181 research outputs found

    Unravelling Ariadne’s Thread: Exploring the Threats of Decentralised DNS

    Get PDF
    The current landscape of the core Internet technologies shows considerable centralisation with the big tech companies controlling the vast majority of traffic and services. This situation has sparked a wide range of decentralisation initiatives with blockchain technology being among the most prominent and successful innovations. At the same time, over the past years there have been considerable attempts to address the security and privacy issues affecting the Domain Name System (DNS). To this end, it is claimed that Blockchain-based DNS may solve many of the limitations of traditional DNS. However, such an alternative comes with its own security concerns and issues, as any introduction and adoption of a new technology typically does - let alone a disruptive one. In this work we present the emerging threat landscape of blockchain-based DNS and we empirically validate the threats with real-world data. Specifically, we explore a part of the blockchain DNS ecosystem in terms of the browser extensions using such technologies, the chain itself (Namecoin and Emercoin), the domains, and users who have been registered in these platforms. Our findings reveal several potential domain extortion attempts and possible phishing schemes. Finally, we suggest countermeasures to address the identified threats, and we identify emerging research themes

    Selective Noise Based Power-Efficient and Effective Countermeasure against Thermal Covert Channel Attacks in Multi-Core Systems

    Get PDF
    With increasing interest in multi-core systems, such as any communication systems, infra-structures can become targets for information leakages via covert channel communication. Covert channel attacks lead to leaking secret information and data. To design countermeasures against these threats, we need to have good knowledge about classes of covert channel attacks along with their properties. Temperature–based covert communication channel, known as Thermal Covert Channel (TCC), can pose a threat to the security of critical information and data. In this paper, we present a novel scheme against such TCC attacks. The scheme adds selective noise to the thermal signal so that any possible TCC attack can be wiped out. The noise addition only happens at instances when there are chances of correct information exchange to increase the bit error rate (BER) and keep the power consumption low. Our experiments have illustrated that the BER of a TCC attack can increase to 94% while having similar power consumption as that of state-of-the-art

    Transdisciplinary AI Observatory -- Retrospective Analyses and Future-Oriented Contradistinctions

    Get PDF
    In the last years, AI safety gained international recognition in the light of heterogeneous safety-critical and ethical issues that risk overshadowing the broad beneficial impacts of AI. In this context, the implementation of AI observatory endeavors represents one key research direction. This paper motivates the need for an inherently transdisciplinary AI observatory approach integrating diverse retrospective and counterfactual views. We delineate aims and limitations while providing hands-on-advice utilizing concrete practical examples. Distinguishing between unintentionally and intentionally triggered AI risks with diverse socio-psycho-technological impacts, we exemplify a retrospective descriptive analysis followed by a retrospective counterfactual risk analysis. Building on these AI observatory tools, we present near-term transdisciplinary guidelines for AI safety. As further contribution, we discuss differentiated and tailored long-term directions through the lens of two disparate modern AI safety paradigms. For simplicity, we refer to these two different paradigms with the terms artificial stupidity (AS) and eternal creativity (EC) respectively. While both AS and EC acknowledge the need for a hybrid cognitive-affective approach to AI safety and overlap with regard to many short-term considerations, they differ fundamentally in the nature of multiple envisaged long-term solution patterns. By compiling relevant underlying contradistinctions, we aim to provide future-oriented incentives for constructive dialectics in practical and theoretical AI safety research

