Vrizlynn L. L. Thing

Securing Android: A Survey, Taxonomy, and Challenges

Recent years have seen a global adoption of smart mobile devices, particularly those based on Android. However, Android’s widespread adoption is marred with increasingly rampant malware threats. This article gives a survey and taxonomy of existing works that secure Android devices. Based on Android app deployment stages, the taxonomy enables us to analyze schemes that share similar objective and approach and to inspect their key differences. Additionally, this article highlights the limitations of existing works and current challenges. It thus distills the state of the art in Android security research and identifies potential research directions for safeguarding billions (and keep counting) of Android-run devices.

Twenty years of digital audio watermarking-a comprehensive review

Digital audio watermarking is an important technique to secure and authenticate audio media. This paper provides a comprehensive review of the twenty years research and development works for digital audio watermarking, based on an exhaustive literature survey and careful selections of representative solutions. We generally classify the existing designs into time domain and transform domain methods, and relate all the reviewed works using two generic watermark embedding equations in the two domains. The most important designing criteria, i.e., imperceptibility and robustness, are thoroughly reviewed. For imperceptibility, the existing measurement and control approaches are classified into heuristic and analytical types, followed by intensive analysis and discussions. Then, we investigate the robustness of the existing solutions against a wide range of critical attacks categorized into basic, desynchronization, and replacement attacks, respectively. This reveals current challenges in developing a global solution robust against all the attacks considered in this paper. Some remaining problems as well as research potentials for better system designs are also discussed. In addition, audio watermarking applications in terms of US patents and commercialized solutions are reviewed. This paper serves as a comprehensive tutorial for interested readers to gain a historical, technical, and also commercial view of digital audio watermarking. HighlightsThe paper systematically categorizes all important existing audio watermark embedding schemes in a concise and effective way based on two generic embedding functions, followed by extensive discussions and analysis.The measurement and control approaches to ensure the imperceptibility property of existing audio watermarking systems are exhausted and categorized into heuristic and analytical groups, with detailed analysis and comparison.Existing attacks to audio watermarking systems are comprehensively studied and rigorously evaluated against a series of representative audio watermarking systems.Current open challenges and future research potentials are sufficiently addressed in this paper.Audio watermarking applications in terms of US patents and commercial products are extensively reviewed.

Time-spread echo-based audio watermarking with optimized imperceptibility and robustness

We present a time-spread echo-based audio watermarking scheme with optimized imperceptibility and robustness. Specifically, convex optimization based finite-impulse-response (FIR) filter design is utilized to obtain the optimal echo filter coefficients. The desired power spectrum of the echo filter is shaped by the proposed maximum power spectral margin (MPSM) and the absolute threshold of hearing (ATH) of human auditory system (HAS) to ensure the optimal imperceptibility. Meanwhile, the auto-correlation function of the echo filter coefficients is specified as the constraint in the problem formulation, which controls the robustness in terms of watermark detection. In this way, a joint optimization of imperceptibility and robustness can be quantitatively performed. As a result, the proposed watermarking scheme is superior to existing solutions such as the ones based on pseudo noise (PN) sequence or modified pseudo noise (MPN) sequence. Note that the designed echo kernel is also highly secure in that only with the same filter coefficients can one successfully detect the watermark. Experimental results are provided to evaluate the imperceptibility and robustness of the proposed watermarking scheme.

A Dynamic Matching Algorithm for Audio Timestamp Identification Using the ENF Criterion

The electric network frequency (ENF) criterion is a recently developed technique for audio timestamp identification, which involves the matching between extracted ENF signal and reference data. For nearly a decade, conventional matching criterion has been based on the minimum mean squared error (MMSE) or maximum correlation coefficient. However, the corresponding performance is highly limited by low signal-to-noise ratio, short recording durations, frequency resolution problems, and so on. This paper presents a threshold-based dynamic matching algorithm (DMA), which is capable of autocorrecting the noise affected frequency estimates. The threshold is chosen according to the frequency resolution determined by the short-time Fourier transform (STFT) window size. A penalty coefficient is introduced to monitor the autocorrection process and finally determine the estimated timestamp. It is then shown that the DMA generalizes the conventional MMSE method. By considering the mainlobe width in the STFT caused by limited frequency resolution, the DMA achieves improved identification accuracy and robustness against higher levels of noise and the offset problem. Synthetic performance analysis and practical experimental results are provided to illustrate the advantages of the DMA.

An Improved Double Compression Detection Method for JPEG Image Forensics

Double JPEG image compression detection, or more specifically, double quantization detection, is an important digital image forensic method to detect the presence of image forgery or tampering. In this paper, we introduce an improved double quantization detection method to improve the accuracy of JPEG image tampering detection. We evaluate our detection method using the publicly available CASIA authentic and tampered image data set of 9501 JPEG images. We carry out 20 rounds of experiments with stringent parameter setting placed on our detection method to demonstrate its robustness. Each round of classifier is generated from a unique, non-overlapping and small subset composing of 1/20 of the tampered and 1/72 of the authentic images, to obtain a training data set of about 100 images per class, with the rest of the 19/20 of the tampered and 71/72 of the authentic images used for testing. Through the experiments, we show an average improvement of 40.31% and 44.85% in the true negative (TN) rate and true positive (TP) rate, respectively, when compared with the current state-of-the-art method. The average TN and TP rates obtained from 20 rounds of experiments carried out using our detection method, are 90.81% and 76.95%, respectively. The experimental results show that our JPEG image forensics method can support a reliable large-scale digital image evidence authenticity verification with consistent good accuracy. The low training to testing data ratio also indicates that our method is robust in practical applications even with a relatively limited or small training data set available.

