BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Ivan Martinovic

Ivan Martinovic contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and SecurityMachine LearningComputation and LanguageComputer Visioneess.ASInformation RetrievalNetworking and Internet ArchitecturePerformanceSound

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
9works
0followers
9topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

9 published item(s)

preprint2023arXiv

FETA: Fair Evaluation of Touch-based Authentication

In this paper, we investigate common pitfalls affecting the evaluation of authentication systems based on touch dynamics. We consider different factors that lead to misrepresented performance, are incompatible with stated system and threat models or impede reproducibility and comparability with previous work. Specifically, we investigate the effects of (i) small sample sizes (both number of users and recording sessions), (ii) using different phone models in training data, (iii) selecting non-contiguous training data, (iv) inserting attacker samples in training data and (v) swipe aggregation. We perform a systematic review of 30 touch dynamics papers showing that all of them overlook at least one of these pitfalls. To quantify each pitfall's effect, we design a set of experiments and collect a new longitudinal dataset of touch interactions from 515 users over 31 days comprised of 1,194,451 unique strokes. Part of this data is collected in-lab with Android devices and the rest remotely with iOS devices, allowing us to make in-depth comparisons. We make this dataset and our code available online. Our results show significant percentage-point changes in reported mean EER for several pitfalls: including attacker data (2.55%), non-contiguous training data (3.8%) and phone model mixing (3.2%-5.8%). We show that, in a common evaluation setting, the cumulative effects of these evaluation choices result in a combined difference of 8.9% EER. We also largely observe these effects across the entire ROC curve. The pitfalls are evaluated on four distinct classifiers - SVM, Random Forest, Neural Network, and kNN. Furthermore, we explore additional considerations for fair evaluation when building touch-based authentication systems and quantify their impacts. Based on these insights, we propose a set of best practices that, will lead to more realistic and comparable reporting of results in the field.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Death By A Thousand COTS: Disrupting Satellite Communications using Low Earth Orbit Constellations

Satellites in Geostationary Orbit (GEO) provide a number of commercial, government, and military services around the world, offering everything from surveillance and monitoring to video calls and internet access. However a dramatic lowering of the cost-per-kilogram to space has led to a recent explosion in real and planned constellations in Low Earth Orbit (LEO) of smaller satellites. These constellations are managed remotely and it is important to consider a scenario in which an attacker gains control over the constituent satellites. In this paper we aim to understand what damage this attacker could cause, using the satellites to generate interference. To ground our analysis, we simulate a number of existing and planned LEO constellations against an example GEO constellation, and evaluate the relative effectiveness of each. Our model shows that with conservative power estimates, both current and planned constellations could disrupt GEO satellite services at every groundstation considered, with effectiveness varying considerably between locations. We analyse different patterns of interference, how they reflect the structures of the constellations creating them, and how effective they might be against a number of legitimate services. We found that real-time usage (e.g. calls, streaming) would be most affected, with 3 constellation designs able to generate thousands of outages of 30 seconds or longer over the course of the day across all groundstations.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

I'm Hearing (Different) Voices: Anonymous Voices to Protect User Privacy

In this paper, we present AltVoice -- a system designed to help user's protect their privacy when using remotely accessed voice services. The system allows a user to conceal their true voice identity information with no cooperation from the remote voice service: AltVoice re-synthesizes user's spoken audio to sound as if it has been spoken by a different, private identity. The system converts audio to its textual representation at its midpoint, and thus removes any linkage between the user's voice and the generated private voices. We implement AltVoice and we propose six different methods to generate private voice identities, each is based on a user-known secret. We identify the system's trade-offs, and we investigate them for each of the proposed identity generation methods. Specifically, we investigate generated voices' diversity, word error rate, perceived speech quality and the success of attackers under privacy compromise and authentication compromise attack scenarios. Our results show that AltVoice-generated voices are not easily linked to original users, enabling users to protect themselves from voice data leakages and allowing for the revocability of (generated) voice data; akin to using passwords. However the results also show further work is needed on ensuring that the produced audio is natural, and that identities of private voices are distinct from one another. We discuss the future steps into improving AltVoice and the new implications that its existence has for the creations of remotely accessed voice services.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

RingAuth: Wearable Authentication using a Smart Ring

In this paper, we show that by using inertial sensor data generated by a smart ring, worn on the finger, the user can be authenticated when making mobile payments or when knocking on a door (for access control). The proposed system can be deployed purely in software and does not require updates to existing payment terminals or infrastructure. We also demonstrate that smart ring data can authenticate smartwatch gestures, and vice versa, allowing either device to act as an implicit second factor for the other. To validate the system, we conduct a user study (n=21) to collect inertial sensor data from users as they perform gestures, and we evaluate the system against an active impersonation attacker. Based on this data, we develop payment and access control authentication models for which we achieve EERs of 0.04 and 0.02, respectively.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Techniques for Continuous Touch-Based Authentication Modeling

