Nidhi Rastogi, Sharmishtha Dutta, Ryan Christian, Mohammad Zaki, Alex Gittens, C. Aggarwal
{"title":"Information Prediction using Knowledge Graphs for Contextual Malware Threat Intelligence.","authors":"Nidhi Rastogi, Sharmishtha Dutta, Ryan Christian, Mohammad Zaki, Alex Gittens, C. Aggarwal","doi":"10.13140/RG.2.2.12526.54083","DOIUrl":"https://doi.org/10.13140/RG.2.2.12526.54083","url":null,"abstract":"Large amounts of threat intelligence information about mal-ware attacks are available in disparate, typically unstructured, formats. Knowledge graphs can capture this information and its context using RDF triples represented by entities and relations. Sparse or inaccurate threat information, however, leads to challenges such as incomplete or erroneous triples. Named entity recognition (NER) and relation extraction (RE) models used to populate the knowledge graph cannot fully guaran-tee accurate information retrieval, further exacerbating this problem. This paper proposes an end-to-end approach to generate a Malware Knowledge Graph called MalKG, the first open-source automated knowledge graph for malware threat intelligence. MalKG dataset called MT40K1 contains approximately 40,000 triples generated from 27,354 unique entities and 34 relations. We demonstrate the application of MalKGin predicting missing malware threat intelligence information in the knowledge graph. For ground truth, we manually curate a knowledge graph called MT3K, with 3,027 triples generated from 5,741 unique entities and 22 relations. For entity prediction via a state-of-the-art entity prediction model(TuckER), our approach achieves 80.4 for the hits@10 metric (predicts the top 10 options for missing entities in the knowledge graph), and 0.75 for the MRR (mean reciprocal rank). We also propose a framework to automate the extraction of thousands of entities and relations into RDF triples, both manually and automatically, at the sentence level from1,100 malware threat intelligence reports and from the com-mon vulnerabilities and exposures (CVE) database.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"558 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115033402","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
E. Kiktenko, A. Bulychev, P. A. Karagodin, N. Pozhar, M. Anufriev, A. Fedorov
{"title":"SPHINCS+ post-quantum digital signature scheme with Streebog hash function","authors":"E. Kiktenko, A. Bulychev, P. A. Karagodin, N. Pozhar, M. Anufriev, A. Fedorov","doi":"10.1063/5.0011441","DOIUrl":"https://doi.org/10.1063/5.0011441","url":null,"abstract":"Many commonly used public key cryptosystems will become insecure once a scalable quantum computer is built. New cryptographic schemes that can guarantee protection against attacks with quantum computers, so-called post-quantum algorithms, have emerged in recent decades. One of the most promising candidates for a post-quantum signature scheme is SPHINCS$^+$, which is based on cryptographic hash functions. In this contribution, we analyze the use of the new Russian standardized hash function, known as Streebog, for the implementation of the SPHINCS$^+$ signature scheme. We provide a performance comparison with SHA-256-based instantiation and give benchmarks for various sets of parameters.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130893698","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jaydip Sen, Sidra Mehtab, Michael Ekonde Sone, T. Fatayer, Rajeev Singh, Teek Parval Sharma, Roshan Chitrakar, Roshan Bhusal, Prajwol Maharjan, Angelica Caro, Alfonso Rodriguez, Ignacio Velásquez, Jyothsna Veeramreddy, Koneti Munivara Prasad, A. Mulani, Pradeep Mane, Anton Noskov
{"title":"Computer and Network Security","authors":"Jaydip Sen, Sidra Mehtab, Michael Ekonde Sone, T. Fatayer, Rajeev Singh, Teek Parval Sharma, Roshan Chitrakar, Roshan Bhusal, Prajwol Maharjan, Angelica Caro, Alfonso Rodriguez, Ignacio Velásquez, Jyothsna Veeramreddy, Koneti Munivara Prasad, A. Mulani, Pradeep Mane, Anton Noskov","doi":"10.5772/intechopen.78497","DOIUrl":"https://doi.org/10.5772/intechopen.78497","url":null,"abstract":"In the era of Internet of Things and with the explosive worldwide growth of electronic data volume, and associated need of processing, analysis and storage of such humongous volume of data, several new challenges are faced in protecting privacy of sensitive data and securing systems by designing novel schemes for secure authentication, integrity protection, encryption and non-repudiation. Lightweight symmetric key cryptography and adaptive network security algorithms are in demand for mitigating these challenges. This book presents some of the state-of-the-art research work in the field of cryptography and security in computing and communications. It is a valuable source of knowledge for researchers, engineers, practitioners, graduate and doctoral students who are working in the field of cryptography, network security and security and privacy issues in the Internet of Things (IoT), and machine learning application in security. It will also be useful for faculty members of graduate schools and universities.