3,231 research outputs found
TRIDEnT: Building Decentralized Incentives for Collaborative Security
Sophisticated mass attacks, especially when exploiting zero-day
vulnerabilities, have the potential to cause destructive damage to
organizations and critical infrastructure. To timely detect and contain such
attacks, collaboration among the defenders is critical. By correlating
real-time detection information (alerts) from multiple sources (collaborative
intrusion detection), defenders can detect attacks and take the appropriate
defensive measures in time. However, although the technical tools to facilitate
collaboration exist, real-world adoption of such collaborative security
mechanisms is still underwhelming. This is largely due to a lack of trust and
participation incentives for companies and organizations. This paper proposes
TRIDEnT, a novel collaborative platform that aims to enable and incentivize
parties to exchange network alert data, thus increasing their overall detection
capabilities. TRIDEnT allows parties that may be in a competitive relationship,
to selectively advertise, sell and acquire security alerts in the form of
(near) real-time peer-to-peer streams. To validate the basic principles behind
TRIDEnT, we present an intuitive game-theoretic model of alert sharing, that is
of independent interest, and show that collaboration is bound to take place
infinitely often. Furthermore, to demonstrate the feasibility of our approach,
we instantiate our design in a decentralized manner using Ethereum smart
contracts and provide a fully functional prototype.Comment: 28 page
Cyber Babel: Finding the Lingua Franca in Cybersecurity Regulation
Cybersecurity regulations have proliferated over the past few years as the significance of the threat has drawn more attention. With breaches making headlines, the public and their representatives are imposing requirements on those that hold sensitive data with renewed vigor. As high-value targets that hold large amounts of sensitive data, financial institutions are among the most heavily regulated. Regulations are necessary. However, regulations also come with costs that impact both large and small companies, their customers, and local, national, and international economies. As the regulations have proliferated so have those costs. The regulations will inevitably and justifiably diverge where different governments view the needs of their citizens differently. However, that should not prevent regulators from recognizing areas of agreement. This Note examines the regulatory regimes governing the data and cybersecurity practices of financial institutions implemented by the Securities and Exchange Commission, the New York Department of Financial Services, and the General Data Protection Regulations of the European Union to identify areas where requirements overlap, with the goal of suggesting implementations that promote consistency, clarity, and cost reduction
Cleartext Data Transmissions in Consumer IoT Medical Devices
This paper introduces a method to capture network traffic from medical IoT
devices and automatically detect cleartext information that may reveal
sensitive medical conditions and behaviors. The research follows a three-step
approach involving traffic collection, cleartext detection, and metadata
analysis. We analyze four popular consumer medical IoT devices, including one
smart medical device that leaks sensitive health information in cleartext. We
also present a traffic capture and analysis system that seamlessly integrates
with a home network and offers a user-friendly interface for consumers to
monitor and visualize data transmissions of IoT devices in their homes.Comment: 6 pages, 5 figure
Decrypting SSL/TLS traffic for hidden threats detection
The paper presents an analysis of the main mechanisms of decryption of
SSL/TLS traffic. Methods and technologies for detecting malicious activity in
encrypted traffic that are used by leading companies are also considered. Also,
the approach for intercepting and decrypting traffic transmitted over SSL/TLS
is developed, tested and proposed. The developed approach has been automated
and can be used for remote listening of the network, which will allow to
decrypt transmitted data in a mode close to real time.Comment: 4 pages, 1 table, 1 figur
- …