1

Drs KP Chow, Lucas Hui, SM YiuCenter for Information Security &

Cryptography (CISC)邹锦沛邹锦沛 , , 许志光许志光 , , 姚兆明姚兆明

香港大学资讯保安及密码学研究中心香港大学资讯保安及密码学研究中心

Information Security and digital Information Security and digital forensics research in CS, HKUforensics research in CS, HKU

Research Directions in CISC研究项目

2

Computer Forensics research

Security and cryptography research

Cryptographic primitives加密基元

Infrastructure (Identity-based; PKI-based etc) and different security Models

Signature/encryption schemes….. Leakage resilience泄漏的韧性

……….

Cryptographic protocol ( 密码协议 )VANETs (Vehicular ad

hoc network) 车辆随意网路Smart (power) grid system 智能电网系统

Database system数据库系统(e.g. data mining with privacy 数据挖掘隐私问

题 )

Anonymous authentication (credential) in discussion group 讨论组匿名身份验证 (凭据 ) ……..

Applications & implementatio

n应用与实现Hybrid (software + hardware token)混合系统 (软件 + 硬件密

钥 )

GPU(图形处理单元卡 ) ………

3

(1) Leakage Resilience ( 泄漏的韧性 )Old Belief: Encryption protects your data well and the attacker has no information (not even 1 bit) about your secret key (e.g. passwords).

4

Impact: old security schemes are not guaranteed to be secure!!

This is WRONG!!The “new” assumption: Attacker may get partial information about the secret key.

E.g. Measure running time of CPU, temperature of CPU, sound of the keyboard stroke, etc…

By restricting the power of f, we restrict how much information is leaked. E.g. f outputs x bits only, with x < key (password) length.

5

The modelTo formalize these attacks, we model it as an efficiently computed leakage function f which represents how much leakage information can be obtained by the attacker.

Selected publication:“ID-based encryption scheme on continual auxiliary leakage model”, Eurocrypt 2012.

Can we still prove that scheme A is still secure?

Security scheme A

f(key)all other msgs/info

Attacker

(2) Dynamic Birthmark Generation for Javascript (JavaScript 动态软件胎记 ) Question Addressed:

Given 2 JavaScript programs, does one program copy the other? [plagiarism? IP court cases: Software thefts?]

One may change the source code Our Research Approach: Run the two programs, after

some time: Dump the objects at the memory (heap area) of the two programs. This is the birthmark of the programs (like birthmark of the pig)

If the data structure (heap graph in this case) of the two programs are similar, one is likely to be copying the other.

Heap Graph Example6

7

Selected publicationsPreliminary ideas:“Dynamic Software Birthmark for Java Based on Heap Memory Analysis”, CMS 2011. “JSBiRTH: Dynamic JavaScript Birthmark Based on the Run-time Heap”, COMPSAC 2011.

A more mature methodology:“Heap graph based software theft detection”, IEEE Transaction on Information Forensics and Security (IEEE TIFS) 2012.

8

(3) Android security

DroidChecker

Issue: Unlike Apple’s App stores, no screening process of the apps being published on the Android marketPrivilege escalation attack: The app can perform a function that it is NOT supposed to do.Our technique: identify risky path from control-flow graph DroidChecker: Analyzing Android Applications for Capability Leak, ACM WiSec 2012.

1,179 Android apps scanned => 23 found to be riskyAdobe photoshop express 1.31: a malicious app can make use of it to retrieve all email contacts of the phoneStill on-going……

Research Directions in CISC研究项目

9

Computer Forensics research

Security and cryptography research

CISC 10

• Software tools development– 数字调查和取证 :

• DESK ( 数字证据搜索工具 )• BTM ( 也称为网线监察系统 )• 拍卖现场监测• 互联网监控平台

• Research– Digital identity profiling ( 數碼特徵 )

• Behavior profiling: 互联网上罪犯的數碼特征• Visual profiling: 數碼视觉特征

– Cybercrime model– …..

Computer Forensics Research GroupComputer Forensics Research Group计算机取证

•互联网罪犯的數碼特征 (digital identity profiling)

–行为特徵 (Behavior profiling)•互联网上侵权罪犯的數碼特征•互联网拍卖欺诈拍卖欺诈的數碼特征

CISC 11

我们的研究 - 數碼特征

In physical word, we (e.g. FBI) use it a lot for:同系列犯罪的调查同系列犯罪的调查，例如：性侵犯，凶杀，色情凶杀案网络犯罪有系列本质网络犯罪有系列本质 (serial in nature):网络犯罪的系列本质允许罪犯行为的识别和常量分类 (repeating in nature重複性質 )

网上用户特性 网上用户特性 (preliminary (preliminary study)study)• 网络身份与用户真实身份没有联系• 在互联网中可以非常容易的隐藏个人真实在互联网中可以非常容易的隐藏个人真实身份和行为身份和行为• 很多情况下，一个人拥有多个用户帐户• 判别一系列网络行为是否由一个用户引起判别一系列网络行为是否由一个用户引起还是多个用户涉及是很复杂的还是多个用户涉及是很复杂的

13

用戶数码特征分析用戶数码特征分析根據每個用戶的張貼，計算一個特徵詞的權特徵詞的權重向量 重向量 (a vector of the weights (a vector of the weights of feature words)of feature words)

Computing the weight of a feature word (t) w.r.f. a user (u)? TF-IDF weight (Salton et al.)

W(t,u) = TF(t,u) x log U {u’ U tu’}

Frequency of t in u’s postings

Total number of

users

# of users having t in their

postings

Fewer users have the word, the weight larger

A Profile (A Profile ( 用戶数码特征用戶数码特征 ))• User dow_jones in uwants.com

CISC 14

Feature word Weight1 80 后 0.217612 社民连 0.143493 五区 0.125474 泛民 0.113575 西九 0.109836 黄毓民 0.086717 功能组别 0.084338 总辞 0.082969 八十后 0.0819410 社民 0.08126

使用使用用戶数码特征進行用戶数码特征進行預測預測

CISC 15

• 這些 discuss.com.hk 論壇上的張貼 , 是不是 uwants.com 用戶 dow_jones 發布

Example – Users that are similarExample – Users that are similar

To be trial used by Hong Kong Police

數碼相機 數碼相機 SD SD 卡案例卡案例相片 1 相片 2 相片 3 相片 10 相片 11

Jan 2006

Oct 2006

Time

受害人說謊？ ?或是創建日期不正確 !!

Jan 2007( 犯罪行

为 )

受害人的陈述书

Dec 2006( 分手 )

17

Jan 2005

相片 80

18

Due to the time limit, may be we can share other projects next time.

Publications:IEEE Transactions, Eurocrypt, ACNS, ACISP, …. E.g.TW Chim et al., "OPQ: OT-based Private Querying in VANETs," to appear in the IEEE TITS, 2011.TW Chim et al.,"VSPN: VANET-based Secure and Privacy-preserving Navigation,“ IEEE TC, 2012.TW Chim et al., “PAPB: Privacy-preserving Advance Power Reservation”, IEEE Communications Magazine (CM) 2012. Patrick Chan et al., “Heap graph based software theft detection”, IEEE TIFS 2012.Zoe L. Jiang et al., “Maintaining hard disk integrity with digital legal professional privilege (LPP) data”, IEEE TIFS 2013.Quite a few were awarded “Best paper award” Fundings:

Research funding, e.g. GRF, AoE, ITF, CRF