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125190904","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Algebraic Extension Ring Framework for Non-Commutative Asymmetric Cryptography.","authors":"P. Hecht","doi":"10.13140/RG.2.2.34977.84329","DOIUrl":"https://doi.org/10.13140/RG.2.2.34977.84329","url":null,"abstract":"Post-Quantum Cryptography PQC attempts to find cryptographic protocols resistant to attacks using Shors polynomial time algorithm for numerical field problems or Grovers algorithm to find the unique input to a black-box function that produces a particular output value. The use of non-standard algebraic structures like non-commutative or non-associative structures, combined with one-way trapdoor functions derived from combinatorial group theory, are mainly unexplored choices for these new kinds of protocols and overlooked in current PQC solutions. In this paper, we develop an algebraic extension ring framework who could be applied to different asymmetric protocols, i.e. key exchange, key transport, enciphering, digital signature, zero-knowledge authentication, oblivious transfer, secret sharing etc.. A valuable feature is that there is no need for big number libraries as all arithmetic is performed in F256 extension field operations (precisely the AES field). We assume that the new framework is cryptographical secure against strong classical attacks like the sometimes-useful length-based attack, Romankovs linearization attacks and Tsabans algebraic span attack. This statement is based on the non-linear structure of the selected platform which proved to be useful protecting the AES protocol. Otherwise, it could resist post-quantum attacks Grover, Shor and be particularly useful for computational platforms with limited capabilities like USB cryptographic keys or smartcards. Semantic security IND-CCA2 could also be inferred for this new platform.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-02-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134393937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Distributed “Black Box” Audit Trail Design Specification for Connected and Automated Vehicle Data and Software Assurance","authors":"Gregory Falco, J. Siegel","doi":"10.4271/11-03-02-0006","DOIUrl":"https://doi.org/10.4271/11-03-02-0006","url":null,"abstract":"Automotive software is increasingly complex and critical to safe vehicle operation, and related embedded systems must remain up-to-date to ensure long-term system performance. Update mechanisms and data modification tools introduce opportunities for malicious actors to compromise these cyber-physical systems, and for trusted actors to mistakenly install incompatible software versions. A distributed and stratified \"black box\" audit trail for automotive software and data provenance is proposed to assure users, service providers, and original equipment manufacturers (OEMs) of vehicular software integrity and reliability. The proposed black box architecture is both layered and diffuse, employing distributed hash tables (DHT), a parity system and a public blockchain to provide high resilience, assurance, scalability, and efficiency for automotive and other high-assurance systems.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129011549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"COVERT COMMUNICATIONS IN CONTINUOUS-TIME SYSTEMS","authors":"Ke Li, D. Towsley, D. Goeckel","doi":"10.7275/22409358.0","DOIUrl":"https://doi.org/10.7275/22409358.0","url":null,"abstract":"Recent works have considered the ability of transmitter Alice to communicate reliably to receiver Bob without being detected by warden Willie. These works generally assume a standard discrete-time model. But the assumption of a discrete-time model in standard communication scenarios is often predicated on its equivalence to a continuous-time model, which has not been established for the covert communications problem. Here, we consider the continuous-time channel directly and study if efficient covert communication can still be achieved. We assume that an uninformed jammer is present to assist Alice, and we consider additive white Gaussian noise (AWGN) channels between all parties. For a channel with approximate bandwidth W, we establish constructions such that O(WT) information bits can be transmitted covertly and reliably from Alice to Bob in T seconds for two separate scenarios: 1) when the path-loss between Alice and Willie is known; and 2) when the path-loss between Alice and Willie is unknown.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132342209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
G. Barthe, Rohit Chadha, V. Jagannath, A. Sistla, Mahesh Viswanathan
{"title":"Deciding Differential Privacy for Programs with Finite Inputs and Outputs.","authors":"G. Barthe, Rohit Chadha, V. Jagannath, A. Sistla, Mahesh Viswanathan","doi":"10.1145/3373718.339479","DOIUrl":"https://doi.org/10.1145/3373718.339479","url":null,"abstract":"Differential privacy is a de facto standard for statistical computations over databases that contain private data. The strength of differential privacy lies in a rigorous mathematical definition that guarantees individual privacy and yet allows for accurate statistical results. Thanks to its mathematical definition, differential privacy is also a natural target for formal analysis. A broad line of work uses logical methods for proving privacy. However, these methods are not complete, and only partially automated. A recent and complementary line of work uses statistical methods for finding privacy violations. However, the methods only provide statistical guarantees (but no proofs). \u0000We propose the first decision procedure for checking the differential privacy of a non-trivial class of probabilistic computations. Our procedure takes as input a program P parametrized by a privacy budget $epsilon$, and either proves differential privacy for all possible values of $epsilon$ or generates a counterexample. In addition, our procedure applies both to $epsilon$-differential privacy and $(epsilon,delta)$-differential privacy. Technically, the decision procedure is based on a novel and judicious encoding of the semantics of programs in our class into a decidable fragment of the first-order theory of the reals with exponentiation. We implement our procedure and use it for (dis)proving privacy bounds for many well-known examples, including randomized response, histogram, report noisy max and sparse vector.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128745865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jared M. Smith, Kyle Birkeland, Tyler McDaniel, Max Schuchard
