-
Assessing The Effectiveness Of Current Cybersecurity Regulations And Policies In The US arXiv.cs.CR Pub Date : 2024-04-17 Ejiofor Oluomachi, Akinsola Ahmed, Wahab Ahmed, Edozie Samson
This article assesses the effectiveness of current cybersecurity regulations and policies in the United States amidst the escalating frequency and sophistication of cyber threats. The focus is on the comprehensive framework established by the U.S. government, with a spotlight on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and key regulations such as HIPAA, GLBA
-
S3PHER: Secure and Searchable System for Patient-driven HEalth data shaRing arXiv.cs.CR Pub Date : 2024-04-17 Ivan Costa, Ivone Amorim, Eva Maia, Pedro Barbosa, Isabel Praca
Healthcare data contains some of the most sensitive information about an individual, yet sharing this data with healthcare practitioners can significantly enhance patient care and support research efforts. However, current systems for sharing health data between patients and caregivers do not fully address the critical security requirements of privacy, confidentiality, and consent management. Furthermore
-
SoK: Decentralized Finance (DeFi) -- Fundamentals, Taxonomy and Risks arXiv.cs.CR Pub Date : 2024-04-17 Krzysztof Gogol, Christian Killer, Malte Schlosser, Thomas Bocek, Burkhard Stiller, Claudio Tessone
Decentralized Finance (DeFi) refers to financial services that are not necessarily related to crypto-currencies. By employing blockchain for security and integrity, DeFi creates new possibilities that attract retail and institution users, including central banks. Given its novel applications and sophisticated designs, the distinction between DeFi services and understanding the risk involved is often
-
The Writing is on the Wall: Analyzing the Boom of Inscriptions and its Impact on Rollup Performance and Cost Efficiency arXiv.cs.CR Pub Date : 2024-04-17 Krzysztof Gogol, Johnnatan Messias, Maria Ines Silva, Benjamin Livshits
Late 2023 witnessed significant user activity on EVM chains, resulting in a surge in transaction activity and putting many rollups into the first live test. While some rollups performed well, some others experienced downtime during this period, affecting transaction finality time and gas fees. To address the lack of empirical research on rollups, we perform the first study during a heightened activity
-
TransLinkGuard: Safeguarding Transformer Models Against Model Stealing in Edge Deployment arXiv.cs.CR Pub Date : 2024-04-17 Qinfeng Li, Zhiqiang Shen, Zhenghan Qin, Yangfan Xie, Xuhong Zhang, Tianyu Du, Jianwei Yin
Proprietary large language models (LLMs) have been widely applied in various scenarios. Additionally, deploying LLMs on edge devices is trending for efficiency and privacy reasons. However, edge deployment of proprietary LLMs introduces new security challenges: edge-deployed models are exposed as white-box accessible to users, enabling adversaries to conduct effective model stealing (MS) attacks. Unfortunately
-
From Paper to Platform: Evolution of a Novel Learning Environment for Tabletop Exercises arXiv.cs.CR Pub Date : 2024-04-17 Valdemar Švábenský, Jan Vykopal, Martin Horák, Martin Hofbauer, Pavel Čeleda
For undergraduate students of computing, learning to solve complex practical problems in a team is an essential skill for their future careers. This skill is needed in various fields, such as in cybersecurity and IT governance. Tabletop exercises are an innovative teaching method used in practice for training teams in incident response and evaluation of contingency plans. However, tabletop exercises
-
Cybersecurity in the Quantum Era: Assessing the Impact of Quantum Computing on Infrastructure arXiv.cs.CR Pub Date : 2024-04-16 Yaser Baseri, Vikas Chouhan, Ali Ghorbani
The emergence of quantum computing presents a double-edged sword for cybersecurity. While its immense power holds promise for advancements in various fields, it also threatens to crack the foundation of current encryption methods. This analysis explores the impact of quantum computing on critical infrastructure and cloud services, meticulously evaluating potential vulnerabilities across various layers
-
