Pub Date : 2024-03-11DOI: 10.1007/978-3-031-54776-8_6
Adrian Kailus, Dustin Kern, Christoph Krauß
{"title":"Self-sovereign Identity for Electric Vehicle Charging","authors":"Adrian Kailus, Dustin Kern, Christoph Krauß","doi":"10.1007/978-3-031-54776-8_6","DOIUrl":"https://doi.org/10.1007/978-3-031-54776-8_6","url":null,"abstract":"","PeriodicalId":412384,"journal":{"name":"International Conference on Applied Cryptography and Network Security","volume":"91 5","pages":"137-162"},"PeriodicalIF":0.0,"publicationDate":"2024-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140251986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-04-26DOI: 10.48550/arXiv.2304.13338
T-H. Hubert Chan, Ting Wen, Hao Xie, Quan Xue
We study game-theoretically secure protocols for the classical ordinal assignment problem (aka matching with one-sided preference), in which each player has a total preference order on items. To achieve the fairness notion of equal treatment of equals, conventionally the randomness necessary to resolve conflicts between players is assumed to be generated by some trusted authority. However, in a distributed setting, the mutually untrusted players are responsible for generating the randomness themselves. In addition to standard desirable properties such as fairness and Pareto-efficiency, we investigate the game-theoretic notion of maximin security, which guarantees that an honest player following a protocol will not be harmed even if corrupted players deviate from the protocol. Our main contribution is an impossibility result that shows no maximin secure protocol can achieve both fairness and ordinal efficiency. Specifically, this implies that the well-known probabilistic serial (PS) mechanism by Bogomolnaia and Moulin cannot be realized by any maximin secure protocol. On the other hand, we give a maximin secure protocol that achieves fairness and stability (aka ex-post Pareto-efficiency). Moreover, inspired by the PS mechanism, we show that a variant known as the OnlinePSVar (varying rates) protocol can achieve fairness, stability and uniform dominance, which means that an honest player is guaranteed to receive an item distribution that is at least as good as a uniformly random item. In some sense, this is the best one can hope for in the case when all players have the same preference order.
{"title":"Game-Theoretically Secure Protocols for the Ordinal Random Assignment Problem","authors":"T-H. Hubert Chan, Ting Wen, Hao Xie, Quan Xue","doi":"10.48550/arXiv.2304.13338","DOIUrl":"https://doi.org/10.48550/arXiv.2304.13338","url":null,"abstract":"We study game-theoretically secure protocols for the classical ordinal assignment problem (aka matching with one-sided preference), in which each player has a total preference order on items. To achieve the fairness notion of equal treatment of equals, conventionally the randomness necessary to resolve conflicts between players is assumed to be generated by some trusted authority. However, in a distributed setting, the mutually untrusted players are responsible for generating the randomness themselves. In addition to standard desirable properties such as fairness and Pareto-efficiency, we investigate the game-theoretic notion of maximin security, which guarantees that an honest player following a protocol will not be harmed even if corrupted players deviate from the protocol. Our main contribution is an impossibility result that shows no maximin secure protocol can achieve both fairness and ordinal efficiency. Specifically, this implies that the well-known probabilistic serial (PS) mechanism by Bogomolnaia and Moulin cannot be realized by any maximin secure protocol. On the other hand, we give a maximin secure protocol that achieves fairness and stability (aka ex-post Pareto-efficiency). Moreover, inspired by the PS mechanism, we show that a variant known as the OnlinePSVar (varying rates) protocol can achieve fairness, stability and uniform dominance, which means that an honest player is guaranteed to receive an item distribution that is at least as good as a uniformly random item. In some sense, this is the best one can hope for in the case when all players have the same preference order.","PeriodicalId":412384,"journal":{"name":"International Conference on Applied Cryptography and Network Security","volume":"570 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131921611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-04-06DOI: 10.48550/arXiv.2304.05371
Conor Atkins, Benjamin Zi Hao Zhao, H. Asghar, Ian D. Wood, M. Kâafar
One of the new developments in chit-chat bots is a long-term memory mechanism that remembers information from past conversations for increasing engagement and consistency of responses. The bot is designed to extract knowledge of personal nature from their conversation partner, e.g., stating preference for a particular color. In this paper, we show that this memory mechanism can result in unintended behavior. In particular, we found that one can combine a personal statement with an informative statement that would lead the bot to remember the informative statement alongside personal knowledge in its long term memory. This means that the bot can be tricked into remembering misinformation which it would regurgitate as statements of fact when recalling information relevant to the topic of conversation. We demonstrate this vulnerability on the BlenderBot 2 framework implemented on the ParlAI platform and provide examples on the more recent and significantly larger BlenderBot 3 model. We generate 150 examples of misinformation, of which 114 (76%) were remembered by BlenderBot 2 when combined with a personal statement. We further assessed the risk of this misinformation being recalled after intervening innocuous conversation and in response to multiple questions relevant to the injected memory. Our evaluation was performed on both the memory-only and the combination of memory and internet search modes of BlenderBot 2. From the combinations of these variables, we generated 12,890 conversations and analyzed recalled misinformation in the responses. We found that when the chat bot is questioned on the misinformation topic, it was 328% more likely to respond with the misinformation as fact when the misinformation was in the long-term memory.
