12,517 research outputs found
Technical Soddi Defenses: The Trojan Horse Defense Revisited
In 2004, the Trojan horse defense was at a crossroads, having been successfully employed in two child pornography cases in the United Kingdom, resulting in acquittals. Despite the early successes, the Trojan horse defense has failed to become a regularly employed strategy. The original Trojan horse defense has now become part of the more general technical SODDI (Some Other Dude Did It) defense, which includes the possibility of unknown actors using unsecured Wi-Fi connections or having physical access to a computer to perform criminal acts. In the past ten years, it has not been effective in the United States for criminal cases, with no published acquittals in cases where it was the primary defense. Where the technical SODDI defense has been successfully used as leverage in plea negotiations, there has been either poor forensics performed by the prosecution or political pressure to resolve a matter. On the civil side, however, the defense has been wildly successful, effectively shutting down large John Doe copyright infringement litigation against non-commercial violators
UC-296 Cybersecurity Park
Cybersecurity Park is an educational VR game intended for middle-school-age children that aims to demonstrate a wide range of cybersecurity concepts to the players. Such concepts include hacking ethics and types of hackers, cryptography, Trojan Horse / ransomware viruses, and authentication and authorization. These concepts are split into various mini-games that the player can freely navigate to from the hub they spawn in. For example, in the mini-game showcasing the Trojan Horse concept, players play as a knight defending a castle from evildoers. Visitors will approach the castle and ask access into the castle, and, based on the actions by the visitors, the player will choose whether or not to allow access into the castle. The player acts as a firewall, and the visitors act like applications requesting access into a computer. If a bad visitor/application is let into the castle (representing a computer), then the castle will begin to catch fire. This one of six mini-games present within this game, and video demonstrations of some of these mini-games are provided
Implementation vulnerabilities in general quantum cryptography
Quantum cryptography is information-theoretically secure owing to its solid
basis in quantum mechanics. However, generally, initial implementations with
practical imperfections might open loopholes, allowing an eavesdropper to
compromise the security of a quantum cryptographic system. This has been shown
to happen for quantum key distribution (QKD). Here we apply experience from
implementation security of QKD to several other quantum cryptographic
primitives. We survey quantum digital signatures, quantum secret sharing,
source-independent quantum random number generation, quantum secure direct
communication, and blind quantum computing. We propose how the eavesdropper
could in principle exploit the loopholes to violate assumptions in these
protocols, breaking their security properties. Applicable countermeasures are
also discussed. It is important to consider potential implementation security
issues early in protocol design, to shorten the path to future applications.Comment: 13 pages, 8 figure
Phase-Remapping Attack in Practical Quantum Key Distribution Systems
Quantum key distribution (QKD) can be used to generate secret keys between
two distant parties. Even though QKD has been proven unconditionally secure
against eavesdroppers with unlimited computation power, practical
implementations of QKD may contain loopholes that may lead to the generated
secret keys being compromised. In this paper, we propose a phase-remapping
attack targeting two practical bidirectional QKD systems (the "plug & play"
system and the Sagnac system). We showed that if the users of the systems are
unaware of our attack, the final key shared between them can be compromised in
some situations. Specifically, we showed that, in the case of the
Bennett-Brassard 1984 (BB84) protocol with ideal single-photon sources, when
the quantum bit error rate (QBER) is between 14.6% and 20%, our attack renders
the final key insecure, whereas the same range of QBER values has been proved
secure if the two users are unaware of our attack; also, we demonstrated three
situations with realistic devices where positive key rates are obtained without
the consideration of Trojan horse attacks but in fact no key can be distilled.
We remark that our attack is feasible with only current technology. Therefore,
it is very important to be aware of our attack in order to ensure absolute
security. In finding our attack, we minimize the QBER over individual
measurements described by a general POVM, which has some similarity with the
standard quantum state discrimination problem.Comment: 13 pages, 8 figure
Machine-assisted Cyber Threat Analysis using Conceptual Knowledge Discovery
Over the last years, computer networks have evolved into highly dynamic and interconnected environments, involving multiple heterogeneous devices and providing a myriad of services on top of them. This complex landscape has made it extremely difficult for security administrators to keep accurate and be effective in protecting their systems against cyber threats. In this paper, we describe our vision and scientific posture on how artificial intelligence techniques and a smart use of security knowledge may assist system administrators in better defending their networks. To that end, we put forward a research roadmap involving three complimentary axes, namely, (I) the use of FCA-based mechanisms for managing configuration vulnerabilities, (II) the exploitation of knowledge representation techniques for automated security reasoning, and (III) the design of a cyber threat intelligence mechanism as a CKDD process. Then, we describe a machine-assisted process for cyber threat analysis which provides a holistic perspective of how these three research axes are integrated together
Improving the security of multiparty quantum secret sharing against Trojan horse attack
We analyzed the security of the multiparty quantum secret sharing (MQSS)
protocol recently proposed by Zhang, Li and Man [Phys. Rev. A \textbf{71},
044301 (2005)] and found that this protocol is secure for any other
eavesdropper except for the agent Bob who prepares the quantum signals as he
can attack the quantum communication with a Trojan horse. That is, Bob replaces
the single-photon signal with a multi-photon one and the other agent Charlie
cannot find this cheating as she does not measure the photons before they runs
back from the boss Alice, which reveals that this MQSS protocol is not secure
for Bob. Finally, we present a possible improvement of the MQSS protocol
security with two single-photon measurements and six unitary operations.Comment: 4 pages, 2 figures; The revised version of the paper published in
Phys. Rev. A 72, 044302 (2005). A bug is modified and an addendum is adde
On the "Security analysis and improvements of arbitrated quantum signature schemes"
Recently, Zou et al. [Phys. Rev. A 82, 042325 (2010)] pointed out that two
arbitrated quantum signature (AQS) schemes are not secure, because an
arbitrator cannot arbitrate the dispute between two users when a receiver
repudiates the integrity of a signature. By using a public board, they try to
propose two AQS schemes to solve the problem. This work shows that the same
security problem may exist in their schemes and also a malicious party can
reveal the other party's secret key without being detected by using the
Trojan-horse attacks. Accordingly, two basic properties of a quantum signature,
i.e. unforgeability and undeniability, may not be satisfied in their scheme
- …