Shining Light into the Tunnel: Understanding and Classifying Network Traffic of Residential Proxies arXiv.cs.CR Pub Date : 2024-04-16 Ronghong Huang, Dongfang Zhao, Xianghang Mi, Xiaofeng Wang
Emerging in recent years, residential proxies (RESIPs) feature multiple unique characteristics when compared with traditional network proxies (e.g., commercial VPNs), particularly, the deployment in residential networks rather than data center networks, the worldwide distribution in tens of thousands of cities and ISPs, and the large scale of millions of exit nodes. All these factors allow RESIP users
-
Characterizing Polkadot's Transactions Ecosystem: methodology, tools, and insights arXiv.cs.CR Pub Date : 2024-04-16 Maurantonio Caprolu, Roberto Di Pietro, Flavio Lombardi, Elia Onofri
The growth potential of a crypto(currency) project can be measured by the use cases spurred by the underlying technology. However, these projects are usually distributed, with a weak feedback schemes. Hence, a metric that is widely used as a proxy for their healthiness is the number of transactions and related volumes. Nevertheless, such a metric can be subject to manipulation (the crypto market being
-
Sisu: Decentralized Trustless Bridge For Full Ethereum Node arXiv.cs.CR Pub Date : 2024-04-16 Billy Pham, Huy Nguyen
In this paper, we present a detailed approach and implementation to prove Ethereum full node using recursive SNARK, distributed general GKR and Groth16. Our protocol's name is Sisu whose architecture is based on distributed Virgo in zkBridge with some major improvements. Besides proving signature aggregation, we provide solutions to 2 hard problems in proving Ethereum full node: 1) any public key is
-
Integration of Federated Learning and Blockchain in Healthcare: A Tutorial arXiv.cs.CR Pub Date : 2024-04-15 Yahya Shahsavari, Oussama A. Dambri, Yaser Baseri, Abdelhakim Senhaji Hafid, Dimitrios Makrakis
Wearable devices and medical sensors revolutionize health monitoring, raising concerns about data privacy in ML for healthcare. This tutorial explores FL and BC integration, offering a secure and privacy-preserving approach to healthcare analytics. FL enables decentralized model training on local devices at healthcare institutions, keeping patient data localized. This facilitates collaborative model
-
Larger-scale Nakamoto-style Blockchains Don't Necessarily Offer Better Security arXiv.cs.CR Pub Date : 2024-04-15 Jannik Albrecht, Sebastien Andreina, Frederik Armknecht, Ghassan Karame, Giorgia Marson, Julian Willingmann
Extensive research on Nakamoto-style consensus protocols has shown that network delays degrade the security of these protocols. Established results indicate that, perhaps surprisingly, maximal security is achieved when the network is as small as two nodes due to increased delays in larger networks. This contradicts the very foundation of blockchains, namely that decentralization improves security.
-
Privacy-Preserving Federated Unlearning with Certified Client Removal arXiv.cs.CR Pub Date : 2024-04-15 Ziyao Liu, Huanyi Ye, Yu Jiang, Jiyuan Shen, Jiale Guo, Ivan Tjuawinata, Kwok-Yan Lam
In recent years, Federated Unlearning (FU) has gained attention for addressing the removal of a client's influence from the global model in Federated Learning (FL) systems, thereby ensuring the ``right to be forgotten" (RTBF). State-of-the-art methods for unlearning use historical data from FL clients, such as gradients or locally trained models. However, studies have revealed significant information
-
An Empirical Study of Open Edge Computing Platforms: Ecosystem, Usage, and Security Risks arXiv.cs.CR Pub Date : 2024-04-15 Yu Bi, Mingshuo Yang, Yong Fang, Xianghang Mi, Shanqing Guo, Shujun Tang, Haixin Duan
Emerging in recent years, open edge computing platforms (OECPs) claim large-scale edge nodes, the extensive usage and adoption, as well as the openness to any third parties to join as edge nodes. For instance, OneThingCloud, a major OECP operated in China, advertises 5 million edge nodes, 70TB bandwidth, and 1,500PB storage. However, little information is publicly available for such OECPs with regards
-
Enhancing Code Vulnerability Detection via Vulnerability-Preserving Data Augmentation arXiv.cs.CR Pub Date : 2024-04-15 Shangqing Liu, Wei Ma, Jian Wang, Xiaofei Xie, Ruitao Feng, Yang Liu
