1,720,987 research outputs found
Towards automated classification of firmware images and identification of embedded devices
No full text
Digital Forgetting Using Key Decay
No full textDuring the recent development of information technology and the prevalent breakthroughs of its services, more digital data tend to be readily stored online. Although the massive advantages, there is a pivotal necessity for curating digital data forgetting. Online content can pose perilous threats in terms of privacy and security that may hinder the right to be forgotten, encompassed by the GDPR act, since the released data can be archived and accessed retrospectively. Prior approaches focused on various access heuristics and elastic expiration times to make the data unreachable to some extent. However, there are still many pending issues related to the proposed studies, such as securing ephemeral key storage and co-ownership data deletion. In this paper, we attempt to tackle the problem of storing ephemeral keys during the estimated validity period. Hence, we devise a novel concept called key decay over time, which can achieve the ephemeral existence of the key. The decay idea entails the gradual, irreversible corruption of the key with time passing. In the current work, we combine the concept of gradual time elapsing and corruption into a single notion of the decay rate. Meanwhile, the irreversibility merit formed by randomness and various obfuscation strategies impedes retrospective attacks. Over time, the decay rate will give an estimated range for the key to be destroyed entirely. Finally, we implement and thoroughly assess a proof-of-concept regarding the key decay, including computational complexity and security analysis. Cyber Securit
Ransomware: Notes on the US Computer Fraud and Abuse Act and the CoE International Convention on Cybercrime
No full textIt is 2021, and cyberattacks are relentless. Attacks can take many forms, such asransomware, which according to some estimations, accounted for approximately 4000 attacks per day, with 98% of the attacks relying on social engineering. Only in the US, ransomware attacks in 2020 costed an estimated $915 million. This working paper aims to look into the applicable legislative regimes to ransomware from the perspective of the US Computer Fraud and Abuse Act (CFAA) and the Convention on Cybercrime of the Council of Europe (Budapest Convention). In doing so, in Section 2 the paper first describes ransomware, both from a technical perspective as well from the perspective of the novel business model of Ransomware-as-a-service (RaaS).Section 3 is dedicated to applying the CFAA to ransomware, whereas Section 4 does the same for the Budapest Convention. Section 5 brings together some concluding reflections regarding the two legal regimes
Leveraging Internet Services to Evade Censorship
No full textFree and uncensored access to the Internet is an important right nowadays. Repressive regimes, however, prevent their citizens from freely using the Internet and utilize censorship to suppress unwanted content. To overcome such filtering, researchers introduced circumvention systems that avoid censorship by cloaking and redirecting the censored traffic through a legitimate channel. Sadly, this solution can raise alerts to censors, especially when it is mistakenly used. In this paper, we argue that relying on a single channel is not sufficient to evade censorship since the usage pattern of a circumvention system differs compared to a legitimate use of a service. To address this limitation of state-of-the-art systems, we introduce Camouflage, an approach to combine multiple non-blocked communication protocols and dynamically switch among these tunnels. Each protocol is only used for a limited amount of time and the Internet connection is transparently routed through instances of different censorship circumvention systems. We prototype Camouflage by using applications which are based on these protocols and also offer end-to-end encryption to prevent censors from distinguishing circumvention systems from regular services. We evaluate Camouflage in countries that impose censorship and demonstrate that our approach can successfully bypass existing censorship systems while remaining undetected
Ransomware: Notes on the US Computer Fraud and Abuse Act and the CoE International Convention on Cybercrime
Full text linkIt is 2021, and cyberattacks are relentless. Attacks can take many forms, such asransomware, which according to some estimations, accounted for approximately 4000 attacks per day, with 98% of the attacks relying on social engineering. Only in the US, ransomware attacks in 2020 costed an estimated $915 million. This working paper aims to look into the applicable legislative regimes to ransomware from the perspective of the US Computer Fraud and Abuse Act (CFAA) and the Convention on Cybercrime of the Council of Europe (Budapest Convention). In doing so, in Section 2 the paper first describes ransomware, both from a technical perspective as well from the perspective of the novel business model of Ransomware-as-a-service (RaaS).Section 3 is dedicated to applying the CFAA to ransomware, whereas Section 4 does the same for the Budapest Convention. Section 5 brings together some concluding reflections regarding the two legal regimes
The Art of False Alarms in the Game of Deception: Leveraging Fake Honeypots for Enhanced Security
No full textAbstract—The great popularity of the Internet increases the concern for the safety of its users as many malicious Web pages pop up in daily basis. Client honeypots are tools, which are able to detect malicious Web pages, which aim to infect their visitors. These tools are widely used by researchers and anti-virus companies in their attempt to protect Internet users from being infected. Unfortunately, cyber-criminals are becoming aware of this type of detection and create evasion techniques that allow them to behave in a benign way when they feel to be threatened. This bi-faceted behavior enables them to operate for a longer period, which translates in more profit. Hence, these deceptive Web pages pose a significant challenge to existing client honeypot approaches, making them incapable to detect them when exhibit the aforementioned behavior. In this paper, we mitigate this problem by designing and developing a framework that benefits from this bi-faceted be-havior. Our main goal is to protect users from being infected. More precisely, we leverage the evasion techniques used by cyber-criminals and implement a prototype, called SCARECROW, which triggers false alarms in the cases of deceptive Web pages. Consequently, the users that use SCARECROW for Web surfing can remain protected, even if they visit a malicious Website. We evaluate our implementation against malicious URLs provided by a large anti-virus company and show that when SCARECROW is deployed, malicious Websites with bi-faceted behavior do not launch their attacks against normal users
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
- …
