Abstract: Various embodiments include systems and methods of determining whether media access control (MAC) address spoofing is present in a network by a wireless communication device. A processor of the wireless communication device may determine an anticipated coherence interval based on a beacon frame received from an access point. The processor may schedule an active scan request and may determine whether a response frame corresponding to the scheduled active request is received within the anticipated coherence interval. The processor may calculate a first correlation coefficient in response to the response frame being received within the anticipated coherence interval and may determine that MAC address spoofing is not present in the network when the first correlation coefficient is greater than a first predetermined threshold.

Abstract: Various embodiments provide methods, devices, and non-transitory processor-readable storage media enabling rogue access point detection with a communications device by sending multiple probes via different network connections to a remote server and receiving probe replies. Various embodiments may include a communication device transmitting a first probe addressed to a server via a first network connection and a second probe addressed to the server via a second network connection. Upon receiving a first probe reply from the server via the first network connection and a second probe reply from the server via the second network connection server, the communications device may analyze the received probe replies to determine whether an access point of either the first network or the second network is a rogue access point.

Abstract: Various methods for detecting a summoning attack by a malicious access point (AP) may include generating a random service set identifier (SSID), transmitting a probe request including the random SSID, determining whether a probe response including the random SSID is received, identifying an AP as a rogue AP in response to receiving a probe response including the random SSID, and in response to not receiving a probe response including the random SSID: generating a second SSID comprising a random selection of a plurality of words; transmitting a second probe request including the second SSID; determining whether a probe response including the second SSID is received; identifying an AP as a rogue AP in response to determining that a probe response including the second SSID is received; and determining that no rogue AP is present in response to determining that a probe response including the second SSID is not received.

Abstract: Various embodiments include systems and methods of determining whether media access control (MAC) address spoofing is present in a network by a wireless communication device. A processor of the wireless communication device may determine an anticipated coherence interval based on a beacon frame received from an access point. The processor may schedule an active scan request and may determine whether a response frame corresponding to the scheduled active request is received within the anticipated coherence interval. The processor may calculate a first correlation coefficient in response to the response frame being received within the anticipated coherence interval and may determine that MAC address spoofing is not present in the network when the first correlation coefficient is greater than a first predetermined threshold.

Abstract: Embodiments include computing devices, apparatus, and methods implemented by the apparatus for implementing wake lock aware scheduling. The apparatus may receive a wake lock request by a wake lock profiler and acquire wake lock information of a wake lock event associated with the wake lock request. The wake lock information may include a wake lock time parameter. The apparatus may send a hint having the wake lock time parameter. The apparatus may receive the hint, determine whether ready jobs can execute during the wake lock event, and send a request for permission to schedule the ready jobs for execution during the wake lock event in response to determining that the ready jobs can execute during the wake lock event.

Abstract: Various embodiments provide methods, devices, and non-transitory processor-readable storage media enabling rogue access point detection with a communications device by sending multiple probes via different network connections to a remote server and receiving probe replies. Various embodiments may include a communication device transmitting a first probe addressed to a server via a first network connection and a second probe addressed to the server via a second network connection. Upon receiving a first probe reply from the server via the first network connection and a second probe reply from the server via the second network connection server, the communications device may analyze the received probe replies to determine whether an access point of either the first network or the second network is a rogue access point.

Abstract: Embodiments include systems and methods of detecting a rogue access point by a computing device. A processor of the computing device may determine one or more features of a purported access point. The processor may calculate delta features of the purported access point based on the determined one or more features and an access point profile. The processor may apply the calculated delta features to a machine-learning model. The processor may generate an access point classification based on the application of the calculated delta features to the machine-learning model. The processor may prevent the computing device from associating with the purported access point in response to determining that the purported access point is a rogue access point, and permit associating with the access point otherwise.

Abstract: A network and its devices may be protected from non-benign behavior, malware, and cyber attacks by configuring a server computing device to work in conjunction with a multitude of client computing devices in the network. The server computing device may be configured to receive data that was collected from independent executions of different instances of the same software application on different client computing devices. The server computing device may combine the received data, and use the combined data to identify unexplored code space or potential code paths for evaluation. The server computing device may then exercise the software application through the identified unexplored code space or identified potential code paths in a client computing device emulator to generate analysis results, and use the generated analysis results to determine whether the software application is non-benign.