Source code vulnerability detection aims to identify inherent vulnerabilities to safeguard software systems from potential attacks. Many prior studies overlook diverse vulnerability characteristics, simplifying the problem into a binary (0-1) classification task for example determining whether it is vulnerable or not. This poses a challenge for a single deep learning-based model to effectively learn
-
Bridging the Gap: Automated Analysis of Sancus arXiv.cs.CR Pub Date : 2024-04-15 Matteo Busi, Riccardo Focardi, Flaminia Luccio
Techniques for verifying or invalidating the security of computer systems have come a long way in recent years. Extremely sophisticated tools are available to specify and formally verify the behavior of a system and, at the same time, attack techniques have evolved to the point of questioning the possibility of obtaining adequate levels of security, especially in critical applications. In a recent
-
Crooked indifferentiability of the Feistel Construction arXiv.cs.CR Pub Date : 2024-04-15 Alexander Russell, Qiang Tang, Jiadong Zhu
The Feistel construction is a fundamental technique for building pseudorandom permutations and block ciphers. This paper shows that a simple adaptation of the construction is resistant, even to algorithm substitution attacks -- that is, adversarial subversion -- of the component round functions. Specifically, we establish that a Feistel-based construction with more than $2000n/\log(1/\epsilon)$ rounds
-
Correcting Subverted Random Oracles arXiv.cs.CR Pub Date : 2024-04-15 Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou, Jiadong Zhu
The random oracle methodology has proven to be a powerful tool for designing and reasoning about cryptographic schemes. In this paper, we focus on the basic problem of correcting faulty or adversarially corrupted random oracles, so that they can be confidently applied for such cryptographic purposes. We prove that a simple construction can transform a "subverted" random oracle which disagrees with
-
EQO: Exploring Ultra-Efficient Private Inference with Winograd-Based Protocol and Quantization Co-Optimization arXiv.cs.CR Pub Date : 2024-04-15 Wenxuan Zeng, Tianshi Xu, Meng Li, Runsheng Wang
Private convolutional neural network (CNN) inference based on secure two-party computation (2PC) suffers from high communication and latency overhead, especially from convolution layers. In this paper, we propose EQO, a quantized 2PC inference framework that jointly optimizes the CNNs and 2PC protocols. EQO features a novel 2PC protocol that combines Winograd transformation with quantization for efficient
-
Counteracting Concept Drift by Learning with Future Malware Predictions arXiv.cs.CR Pub Date : 2024-04-14 Branislav Bosansky, Lada Hospodkova, Michal Najman, Maria Rigaki, Elnaz Babayeva, Viliam Lisy
The accuracy of deployed malware-detection classifiers degrades over time due to changes in data distributions and increasing discrepancies between training and testing data. This phenomenon is known as the concept drift. While the concept drift can be caused by various reasons in general, new malicious files are created by malware authors with a clear intention of avoiding detection. The existence
-
New Class of Ciphers Using Hardware Entropy Source arXiv.cs.CR Pub Date : 2024-04-14 Jan J. Tatarkiewicz, Wieslaw B. Kuzmicz
We present a novel, computationally simple method of hiding any message in the stream of random bits by using a secret key. The method is called Bury Among Random Numbers (BARN). A stream of random bits is produced by extracting the entropy of a physical process in a hardware-based true random number generator (TRNG). The process of placing bits of a message into the stream of random bits is governed
-
Make Split, not Hijack: Preventing Feature-Space Hijacking Attacks in Split Learning arXiv.cs.CR Pub Date : 2024-04-14 Tanveer Khan, Mindaugas Budzys, Antonis Michalas
The popularity of Machine Learning (ML) makes the privacy of sensitive data more imperative than ever. Collaborative learning techniques like Split Learning (SL) aim to protect client data while enhancing ML processes. Though promising, SL has been proved to be vulnerable to a plethora of attacks, thus raising concerns about its effectiveness on data privacy. In this work, we introduce a hybrid approach