The field of touch-based authentication has been rapidly developing over the last decade, creating a fragmented and difficult-to-navigate area for researchers and application developers alike due to the variety of methods investigated. In this study, we perform a systematic literature analysis of 30 studies on the techniques used for feature extraction, classification, and aggregation in touch-based authentication systems as well as the performance metrics reported by each study. Based on our findings, we design a set of experiments to compare the performance of the most frequently used techniques in the field under clearly defined conditions. In addition, we introduce three new techniques for touch-based authentication: an expanded feature set (consisting of 149 unique features), a multi-algorithm ensemble-based classifier, and a Recurrent Neural Network based stacking aggregation method. The comparison includes 14 feature sets, 11 classifiers, and 5 aggregation methods. In total, 219 model configurations are examined and we show that our novel techniques outperform the current state-of-the-art in each category. The results are also validated across three different publicly available datasets. Finally, we discuss the findings of our investigation with the aim of making the field more understandable and accessible for researchers and practitioners.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

SLAP: Improving Physical Adversarial Examples with Short-Lived Adversarial Perturbations

Research into adversarial examples (AE) has developed rapidly, yet static adversarial patches are still the main technique for conducting attacks in the real world, despite being obvious, semi-permanent and unmodifiable once deployed. In this paper, we propose Short-Lived Adversarial Perturbations (SLAP), a novel technique that allows adversaries to realize physically robust real-world AE by using a light projector. Attackers can project a specifically crafted adversarial perturbation onto a real-world object, transforming it into an AE. This allows the adversary greater control over the attack compared to adversarial patches: (i) projections can be dynamically turned on and off or modified at will, (ii) projections do not suffer from the locality constraint imposed by patches, making them harder to detect. We study the feasibility of SLAP in the self-driving scenario, targeting both object detector and traffic sign recognition tasks, focusing on the detection of stop signs. We conduct experiments in a variety of ambient light conditions, including outdoors, showing how in non-bright settings the proposed method generates AE that are extremely robust, causing misclassifications on state-of-the-art networks with up to 99% success rate for a variety of angles and distances. We also demostrate that SLAP-generated AE do not present detectable behaviours seen in adversarial patches and therefore bypass SentiNet, a physical AE detection method. We evaluate other defences including an adaptive defender using adversarial learning which is able to thwart the attack effectiveness up to 80% even in favourable attacker conditions.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Speaker Anonymization with Distribution-Preserving X-Vector Generation for the VoicePrivacy Challenge 2020

In this paper, we present a Distribution-Preserving Voice Anonymization technique, as our submission to the VoicePrivacy Challenge 2020. We observe that the challenge baseline system generates fake X-vectors which are very similar to each other, significantly more so than those extracted from organic speakers. This difference arises from averaging many X-vectors from a pool of speakers in the anonymization process, causing a loss of information. We propose a new method to generate fake X-vectors which overcomes these limitations by preserving the distributional properties of X-vectors and their intra-similarity. We use population data to learn the properties of the X-vector space, before fitting a generative model which we use to sample fake X-vectors. We show how this approach generates X-vectors that more closely follow the expected intra-similarity distribution of organic speaker X-vectors. Our method can be easily integrated with others as the anonymization component of the system and removes the need to distribute a pool of speakers to use during the anonymization. Our approach leads to an increase in EER of up to $19.4\%$ in males and $11.1\%$ in females in scenarios where enrollment and trial utterances are anonymized versus the baseline solution, demonstrating the diversity of our generated voices.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Classi-Fly: Inferring Aircraft Categories from Open Data using Machine Learning

In recent years, air traffic communication data has become easy to access, enabling novel research in many fields. Exploiting this new data source, a wide range of applications have emerged, from weather forecasting to stock market prediction, or the collection of information about military and government movements. Typically these applications require knowledge about the metadata of the aircraft, specifically its operator and the aircraft category. armasuisse Science + Technology, the R\&D agency for the Swiss Armed Forces, has been developing Classi-Fly, a novel approach to obtain metadata about aircraft based on their movement patterns. We validate Classi-Fly using several hundred thousand flights collected through open source means, in conjunction with ground truth from publicly available aircraft registries containing more than two million aircraft. Classi-Fly obtains the correct aircraft category with an accuracy of over 88%, demonstrating that it can improve the meta data necessary for applications working with air traffic communication. Finally, we show that it is feasible to automatically detect specific flights such as police and surveillance missions.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

QPEP: A QUIC-Based Approach to Encrypted Performance Enhancing Proxies for High-Latency Satellite Broadband

Satellite broadband services are critical infrastructures enabling advanced technologies to function in the most remote regions of the globe. However, status-quo services are often unencrypted by default and vulnerable to eavesdropping attacks. In this paper, we challenge the historical perception that over-the-air security must trade off with TCP performance in high-latency satellite networks due to the deep-packet inspection requirements of Performance Enhancing Proxies (PEPs). After considering why prior work in this area has failed to find wide adoption, we present an open-source encrypted-by-default PEP - QPEP - which seeks to address these issues. QPEP is built around the open QUIC standard and designed so individual customers may adopt it without ISP involvement. QPEP's performance is assessed through simulations in a replicable docker-based testbed. Across many benchmarks and network conditions, QPEP is found to avoid the perceived security-encryption trade-off in PEP design. Compared to unencrypted PEP implementations, QPEP reduces average page load times by more than 30% while also offering over-the-air privacy. Compared to the traditional VPN encryption available to customers today, QPEP more than halves average page load times. Together, these experiments lead to the conclusion that QPEP represents a promising new approach to protecting modern satellite broadband connections.

0 citations0 reviewsNo code linkedOpen access