发布求助
文献互助 智能选刊 最新文献

2018 16th Annual Conference on Privacy, Security and Trust (PST)最新文献

筛选
英文 中文
xLED: Covert Data Exfiltration from Air-Gapped Networks via Switch and Router LEDs xLED:通过开关和路由器led从气隙网络隐蔽数据泄露
2018 16th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2018-08-01 DOI: 10.1109/PST.2018.8514196
Mordechai Guri, B. Zadov, Andrey Daidakulov, Y. Elovici
{"title":"xLED: Covert Data Exfiltration from Air-Gapped Networks via Switch and Router LEDs","authors":"Mordechai Guri, B. Zadov, Andrey Daidakulov, Y. Elovici","doi":"10.1109/PST.2018.8514196","DOIUrl":"https://doi.org/10.1109/PST.2018.8514196","url":null,"abstract":"An air-gapped network is a type of IT network that is separated from the Internet - physically – due to the sensitive information it stores. Even if such a network is compromised with a malware, the hermetic isolation from the Internet prevents an attacker from leaking out any data - thanks to the lack of connectivity. In this paper we show how attackers can covertly leak sensitive data from air-gapped networks via the row of status LEDs on networking equipment such as LAN switches and routers. Although it is known that some network equipment emanates optical signals correlated with the information being processed by the device (‘side-channel’), malware controlling the status LEDs to carry any type of data (‘covert-channel’) has never studied before. Sensitive data can be covertly encoded over the blinking of the LEDs and received by remote cameras and optical sensors. A malicious code is executed in a compromised LAN switch or router allowing the attacker direct, low-level control of the LEDs. We provide the technical background on the internal architecture of switches and routers at both the hardware and software level which enables these attacks. We present different modulation and encoding schemas, along with a transmission protocol. We implement prototypes of the malware and discuss its design and implementation. We tested various receivers including remote cameras, security cameras, smartphone cameras, and optical sensors, and discuss detection and prevention countermeasures. Our experiments show that sensitive data can be covertly leaked via the status LEDs of switches and routers at bit rates of 1 bit/sec to more than 2000 bit/sec per LED.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"35 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123404969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
Coalition-Resistant Peer Rating for Long-Term Confidentiality 长期保密的抗联盟同伴评级
2018 16th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2018-08-01 DOI: 10.1109/PST.2018.8514218
Giulia Traverso, Denis Butin, J. Buchmann, Alex Palesandro
{"title":"Coalition-Resistant Peer Rating for Long-Term Confidentiality","authors":"Giulia Traverso, Denis Butin, J. Buchmann, Alex Palesandro","doi":"10.1109/PST.2018.8514218","DOIUrl":"https://doi.org/10.1109/PST.2018.8514218","url":null,"abstract":"The outsourced storage of sensitive data requires long-term confidentiality guarantees. Proactive secret sharing in a distributed storage system provides such guarantees. However, some storage service providers lack in reliability or performance for proactive secret sharing to be viable, which can threaten data confidentiality. Data owners need guidance to select the best-performing storage service providers. Aggregated peer ratings with a mediator can provide such guidance. Nevertheless, providers may rate each other inaccurately to undermine competitors. This rational behaviour must be taken into account to devise performance scoring mechanisms generating accurate aggregate scores. The natural formalism to analyse the strategies of rational agents is game theory. In this paper, we introduce a game-theoretic model of the peer rating strategies of providers. Within this model, we first show that an unincentivised performance scoring mechanism results in providers reporting inaccurate ratings. We then introduce an incentivised performance scoring mechanism, modelled as an infinitely repeated game, that discourages inaccurate ratings. We prove that this mechanism leads to accurate ratings and thus to accurate performance scores for each provider, within a margin depending on coalition sizes.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129305471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Digitized Trust in Human-in-the-Loop Health Research 人在循环健康研究中的数字化信任
2018 16th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2018-08-01 DOI: 10.1109/PST.2018.8514168
Andrew Sutton, Reza Samavi, T. Doyle, D. Koff
{"title":"Digitized Trust in Human-in-the-Loop Health Research","authors":"Andrew Sutton, Reza Samavi, T. Doyle, D. Koff","doi":"10.1109/PST.2018.8514168","DOIUrl":"https://doi.org/10.1109/PST.2018.8514168","url":null,"abstract":"In this paper, we propose an architecture that utilizes blockchain technology for enabling verifiable trust in collaborative health research environments. The architecture supports the human-in-the-loop paradigm for health research by establishing trust between participants, including human researchers and AI systems, by making all data transformations transparent and verifiable by all participants. We define the trustworthiness of the system and provide an analysis of the architecture in terms of trust requirements. We then evaluate our architecture by analyzing its resiliency to common security threats and through an experimental realization.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121851323","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Industry-Wide Analysis of Open Source Security 全行业开源安全分析
2018 16th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2018-08-01 DOI: 10.1109/PST.2018.8514185
Yiming Zhang, Baljeet Malhotra, Cheng Chen
