Blindspot: Indistinguishable Anonymous Communications

Communication anonymity is a key requirement for individuals under targeted surveillance. Practical anonymous communications also require indistinguishability - an adversary should be unable to distinguish between anonymised and non-anonymised traffic for a given user. We propose Blindspot, a design for high-latency anonymous communications that offers indistinguishability and unobservability under a (qualified) global active adversary. Blindspot creates anonymous routes between sender-receiver pairs by subliminally encoding messages within the pre-existing communication behaviour of users within a social network. Specifically, the organic image sharing behaviour of users. Thus channel bandwidth depends on the intensity of image sharing behaviour of users along a route. A major challenge we successfully overcome is that routing must be accomplished in the face of significant restrictions - channel bandwidth is stochastic. We show that conventional social network routing strategies do not work. To solve this problem, we propose a novel routing algorithm. We evaluate Blindspot using a real-world dataset. We find that it delivers reasonable results for applications requiring low-volume unobservable communication.Comment: 13 Page

Who clicks there!: Anonymizing the photographer in a camera saturated society

In recent years, social media has played an increasingly important role in reporting world events. The publication of crowd-sourced photographs and videos in near real-time is one of the reasons behind the high impact. However, the use of a camera can draw the photographer into a situation of conflict. Examples include the use of cameras by regulators collecting evidence of Mafia operations; citizens collecting evidence of corruption at a public service outlet; and political dissidents protesting at public rallies. In all these cases, the published images contain fairly unambiguous clues about the location of the photographer (scene viewpoint information). In the presence of adversary operated cameras, it can be easy to identify the photographer by also combining leaked information from the photographs themselves. We call this the camera location detection attack. We propose and review defense techniques against such attacks. Defenses such as image obfuscation techniques do not protect camera-location information; current anonymous publication technologies do not help either. However, the use of view synthesis algorithms could be a promising step in the direction of providing probabilistic privacy guarantees

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

On the security of machine learning in malware C & C detection:a survey

One of the main challenges in security today is defending against malware attacks. As trends and anecdotal evidence show, preventing these attacks, regardless of their indiscriminate or targeted nature, has proven difficult: intrusions happen and devices get compromised, even at security-conscious organizations. As a consequence, an alternative line of work has focused on detecting and disrupting the individual steps that follow an initial compromise and are essential for the successful progression of the attack. In particular, several approaches and techniques have been proposed to identify the command and control (C&C) channel that a compromised system establishes to communicate with its controller. A major oversight of many of these detection techniques is the design's resilience to evasion attempts by the well-motivated attacker. C&C detection techniques make widespread use of a machine learning (ML) component. Therefore, to analyze the evasion resilience of these detection techniques, we first systematize works in the field of C&C detection and then, using existing models from the literature, go on to systematize attacks against the ML components used in these approaches

Unlinking super-linkers : the topology of epidemic response (Covid-19)

A key characteristic of the spread of infectious diseases is their ability to use efficient transmission paths within contact graphs. This enables the pathogen to maximise infection rates and spread within a target population. In this work, we devise techniques to localise infections and decrease infection rates based on a principled analysis of disease transmission paths within human-contact networks (proximity graphs). Experimental results of disease transmission confirms that contact tracing requires both significant visibility (at least 60\%) into the proximity graph and the ability to place half of the population under isolation, in order to stop the disease. We find that pro-actively isolating super-links -- key proximity encounters -- has significant benefits -- targeted isolation of a fourth of the population based on 35\% visibility into the proximity graph prevents an epidemic outbreak. It turns out that isolating super-spreaders is more effective than contact tracing and testing but less effective than targeting super-links. We highlight the important role of topology in epidemic outbreaks. We argue that proactive innoculation of a population by disabling super-links and super-spreaders may have an important complimentary role alongside contact tracing and testing as part of a sophisticated public-health response to epidemic outbreaks

When is software a medical device?:Understanding and determining the “intention” and requirements for software as a medical device in European union law

The role of software in society has changed drastically since the start of the twenty-first century. Software can now partially or fully facilitate diagnosis and treatment of a disease, regardless of whether it is psychological or pathological. Consequently, software plays a role comparable to medical equipment with a physical footprint. Understanding when software as a medical device must comply with applicable rules is vital for both manufacturers and regulators. We therefore examine the Medical Device Regulation to expand on the notion of intention, as this is the key basis for the classification of medical devices. Finally, we develop objective criteria that software must fulfil to be considered a medical device under European Union law