-
PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound arXiv.cs.CR Pub Date : 2024-04-14 Man Zhou, Shuao Su, Qian Wang, Qi Li, Yuting Zhou, Xiaojing Ma, Zhengxiong Li
Fingerprint authentication has been extensively employed in contemporary identity verification systems owing to its rapidity and cost-effectiveness. Due to its widespread use, fingerprint leakage may cause sensitive information theft, enormous economic and personnel losses, and even a potential compromise of national security. As a fingerprint that can coincidentally match a specific proportion of
-
Pirates: Anonymous Group Calls Over Fully Untrusted Infrastructure arXiv.cs.CR Pub Date : 2024-04-13 Christoph Coijanovic, Akim Stark, Daniel Schadt, Thorsten Strufe
Anonymous metadata-private voice call protocols suffer from high delays and so far cannot provide group call functionality. Anonymization inherently yields delay penalties, and scaling signalling and communication to groups of users exacerbates this situation. Our protocol Pirates employs PIR, improves parallelization and signalling, and is the first group voice call protocol that guarantees the strong
-
Gophy: Novel Proof-of-Useful-Work blockchain architecture for High Energy Physics arXiv.cs.CR Pub Date : 2024-04-13 Felix Hoffmann, Udo Kebschull
In this publication, a novel architecture for Proof-of-Useful-Work blockchain consensus which aims to replace hash-based block problems with Monte Carlo simulation-based block problems to donate computational power to real-world HEP experiments is described. Design decisions are detailed and challenges are addressed. The architecture is being implemented using Golang and can be run inside the CbmRoot
-
Projective Systematic Authentication via Reed-Muller Codes arXiv.cs.CR Pub Date : 2024-04-13 Hsuan-Po Liu, Hessam Mahdavifar
In this paper, we study the problem of constructing projective systematic authentication schemes based on binary linear codes. In systematic authentication, a tag for authentication is generated and then appended to the information, also referred to as the source, to be sent from the sender. Existing approaches to leverage projective constructions focus primarily on codes over large alphabets, and
-
Enhancing Security Awareness Through Gamified Approaches arXiv.cs.CR Pub Date : 2024-04-13 Yussuf Ahmed, Micheal Ezealor, Haitham Mahmoud, MohamedAjmal Azad, Mohamed BenFarah, Mehdi Yousefi
With the advent of smart grid (SG) systems, electricity networks have been able to ensure greater efficiency and utility by interconnecting their grids through cloud-based technology. As SGs become increasingly complex, a wide range of security challenges arise, threatening the grid's reliability, safety, efficiency, and stability. The security challenges include the potential exposure of personal
-
SQIAsignHD: SQIsignHD Adaptor Signature arXiv.cs.CR Pub Date : 2024-04-13 Farzin Renan, Péter Kutas
Adaptor signatures can be viewed as a generalized form of the standard digital signature schemes where a secret randomness is hidden within a signature. Adaptor signatures are a recent cryptographic primitive and are becoming an important tool for blockchain applications such as cryptocurrencies to reduce on-chain costs, improve fungibility, and contribute to off-chain forms of payment in payment-channel
-
On the critical path to implant backdoors and the effectiveness of potential mitigation techniques: Early learnings from XZ arXiv.cs.CR Pub Date : 2024-04-13 Mario Lins, René Mayrhofer, Michael Roland, Daniel Hofer, Martin Schwaighofer
An emerging supply-chain attack due to a backdoor in XZ Utils has been identified. The backdoor allows an attacker to run commands remotely on vulnerable servers utilizing SSH without prior authentication. We have started to collect available information with regards to this attack to discuss current mitigation strategies for such kinds of supply-chain attacks. This paper introduces the critical attack
-
FCert: Certifiably Robust Few-Shot Classification in the Era of Foundation Models arXiv.cs.CR Pub Date : 2024-04-12 Yanting Wang, Wei Zou, Jinyuan Jia