{"title":"Industry-Wide Analysis of Open Source Security","authors":"Yiming Zhang, Baljeet Malhotra, Cheng Chen","doi":"10.1109/PST.2018.8514185","DOIUrl":"https://doi.org/10.1109/PST.2018.8514185","url":null,"abstract":"Open Source Software (OSS) has become de-facto industry standard for developing software solutions and services. Either it's Telecommunication industry or Aerospace or Health Care or Media and Entertainment, OSS is widely used because of its benefits and community based support. Regardless of the benefits, OSS continues to attract security vulnerabilities due to its inherent open nature. Because of the security vulnerabilities industries need to constantly evaluate security posture of OSS projects. Unfortunately, there are no readily available studies that have analyzed the security posture of various OSS projects with respect to various industries. This is the precise goal of this research, which not only analyzes the popularity of various OSS projects among various industries but also provides insights into the security vulnerabilities and their impact on various industries that consume those OSS projects. Toward that end this paper makes the following contributions. (1) We evaluated the OSS usage trends across various categories of industries, which has never been attempted before. (2) We proposed two metrics to quantify the impact of security vulnerabilities in OSS projects that are used by various categories of industries. (3) We conducted a detailed set of analysis using real datasets to evaluate the proposed metrics and their impact on various industries. We have concluded this paper with some future","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"359 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132100857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Problem-based Derivation of Trustworthiness Requirements from Users’ Trust Concerns 基于问题的用户信任需求的可信赖性推导
2018 16th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2018-08-01 DOI: 10.1109/PST.2018.8514183
N. Mohammadi, Nelufar Ulfat-Bunyadi, M. Heisel
{"title":"Problem-based Derivation of Trustworthiness Requirements from Users’ Trust Concerns","authors":"N. Mohammadi, Nelufar Ulfat-Bunyadi, M. Heisel","doi":"10.1109/PST.2018.8514183","DOIUrl":"https://doi.org/10.1109/PST.2018.8514183","url":null,"abstract":"The trustworthiness of cyber-physical systems (CPS) that support complex collaborative business processes is an emergent property. New technologies like cloud computing bring new capabilities for hosting and offering complex collaborative business operations. However, these advances might introduce new vulnerabilities and threats caused by collaboration and data exchange over the Internet. Hence, users become more concerned about trust. In order to address users’ trust concerns, trustworthiness requirements for the CPS must be elicited and satisfied. They describe the properties (qualities) the CPS must possess in order to be trustworthy. In this paper, we suggest a problem-based requirements engineering method that supports specifically the derivation of trustworthiness requirements. Based on identified trust concerns of users, trust assumptions are made explicit in problem diagrams. They express the conditions under which users are willing to trust. The problem diagrams and trust assumptions are then refined until they are concrete enough to derive trustworthiness requirements from them. During the refinement process, trust assumptions may influence and modify the system design (and vice versa, i.e., due to a certain system design, new trust concerns may arise that need to be addressed). In this way, users’ trust concerns are considered right from the beginning and trustworthiness is designed into the CPS. An application example from the healthcare domain is used to demonstrate our approach.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"183 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124636896","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Trust-driven, Decentralized Data Access Control for Open Network of Autonomous Data Providers 自主数据提供者开放网络的信任驱动、分散数据访问控制
2018 16th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2018-08-01 DOI: 10.1109/PST.2018.8514209
Lukasz Opiola, L. Dutka, R. Słota, J. Kitowski
{"title":"Trust-driven, Decentralized Data Access Control for Open Network of Autonomous Data Providers","authors":"Lukasz Opiola, L. Dutka, R. Słota, J. Kitowski","doi":"10.1109/PST.2018.8514209","DOIUrl":"https://doi.org/10.1109/PST.2018.8514209","url":null,"abstract":"The observation of current trends in data access, especially in the field of scientific computations, shows that global data access that crosses federation boundaries is highly desirable. However, administrative constraints require that data centers remain autonomous, which effectively eliminates the possibility of cooperation. To overcome this, we plan to establish an open network of cooperating data providers. In this paper, we address the issue of data access control for such network. Our proposition is to use a synergy of hybrid peer-to-peer architecture, decentralized identity and access management, metadata synchronization protocol and trust driven authorization flow. The proposed solution is discussed using real-life use-cases concerning cross-federation data access.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128485168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Mitigating CSRF attacks on OAuth 2.0 Systems 缓解针对OAuth 2.0系统的CSRF攻击
2018 16th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2018-08-01 DOI: 10.1109/PST.2018.8514180
Wanpeng Li, C. Mitchell, Thomas M. Chen
{"title":"Mitigating CSRF attacks on OAuth 2.0 Systems","authors":"Wanpeng Li, C. Mitchell, Thomas M. Chen","doi":"10.1109/PST.2018.8514180","DOIUrl":"https://doi.org/10.1109/PST.2018.8514180","url":null,"abstract":"Many millions of users routinely use Google, Facebook and Microsoft to log in to websites supporting OAuth 2.0 and/or OpenID Connect. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance. Unfortunately, as previous studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to crosssite request forgery (CSRF) attacks. In this paper we propose a new and practical technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect. Index Terms—OAuth 2.0, OpenID Connect, CSRF","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128176005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