{"title":"Withdrawing the BGP Re-Routing Curtain: Understanding the Security Impact of BGP Poisoning via Real-World Measurements","authors":"Jared M. Smith, Kyle Birkeland, Tyler McDaniel, Max Schuchard","doi":"10.14722/ndss.2020.23240","DOIUrl":"https://doi.org/10.14722/ndss.2020.23240","url":null,"abstract":"The security of the Internet's routing infrastructure has underpinned much of the past two decades of distributed systems security research. However, the converse is increasingly true. Routing and path decisions are now important for the security properties of systems built on top of the Internet. In particular, BGP poisoning leverages the de facto routing protocol between Autonomous Systems (ASes) to maneuver the return paths of upstream networks onto previously unusable, new paths. These new paths can be used to avoid congestion, censors, geo-political boundaries, or any feature of the topology which can be expressed at an AS-level. Given the increase in BGP poisoning usage as a security primitive, we set out to evaluate poisoning feasibility in practice beyond simulation. \u0000To that end, using an Internet-scale measurement infrastructure, we capture and analyze over 1,400 instances of BGP poisoning across thousands of ASes as a mechanism to maneuver return paths of traffic. We analyze in detail the performance of steering paths, the graph-theoretic aspects of available paths, and re-evaluate simulated systems with this data. We find that the real-world evidence does not completely support the findings from simulated systems published in the literature. We also analyze filtering of BGP poisoning across types of ASes and ISP working groups. We explore the connectivity concerns when poisoning by reproducing a decade old experiment to uncover the current state of an Internet triple the size. We build predictive models for understanding an ASes' vulnerability to poisoning. Finally, an exhaustive measurement of an upper bound on the maximum path length of the Internet is presented, detailing how security research should react to ASes leveraging poisoned long paths. In total, our results and analysis expose the real-world impact of BGP poisoning on past and future security research.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123970401","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
R. Durán Díaz, L. Hernández Encinas, J. Muñoz Masqué
{"title":"A Group Law on the Projective Plane with Applications in Public Key Cryptography","authors":"R. Durán Díaz, L. Hernández Encinas, J. Muñoz Masqué","doi":"10.3390/MATH8050734","DOIUrl":"https://doi.org/10.3390/MATH8050734","url":null,"abstract":"We present a new group law defined on a subset of the projective plane $mathbb{F}P^2$ over an arbitrary field $mathbb{F}$, which lends itself to applications in Public Key Cryptography, in particular to a Diffie-Hellman-like key agreement protocol. We analyze the computational difficulty of solving the mathematical problem underlying the proposed Abelian group law and we prove that the security of our proposal is equivalent to the discrete logarithm problem in the multiplicative group of the cubic extension of the finite field considered. Finally, we present a variant of the proposed group law but over the ring $mathbb{Z}/pqmathbb{Z}$, and explain how the security becomes enhanced, though at the cost of a longer key length.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122225544","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
B. Kulynych, Marios Isaakidis, C. Troncoso, G. Danezis
{"title":"Decentralizing Public Key Infrastructures with ClaimChains","authors":"B. Kulynych, Marios Isaakidis, C. Troncoso, G. Danezis","doi":"10.1145/3267323.3268947","DOIUrl":"https://doi.org/10.1145/3267323.3268947","url":null,"abstract":"We present ClaimChains, a cryptographic construction useful for storing claims regarding users' key material and beliefs about the state of other users in a decentralized system. We use ClaimChains to build a decentralized public key infrastructure (PKI). ClaimChains maintain high integrity through the use of authenticated data structures, namely hash chains and Merkle trees, and ensure authenticity and non-repudiation through the use of digital signatures. We introduce the concept of cross-referencing of ClaimChains to efficiently and verifiably vouch for the state of other users in a decentralized system. ClaimChains use cryptographic protections to ensure the privacy of claims, i.e., to guarantee that they can only be read by the authorized users, and that ClaimChain owners can not equivocate about the state of other users. We discuss how ClaimChains support different degrees of PKI decentralization, to trade off key availability for privacy. We show that ClaimChains provide the sought security and privacy properties, and demonstrate that they have very reasonable computation and memory requirements using a prototype implementation. We evaluate the effectiveness of key propagation using a real email dataset in a fully decentralized setting, which offers the best privacy properties. Our results suggest that a high level of privacy comes at the cost of small coverage in terms of key distribution.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123477295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}