{"title":"Those Aren't Your Memories, They're Somebody Else's: Seeding Misinformation in Chat Bot Memories","authors":"Conor Atkins, Benjamin Zi Hao Zhao, H. Asghar, Ian D. Wood, M. Kâafar","doi":"10.48550/arXiv.2304.05371","DOIUrl":"https://doi.org/10.48550/arXiv.2304.05371","url":null,"abstract":"One of the new developments in chit-chat bots is a long-term memory mechanism that remembers information from past conversations for increasing engagement and consistency of responses. The bot is designed to extract knowledge of personal nature from their conversation partner, e.g., stating preference for a particular color. In this paper, we show that this memory mechanism can result in unintended behavior. In particular, we found that one can combine a personal statement with an informative statement that would lead the bot to remember the informative statement alongside personal knowledge in its long term memory. This means that the bot can be tricked into remembering misinformation which it would regurgitate as statements of fact when recalling information relevant to the topic of conversation. We demonstrate this vulnerability on the BlenderBot 2 framework implemented on the ParlAI platform and provide examples on the more recent and significantly larger BlenderBot 3 model. We generate 150 examples of misinformation, of which 114 (76%) were remembered by BlenderBot 2 when combined with a personal statement. We further assessed the risk of this misinformation being recalled after intervening innocuous conversation and in response to multiple questions relevant to the injected memory. Our evaluation was performed on both the memory-only and the combination of memory and internet search modes of BlenderBot 2. From the combinations of these variables, we generated 12,890 conversations and analyzed recalled misinformation in the responses. We found that when the chat bot is questioned on the misinformation topic, it was 328% more likely to respond with the misinformation as fact when the misinformation was in the long-term memory.","PeriodicalId":412384,"journal":{"name":"International Conference on Applied Cryptography and Network Security","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-04-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130965545","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-31DOI: 10.48550/arXiv.2303.17946
Sara Bardi, M. Conti, Luca Pajola, Pier Paolo Tricomi
Social Honeypots are tools deployed in Online Social Networks (OSN) to attract malevolent activities performed by spammers and bots. To this end, their content is designed to be of maximum interest to malicious users. However, by choosing an appropriate content topic, this attractive mechanism could be extended to any OSN users, rather than only luring malicious actors. As a result, honeypots can be used to attract individuals interested in a wide range of topics, from sports and hobbies to more sensitive subjects like political views and conspiracies. With all these individuals gathered in one place, honeypot owners can conduct many analyses, from social to marketing studies. In this work, we introduce a novel concept of social honeypot for attracting OSN users interested in a generic target topic. We propose a framework based on fully-automated content generation strategies and engagement plans to mimic legit Instagram pages. To validate our framework, we created 21 self-managed social honeypots (i.e., pages) on Instagram, covering three topics, four content generation strategies, and three engaging plans. In nine weeks, our honeypots gathered a total of 753 followers, 5387 comments, and 15739 likes. These results demonstrate the validity of our approach, and through statistical analysis, we examine the characteristics of effective social honeypots.
