2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)最新文献

筛选

英文中文

Faulting original McEliece’s implementations is possible How to mitigate this risk? 对原始McEliece的实现进行故障是可能的，如何降低这种风险?

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-05-04 DOI: 10.1109/EuroSPW59978.2023.00039

Vincent Giraud, Guillaume Bouffard

{"title":"Faulting original McEliece’s implementations is possible How to mitigate this risk?","authors":"Vincent Giraud, Guillaume Bouffard","doi":"10.1109/EuroSPW59978.2023.00039","DOIUrl":"https://doi.org/10.1109/EuroSPW59978.2023.00039","url":null,"abstract":"Private and public actors increasingly encounter use cases where they need to implement sensitive operations on mass-market peripherals for which they have little or no control. They are sometimes inclined to attempt this without using hardware-assisted equipment, such as secure elements. In this case, the white-box attack model is particularly relevant and includes access to every asset, retro-engineering, and binary instrumentation by attackers. At the same time, quantum attacks are becoming more and more of a threat and challenge traditional asymmetrical ciphers, which are treasured by private and public actors.The McEliece cryptosystem is a code-based public key algorithm introduced in 1978 that is not subject to well-known quantum attacks and that could be implemented in an uncontrolled environment. During the NIST post-quantum cryptography standardization process [17], a derived candidate commonly referred to as classic McEliece was selected. This algorithm is however vulnerable to some fault injection attacks while a priori, this does not apply to the original McEliece. In this article, we thus focus on the original McEliece cryptosystem and we study its resilience against fault injection attacks on an ARM reference implementation [18]. We disclose the first fault injection based attack and we discuss on how to modify the original McEliece cryptosystem to make it resilient to fault injection attacks.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126257062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Enhancing Vulnerability Prioritization: Data-Driven Exploit Predictions with Community-Driven Insights 增强漏洞优先级:数据驱动的漏洞预测与社区驱动的见解

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-02-27 DOI: 10.1109/EuroSPW59978.2023.00027

Jay Jacobs, Sasha Romanosky, Octavian Suciuo, Benjamin Edwards, Armin Sarabi

{"title":"Enhancing Vulnerability Prioritization: Data-Driven Exploit Predictions with Community-Driven Insights","authors":"Jay Jacobs, Sasha Romanosky, Octavian Suciuo, Benjamin Edwards, Armin Sarabi","doi":"10.1109/EuroSPW59978.2023.00027","DOIUrl":"https://doi.org/10.1109/EuroSPW59978.2023.00027","url":null,"abstract":"The number of disclosed vulnerabilities has been steadily increasing over the years. At the same time, organizations face significant challenges patching their systems, leading to a need to prioritize vulnerability remediation in order to reduce the risk of attacks. Unfortunately, existing vulnerability scoring systems are either vendor-specific, proprietary, or are only commercially available. Moreover, these and other prioritization strategies based on vulnerability severity are poor predictors of actual vulnerability exploitation because they do not incorporate new information that might impact the likelihood of exploitation. In this paper we present the efforts behind building a Special Interest Group (SIG) that seeks to develop a completely data-driven exploit scoring system that produces scores for all known vulnerabilities, that is freely available, and which adapts to new information. The Exploit Prediction Scoring System (EPSS) SIG consists of more than 170 experts from around the world and across all industries, providing crowd-sourced expertise and feedback. Based on these collective insights, we describe the design decisions and trade-offs that lead to the development of the next version of EPSS. This new machine learning model provides an 82% performance improvement over past models in distinguishing vulnerabilities that are exploited in the wild and thus may be prioritized for remediation.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121232466","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 3

Talking Abortion (Mis)information with ChatGPT on TikTok 在TikTok上用ChatGPT谈论堕胎(错误)信息

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-02-23 DOI: 10.1109/EuroSPW59978.2023.00071

Filipo Sharevski, J. Loop, Peter Jachim, Amy Devine, Emma Pieroni

{"title":"Talking Abortion (Mis)information with ChatGPT on TikTok","authors":"Filipo Sharevski, J. Loop, Peter Jachim, Amy Devine, Emma Pieroni","doi":"10.1109/EuroSPW59978.2023.00071","DOIUrl":"https://doi.org/10.1109/EuroSPW59978.2023.00071","url":null,"abstract":"In this study, we tested users’ perception of accuracy and engagement with TikTok videos in which ChatGPT responded to prompts about “at-home” abortion remedies. The chatbot’s responses, though somewhat vague and confusing, nonetheless recommended consulting with health professionals before attempting an “at-home” abortion. We used ChatGPT to create two TikTok video variants - one where users can see ChatGPT explicitly typing back a response, and one where the text response is presented without any notion to the chatbot. We randomly exposed 100 participants to each variant and found that the group of participants unaware of ChatGPT’s text synthetization was more inclined to believe the responses were misinformation. Under the same impression, TikTok itself attached misinformation warning labels (Get the facts about abortion”) to all videos after we collected our initial results. We then decided to test the videos again with another set of 50 participants and found that the labels did affect the perceptions of abortion misinformation. We also found that more than 60% of the participants expressed negative or hesitant opinions about chatbots as sources of credible health information.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"217 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127607130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

首页上一页