Obfuscation

Automated Fingerprint Identification Systems (AFIS) is deployed in law authorization and fringe control applications. This has elevated the requirement for guaranteeing that these frameworks are not traded off. A few issues identified with finger print analysis frameworks security have been explored. This includes the utilization of fake fingerprints for disguising personality. The issues of finger print alteration or jumbling has gotten almost no consideration. Fingerprint Obfuscation alludes to the planned change of the finger print pattern of a single person with the goal of veiling his personality. A few instances of unique finger print Obfuscation have been reported so far. Finger print image quality assessment software can't generally identify adjusted fingerprints. This paper highlights the significance of the issue by analyzing altered fingerprints and proposes an effective algorithm for them.

Imagine there is certain content we want to maintain private until some particular event occurs, when we want to have it automatically disclosed. Suppose furthermore, that we want this done in a (possibly) malicious host. Say, the confidential content is a piece of code belonging to a computer program that should remain ciphered and then “be triggered ” (i.e., deciphered and executed) when the underlying system satisfies a preselected condition which must remain secret after code inspection. In this work we present different solutions for problems of this sort, using different “declassification ” criteria, based on a primitive we call secure triggers. We establish the notion of secure triggers in the universally-composable security framework of [Canetti 2001] and introduce several examples. Our examples demonstrate that a new sort of obfuscation is possible. Finally, we motivate its use with applications in realistic scenarios. 1

Title of Thesis: SECURITY THROUGH OBSCURITY: LAYOUT OBFUSCATION OF DIGITAL INTEGRATED CIRCUITS USING DON’T CARE CONDITIONS Sana Mehmood Awan, Master of Science, 2015 Directed By: Professor Gang Qu, Department of Electrical and Computer Engineering and Institute for Systems Research, University of Maryland Contemporary integrated circuits are designed and manufactured in a globalized environment leading to concerns of piracy, overproduction and counterfeiting. Contemporary integrated circuits are designed and manufactured in a globalized environment leading to concerns of piracy, overproduction and counterfeiting. One class of techniques to combat these threats is circuit obfuscation which seeks to modify the gate-level (or structural) description of a circuit without affecting its functionality in order to increase the complexity and cost of reverse engineering. Most of the existing circuit obfuscation methods are based on the insertion of additional logic (called “key gates”) or ca...

Abstract. There are many programming situations where it would be convenient to conceal the meaning of code, or the meaning of certain variables. This can be achieved through program transformations which are grouped under the term obfuscation. Obfuscation is one of a ...

As location-based services emerge, many people feel exposed to high privacy threats. Privacy protection is a major challenge for such applications. A broadly used approach is perturbation, which adds an artificial noise to positions and returns an obfuscated measurement to the requester. Our main finding is that, unless the noise is chosen properly, these methods do not withstand attacks based on probabilistic analysis. In this paper, we define a strong adversary model that uses probability calculus to de-obfuscate the location ...

Whether we accept it or not, computer systems and the op-erating systems that direct them are at the heart of major forms of malicious activity. Criminals can use computers as the actual target of their malicious activity (stealing funds electronically from a bank) or use ...

Zimbabwe " s pro-democracy groups have alleged significant information security breaches of voters " personal data ahead of the Monday 30 July elections. While there haven " t been any reported significant network disruptions so far, nevertheless, these breaches, some of which the electoral commission has admitted pose a significant threat to privacy, expression and political participation. While two of the cases involve an alleged interference with data stored and at rest in the election commission " s servers, the other case concerns the " black boxing " of the ballot paper " s security features. This lack of transparency erodes trust and confidence in biometric technology but it also frustrates the verifiability and audit of the technical functionality especially its potential capabilities to obfuscate data. All the above developments challenge the Internet Freedom Community to reconsider the ambit of information controls particularly during key political events such as current Zimbabwe " s elections. As a number of African countries embrace biometric technology-driven elections, the community needs to adopt a broader approach to information controls that address all information security breaches since big data and decentralized technologies. This is regardless of the fact that some of these technologies do not exclusively rely on internet transmission control protocols to transmit and store data. This article argues that such a broader approach accords with The Citizen Lab " s conceptualisation to information controls: a broad term used to define all actions that governments, the private sector, and other actors take through the Internet and other information communications technologies, for example, to secure (e.g., encryption) information for political ends.' An acceptance of this view will lead to a more evidence-based and broader elections threat modeling. Such a modeling, based on revised indicators, would take into account a wide range of adversaries that potentially exploit vulnerabilities in decentralized technologies and also in data regardless of medium or whether such data is in transit, cloud, storage or at rest. Zimbabwe's alleged information security compromises In the run-up to Zimbabwe " s 2018 elections, the main opposition party, the Movement for Democratic Alliance, supported by some local NGOs raised the following information security concerns in connection with the integrity, availability and confidentiality of voters " personal data: 1. Selective access to voters' personal data The first complaint relates to the election commission " s refusal to give the opposition access to the voters " roll stored in its servers on the ground that this may compromise the security of sensitive data. Subsequent to this refusal, some voters received targeted campaign text messages from the ruling ZANU PF party, leading to further allegations that the commission had selectively availed the voters " data base to the ruling party contrary to the provisions of the law which it had cited to deny the opposition the same right. The commission responded to the accusation by stating that its data base was hacked. This admission contradicts its earlier claim that its data base was tamper-proof. The commission " s head, Judge Chigumba had previously issued a press statement that the 2018 elections could not be rigged as the country " s voting system is " tamper-proof " for the simple reason that the data that they collected are housed in a " consolidation server ". She continued, " The consolidation server contains the master server that contains all the information and we then have other servers which we are using to connect that data. Those servers have very strict protection files. They have very strict un-hackable access level passwords that are tamper-free, " For more on this

A new approach to software metrics using concepts from information theory, data compression, complexity theory and analogies with real physical systems is described. A novel application of software obfuscation allows an existing software package to be analysed in terms of the effects of perturbations caused by the obfuscator. Parallels are drawn between the results of the software analysis and the behaviour of physical systems as described by classical thermodynamics.

In this paper, we propose an obfuscation/ deobfuscation based technique to detect the presence of possible SQL Injection Attacks (SQLIA) in a query before submitting it to a DBMS. This technique combines static and dynamic analysis. In the static phase, the queries in the application are replaced by queries in obfuscated form. The main idea behind obfuscation is to isolate all the atomic formulas from other control elements of the query. During the dynamic phase, the user inputs are merged into the obfuscated atomic formulas, and the dynamic verifier analysis the presence of possible SQLIA at atomic formula level. Finally, a deobfuscation step is performed to recover the original query before submitting it to the DBMS.