Trending Papers in cryptography and security

In the 4th industrial revolution era, security of multiple interconnected devices has become a critical issue. A rapidly increasing number of cybersecurity incidents emerge due to complex interconnected sensors, devices, and systems used in the Internet of Things. In this paper, we tackle the need for automation in security risk analysis and restructuring of such networks. The presented framework models the connections of assets and devices so as to depict their interdependencies on a company's business processes and effectively reduces their overall risk against cybersecurity threats. It achieves this by (1) identifying critical components and dependency structural risks, (2) prioritizing assets based on their influence on business processes and (3) proposing network restructures and asset clusters. To do that, the proposed algorithm utilizes (i) dependency risk graphs for modeling and analyzing networks dependencies, (ii) graph minimum spanning trees, and (iii) network centrality metrics. We test the implementation on a real-world company and demonstrate its effectiveness. Results show that the framework can automatically identify critical components and dependency structural risks and propose different network topologies by creating the optimum number of asset subnets, while retaining business operations. Tests show that the closeness centrality metric combined with the midpoint on extreme values calculation type works best for network asset grouping and subnetting.

Universities have been forced to rely on remote educational technology to facilitate the rapid shift to online learning. In doing so, they acquire new risks of security vulnerabilities and privacy violations. To help universities navigate this landscape, we develop a model that describes the actors, incentives, and risks, informed by surveying 105 educators and 10 administrators. Next, we develop a methodology for administrators to assess security and privacy risks of these products. We then conduct a privacy and security analysis of 23 popular platforms using a combination of sociological analyses of privacy policies and 129 state laws, alongside a technical assessment of platform software. Based on our findings, we develop recommendations for universities to mitigate the risks to their stakeholders.

Bitcoins have recently become an increasingly popular cryptocurrency through which users trade electronically and more anonymously than via traditional electronic transfers. Bitcoin's design keeps all transactions in a public ledger. The sender and receiver for each transaction are identified only by cryptographic public-key ids. This leads to a common misconception that it inherently provides anonymous use. While Bitcoin's presumed anonymity offers new avenues for commerce, several recent studies raise user-privacy concerns. We explore the level of anonymity in the Bitcoin system. Our approach is two-fold: (i) We annotate the public transaction graph by linking bitcoin public keys to "real" people - either definitively or statistically. (ii) We run the annotated graph through our graph-analysis framework to find and summarize activity of both known and unknown users.

Blockchains have recently gained popularity thanks to their ability to record "digital truth". They are designed to keep persistence, security, and avoid attacks which is useful for many applications. However, they are still problematic in their energy consumption, governance, and scalability Current solutions either require vast computing power via Proof-of-Work (PoW) or cannot directly utilize computing power as a resource in virtual mining. Here, we propose incentive-based protocols that use competitions to integrate computing power into blockchains. We introduce Proof-of-Accumulated-Work (PoAW): miners compete in costumer-submitted jobs, accumulate recorded work whenever they are successful, and, over time, are remunerated. The underlying competition replaces the standard hash puzzle-based competitions of PoW. A competition is managed by a dynamically-created small masternode network (dTMN) of invested miners. dTMNs allow for scalability as we do not need the entire network to manage the competition. Using careful design on incentives, our system preserves security, avoids attacks, and offers new markets to miners. When there are no costumers the system converges into a standard protocol. Our proposed solution improves the way by which the blockchain infrastructure works and makes use of its computing power. We also discuss how the protocol can be used by fields that require solving difficult optimization problems, such as Artificial Intelligence and Pattern Recognition in Big Data.