Few-shot classification with foundation models (e.g., CLIP, DINOv2, PaLM-2) enables users to build an accurate classifier with a few labeled training samples (called support samples) for a classification task. However, an attacker could perform data poisoning attacks by manipulating some support samples such that the classifier makes the attacker-desired, arbitrary prediction for a testing input. Empirical
-
Manifest V3 Unveiled: Navigating the New Era of Browser Extensions arXiv.cs.CR Pub Date : 2024-04-12 Nikolaos Pantelaios, Alexandros Kapravelos
Introduced over a decade ago, Chrome extensions now exceed 200,000 in number. In 2020, Google announced a shift in extension development with Manifest Version 3 (V3), aiming to replace the previous Version 2 (V2) by January 2023. This deadline was later extended to January 2025. The company's decision is grounded in enhancing three main pillars: privacy, security, and performance. This paper presents
-
Subtoxic Questions: Dive Into Attitude Change of LLM's Response in Jailbreak Attempts arXiv.cs.CR Pub Date : 2024-04-12 Tianyu Zhang, Zixuan Zhao, Jiaqi Huang, Jingyu Hua, Sheng Zhong
As Large Language Models (LLMs) of Prompt Jailbreaking are getting more and more attention, it is of great significance to raise a generalized research paradigm to evaluate attack strengths and a basic model to conduct subtler experiments. In this paper, we propose a novel approach by focusing on a set of target questions that are inherently more sensitive to jailbreak prompts, aiming to circumvent
-
A Systematic Construction Approach for All $4\times 4$ Involutory MDS Matrices arXiv.cs.CR Pub Date : 2024-04-12 Yogesh Kumar, P. R. Mishra, Susanta Samanta, Atul Gaur
Maximum distance separable (MDS) matrices play a crucial role not only in coding theory but also in the design of block ciphers and hash functions. Of particular interest are involutory MDS matrices, which facilitate the use of a single circuit for both encryption and decryption in hardware implementations. In this article, we present several characterizations of involutory MDS matrices of even order
-
Navigating Quantum Security Risks in Networked Environments: A Comprehensive Study of Quantum-Safe Network Protocols arXiv.cs.CR Pub Date : 2024-04-12 Yaser Baseri, Vikas Chouhan, Abdelhakim Hafid
The emergence of quantum computing poses a formidable security challenge to network protocols traditionally safeguarded by classical cryptographic algorithms. This paper provides an exhaustive analysis of vulnerabilities introduced by quantum computing in a diverse array of widely utilized security protocols across the layers of the TCP/IP model, including TLS, IPsec, SSH, PGP, and more. Our investigation
-
Evaluation Framework for Quantum Security Risk Assessment: A Comprehensive Study for Quantum-Safe Migration arXiv.cs.CR Pub Date : 2024-04-12 Yaser Baseri, Vikas Chouhan, Ali Ghorbani, Aaron Chow
The rise of large-scale quantum computing poses a significant threat to traditional cryptographic security measures. Quantum attacks undermine current asymmetric cryptographic algorithms, rendering them ineffective. Even symmetric key cryptography is vulnerable, albeit to a lesser extent, suggesting longer keys or extended hash functions for security. Thus, current cryptographic solutions are inadequate
-
Lightweight Cryptanalysis of IoT Encryption Algorithms : Is Quota Sampling the Answer? arXiv.cs.CR Pub Date : 2024-04-12 Jonathan Cook, Sabih ur Rehman, M. Arif Khan
Rapid growth in the number of small sensor devices known as the Internet of Things (IoT) has seen the development of lightweight encryption algorithms. Two well-known lightweight algorithms are SIMON and SIMECK which have been specifically designed for use on resource-constrained IoT devices. These lightweight encryption algorithms are based on the efficient Feistel block structure which is known to
-
A Survey on Security of Ultra/Hyper Reliable Low Latency Communication: Recent Advancements, Challenges, and Future Directions arXiv.cs.CR Pub Date : 2024-04-11 Annapurna Pradhan, Susmita Das, Md. Jalil Piran, Zhu Han
Ultra-reliable low latency communication (URLLC) is an innovative service offered by fifth-generation (5G) wireless systems. URLLC enables various mission-critical applications by facilitating reliable and low-latency signal transmission to support extreme Quality of Service (QoS) requirements. Apart from reliability and latency, ensuring secure data transmission for URLLC has been a prominent issue