{"title":"Social Honeypot for Humans: Luring People through Self-managed Instagram Pages","authors":"Sara Bardi, M. Conti, Luca Pajola, Pier Paolo Tricomi","doi":"10.48550/arXiv.2303.17946","DOIUrl":"https://doi.org/10.48550/arXiv.2303.17946","url":null,"abstract":"Social Honeypots are tools deployed in Online Social Networks (OSN) to attract malevolent activities performed by spammers and bots. To this end, their content is designed to be of maximum interest to malicious users. However, by choosing an appropriate content topic, this attractive mechanism could be extended to any OSN users, rather than only luring malicious actors. As a result, honeypots can be used to attract individuals interested in a wide range of topics, from sports and hobbies to more sensitive subjects like political views and conspiracies. With all these individuals gathered in one place, honeypot owners can conduct many analyses, from social to marketing studies. In this work, we introduce a novel concept of social honeypot for attracting OSN users interested in a generic target topic. We propose a framework based on fully-automated content generation strategies and engagement plans to mimic legit Instagram pages. To validate our framework, we created 21 self-managed social honeypots (i.e., pages) on Instagram, covering three topics, four content generation strategies, and three engaging plans. In nine weeks, our honeypots gathered a total of 753 followers, 5387 comments, and 15739 likes. These results demonstrate the validity of our approach, and through statistical analysis, we examine the characteristics of effective social honeypots.","PeriodicalId":412384,"journal":{"name":"International Conference on Applied Cryptography and Network Security","volume":"144 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122003628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-11-25DOI: 10.48550/arXiv.2211.13860
Mao V. Ngo, Tram Truong-Huu, Dima Rabadi, Jia Yi Loo, S. Teo
In malware detection, dynamic analysis extracts the runtime behavior of malware samples in a controlled environment and static analysis extracts features using reverse engineering tools. While the former faces the challenges of anti-virtualization and evasive behavior of malware samples, the latter faces the challenges of code obfuscation. To tackle these drawbacks, prior works proposed to develop detection models by aggregating dynamic and static features, thus leveraging the advantages of both approaches. However, simply concatenating dynamic and static features raises an issue of imbalanced contribution due to the heterogeneous dimensions of feature vectors to the performance of malware detection models. Yet, dynamic analysis is a time-consuming task and requires a secure environment, leading to detection delays and high costs for maintaining the analysis infrastructure. In this paper, we first introduce a method of constructing aggregated features via concatenating latent features learned through deep learning with equally-contributed dimensions. We then develop a knowledge distillation technique to transfer knowledge learned from aggregated features by a teacher model to a student model trained only on static features and use the trained student model for the detection of new malware samples. We carry out extensive experiments with a dataset of 86709 samples including both benign and malware samples. The experimental results show that the teacher model trained on aggregated features constructed by our method outperforms the state-of-the-art models with an improvement of up to 2.38% in detection accuracy. The distilled student model not only achieves high performance (97.81% in terms of accuracy) as that of the teacher model but also significantly reduces the detection time (from 70046.6 ms to 194.9 ms) without requiring dynamic analysis.
{"title":"Fast and Efficient Malware Detection with Joint Static and Dynamic Features Through Transfer Learning","authors":"Mao V. Ngo, Tram Truong-Huu, Dima Rabadi, Jia Yi Loo, S. Teo","doi":"10.48550/arXiv.2211.13860","DOIUrl":"https://doi.org/10.48550/arXiv.2211.13860","url":null,"abstract":"In malware detection, dynamic analysis extracts the runtime behavior of malware samples in a controlled environment and static analysis extracts features using reverse engineering tools. While the former faces the challenges of anti-virtualization and evasive behavior of malware samples, the latter faces the challenges of code obfuscation. To tackle these drawbacks, prior works proposed to develop detection models by aggregating dynamic and static features, thus leveraging the advantages of both approaches. However, simply concatenating dynamic and static features raises an issue of imbalanced contribution due to the heterogeneous dimensions of feature vectors to the performance of malware detection models. Yet, dynamic analysis is a time-consuming task and requires a secure environment, leading to detection delays and high costs for maintaining the analysis infrastructure. In this paper, we first introduce a method of constructing aggregated features via concatenating latent features learned through deep learning with equally-contributed dimensions. We then develop a knowledge distillation technique to transfer knowledge learned from aggregated features by a teacher model to a student model trained only on static features and use the trained student model for the detection of new malware samples. We carry out extensive experiments with a dataset of 86709 samples including both benign and malware samples. The experimental results show that the teacher model trained on aggregated features constructed by our method outperforms the state-of-the-art models with an improvement of up to 2.38% in detection accuracy. The distilled student model not only achieves high performance (97.81% in terms of accuracy) as that of the teacher model but also significantly reduces the detection time (from 70046.6 ms to 194.9 ms) without requiring dynamic analysis.","PeriodicalId":412384,"journal":{"name":"International Conference on Applied Cryptography and Network Security","volume":"18 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123477068","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-04-19DOI: 10.48550/arXiv.2204.09106
Herson Esquivel-Vargas, J. H. Castellanos, M. Caselli, Nils Ole Tippenhauer, Andreas Peter
Industrial Control Systems (ICSs) rely on insecure protocols and devices to monitor and operate critical infrastructure. Prior work has demonstrated that powerful attackers with detailed system knowledge can manipulate exchanged sensor data to deteriorate performance of the process, even leading to full shutdowns of plants. Identifying those attacks requires iterating over all possible sensor values, and running detailed system simulation or analysis to identify optimal attacks. That setup allows adversaries to identify attacks that are most impactful when applied on the system for the first time, before the system operators become aware of the manipulations. In this work, we investigate if constrained attackers without detailed system knowledge and simulators can identify comparable attacks. In particular, the attacker only requires abstract knowledge on general information flow in the plant, instead of precise algorithms, operating parameters, process models, or simulators. We propose an approach that allows single-shot attacks, i.e., near-optimal attacks that are reliably shutting down a system on the first try. The approach is applied and validated on two use cases, and demonstrated to achieve comparable results to prior work, which relied on detailed system information and simulations.
