2021, Belozubova, A., Kogos, K., Белозубова, Анна Игоревна, Когос, Константин Григорьевич

© 2020 Elsevier B.V.. All rights reserved.Covert channel is a communication channel that was not designed for information transmission. It is proven that in some circumstances the attacker has an ability to build a covert channel that cannot be detected. That is why the method of capacity limitation of a potential covert channel seems to be an effective counteraction that can be used when allowable level of covert channel capacity is set up. To use such method, it is needed to estimate residual covert channel capacity. Random delays before packet sending are considered as a tool of noise insertion into a covert channel. In this paper authors investigated the way to estimate covert channel capacity taking into account network load conditions. The main topics of the research are cases when time intervals between packet sending and packet receiving in network comply with normal and exponential distributions.

2019, Epishkina, A., Finoshin, M., Kogos, K., Yazykova, A., Епишкина, Анна Васильевна, Финошин, Михаил Александрович, Когос, Константин Григорьевич

© 2019 IEEE.Currently, packet data networks are widespread. Their architectural features allow constructing covert channels that are able to transmit covert data under the conditions of using standard protection measures. However, encryption or packets length normalization, leave the possibility for an intruder to transfer covert data via timing covert channels (TCCs). In turn, inter-packet delay (IPD) normalization leads to reducing communication channel capacity. Detection is an alternative countermeasure. At the present time, detection methods based on machine learning are widely studied. The complexity of TCCs detection based on machine learning depends on the availability of traffic samples, and on the possibility of an intruder to change covert channels parameters. In the current work, we explore the cases of TCCs detection via.

2020, Sokolov, A., Kogos, K., Когос, Константин Григорьевич

© 2020 The Authors. Published by Elsevier B.V.Covert channels are used for information transmission in a manner that is not intended for communication and is difficult to detect. Methods of active covert channels detection may be insecure. Therefore, it is better to use approaches that limit covert channels preliminary. We propose some traffic normalization techniques to limit covert timing channels. Recommendations to using the counteraction methods were given and their influence on the communication channel capacity was investigated.

2019, Garbuz, A., Epishkina, A., Kogos, K., Епишкина, Анна Васильевна, Когос, Константин Григорьевич

© 2019 IEEE.Nowadays, smartphones are used for getting access to sensitive and private data. As a result, we need an authentication system that will provide smartphones with additional security and at the same time will not cause annoyance to users. Existing authentication mechanisms provide just a one-time user verification and do not perform re-authentication in the process of further interaction. In this paper, we present a continuous user authentication system based on user's interaction with the touchscreen in conjunction with micromovements, performed by smartphones at the same time. We consider two of the most common types of gestures performed by users (vertical swipes up and down, and taps). The novelty of our approach is that swipes and taps are both analyzed to provide continuous authentication. Swipes are informative gestures, while taps are the most common gestures. This way, we aim to reduce the time of impostors' detection. The proposed scheme collects data from the touchscreen and multiple 3-dimensional sensors integrated in all modern smartphones. We use One-Class Support Vector Machine (OSVM) algorithm to get a model of a legitimate user. The obtained results show that the proposed scheme of continuous authentication can improve smartphone security.

2021, Belozubova, A., Kogos, K., Epishkina, A., Белозубова, Анна Игоревна, Когос, Константин Григорьевич, Епишкина, Анна Васильевна

© 2021 IEEE.Covert channel is a communication channel that was not designed for information transmission. Covert channels in IP networks can be implemented in a way that is difficult to detect. That is why the method of capacity limitation of a potential covert channel seems to be an effective counteraction that can be used when allowable level of covert channel capacity is set up. To effectively protect information from leakage, it is needed to estimate residual covert channel capacity when limitation method was implemented. Random delays before packet sending are considered as a tool of noise insertion into a covert channel. In this paper authors investigated the way to estimate covert channel capacity taking into account network load conditions and ways of random delay generation. The main topics of the research are cases when time intervals between packet sending and packet receiving in network comply with normal and exponential distributions.