-
LLM Agents can Autonomously Exploit One-day Vulnerabilities arXiv.cs.CR Pub Date : 2024-04-11 Richard Fang, Rohan Bindu, Akul Gupta, Daniel Kang
LLMs have becoming increasingly powerful, both in their benign and malicious uses. With the increase in capabilities, researchers have been increasingly interested in their ability to exploit cybersecurity vulnerabilities. In particular, recent work has conducted preliminary studies on the ability of LLM agents to autonomously hack websites. However, these studies are limited to simple vulnerabilities
-
Struggle with Adversarial Defense? Try Diffusion arXiv.cs.CR Pub Date : 2024-04-12 Yujie Li, Yanbin Wang, Haitao xu, Bin Liu, Jianguo Sun, Zhenhao Guo, Wenrui Ma
Adversarial attacks induce misclassification by introducing subtle perturbations. Recently, diffusion models are applied to the image classifiers to improve adversarial robustness through adversarial training or by purifying adversarial noise. However, diffusion-based adversarial training often encounters convergence challenges and high computational expenses. Additionally, diffusion-based purification
-
Practical Region-level Attack against Segment Anything Models arXiv.cs.CR Pub Date : 2024-04-12 Yifan Shen, Zhengyuan Li, Gang Wang
Segment Anything Models (SAM) have made significant advancements in image segmentation, allowing users to segment target portions of an image with a single click (i.e., user prompt). Given its broad applications, the robustness of SAM against adversarial attacks is a critical concern. While recent works have explored adversarial attacks against a pre-defined prompt/click, their threat model is not
-
A Measurement of Genuine Tor Traces for Realistic Website Fingerprinting arXiv.cs.CR Pub Date : 2024-04-11 Rob Jansen, Ryan Wails, Aaron Johnson
Website fingerprinting (WF) is a dangerous attack on web privacy because it enables an adversary to predict the website a user is visiting, despite the use of encryption, VPNs, or anonymizing networks such as Tor. Previous WF work almost exclusively uses synthetic datasets to evaluate the performance and estimate the feasibility of WF attacks despite evidence that synthetic data misrepresents the real
-
Backdoor Contrastive Learning via Bi-level Trigger Optimization arXiv.cs.CR Pub Date : 2024-04-11 Weiyu Sun, Xinyu Zhang, Hao Lu, Yingcong Chen, Ting Wang, Jinghui Chen, Lu Lin
Contrastive Learning (CL) has attracted enormous attention due to its remarkable capability in unsupervised representation learning. However, recent works have revealed the vulnerability of CL to backdoor attacks: the feature extractor could be misled to embed backdoored data close to an attack target class, thus fooling the downstream predictor to misclassify it as the target. Existing attacks usually
-
Protected QR Code-based Anti-counterfeit System for Pharmaceutical Manufacturing arXiv.cs.CR Pub Date : 2024-04-11 Nitol Saha, Md Masruk Aulia, Md. Mostafizur Rahman, Mohammed Shafiul Alam Khan
The pharmaceutical manufacturing faces critical challenges due to the global threat of counterfeit drugs. This paper proposes a new approach of protected QR codes to secure unique product information for safeguarding the pharmaceutical supply chain. The proposed solution integrates secure QR code generation and encrypted data transmission to establish a comprehensive anti-counterfeit ecosystem. The
-
Opportunistic Sensor-Based Multi-Factor Authentication in and for the Internet of Things arXiv.cs.CR Pub Date : 2024-04-11 Marc Saideh, Jean-Paul Jamont, Laurent Vercouter
Communication between connected objects often requires secure and reliable authentication mechanisms. These mechanisms are essential for verifying the identities of objects and preventing unauthorized access. The IoT offers several advantages and opportunities that are not necessarily found in other domains. For instance, IoT sensors collect real-time data about their environment and other objects
-
Fragile Model Watermark for integrity protection: leveraging boundary volatility and sensitive sample-pairing arXiv.cs.CR Pub Date : 2024-04-11 ZhenZhe Gao, Zhenjun Tang, Zhaoxia Yin, Baoyuan Wu, Yue Lu
