密码安全学术速递[1.10]
Update!H5支持摘要折叠,体验更佳!点击阅读原文访问arxivdaily.com,涵盖CS|物理|数学|经济|统计|金融|生物|电气领域,更有搜索、收藏等功能!
cs.CR密码安全,共计8篇
【1】 Apples and Cars: a Comparison of Security
标题:苹果和汽车:安全性的比较
链接:https://arxiv.org/abs/2201.02601
备注:Extended Abstract, 5th ACM COMPUTER SCIENCE IN CARS SYMPOSIUM (CSCS 2021)
摘要:Cybersecurity has gained importance for cars that increasingly rely on
software and networks. "Smartphone on wheels" is often used as an analogy to
highlight the need for security. As a high-value target of cyberattacks, modern
smartphones implement layers of protection. Automotive embedded systems share
many similarities with smartphones. We compare the security architecture of an
iPhone and a car to identify gaps and discuss the potentials for the cars of
the future.
【2】 Security Considerations for Virtual Reality Systems
标题:虚拟现实系统的安全注意事项
链接:https://arxiv.org/abs/2201.02563
摘要:There is a growing need for authentication methodology in virtual reality
applications. Current systems assume that the immersive experience technology
is a collection of peripheral devices connected to a personal computer or
mobile device. Hence there is a complete reliance on the computing device with
traditional authentication mechanisms to handle the authentication and
authorization decisions. Using the virtual reality controllers and headset
poses a different set of challenges as it is subject to unauthorized
observation, unannounced to the user given the fact that the headset completely
covers the field of vision in order to provide an immersive experience. As the
need for virtual reality experiences in the commercial world increases, there
is a need to provide other alternative mechanisms for secure authentication. In
this paper, we analyze a few proposed authentication systems and reached a
conclusion that a multidimensional approach to authentication is needed to
address the granular nature of authentication and authorization needs of a
commercial virtual reality applications in the commercial world.
【3】 Evaluation of Cyber Attacks Targeting Internet Facing IoT : An Experimental Evaluation
标题:面向互联网面向物联网的网络攻击评估:一项实验评估
链接:https://arxiv.org/abs/2201.02506
摘要:The rapid growth of Information and Communication Technology (ICT) in the
21st century has resulted in the emergence of a novel technological paradigm;
known as the Internet of Things, or IoT. The IoT, which is at the heart of
today's smart infrastructure, aids in the creation of a ubiquitous network of
things by simplifying interconnection between smart digital devices and
enabling Machine to Machine (M2M) communication. As of now, there are numerous
examples of IoT use cases available, assisting every person in this world
towards making their lives easier and more convenient. With the latest
advancement of IoT in variety of cyber-attacks that targets these pervasive IoT
environments, which can even lead to jeopardizing the lives of peoples; that
are involving with it. In general, this IoT can be considered as every digital
object that is connected to the Internet for intercommunication. Hence in this
regard in order to analyse cyber threats that come through the Internet, here
we are doing an experimental evaluation to analyse the requests, received to
exploit the opened Secure Shell (SSH) connection service of an IoT device,
which in our case a Raspberry Pi devices, which connected to the Internet for
more than six consecutive days. By opening the SSH service on Raspberry Pi, it
acts as a Honeypot device where we can log and retrieve all login attempt
requests received to the SSH service opened. Inspired by evaluating the IoT
security attacks that target objects in the pervasive IoT environment, after
retrieving all the login requests that made through the open SSH connection we
then provide a comprehensive analysis along with our observations about the
origin of the requests and the focus areas of intruders; in this study.
【4】 Repairing Adversarial Texts through Perturbation
标题:通过扰动修复敌意文本
链接:https://arxiv.org/abs/2201.02504
摘要:It is known that neural networks are subject to attacks through adversarial
perturbations, i.e., inputs which are maliciously crafted through perturbations
to induce wrong predictions. Furthermore, such attacks are impossible to
eliminate, i.e., the adversarial perturbation is still possible after applying
mitigation methods such as adversarial training. Multiple approaches have been
developed to detect and reject such adversarial inputs, mostly in the image
domain. Rejecting suspicious inputs however may not be always feasible or
ideal. First, normal inputs may be rejected due to false alarms generated by
the detection algorithm. Second, denial-of-service attacks may be conducted by
feeding such systems with adversarial inputs. To address the gap, in this work,
we propose an approach to automatically repair adversarial texts at runtime.
Given a text which is suspected to be adversarial, we novelly apply multiple
adversarial perturbation methods in a positive way to identify a repair, i.e.,
a slightly mutated but semantically equivalent text that the neural network
correctly classifies. Our approach has been experimented with multiple models
trained for natural language processing tasks and the results show that our
approach is effective, i.e., it successfully repairs about 80\% of the
adversarial texts. Furthermore, depending on the applied perturbation method,
an adversarial text could be repaired in as short as one second on average.