{"title":"Identifying Near-Optimal Single-Shot Attacks on ICSs with Limited Process Knowledge","authors":"Herson Esquivel-Vargas, J. H. Castellanos, M. Caselli, Nils Ole Tippenhauer, Andreas Peter","doi":"10.48550/arXiv.2204.09106","DOIUrl":"https://doi.org/10.48550/arXiv.2204.09106","url":null,"abstract":"Industrial Control Systems (ICSs) rely on insecure protocols and devices to monitor and operate critical infrastructure. Prior work has demonstrated that powerful attackers with detailed system knowledge can manipulate exchanged sensor data to deteriorate performance of the process, even leading to full shutdowns of plants. Identifying those attacks requires iterating over all possible sensor values, and running detailed system simulation or analysis to identify optimal attacks. That setup allows adversaries to identify attacks that are most impactful when applied on the system for the first time, before the system operators become aware of the manipulations. In this work, we investigate if constrained attackers without detailed system knowledge and simulators can identify comparable attacks. In particular, the attacker only requires abstract knowledge on general information flow in the plant, instead of precise algorithms, operating parameters, process models, or simulators. We propose an approach that allows single-shot attacks, i.e., near-optimal attacks that are reliably shutting down a system on the first try. The approach is applied and validated on two use cases, and demonstrated to achieve comparable results to prior work, which relied on detailed system information and simulations.","PeriodicalId":412384,"journal":{"name":"International Conference on Applied Cryptography and Network Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133213663","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-22DOI: 10.1007/978-3-031-09234-3_6
Narmeen Shafqat, Daniel J. Dubois, D. Choffnes, Aaron Schulman, Dinesh Bharadia, Aanjhan Ranganathan
{"title":"ZLeaks: Passive Inference Attacks on Zigbee based Smart Homes","authors":"Narmeen Shafqat, Daniel J. Dubois, D. Choffnes, Aaron Schulman, Dinesh Bharadia, Aanjhan Ranganathan","doi":"10.1007/978-3-031-09234-3_6","DOIUrl":"https://doi.org/10.1007/978-3-031-09234-3_6","url":null,"abstract":"","PeriodicalId":412384,"journal":{"name":"International Conference on Applied Cryptography and Network Security","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133034174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-06-21DOI: 10.1007/978-3-030-78372-3_3
V. Vo, Shangqi Lai, Xingliang Yuan, S. Nepal, Joseph K. Liu
{"title":"Towards Efficient and Strong Backward Private Searchable Encryption with Secure Enclaves","authors":"V. Vo, Shangqi Lai, Xingliang Yuan, S. Nepal, Joseph K. Liu","doi":"10.1007/978-3-030-78372-3_3","DOIUrl":"https://doi.org/10.1007/978-3-030-78372-3_3","url":null,"abstract":"","PeriodicalId":412384,"journal":{"name":"International Conference on Applied Cryptography and Network Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123639976","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-06-02DOI: 10.1007/978-3-031-09234-3_35
M. Chakravarty, Nikos Karayannidis, A. Kiayias, M. P. Jones, P. Vinogradova
{"title":"Babel Fees via Limited Liabilities","authors":"M. Chakravarty, Nikos Karayannidis, A. Kiayias, M. P. Jones, P. Vinogradova","doi":"10.1007/978-3-031-09234-3_35","DOIUrl":"https://doi.org/10.1007/978-3-031-09234-3_35","url":null,"abstract":"","PeriodicalId":412384,"journal":{"name":"International Conference on Applied Cryptography and Network Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126634687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-19DOI: 10.1007/978-3-030-57808-4_3
G. D. Crescenzo, Matluba Khodjaeva, Delaram Kahrobaei, V. Shpilrain
{"title":"Secure and Efficient Delegation of Elliptic-Curve Pairing","authors":"G. D. Crescenzo, Matluba Khodjaeva, Delaram Kahrobaei, V. Shpilrain","doi":"10.1007/978-3-030-57808-4_3","DOIUrl":"https://doi.org/10.1007/978-3-030-57808-4_3","url":null,"abstract":"","PeriodicalId":412384,"journal":{"name":"International Conference on Applied Cryptography and Network Security","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124427868","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: