53 research outputs found
Blindspot: Indistinguishable Anonymous Communications
Communication anonymity is a key requirement for individuals under targeted
surveillance. Practical anonymous communications also require
indistinguishability - an adversary should be unable to distinguish between
anonymised and non-anonymised traffic for a given user. We propose Blindspot, a
design for high-latency anonymous communications that offers
indistinguishability and unobservability under a (qualified) global active
adversary. Blindspot creates anonymous routes between sender-receiver pairs by
subliminally encoding messages within the pre-existing communication behaviour
of users within a social network. Specifically, the organic image sharing
behaviour of users. Thus channel bandwidth depends on the intensity of image
sharing behaviour of users along a route. A major challenge we successfully
overcome is that routing must be accomplished in the face of significant
restrictions - channel bandwidth is stochastic. We show that conventional
social network routing strategies do not work. To solve this problem, we
propose a novel routing algorithm. We evaluate Blindspot using a real-world
dataset. We find that it delivers reasonable results for applications requiring
low-volume unobservable communication.Comment: 13 Page
Who clicks there!: Anonymizing the photographer in a camera saturated society
In recent years, social media has played an increasingly important role in
reporting world events. The publication of crowd-sourced photographs and videos
in near real-time is one of the reasons behind the high impact. However, the
use of a camera can draw the photographer into a situation of conflict.
Examples include the use of cameras by regulators collecting evidence of Mafia
operations; citizens collecting evidence of corruption at a public service
outlet; and political dissidents protesting at public rallies. In all these
cases, the published images contain fairly unambiguous clues about the location
of the photographer (scene viewpoint information). In the presence of adversary
operated cameras, it can be easy to identify the photographer by also combining
leaked information from the photographs themselves. We call this the camera
location detection attack. We propose and review defense techniques against
such attacks. Defenses such as image obfuscation techniques do not protect
camera-location information; current anonymous publication technologies do not
help either. However, the use of view synthesis algorithms could be a promising
step in the direction of providing probabilistic privacy guarantees
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
On the security of machine learning in malware C & C detection:a survey
One of the main challenges in security today is defending against malware attacks. As trends and anecdotal evidence show, preventing these attacks, regardless of their indiscriminate or targeted nature, has proven difficult: intrusions happen and devices get compromised, even at security-conscious organizations. As a consequence, an alternative line of work has focused on detecting and disrupting the individual steps that follow an initial compromise and are essential for the successful progression of the attack. In particular, several approaches and techniques have been proposed to identify the command and control (C&C) channel that a compromised system establishes to communicate with its controller. A major oversight of many of these detection techniques is the design's resilience to evasion attempts by the well-motivated attacker. C&C detection techniques make widespread use of a machine learning (ML) component. Therefore, to analyze the evasion resilience of these detection techniques, we first systematize works in the field of C&C detection and then, using existing models from the literature, go on to systematize attacks against the ML components used in these approaches
Unlinking super-linkers : the topology of epidemic response (Covid-19)
A key characteristic of the spread of infectious diseases is their ability to use efficient transmission paths within contact graphs. This enables the pathogen to maximise infection rates and spread within a target population. In this work, we devise techniques to localise infections and decrease infection rates based on a principled analysis of disease transmission paths within human-contact networks (proximity graphs). Experimental results of disease transmission confirms that contact tracing requires both significant visibility (at least 60\%) into the proximity graph and the ability to place half of the population under isolation, in order to stop the disease. We find that pro-actively isolating super-links -- key proximity encounters -- has significant benefits -- targeted isolation of a fourth of the population based on 35\% visibility into the proximity graph prevents an epidemic outbreak. It turns out that isolating super-spreaders is more effective than contact tracing and testing but less effective than targeting super-links. We highlight the important role of topology in epidemic outbreaks. We argue that proactive innoculation of a population by disabling super-links and super-spreaders may have an important complimentary role alongside contact tracing and testing as part of a sophisticated public-health response to epidemic outbreaks
When is software a medical device?:Understanding and determining the “intention” and requirements for software as a medical device in European union law
The role of software in society has changed drastically since the start of the twenty-first century. Software can now partially or fully facilitate diagnosis and treatment of a disease, regardless of whether it is psychological or pathological. Consequently, software plays a role comparable to medical equipment with a physical footprint. Understanding when software as a medical device must comply with applicable rules is vital for both manufacturers and regulators. We therefore examine the Medical Device Regulation to expand on the notion of intention, as this is the key basis for the classification of medical devices. Finally, we develop objective criteria that software must fulfil to be considered a medical device under European Union law
- …