Neural networks have increasingly influenced people's lives. Ensuring the faithful deployment of neural networks as designed by their model owners is crucial, as they may be susceptible to various malicious or unintentional modifications, such as backdooring and poisoning attacks. Fragile model watermarks aim to prevent unexpected tampering that could lead DNN models to make incorrect decisions. They
-
Security Modelling for Cyber-Physical Systems: A Systematic Literature Review arXiv.cs.CR Pub Date : 2024-04-11 Shaofei Huang, Christopher M. Poskitt, Lwin Khin Shar
Cyber-physical systems (CPS) are at the intersection of digital technology and engineering domains, rendering them high-value targets of sophisticated and well-funded cybersecurity threat actors. Prominent cybersecurity attacks on CPS have brought attention to the vulnerability of these systems, and the soft underbelly of critical infrastructure reliant on CPS. Security modelling for CPS is an important
-
Enhancing Network Intrusion Detection Performance using Generative Adversarial Networks arXiv.cs.CR Pub Date : 2024-04-11 Xinxing Zhao, Kar Wai Fok, Vrizlynn L. L. Thing
Network intrusion detection systems (NIDS) play a pivotal role in safeguarding critical digital infrastructures against cyber threats. Machine learning-based detection models applied in NIDS are prevalent today. However, the effectiveness of these machine learning-based models is often limited by the evolving and sophisticated nature of intrusion techniques as well as the lack of diverse and updated
-
Privacy preserving layer partitioning for Deep Neural Network models arXiv.cs.CR Pub Date : 2024-04-11 Kishore Rajasekar, Randolph Loh, Kar Wai Fok, Vrizlynn L. L. Thing
MLaaS (Machine Learning as a Service) has become popular in the cloud computing domain, allowing users to leverage cloud resources for running private inference of ML models on their data. However, ensuring user input privacy and secure inference execution is essential. One of the approaches to protect data privacy and integrity is to use Trusted Execution Environments (TEEs) by enabling execution
-
RTL Interconnect Obfuscation By Polymorphic Switch Boxes For Secure Hardware Generation arXiv.cs.CR Pub Date : 2024-04-11 Haimanti Chakraborty, Ranga Vemuri
Logic Obfuscation is a well renowned design-for-trust solution to protect an Integrated Circuit (IC) from unauthorized use and illegal overproduction by including key-gates to lock the design. This is particularly necessary for ICs manufactured at untrusted third-party foundries getting exposed to security threats. In the past, several logic obfuscation methodologies have been proposed that are vulnerable
-
Sandwich attack: Multi-language Mixture Adaptive Attack on LLMs arXiv.cs.CR Pub Date : 2024-04-09 Bibek Upadhayay, Vahid Behzadan
Large Language Models (LLMs) are increasingly being developed and applied, but their widespread use faces challenges. These include aligning LLMs' responses with human values to prevent harmful outputs, which is addressed through safety training methods. Even so, bad actors and malicious users have succeeded in attempts to manipulate the LLMs to generate misaligned responses for harmful questions such
-
Dealing with Subject Similarity in Differential Morphing Attack Detection arXiv.cs.CR Pub Date : 2024-04-11 Nicolò Di Domenico, Guido Borghi, Annalisa Franco, Davide Maltoni
The advent of morphing attacks has posed significant security concerns for automated Face Recognition systems, raising the pressing need for robust and effective Morphing Attack Detection (MAD) methods able to effectively address this issue. In this paper, we focus on Differential MAD (D-MAD), where a trusted live capture, usually representing the criminal, is compared with the document image to classify
-
The Path To Autonomous Cyber Defense arXiv.cs.CR Pub Date : 2024-04-12 Sean Oesch, Phillipe Austria, Amul Chaulagain, Brian Weber, Cory Watson, Matthew Dixson, Amir Sadovnik
Defenders are overwhelmed by the number and scale of attacks against their networks.This problem will only be exacerbated as attackers leverage artificial intelligence to automate their workflows. We propose a path to autonomous cyber agents able to augment defenders by automating critical steps in the cyber defense life cycle.