Abstract: Embodiments include computing devices, apparatus, and methods implemented by the apparatus for implementing wake lock aware scheduling. The apparatus may receive a wake lock request by a wake lock profiler and acquire wake lock information of a wake lock event associated with the wake lock request. The wake lock information may include a wake lock time parameter. The apparatus may send a hint having the wake lock time parameter. The apparatus may receive the hint, determine whether ready jobs can execute during the wake lock event, and send a request for permission to schedule the ready jobs for execution during the wake lock event in response to determining that the ready jobs can execute during the wake lock event.

Abstract: A network and its devices may be protected from non-benign behavior, malware, and cyber attacks caused by downloading software by configuring a server computing device to work in conjunction with the devices in the network. The server computing device may be configured to receive a software application from an application download service, establish a secure communication link to a client computing device in the network, receive exercise information from the client computing device via the secure communication link, use the received exercise information to exercise the received software application in a client computing device emulator to identify one or more behaviors, and determine whether the identified behaviors are benign. The server computing device may send the software application to the client computing device in response to determining that the identified behaviors are benign, and quarantine the software application in response to determining that the identified behaviors are not benign.

Abstract: Disclosed are systems and methods for delegating computations of resource-constrained mobile clients, in which multiple servers interact to construct an encrypted program representing a garbled circuit. Implementing the garbled circuit, garbled outputs are returned. Such implementations ensure privacy of each mobile client's data, even if an executing server has been colluded. The garbled circuit provides secure cloud computing for mobile systems by incorporating cryptographically secure pseudo random number generation that enables a mobile client to efficiently retrieve a result of a computation, as well as verify that an evaluator actually performed the computation. Cloud computation and communication complexity are analyzed to demonstrate the feasibility of the proposed system for mobile systems.

Abstract: Method and devices of detecting a malware infection of a computing device in a communication network are disclosed. A computing device may monitor outputs of temperature sensors associated with elements of the computing device. The monitored outputs of the temperature sensors may be compared to a profile of temperatures associated with normal operation of the computing device. A deviation of the monitored temperatures from the profile of temperatures associated with normal operation may be reported. The profile of temperatures associated with the normal operation of the computing device may be learned based on temperature sensor data obtained during normal operations. Learning the profile of temperatures may include monitoring outputs of temperature sensors associated with elements of the computing device during normal operation of the computing device and storing the monitored outputs as one or more profiles of temperatures associated with normal operation of the computing device.

Abstract: Disclosed are systems and methods for delegating computations of resource-constrained mobile clients, in which multiple servers interact to construct an encrypted program representing a garbled circuit. Implementing the garbled circuit, garbled outputs are returned. Such implementations ensure privacy of each mobile client's data, even if an executing server has been colluded. The garbled circuit provides secure cloud computing for mobile systems by incorporating cryptographically secure pseudo random number generation that enables a mobile client to efficiently retrieve a result of a computation, as well as verify that an evaluator actually performed the computation. Cloud computation and communication complexity are analyzed to demonstrate the feasibility of the proposed system for mobile systems.

Abstract: A replay detection technique with “small state” (e.g., with relatively few bits of state information). A sending node generates a random number ri, retrieves a code sequence (h*i?1), in one example, comprising the last 5 bits of a hash value (hi?1) of a previous packet i?1, generates a hash value hi based on the random number ri and the code sequence (h*i?1), and formulates a packet with index i including hi, ri and datai for delivery to a receiving node. The receiving node retrieves ri and hi from packet i; retrieves a code sequence (h*j) associated with a previous packet j, in one embodiment, comprising the last 5 bits of a hash value (hj) of a previous packet j, generates a hash value (hj+1) based on the random number ri and the code sequence (h*j); and declares a replay attack if hi does not equal hj+1.

Abstract: A replay detection technique with “small state” (e.g., with relatively few bits of state information). A sending node generates a random number ri, retrieves a code sequence (h*i-1), in one example, comprising the last 5 bits of a hash value (hi-1) of a previous packet i?1, generates a hash value hi based on the random number ri and the code sequence (h*i-1), and formulates a packet with index i including hi, ri and datai for delivery to a receiving node. The receiving node retrieves ri and hi from packet i; retrieves a code sequence (h*j) associated with a previous packet j, in one embodiment, comprising the last 5 bits of a hash value (hj) of a previous packet j, generates a hash value (hj+1) based on the random number ri and the code sequence (h*j); and declares a replay attack if hi does not equal hj+1.