time and can’t auto-update model in time. In this paper, a streaming detection mechanism based on Online Random Forest-Mondrian Forest is proposed to solve this problem. Firstly, a deep analysis has been done on client’s characteristics of DDoS and FC to find anomaly traffic behaviors in network layer. Based on the analysis, a new feature set has been concluded to describe the client behavior of DDoS and FC. Then a streaming detecting mechanism employed with online Random Forest based on the new feature set has been proposed. To evaluate this method, a comparison with the traditional offline batch process method-Random Forest has been done on two public real-world datasets. The results show that even though this method has a bit lower accuracy around 93% on Test Data, it can be trained like a streaming way which doesn’t need load all data in memory at one time and can update itself automatically with time, which is more applicable for Big Data situations.

A Distinction Method of Flooding DDoS and Flash Crowds Based on User Traffic Behavior

Discriminating Distributed Denial of Service (DDoS) from Flash Crowds (FC) is a tough and challenging problem, because there are many similarities between each other existed in network layer. In this paper, according to an extensive analysis of user traffic behavior of DDoS and FC, it can be found that some traffic abnormalities are existed between Bots and legitimate users. So a behavior-based method employed Data Mining isproposed to distinguish each other, and two public real-world datasets are used to evaluate the method. Whats more, simulated traffic are produced to evaluate the method further, which is based on statistical parameters took from the two datasets and combined with two popular and common distributions together, Gaussian Distribution and Pareto Distribution. And two types of simulations are considered: Novice Simulation and Veteran Simulation. The result in Novice Simulation has almost 100% accuracy, while in Veteran Simulation, the result has a more than 98% accuracy, less than 15% FRP and 3% FNR, all of them show the proposed method could have a good accuracy and robustness. In addition, compared it with traditional methods-Entropy and Threshold methods in Veteran Simulation, the results indicate that both of them could hardly distinguish DDoS and FC, whilethe proposed method could achieve a better distinguished effect.