【5】 Methods for Increasing the Resistance of Cryptographic Designs against Horizontal DPA Attacks
标题:提高密码设计抵抗水平DPA攻击的方法
链接:https://arxiv.org/abs/2201.02391
备注:Author's version accepted for ICICS-2017; the final publication is available at Springer via this https URL
摘要:Side-channel analysis attacks, especially horizontal DPA and DEMA attacks,
are significant threats for cryptographic designs. In this paper we investigate
to which extend different multiplication formulae and randomization of the
field multiplier increase the resistance of an ECC design against horizontal
attacks. We implemented a randomized sequence of the calculation of partial
products for the field multiplication in order to increase the security
features of the field multiplier. Additionally, we use the partial polynomial
multiplier itself as a kind of countermeasure against DPA attacks. We
demonstrate that the implemented classical multiplication formula can increase
the inherent resistance of the whole ECC design. We also investigate the impact
of the combination of these two approaches. For the evaluation we synthesized
all these designs for a 250 nm gate library technologies, and analysed the
simulated power traces. All investigated protection means help to decrease the
success rate of attacks significantly: the correctness of the revealed key was
decreased from 99% to 69%.
【6】 Towards Trustworthy DeFi Oracles: Past,Present and Future
标题:走向值得信赖的德菲甲骨文:过去、现在和未来
链接:https://arxiv.org/abs/2201.02358
备注:Under review
摘要:With the rapid development of blockchain technology in recent years, all
kinds of blockchain-based applications have emerged. Among them, the
decentralized finance (DeFi) is one of the most successful applications, which
is regarded as the future of finance. The great success of DeFi relies on the
real-world data which is not directly available on the blockchain. Besides, due
to the deterministic nature of blockchain,the blockchain cannot directly obtain
in-deterministic data from the outside world (off-chain). Thus, oracles have
appeared as a viable solution to feed off-chain data to blockchain
applications. In this paper, we carryout a comprehensive study on oracles,
especially on DeFi oracles. We first briefly introduce the application
scenarios of DeFi oracles, and then we talk about the past of DeFi oracles by
categorizing them into several types based on their design features. After
that, we introduce five popular DeFi oracles currently in use(such as Chainlink
and Band Protocol), with the focus on their system architecture, data
validation process,and their incentive mechanisms. We compare these present
DeFi oracles from their data trustworthiness,data source trustworthiness and
their overall trust models. Finally, we propose a set of metrics for designing
trustworthiness DeFi oracles, and propose a potential trust architecture and a
few promising techniques for building trustworthiness oracles.
【7】 Asymptotic Security using Bayesian Defense Mechanisms with Application to Cyber Deception
标题:基于贝叶斯防御机制的渐近安全性及其在网络欺骗中的应用
链接:https://arxiv.org/abs/2201.02351
备注:16 pages
摘要:This study addresses the question whether model knowledge can prevent a
defender from being deceived or not in cyber security. As a specific
model-based defense scheme, this study treats Bayesian defense mechanism, which
monitors the system's behavior, forms a belief on existence of the attacker,
and chooses appropriate reactions. Sophisticated attackers aim at achieving her
objective while avoiding being detected by deceiving the defender. In this
paper, their dynamic decision making is formulated as a stochastic signaling
game. It is revealed that the belief on the true scenario has a limit in a
stochastic sense at an equilibrium based on martingale analysis. This fact
implies that there are only two possible cases: the defender asymptotically
detects the attack with a firm belief or the attacker takes actions such that
the system's behavior becomes nominal after a certain finite time step.
Consequently, if the dynamics admits no stealthy attacks, the system is
guaranteed to be secure in an asymptotic manner provided that effective
countermeasures are implemented. The result concludes that model knowledge can
prevent deception in an asymptotic sense. As an application of the finding, a
defensive deception utilizing asymmetric recognition on vulnerabilities
exploited by the attacker is analyzed. It is shown that, the attacker possibly
stops the attack even if the defender is unaware of the vulnerabilities as long
as the defender's unawareness is concealed by the defensive deception. Those
results indicate the powerful defense capability achieved by model knowledge.
【8】 Detecting Anomalies using Overlapping Electrical Measurements in Smart Power Grids
标题:利用重叠电测量检测智能电网中的异常
链接:https://arxiv.org/abs/2201.02236
摘要:As cyber-attacks against critical infrastructure become more frequent, it is
increasingly important to be able to rapidly identify and respond to these
threats. This work investigates two independent systems with overlapping
electrical measurements with the goal to more rapidly identify anomalies. The
independent systems include HIST, a SCADA historian, and ION, an automatic
meter reading system (AMR). While prior research has explored the benefits of
fusing measurements, the possibility of overlapping measurements from an
existing electrical system has not been investigated. To that end, we explore
the potential benefits of combining overlapping measurements both to improve
the speed/accuracy of anomaly detection and to provide additional validation of
the collected measurements. In this paper, we show that merging overlapping
measurements provide a more holistic picture of the observed systems. By
applying Dynamic Time Warping more anomalies were found -- specifically, an
average of 349 times more anomalies, when considering anomalies from both
overlapping measurements. When merging the overlapping measurements, a percent
change of anomalies of up to 785\% can be achieved compared to a non-merge of
the data as reflected by experimental results.
机器翻译,仅供参考
点击“阅读原文”获取带摘要的学术速递