Fingerprint Liveness Detection From Single Image Using Low-Level Features and Shape Analysis

Fingerprint-based authentication systems have developed rapidly in the recent years. However, current fingerprint-based biometric systems are vulnerable to spoofing attacks. Moreover, single feature-based static approach does not perform equally over different fingerprint sensors and spoofing materials. In this paper, we propose a static software approach. We propose to combine low-level gradient features from speeded-up robust features, pyramid extension of the histograms of oriented gradient and texture features from Gabor wavelet using dynamic score level integration. We extract these features from a single fingerprint image to overcome the issues faced in dynamic software approaches, which require user cooperation and longer computational time. A experimental analysis done on LivDet 2011 data produced an average equal error rate (EER) of 3.95% over four databases. The result outperforms the existing best average EER of 9.625%. We also performed experiments with LivDet 2013 database and achieved an average classification error rate of 2.27% in comparison with 12.87% obtained by the LivDet 2013 competition winner.

Cepstral Analysis for the Application of Echo-Based Audio Watermark Detection

Cepstral analysis is an important signal processing procedure for audio watermark detection in echo-based audio watermarking systems. However, with the use of two common versions, i.e., complex and real cepstra, this procedure is usually treated as a very standard routine. This paper starts from noting inappropriate cepstral analysis from existing works, and provides rigorous derivations to reveal the advantages of using real cepstrum than complex cepstrum in echo-based audio watermark detection. Furthermore, we introduce two alternatives, termed as real part and imaginary part cepstrum, respectively, based on which a joint detection scheme is proposed. This is achieved by noting that both real part and imaginary part cepstra contain a full version of the echo kernel coefficients, which can be appropriately combined to obtain a composite cepstrum to further suppress the interferences. The advantages of the joint detection scheme over conventional approach using real cepstrum are illustrated via both performance analysis and experimental results. The accuracies of the mathematical approximations for each version of cepstrum are evaluated by normalized misalignment. The detection robustness is evaluated using the peak-to-average power ratio. The relationships among echo length, echo delays, and scaling factor, during watermark detection phase, are also discussed. Experimental results of watermark detection rate are provided to compare the performance of complex, real, and composite cepstra, respectively.

Content based JPEG fragmentation point detection

In the forensics analysis of raw evidence data, fragmentation point detection is crucial to differentiate fragments of evidence and identify potentially corrupted data. This need is even more prominent for JPEG images since the chance is high that an erroneous data block passes a normal JPEG decoder without triggering any errors. Therefore, it is important to verify the content of the decoded image data to determine if fragmentation and/or corruption has occurred. In this paper, we propose three different techniques for the detection of fragmentation point based on the image contents, as well as a detector built by combining these methods. We evaluate the effectiveness of these techniques and the combined detector by implementing them on a standard JPEG decoder and testing them on more than 2000 fragmented images generated from over 1200 JPEG photos.

Control flow obfuscation for Android applications

Abstract Android apps are vulnerable to reverse engineering, which makes app tampering and repackaging relatively easy. While obfuscation is widely known to make reverse engineering harder, complex and effective control flow obfuscations by rearranging Android bytecode instructions have not been implemented in various Android obfuscation tools. This paper presents our control-flow obfuscation techniques for Android apps at the Dalvik bytecode level. Our three proposed schemes go beyond simple control-flow transformations employed by existing Android obfuscators, and make it difficult for static analysis to determine the actual app control flows. To realize this, we also address a previously-unsolved register-type conflict problem that can be raised by the verifier module of the Android runtime system by means of a type separation technique. Our analysis and experimentation show that the schemes can offer effective obfuscation with reasonable performance and size overheads. Combined with the existing data and layout obfuscation techniques, our schemes can offer attractive measures to hinder reverse engineering and code analysis on Android apps, and help safeguard Android app developers heavy investment in their apps.

SLIC: Self-Learning Intelligent Classifier for network traffic

Abstract Internet traffic classification plays an important role in the field of network security and management. Past research works utilize flow-level statistical features for accurate and efficient classification, such as the nearest-neighbor based supervised classifier. However, classification accuracy of supervised approaches is significantly affected if the size of the training set is small. More importantly, the model built using a static training set will not be able to adapt to the non-static nature of Internet traffic. With the drastic evolution of the Internet, network traffic cannot be assumed to be static. In this paper, we develop the concept of ‘self-learning’ to deal with these two challenges. We propose, design and develop a new classifier called Self-Learning Intelligent Classifier (SLIC). SLIC starts with a small number of training instances, self-learns and rebuilds the classification model dynamically, with the aim of achieving high accuracy in classifying non-static traffic flows. We carry out performance evaluations using two real-world traffic traces, and demonstrate the effectiveness of SLIC. The results show that SLIC achieves significant improvement in accuracy compared to the state-of-the-art approach.