    Optimising Security, Power Consumption and Performance of Embedded Systems

    Get PDF
    Increased interest in multicore systems has led to significant advancements in computing power, but it has also introduced new security risks due to covert channel communication. These covert channels enable the unauthorized leakage of sensitive information, posing a grave threat to system security. Traditional examples of covert channel attacks involve exploiting subtle variations such as temperature changes and timing differences to clandestinely transmit data through thermal and timing channels, respectively. These methods are particularly alarming because they demand minimal resources for implementation, thus presenting a formidable challenge to system security. Therefore, understanding the different classes of covert channel attacks and their characteristics is imperative for devising effective countermeasures. This thesis proposes two novel countermeasures to mitigate Thermal Covert Channel (TCC) attacks, which are among the most prevalent threats. In the first approach, we introduce the Selective Noise-Based Countermeasure. This novel technique disrupts covert communication by strategically adding a selective noise (extra thread) to the temperature signal to generate more heat and change its pattern. This intervention significantly increases the Bit Error Rate (BER) to 94%, thereby impeding data transmission effectively. Building upon this, the second strategy, termed Fan Speed Control Countermeasure, dynamically adjusts fan speed to reduce system temperature further, consequently decreasing the thermal signal frequency and shutting down any meaningful transmission. This methodology achieves a high BER (98%), thereby enhancing system security. Furthermore, the thesis introduces a new threat scenario termed Multi-Covert Channel Attacks, which demands advanced detection and mitigation techniques. To confront this emerging threat, we propose a comprehensive two-step approach that emphasizes both detection and tailored countermeasures. This approach leverages two distinct methodologies for implementation, with the primary goal of achieving optimal performance characterized by high BER and low power consumption. In the first method, referred to as the double multi-covert channel, we employ two distinct frequency ranges for the timing and thermal covert channels. Through extensive experimentation, we demonstrate that this approach yields a high BER, providing a formidable challenge to various defense strategies. However, it is noteworthy that this method may potentially lead to overheating issues due to the increased operational load. Alternatively, our second method, the single multi-covert channel, employs a single frequency range for data transmission. Notably, this approach addresses the overheating concerns associated with the double multi-covert channel, thereby reducing power consumption and minimizing the risk of system overheating. The experimental results presented in this thesis demonstrate the efficacy of the proposed strategies. By adopting a two-different approach, we not only enhance detection capabilities but also mitigate potential risks such as overheating. Our findings contribute significantly to the ongoing discourse on covert channel attacks and offer valuable insights for developing robust defense mechanisms against evolving threats. By providing insights into both traditional and emerging covert channel threats in multicore systems, this thesis significantly contributes to the field of multi-embedded system security. The proposed countermeasures demonstrate tangible security improvements, while the exploration of multi-covert channel attacks sets the stage for detection and defense strategies

    UN Peace Operations and Intelligence : Can the Joint Mission Analysis Center succeed?

    Get PDF
    Can the Joint Mission Analysis Center (JMAC), as the dedicated and fielded UN intelligence capability, mitigate challenges in providing the United Nations (UN) Mission Leadership Team (MLT) intelligence that ultimately will improve the decision making process and enhance the ability of the UN to fulfill the will of the international community? Throughout this paper, this is the driving question. To address the question, the paper explores the JMAC concept as described in UN policy and guidelines as well as experiences of UN peace operations1 in the 21st century and particularly the ongoing operations in Mali and South Sudan. The paper will identify challenges that UN peace operations in general, and Mali and South Sudan specifically, have experienced. If the JMAC proves capable of mitigating these challenges properly, the JMAC concept can succeed. UN peace operations have experienced a transitional development from peacekeeping operations under chapter VI of the UN Charter towards more peace enforcement and protection of civilians in line with chapter VII. Both operations require analyzed information2 and information sharing at various levels, with various means, different actors, mandates and perceptions. There is extensive literature elaborating on Intelligence and the UN. Recently, the UN has produced Guidelines and Policy describing the role of intelligence and the JMAC, which, in combination with document studies and interviews, will serve as a theoretical basis for this paper. There have, furthermore, been several studies of JMACs in UN peace operation missions identifying numerous challenges. This study, however, might enhance our understanding of Intelligence in UN peace operations and to what extent the JMAC, using the Intelligence Cycle as a framework, is able to address intelligence challenges in the UN. Throughout the paper, and the discussion, the challenges are elaborated and discussed as to whether they pose limitations or possibilities for the JMAC to succeed in UN peace operations. The findings from the research indicates that, though the JMAC concept has vastly enhanced UN capabilities in peace operations, there are some grave challenges that cannot be addressed by the JMAC alone. Intelligence in the UN is contested with a lack of coherent terminology complicating the understanding and discussion. Furthermore, intelligence in the UN and all the steps in the Intelligence Cycle, can be more effectively addressed if there is a responsible and accountable strategic entity that ensures information sharing at all levels from the field to New York. The paper concludes that the JMAC cannot mitigate key UN Intelligence challenges, realize its potential and succeed without an overarching intelligence body
    corecore