37 research outputs found
Robust Malware Detection for Internet Of (Battlefield) Things Devices Using Deep Eigenspace Learning
Internet of Things (IoT) in military setting generally consists of a diverse range of Internet-connected devices and nodes (e.g. medical devices to wearable combat uniforms), which are a valuable target for cyber criminals, particularly state-sponsored or nation state actors. A common attack vector is the use of malware. In this paper, we present a deep learning based method to detect Internet Of Battlefield Things (IoBT) malware via the device's Operational Code (OpCode) sequence. We transmute OpCodes into a vector space and apply a deep Eigenspace learning approach to classify malicious and bening application. We also demonstrate the robustness of our proposed approach in malware detection and its sustainability against junk code insertion attacks. Lastly, we make available our malware sample on Github, which hopefully will benefit future research efforts (e.g. for evaluation of proposed malware detection approaches)
Forensic investigation of cooperative storage cloud service: Symform as a case study
Researchers envisioned Storage as a Service (StaaS) as an effective solution to the distributed management of digital data. Cooperative storage cloud forensic is relatively new and is an under-explored area of research. Using Symform as a case study, we seek to determine the data remnants from the use of cooperative cloud storage services. In particular, we consider both mobile devices and personal computers running various popular operating systems, namely Windows 8.1, Mac OS X Mavericks 10.9.5, Ubuntu 14.04.1 LTS, iOS 7.1.2, and Android KitKat 4.4.4. Potential artefacts recovered during the research include data relating to the installation and uninstallation of the cloud applications, log-in to and log-out from Symform account using the client application, file synchronization as well as their time stamp information. This research contributes to an in-depth understanding of the types of terrestrial artifacts that are likely to remain after the use of cooperative storage cloud on client devices
Forecasting cyber threats and pertinent mitigation technologies
Geopolitical instability is exacerbating the risk of catastrophic cyber-attacks striking where defences are weak. Nev- ertheless, cyber-attack trend forecasting predominantly relies on human expertise, which is susceptible to subjectivity and potential bias. As a solution, we have recently presented a novel study that harnesses machine learning for long-term cyber-attack forecast- ing. Building upon this groundwork, our research advances to the next level, by predicting the disparity between cyber-attack trends and the trend of the relevant alleviation technologies. Our predictive analysis aims to offer strategic insights for the decision of investment in cyber security technologies. It also provides a sound foundation for the strategic decisions of national defence agencies. To achieve this objective, we have expanded our dataset, which now encompasses records spanning 42 distinct cyber-attack types and various related features, alongside data concerning the trends of 98 pertinent technologies, dating back to 2011. The dataset features were meticulously curated from diverse sources, including news articles, blogs, government advisories, as well as from platforms such as Elsevier, Twitter, and Python APIs. With our comprehensive dataset in place, we construct a graph that elucidates the intricate interplay between cyber threats and the development of pertinent alleviation technologies. To forecast the graph, we introduce a novel Bayesian adaptation of a recently proposed graph neural network model, which effectively captures and predicts these trends. We further demonstrate the efficacy of our proposed features in this context. Furthermore, our study extends its horizon by generating future data projections for the next three years, encompassing forecasts for the evolving graph, including predictions of the gap between cyber-attack trends and the trend of the associated technologies. As a consequential outcome of our forecasting efforts, we introduce the concept of “alleviation technologies cycle”, delineating the key phases in the life cycle of 98 technologies. These findings serve as a foundational resource, offering valuable guidance for future investment and strategic defence decisions within the realm of cyber security related technologies
Artificial Intelligence-based cybersecurity for the Metaverse: research challenges and opportunities
The metaverse, known as the next-generation 3D Internet, represents virtual environments that mirror the physical world. It is supported by innovative technologies such as digital twins and extended reality (XR), which elevate user experiences across various fields. However, the metaverse also introduces significant cybersecurity and privacy challenges that remain underexplored. Due to its complex multi-tech infrastructure, the metaverse requires sophisticated, automated, and intelligent cybersecurity measures to mitigate emerging threats effectively. Therefore, this paper is the first to explore Artificial Intelligence (AI)-driven cybersecurity techniques for the metaverse, examining academic and industrial perspectives. First, we provide an overview of the metaverse, presenting a detailed system model, diverse use cases, and insights into its current industrial status. We then present attack models and cybersecurity threats derived from the unique characteristics and technologies of the metaverse. Next, we review AI-driven cybersecurity solutions based on three critical aspects: User authentication, intrusion detection systems (IDS), and the security of digital assets, specifically for Blockchain and Non-fungible Tokens (NFTs). Finally, we highlight challenges and suggest future research opportunities to enhance metaverse security, privacy, and digital asset transactions
Group Key Exchange Enabling On-Demand Derivation of Peer-to-Peer Keys