2020, Lebedev, P., Kogos, K., Vasilenko, E., Когос, Константин Григорьевич

© 2020, Springer Nature Singapore Pte Ltd.In this paper authors introduce an algorithm to simplification of UEFI firmware reverse engineering via limiting the amount of code examined on Intel-based systems, which is based on proprietary UEFI protocols searching. The provided implementation of the algorithm is tested on few platforms that are Gigabyte BRIX, Razer Blade Stealth and Intel NUC based on 7th Generation Intel(R) Processor Families. As a result, UEFI modules that contain references to proprietary protocols were defined.

2020, Sidorova, A., Kogos, K., Сидорова, Анна Андреевна, Когос, Константин Григорьевич

© 2020 Polish Information Processing Society - as it is since 2011.Almost all people's data is stored on their personal devices. There is a need to protect information from unauthorized access. PIN codes, passwords, tokens can be forgotten, lost, transferred, brute-force attacked. For this reason, biometric authentication is gaining in popularity. Biometric data are unchanged for a long time, different for users, and can be measured. This paper explores voice authentication due to the ease of use of this technology, since obtaining voice characteristics of users doesn't require an equipment in addition to the microphone. The method of voice authentication based on an anomaly detection algorithm has been proposed. The software module for text-independent authentication has been implemented on the Python language. It's based on a new Mozilla's open source voice dataset 'Common voice'. Experimental results confirmed the high accuracy of authentication by the proposed method.

2021, Frolova, D., Kogos, K., Epishkina, A., Когос, Константин Григорьевич, Епишкина, Анна Васильевна

© 2021 IEEE.Nowadays a huge amount of sensitive information is sending via packet data networks and its security doesn't provided properly. Very often information leakage causes huge damage to organizations. One of the mechanisms to cause information leakage when it transmits through a communication channel is to construct a covert channel. Everywhere used packet networks provide huge opportunities for covert channels creating, which often leads to leakage of critical data. Moreover, covert channels based on packet length modifying can function in a system even if traffic encryption is applied and there are some data transfer schemes that are difficult to detect. The purpose of the paper is to construct and examine a normalization protection tool against covert channels. We analyze full and partial normalization, propose estimation of the residual covert channel capacity in a case of counteracting and determine the best parameters of counteraction tool.

2020, Yazykova, A., Finoshin, M., Kogos, K., Финошин, Михаил Александрович, Когос, Константин Григорьевич

© 2020, Springer Nature Switzerland AG.The peculiarities of the batch data transmission networks make it possible to use covert channels, which survive under standard protective measures, to perform data leaks. However, storage covert channels can be annihilated by means of limiting the flow capacity, or by use of encryption. The measures against storage covert channels cannot be implemented against timing covert channels (TCCs), otherwise their usage has to be conditioned by certain factors. For instance, while packet encryption an intruder still possesses the ability to covertly transfer the data. At the same time, normalization of inter-packet delays (IPDs) influences the flow capacity in a greater degree than sending fixed-length packets does. Detection can be called an alternative countermeasure. At the present time, detection methods based on artificial intelligence have been widespreadly used, however the possibility to implement these methods under conditions of a covert channel parametrization has not been investigated. In the current work, we study the possibility to implement artificial intelligence for detecting TCCs under conditions of varying covert channel characteristics: flow capacity and encoding scheme. The detection method is based on machine learning algorithms that solve the problem of binary classification.

2019, Eremin, A., Kogos, K., Valatskayte, Y., Когос, Константин Григорьевич

© 2019, Springer Nature Switzerland AG.This paper presents two methods of implicit authentication during answering an incoming call based on user behavior biometrics. Such methods allow to increase usability of authentication against common PIN or graphical password. Also, a concept of authentication system based on presented methods is proposed. The paper shows that user’s touch dynamics and movement of the hand towards the ear when accepting the call provide all necessary information for authentication and there is no need for user to enter a PIN or graphical password.