-
Remote Scheduler Contention Attacks arXiv.cs.CR Pub Date : 2024-04-10 Stefan GastGraz University of Technology, Jonas JuffingerGraz University of Technology, Lukas MaarGraz University of Technology, Christoph RoyerGraz University of Technology, Andreas KoglerGraz University of Technology, Daniel GrussGraz University of Technology
In this paper, we investigate unexplored aspects of scheduler contention: We systematically study the leakage of all scheduler queues on AMD Zen 3 and show that all queues leak. We mount the first scheduler contention attacks on Zen 4, with a novel measurement method evoking an out-of-order race condition, more precise than the state of the art. We demonstrate the first inter-keystroke timing attacks
-
Non-Degenerate One-Time Pad and the integrity of perfectly secret messages arXiv.cs.CR Pub Date : 2024-04-10 Alex Shafarenko
We present a new construction of a One Time Pad (OTP) with inherent diffusive properties and a redundancy injection mechanism that benefits from them. The construction is based on interpreting the plaintext and key as members of a permutation group in the Lehmer code representation after conversion to factoradic. The so constructed OTP translates any perturbation of the ciphertext to an unpredictable
-
Security Assessment of the LG Cryptosystem arXiv.cs.CR Pub Date : 2024-04-10 Étienne Burle, Hervé Talé Kalachi, Freddy Lende Metouke, Ayoub Otmani
The LG cryptosystem is a public-key encryption scheme in the rank metric using the recent family of $\lambdav-$Gabidulin codes and introduced in 2019 by Lau and Tan. In this paper, we present a cryptanalysis showing that the security of several parameters of the scheme have been overestimated. We also show the existence of some weak keys allowing an attacker to find in polynomial time an alternative
-
SoK: Trusting Self-Sovereign Identity arXiv.cs.CR Pub Date : 2024-04-10 Evan Krul, Hye-young Paik, Sushmita Ruj, Salil S. Kanhere
Digital identity is evolving from centralized systems to a decentralized approach known as Self-Sovereign Identity (SSI). SSI empowers individuals to control their digital identities, eliminating reliance on third-party data custodians and reducing the risk of data breaches. However, the concept of trust in SSI remains complex and fragmented. This paper systematically analyzes trust in SSI in light
-
Poisoning Prevention in Federated Learning and Differential Privacy via Stateful Proofs of Execution arXiv.cs.CR Pub Date : 2024-04-10 Norrathep Rattanavipanon, Ivan de Oliviera Nunes
The rise in IoT-driven distributed data analytics, coupled with increasing privacy concerns, has led to a demand for effective privacy-preserving and federated data collection/model training mechanisms. In response, approaches such as Federated Learning (FL) and Local Differential Privacy (LDP) have been proposed and attracted much attention over the past few years. However, they still share the common
-
Atlas-X Equity Financing: Unlocking New Methods to Securely Obfuscate Axe Inventory Data Based on Differential Privacy arXiv.cs.CR Pub Date : 2024-04-10 Antigoni Polychroniadou, Gabriele Cipriani, Richard Hua, Tucker Balch
Banks publish daily a list of available securities/assets (axe list) to selected clients to help them effectively locate Long (buy) or Short (sell) trades at reduced financing rates. This reduces costs for the bank, as the list aggregates the bank's internal firm inventory per asset for all clients of long as well as short trades. However, this is somewhat problematic: (1) the bank's inventory is revealed;
-
Current Affairs: A Measurement Study of Deployment and Security Trends in EV Charging Infrastructure arXiv.cs.CR Pub Date : 2024-04-09 Marcell Szakály, Sebastian Köhler, Ivan Martinovic
The deployment of electric vehicle charging infrastructure is occurring at a rapid pace. Simultaneously, existing standards, such as ISO 15118, which defines critical charging communication, are being improved and further developed. In this paper, we conduct a measurement study of already deployed DC charging stations to analyze the current state of deployment for various protocols. We present the
-
SafeGen: Mitigating Unsafe Content Generation in Text-to-Image Models arXiv.cs.CR Pub Date : 2024-04-10 Xinfeng Li, Yuchen Yang, Jiangyi Deng, Chen Yan, Yanjiao Chen, Xiaoyu Ji, Wenyuan Xu
Text-to-image (T2I) models, such as Stable Diffusion, have exhibited remarkable performance in generating high-quality images from text descriptions in recent years. However, text-to-image models may be tricked into generating not-safe-for-work (NSFW) content, particularly in sexual scenarios. Existing countermeasures mostly focus on filtering inappropriate inputs and outputs, or suppressing improper