Abstract. We enrich the classical notion of group key exchange (GKE) protocols by a new property that allows each pair of users to derive an independent peer-to-peer (p2p) key on-demand and without any subsequent communication; this, in addition to the classical group key shared amongst all the users. We show that GKE protocols enriched in this way impose new security challenges concerning the secrecy and independence of both key types. The special attention should be paid to possible collusion attacks aiming to break the secrecy of p2p keys possibly established between any two non-colluding users. In our constructions we utilize the well-known parallel Diffie-Hellman key exchange (PDHKE) technique in which each party uses the same exponent for the computation of p2p keys with its peers. First, we consider PDHKE in GKE protocols where parties securely transport their secrets for the establishment of the group key. For this we use an efficient multi-recipient ElGamal encryption scheme. Further, based on PDHKE we design a generic compiler for GKE protocols that extend the classical Diffie-Hellman method. Finally, we investigate possible optimizations of these protocols allowing parties to re-use their exponents to compute both group and p2p keys, and show that not all such GKE protocols can be optimized. Key words: group key exchange, peer-to-peer keys, on-demand derivation
Large expert-curated database for benchmarking document similarity detection in biomedical literature search
Document recommendation systems for locating relevant literature have mostly relied on methods developed a decade ago. This is largely due to the lack of a large offline gold-standard benchmark of relevant documents that cover a variety of research fields such that newly developed literature search techniques can be compared, improved and translated into practice. To overcome this bottleneck, we have established the RElevant LIterature SearcH consortium consisting of more than 1500 scientists from 84 countries, who have collectively annotated the relevance of over 180 000 PubMed-listed articles with regard to their respective seed (input) article/s. The majority of annotations were contributed by highly experienced, original authors of the seed articles. The collected data cover 76% of all unique PubMed Medical Subject Headings descriptors. No systematic biases were observed across different experience levels, research fields or time spent on annotations. More importantly, annotations of the same document pairs contributed by different scientists were highly concordant. We further show that the three representative baseline methods used to generate recommended articles for evaluation (Okapi Best Matching 25, Term Frequency-Inverse Document Frequency and PubMed Related Articles) had similar overall performances. Additionally, we found that these methods each tend to produce distinct collections of recommended articles, suggesting that a hybrid method may be required to completely capture all relevant articles. The established database server located at https://relishdb.ict.griffith.edu.au is freely available for the downloading of annotation data and the blind testing of new methods. We expect that this benchmark will be useful for stimulating the development of new powerful techniques for title and title/abstract-based search engines for relevant articles in biomedical research.Peer reviewe
Password Based Server Aided Key Exchange
We propose a new password-based 3-party protocol with a formal security proof in the standard model. Under reasonable assumptions we show that our new protocol is more efficient than the recent protocol of Abdalla and Pointcheval (FC 2005), proven in the random oracle model. We also observe some limitations in the model due to Abdalla, Fouque and Pointcheval (PKC 2005) for proving security of such protocols
Traceable Privacy of Recent Provably-Secure RFID Protocols
One of the main challenges in RFIDs is the design of privacy-
preserving authentication protocols. Indeed, such protocols should not
only allow legitimate readers to authenticate tags but also protect these
latter from privacy-violating attacks, ensuring their anonymity and un-
traceability: an adversary should not be able to get any information that
would reveal the identity of a tag or would be used for tracing it. In this
paper, we analyze some recently proposed RFID authentication proto-
cols that came with provable security
avours. Our results are the rst
known privacy cryptanalysis of the protocols
Implications of emerging technologies to incident handling and digital forensic strategies: A routine activity theory
A changing cyber threat landscape may impact incident handling and digital forensic practitioners in providing the best mitigation and response strategies. This study seeks to understand the challenges of emerging threats to incident handling and digital forensic by utilizing the routine activity theory, which comprises three main factors—motivation, opportunities, and guardianship. Data were collected using an open-ended questionnaire completed by respondents from 20 organizations. Our findings suggest that the emerging technologies pose significant motivations and opportunities to cybercriminals, and thus, increase the challenges in incident handling and digital forensics to provide effective guardianship
Security Requirements for Key Establishment Proof Models: Revisiting Bellare-Rogaway and Jeong-Katz-Lee Protocols
We observe that the definitions of security in the computational complexity proof models of Bellare & Rogaway (1993) and Canetti & Krawczyk (2001) require two partners in the presence of a malicious adversary to accept the same session key, which we term a key sharing requirement. We then revisit the Bellare--Rogaway three-party key distribution (3PKD) protocol and the Jeong--Katz--Lee two-party authenticated key exchange protocol TS2, which carry claimed proofs of security in the Canetti & Krawczyk (2001) model and the Bellare & Rogaway (1993) model respectively. We reveal previously unpublished flaws in these protocols where we demonstrate that both protocols fail to satisfy the definition of security in the respective models. We present a new 3PKD protocol as an improvement with a proof of security in the Canetti & Krawczyk (2001) model and a simple fix to the specification of protocol TS2. We also identify several variants of the key sharing requirement and present a brief discussion