RH Logo

All
My Hubs

Cryptography And Security

Trending
Today
All
Papers
Posts
Hypotheses

Sign in to discover all of the research papers you care about, live as they're published.

19
Date Added: Jan 4, 2021
Date Added: Jan 4, 2021
Blockchain technology has attracted a lot of attention in the previous years as a secure way to protect transactions in different processes. It has been particularly used to define cryptocurrencies. While inherently secure against classical single node attacks, the blockchain cryptocurrencies have recently been subject to attacks by malwares able to capture a single user wallet and its included keys. In this work we propose the use of biometric cryptosystems to control the access to the wallets on single machines. After a brief description of the blockchain, the cryptocurrencies and the possible attacks, the paper describes the use of convolutional neural network face recognition as a tool to extract biometric features that help in a key binding approach to protect the personal data in the wallet. Experiments have been conducted on three independent face datasets and the results obtained are satisfactory. The equal error rate between false acceptance and false rejection is negligible when testing on images from the same dataset used for the training of the convolutional neural network. This generalizes well when experimenting on two other independent datasets. These results prove that face cryptosystems can be used to protect the access on sensitive data existing in the wallets of many cryptocurrencies.
10
Date Added: Dec 25, 2020
Date Added: Dec 25, 2020
Analyzing cryptocurrency payment flows has become a key forensic method in law enforcement and is nowadays used to investigate a wide spectrum of crim…
21
Date Added: Oct 17, 2020
Date Added: Oct 17, 2020
Mixer services purportedly remove all connections between the input(deposited) Bitcoins and the output (withdrawn) mixed Bitcoins, seeminglyrendering taint analysis tracking ineffectual. In this paper, we introduce andexplore a novel tracking strategy, called \emph{Address Taint Analysis}, thatadapts from existing transaction-based taint analysis techniques for trackingBitcoins that have passed through a mixer service. We also investigate thepotential of combining address taint analysis with address clustering andbackward tainting. We further introduce a set of filtering criteria that reducethe number of false-positive results based on the characteristics of withdrawntransactions and evaluate our solution with verifiable mixing transactions ofnine mixer services from previous reverse-engineering studies. Our findingshows that it is possible to track the mixed Bitcoins from the depositedBitcoins using address taint analysis and the number of potential transactionoutputs can be significantly reduced with the filtering criteria.
23
Date Added: Nov 2, 2020
Date Added: Nov 2, 2020
Two of the biggest barriers to the large-scale adoption of cryptocurrencies as a means of payment are ease-of-use and purchasing-power volatility. We introduce Celo, a protocol that addresses these issues with an address-based encryption scheme and a stable-value token. We show how these attributes together can be used to foster a monetary ecology that includes global reference currencies, local and regional stable-value currencies, and a social dividend. Our first application is a social-payments system centered around mobile phones.
2
Date Added: Jan 14, 2021
Date Added: Jan 14, 2021
In the 4th industrial revolution era, security of multiple interconnected devices has become a critical issue. A rapidly increasing number of cybersecurity incidents emerge due to complex interconnected sensors, devices, and systems used in the Internet of Things. In this paper, we tackle the need for automation in security risk analysis and restructuring of such networks. The presented framework models the connections of assets and devices so as to depict their interdependencies on a company's business processes and effectively reduces their overall risk against cybersecurity threats. It achieves this by (1) identifying critical components and dependency structural risks, (2) prioritizing assets based on their influence on business processes and (3) proposing network restructures and asset clusters. To do that, the proposed algorithm utilizes (i) dependency risk graphs for modeling and analyzing networks dependencies, (ii) graph minimum spanning trees, and (iii) network centrality metrics. We test the implementation on a real-world company and demonstrate its effectiveness. Results show that the framework can automatically identify critical components and dependency structural risks and propose different network topologies by creating the optimum number of asset subnets, while retaining business operations. Tests show that the closeness centrality metric combined with the midpoint on extreme values calculation type works best for network asset grouping and subnetting.
3
Date Added: Dec 11, 2020
Date Added: Dec 11, 2020
Universities have been forced to rely on remote educational technology to facilitate the rapid shift to online learning. In doing so, they acquire new risks of security vulnerabilities and privacy violations. To help universities navigate this landscape, we develop a model that describes the actors, incentives, and risks, informed by surveying 105 educators and 10 administrators. Next, we develop a methodology for administrators to assess security and privacy risks of these products. We then conduct a privacy and security analysis of 23 popular platforms using a combination of sociological analyses of privacy policies and 129 state laws, alongside a technical assessment of platform software. Based on our findings, we develop recommendations for universities to mitigate the risks to their stakeholders.
9
Date Added: Dec 16, 2020
Date Added: Dec 16, 2020
In this paper, we show that attackers can exfiltrate data from air-gappedcomputers via Wi-Fi signals. Malware in a compromised air-gapped computer cangenerate signals in the Wi-Fi frequency bands. The signals are generatedthrough the memory buses - no special hardware is required. Sensitive data canbe modulated and secretly exfiltrated on top of the signals. We show thatnearby Wi-Fi capable devices (e.g., smartphones, laptops, IoT devices) canintercept these signals, decode them, and send them to the attacker over theInternet. To extract the signals, we utilize the physical layer informationexposed by the Wi-Fi chips. We implement the transmitter and receiver anddiscuss design considerations and implementation details. We evaluate thiscovert channel in terms of bandwidth and distance and present a set ofcountermeasures. Our evaluation shows that data can be exfiltrated fromair-gapped computers to nearby Wi-Fi receivers located a distance of severalmeters away.
6
Date Added: Jan 24, 2021
Date Added: Jan 24, 2021
The privacy-oriented cryptocurrencies have built-in anonymity and privacy features that made them very difficult (nearly impossible) to trace funds back to a particular user or successfully seize funds present in a cryptocurrency wallet. Criminals use these currencies in different kinds of malware and DDOS extortion attacks to launder money. While academic research on Bitcoin is becoming more mainstream, the research on privacy-oriented cryptocurrencies is not very common. In this paper, we address the privacy-oriented cryptocurrencies Monero and Verge and investigate which valuable forensic artefacts the software of these cryptocurrencies leaves behind on a computer system. We examine different sources of potential evidence like the volatile memory, network traffic and hard disks of the system running the cryptocurrency software. In almost all sources of evidence there are valuable forensic artefacts. These artefacts vary from mnemonic seed phrases and plain text passphrases in the volatile memory to indicators of the use of a cryptocurrency in the captured network traffic.