On Sybil Classification in Online Social Networks Using Only Structural Features 仅使用结构特征的在线社交网络中的符号分类
2018 16th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2018-08-01 DOI: 10.1109/PST.2018.8514162
Dieudonne Mulamba, I. Ray, I. Ray
{"title":"On Sybil Classification in Online Social Networks Using Only Structural Features","authors":"Dieudonne Mulamba, I. Ray, I. Ray","doi":"10.1109/PST.2018.8514162","DOIUrl":"https://doi.org/10.1109/PST.2018.8514162","url":null,"abstract":"Sybil attack is a problem that seriously affects Online Social Networks (OSNs). These attacks are made possible by the openness of OSN platforms that allows an attacker to create multiple fake accounts, called Sybils, which are then used to compromise the underlining trust pinnings of the OSN. Early Sybil account detection mechanisms involved classification of users into benign and malicious based on various attributes collected from the user profiles. One challenge affecting these classification methods is that user attributes can often be in-complete or inaccurate. In addition, these classification methods can be evaded by sophisticated attackers. More importantly, user profiles can often reveal sensitive user information that can potentially be misused causing privacy violation. In this work, we propose a Sybil detection method that is based on the classification of users into malicious and benign based on the inherent topology or structure of the underlining OSN graph. We propose a new set of structural features for a graph. Using this new feature set, we perform several experiments on both synthetic as well as real-world OSN data. Our results show that the proposed detection method is very effective in correctly classifying Sybil accounts without running the risk of being evaded by a sophisticated attacker and without compromising privacy of users.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"143 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127288897","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Hide-and-Seek with Website Identity Information 网站身份信息捉迷藏
2018 16th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2018-08-01 DOI: 10.1109/PST.2018.8514166
Milica Stojmenovic, R. Biddle
{"title":"Hide-and-Seek with Website Identity Information","authors":"Milica Stojmenovic, R. Biddle","doi":"10.1109/PST.2018.8514166","DOIUrl":"https://doi.org/10.1109/PST.2018.8514166","url":null,"abstract":"Online security involves user decision-making, so it is important to support users in this process. One important decision users face involves website identity, in order to avoid fraudulent sites. Sophisticated fraudulent sites avoid detection by using familiar names and replicated appearance, and they are active too briefly for safe browsing services to be effective. In these circumstances, website certificate identity information can help users detect fraudulent cites. In this paper we report on two studies to assess how well users are supported in this process by the Google Chrome browser. We first worked with usability evaluators and then conducted a study with real users. 70% of participants chose a fraudulent website before a 5min tutorial. After it, 100% correctly identified the proper website. With a little support, users were able to understand and apply certificate information. We suggest that a little better design, and some brief education, would benefit users.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131044977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Demonstrating Cyber-Physical Attacks and Defense for Synchrophasor Technology in Smart Grid 智能电网中同步相子技术的网络物理攻击与防御演示
2018 16th Annual Conference on Privacy, Security and Trust (PST) Pub Date : 2018-08-01 DOI: 10.1109/PST.2018.8514197
Rafiullah Khan, K. Mclaughlin, John Hastings, D. Laverty, S. Sezer
{"title":"Demonstrating Cyber-Physical Attacks and Defense for Synchrophasor Technology in Smart Grid","authors":"Rafiullah Khan, K. Mclaughlin, John Hastings, D. Laverty, S. Sezer","doi":"10.1109/PST.2018.8514197","DOIUrl":"https://doi.org/10.1109/PST.2018.8514197","url":null,"abstract":"Synchrophasor technology is used for real-time control and monitoring in smart grid. Previous works in literature identified critical vulnerabilities in IEEE C37.118.2 synchrophasor communication standard. To protect synchrophasor-based systems, stealthy cyber-attacks and effective defense mechanisms still need to be investigated.This paper investigates how an attacker can develop a custom tool to execute stealthy man-in-the-middle attacks against synchrophasor devices. In particular, four different types of attack capabilities have been demonstrated in a real synchrophasorbased synchronous islanding testbed in laboratory: (i) command injection attack, (ii) packet drop attack, (iii) replay attack and (iv) stealthy data manipulation attack. With deep technical understanding of the attack capabilities and potential physical impacts, this paper also develops and tests a distributed Intrusion Detection System (IDS) following NIST recommendations. The functionalities of the proposed IDS have been validated in the testbed for detecting aforementioned cyber-attacks. The paper identified that a distributed IDS with decentralized decision making capability and the ability to learn system behavior could effectively detect stealthy malicious activities and improve synchrophasor network security.","PeriodicalId":265506,"journal":{"name":"2018 16th Annual Conference on Privacy, Security and Trust (PST)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127666972","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信