29,455 research outputs found
Sequential Circuit Design for Embedded Cryptographic Applications Resilient to Adversarial Faults
In the relatively young field of fault-tolerant cryptography, the main research effort has focused exclusively on the protection of the data path of cryptographic circuits. To date, however, we have not found any work that aims at protecting the control logic of these circuits against fault attacks, which thus remains the proverbial Achillesâ heel. Motivated by a hypothetical yet realistic fault analysis attack that, in principle, could be mounted against any modular exponentiation engine, even one with appropriate data path protection, we set out to close this remaining gap. In this paper, we present guidelines for the design of multifault-resilient sequential control logic based on standard Error-Detecting Codes (EDCs) with large minimum distance. We introduce a metric that measures the effectiveness of the error detection technique in terms of the effort the attacker has to make in relation to the area overhead spent in
implementing the EDC. Our comparison shows that the proposed EDC-based technique provides superior performance when compared against regular N-modular redundancy techniques. Furthermore, our technique scales well and does not affect the critical path delay
Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies
Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing website attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing website attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed
Big Data in Critical Infrastructures Security Monitoring: Challenges and Opportunities
Critical Infrastructures (CIs), such as smart power grids, transport systems,
and financial infrastructures, are more and more vulnerable to cyber threats,
due to the adoption of commodity computing facilities. Despite the use of
several monitoring tools, recent attacks have proven that current defensive
mechanisms for CIs are not effective enough against most advanced threats. In
this paper we explore the idea of a framework leveraging multiple data sources
to improve protection capabilities of CIs. Challenges and opportunities are
discussed along three main research directions: i) use of distinct and
heterogeneous data sources, ii) monitoring with adaptive granularity, and iii)
attack modeling and runtime combination of multiple data analysis techniques.Comment: EDCC-2014, BIG4CIP-201
Quantitative Security Risk Modeling and Analysis with RisQFLan
Domain-specific quantitative modeling and analysis approaches are fundamental
in scenarios in which qualitative approaches are inappropriate or unfeasible.
In this paper, we present a tool-supported approach to quantitative graph-based
security risk modeling and analysis based on attack-defense trees. Our approach
is based on QFLan, a successful domain-specific approach to support
quantitative modeling and analysis of highly configurable systems, whose
domain-specific components have been decoupled to facilitate the instantiation
of the QFLan approach in the domain of graph-based security risk modeling and
analysis. Our approach incorporates distinctive features from three popular
kinds of attack trees, namely enhanced attack trees, capabilities-based attack
trees and attack countermeasure trees, into the domain-specific modeling
language. The result is a new framework, called RisQFLan, to support
quantitative security risk modeling and analysis based on attack-defense
diagrams. By offering either exact or statistical verification of probabilistic
attack scenarios, RisQFLan constitutes a significant novel contribution to the
existing toolsets in that domain. We validate our approach by highlighting the
additional features offered by RisQFLan in three illustrative case studies from
seminal approaches to graph-based security risk modeling analysis based on
attack trees
- âŠ